Merge pull request TencentBlueKing#5429 from yaoxuwan/issue_5354

fix: 制品库匿名访问清理 TencentBlueKing#5354

src/backend/ci/core/artifactory/api-artifactory-sample/src/main/kotlin/com/tencent/devops/artifactory/api/SampleBuildFileResource.kt

@@ -29,6 +29,7 @@ package com.tencent.devops.artifactory.api
 
 import com.tencent.devops.artifactory.pojo.Count
 import com.tencent.devops.artifactory.pojo.enums.ArtifactoryType
+import com.tencent.devops.common.api.auth.AUTH_HEADER_DEVOPS_PIPELINE_ID
 import com.tencent.devops.common.api.pojo.Result
 import io.swagger.annotations.Api
 import io.swagger.annotations.ApiOperation
@@ -55,6 +56,9 @@ interface SampleBuildFileResource {
         @ApiParam("项目ID", required = true)
         @HeaderParam("X-DEVOPS-PROJECT-ID")
         projectId: String,
+        @ApiParam("流水线ID", required = true)
+        @HeaderParam(AUTH_HEADER_DEVOPS_PIPELINE_ID)
+        pipelineId: String,
         @ApiParam("版本仓库类型", required = true)
         @PathParam("artifactoryType")
         artifactoryType: ArtifactoryType,

src/backend/ci/core/artifactory/api-artifactory-store/src/main/kotlin/com/tencent/devops/artifactory/api/ServiceArchiveAtomResource.kt

@@ -27,13 +27,15 @@
 
 package com.tencent.devops.artifactory.api
 
+import com.tencent.devops.common.api.auth.AUTH_HEADER_USER_ID
 import com.tencent.devops.common.api.pojo.Result
 import io.swagger.annotations.Api
 import io.swagger.annotations.ApiOperation
 import io.swagger.annotations.ApiParam
 import javax.ws.rs.Consumes
 import javax.ws.rs.DELETE
 import javax.ws.rs.GET
+import javax.ws.rs.HeaderParam
 import javax.ws.rs.Path
 import javax.ws.rs.Produces
 import javax.ws.rs.QueryParam
@@ -58,6 +60,9 @@ interface ServiceArchiveAtomResource {
     @DELETE
     @Path("/atom/file/delete")
     fun deleteAtomFile(
+        @ApiParam("用户ID", required = true)
+        @HeaderParam(AUTH_HEADER_USER_ID)
+        userId: String,
         @ApiParam("项目编码", required = true)
         @QueryParam("projectCode")
         projectCode: String,

src/backend/ci/core/artifactory/api-artifactory/src/main/kotlin/com/tencent/devops/artifactory/api/builds/BuildFileResource.kt

@@ -61,6 +61,12 @@ interface BuildFileResource {
     @GET
     @Path("/file/download")
     fun downloadFile(
+        @ApiParam("projectCode", required = false)
+        @HeaderParam(AUTH_HEADER_DEVOPS_PROJECT_ID)
+        projectCode: String,
+        @ApiParam("pipelineId", required = false)
+        @HeaderParam(AUTH_HEADER_DEVOPS_PIPELINE_ID)
+        pipelineId: String,
         @ApiParam("文件路径", required = true)
         @QueryParam("filePath")
         filePath: String,

src/backend/ci/core/artifactory/api-artifactory/src/main/kotlin/com/tencent/devops/artifactory/api/service/ServiceArtifactoryResource.kt

@@ -85,6 +85,9 @@ interface ServiceArtifactoryResource {
     @Path("/{projectId}/{artifactoryType}/check")
     @GET
     fun check(
+        @ApiParam("用户ID", required = true)
+        @HeaderParam(AUTH_HEADER_USER_ID)
+        userId: String,
         @ApiParam("项目ID", required = true)
         @PathParam("projectId")
         projectId: String,

src/backend/ci/core/artifactory/api-artifactory/src/main/kotlin/com/tencent/devops/artifactory/api/service/ServiceFileResource.kt

@@ -28,6 +28,7 @@
 package com.tencent.devops.artifactory.api.service
 
 import com.tencent.devops.artifactory.pojo.enums.FileChannelTypeEnum
+import com.tencent.devops.common.api.auth.AUTH_HEADER_USER_ID
 import com.tencent.devops.common.api.pojo.Result
 import io.swagger.annotations.Api
 import io.swagger.annotations.ApiOperation
@@ -38,6 +39,7 @@ import java.io.InputStream
 import javax.servlet.http.HttpServletResponse
 import javax.ws.rs.Consumes
 import javax.ws.rs.GET
+import javax.ws.rs.HeaderParam
 import javax.ws.rs.POST
 import javax.ws.rs.Path
 import javax.ws.rs.Produces
@@ -80,6 +82,9 @@ interface ServiceFileResource {
     @GET
     @Path("/file/download")
     fun downloadFile(
+        @ApiParam("用户ID", required = true)
+        @HeaderParam(AUTH_HEADER_USER_ID)
+        userId: String,
         @ApiParam("文件路径", required = true)
         @QueryParam("filePath")
         filePath: String,

src/backend/ci/core/artifactory/biz-artifactory-sample/src/main/kotlin/com/tencent/devops/artifactory/resources/SampleBuildFileResourceImpl.kt

@@ -32,21 +32,29 @@ import com.tencent.devops.artifactory.pojo.Count
 import com.tencent.devops.artifactory.pojo.enums.ArtifactoryType
 import com.tencent.devops.artifactory.service.ArchiveFileService
 import com.tencent.devops.common.api.pojo.Result
+import com.tencent.devops.common.client.Client
 import com.tencent.devops.common.web.RestResource
+import com.tencent.devops.process.api.service.ServicePipelineResource
 import org.springframework.beans.factory.annotation.Autowired
 
 @RestResource
-class SampleBuildFileResourceImpl @Autowired constructor(private val archiveFileService: ArchiveFileService) :
-    SampleBuildFileResource {
+class SampleBuildFileResourceImpl @Autowired constructor(
+    private val archiveFileService: ArchiveFileService,
+    private val client: Client
+) : SampleBuildFileResource {
 
     override fun acrossProjectCopy(
         projectId: String,
+        pipelineId: String,
         artifactoryType: ArtifactoryType,
         path: String,
         targetProjectId: String,
         targetPath: String
     ): Result<Count> {
+        val userId = client.get(ServicePipelineResource::class)
+            .getPipelineInfo(projectId, pipelineId, null).data!!.lastModifyUser
         val count = archiveFileService.acrossProjectCopy(
+            userId = userId,
             projectId = projectId,
             artifactoryType = artifactoryType,
             path = path,

src/backend/ci/core/artifactory/biz-artifactory-sample/src/main/kotlin/com/tencent/devops/artifactory/resources/ServiceArtifactoryResourceImpl.kt

@@ -52,9 +52,13 @@ class ServiceArtifactoryResourceImpl @Autowired constructor(
     private val archiveFileService: ArchiveFileService
 ) : ServiceArtifactoryResource {
 
-    override fun check(projectId: String, artifactoryType: ArtifactoryType, path: String): Result<Boolean> {
-        val fileDetail =
-            archiveFileService.show(userId = "", projectId = projectId, artifactoryType = artifactoryType, path = path)
+    override fun check(
+        userId: String,
+        projectId: String,
+        artifactoryType: ArtifactoryType,
+        path: String
+    ): Result<Boolean> {
+        val fileDetail = archiveFileService.show(userId, projectId, artifactoryType, path)
         return Result(fileDetail.name.isNotBlank())
     }
 
@@ -90,7 +94,10 @@ class ServiceArtifactoryResourceImpl @Autowired constructor(
         path: String
     ): Result<Url> {
         val urls = archiveFileService.getFileDownloadUrls(
-            fileChannelType = FileChannelTypeEnum.WEB_DOWNLOAD, filePath = path, artifactoryType = artifactoryType
+            userId = userId,
+            fileChannelType = FileChannelTypeEnum.WEB_DOWNLOAD,
+            filePath = path,
+            artifactoryType = artifactoryType
         )
         return Result(Url(urls.fileUrlList[0], urls.fileUrlList[0]))
     }

src/backend/ci/core/artifactory/biz-artifactory-sample/src/main/kotlin/com/tencent/devops/artifactory/resources/UserFileResourceImpl.kt

@@ -85,15 +85,15 @@ class UserFileResourceImpl @Autowired constructor(
         if (!validateResult) {
             throw PermissionForbiddenException("no permission")
         }
-        return archiveFileService.downloadFileToLocal(filePath, response)
+        return archiveFileService.downloadFileToLocal(userId, filePath, response)
     }
 
     override fun downloadFile(userId: String, filePath: String, response: HttpServletResponse) {
         val validateResult = archiveFileService.validateUserDownloadFilePermission(userId, filePath)
         if (!validateResult) {
             throw PermissionForbiddenException("no permission")
         }
-        archiveFileService.downloadFile(filePath, response)
+        archiveFileService.downloadFile(userId, filePath, response)
     }
 
     override fun downloadFileExt(userId: String, filePath: String, response: HttpServletResponse) {

src/backend/ci/core/artifactory/biz-artifactory-sample/src/main/kotlin/com/tencent/devops/artifactory/resources/UserPipelineFileResourceImpl.kt

@@ -74,6 +74,7 @@ class UserPipelineFileResourceImpl @Autowired constructor(
         path: String
     ): Result<Url> {
         val urls = archiveFileService.getFileDownloadUrls(
+            userId = userId,
             fileChannelType = FileChannelTypeEnum.WEB_DOWNLOAD,
             filePath = path,
             artifactoryType = artifactoryType,

src/backend/ci/core/artifactory/biz-artifactory-sample/src/main/kotlin/com/tencent/devops/artifactory/service/SamplePipelineBuildArtifactoryService.kt

@@ -54,16 +54,22 @@ class SamplePipelineBuildArtifactoryService @Autowired constructor(
         buildId: String
     ): List<FileInfo> {
         return if (defaultBkRepoClient.useBkRepo()) {
-            getBkRepoArtifactoryList(projectId, pipelineId, buildId)
+            getBkRepoArtifactoryList(userId, projectId, pipelineId, buildId)
         } else {
             getLocalArtifactList(projectId, pipelineId, buildId)
         }
     }
 
-    private fun getBkRepoArtifactoryList(projectId: String, pipelineId: String, buildId: String): List<FileInfo> {
-        logger.info("getBkRepoArtifactoryList, projectId: $projectId, pipelineId: $pipelineId, buildId: $buildId")
+    private fun getBkRepoArtifactoryList(
+        userId: String,
+        projectId: String,
+        pipelineId: String,
+        buildId: String
+    ): List<FileInfo> {
+        logger.info("getBkRepoArtifactoryList, userId: $userId, projectId: $projectId, pipelineId: $pipelineId, " +
+            "buildId: $buildId")
         val nodeList = defaultBkRepoClient.queryByNameAndMetadata(
-            userId = BkRepoUtils.BKREPO_DEFAULT_USER,
+            userId = userId,
             projectId = projectId,
             repoNames = listOf(BkRepoUtils.REPO_NAME_PIPELINE, BkRepoUtils.REPO_NAME_CUSTOM),
             fileNames = listOf(),

src/backend/ci/core/artifactory/biz-artifactory-store/src/main/kotlin/com/tencent/devops/artifactory/resources/ServiceArchiveAtomResourceImpl.kt

@@ -45,8 +45,8 @@ class ServiceArchiveAtomResourceImpl @Autowired constructor(
         return Result(archiveAtomService.getAtomFileContent(filePath))
     }
 
-    override fun deleteAtomFile(projectCode: String, atomCode: String): Result<Boolean> {
-        archiveFileService.deleteFile("$BK_CI_ATOM_DIR/$projectCode/$atomCode")
+    override fun deleteAtomFile(userId: String, projectCode: String, atomCode: String): Result<Boolean> {
+        archiveFileService.deleteFile(userId, "$BK_CI_ATOM_DIR/$projectCode/$atomCode")
         return Result(true)
     }
 }

src/backend/ci/core/artifactory/biz-artifactory/src/main/kotlin/com/tencent/devops/artifactory/resources/BuildFileResourceImpl.kt

@@ -33,19 +33,28 @@ import com.tencent.devops.artifactory.pojo.enums.FileChannelTypeEnum
 import com.tencent.devops.artifactory.pojo.enums.FileTypeEnum
 import com.tencent.devops.artifactory.service.ArchiveFileService
 import com.tencent.devops.common.api.pojo.Result
+import com.tencent.devops.common.client.Client
 import com.tencent.devops.common.web.RestResource
+import com.tencent.devops.process.api.service.ServicePipelineResource
 import org.glassfish.jersey.media.multipart.FormDataContentDisposition
 import org.springframework.beans.factory.annotation.Autowired
 import java.io.InputStream
 import javax.servlet.http.HttpServletResponse
 
 @RestResource@Suppress("ALL")
 class BuildFileResourceImpl @Autowired constructor(
-    private val archiveFileService: ArchiveFileService
+    private val archiveFileService: ArchiveFileService,
+    private val client: Client
 ) : BuildFileResource {
 
-    override fun downloadFile(filePath: String, response: HttpServletResponse) {
-        archiveFileService.downloadFile(filePath, response)
+    override fun downloadFile(
+        projectCode: String,
+        pipelineId: String,
+        filePath: String,
+        response: HttpServletResponse
+    ) {
+        val userId = getLastModifyUser(projectCode, pipelineId)
+        archiveFileService.downloadFile(userId, filePath, response)
     }
 
     override fun archiveFile(
@@ -57,8 +66,9 @@ class BuildFileResourceImpl @Autowired constructor(
         inputStream: InputStream,
         disposition: FormDataContentDisposition
     ): Result<String?> {
+        val userId = getLastModifyUser(projectCode, pipelineId)
         val url = archiveFileService.archiveFile(
-            userId = "",
+            userId = userId,
             projectId = projectCode,
             pipelineId = pipelineId,
             buildId = buildId,
@@ -79,8 +89,9 @@ class BuildFileResourceImpl @Autowired constructor(
         customFilePath: String,
         response: HttpServletResponse
     ) {
+        val userId = getLastModifyUser(projectCode, pipelineId)
         return archiveFileService.downloadArchiveFile(
-            userId = "",
+            userId = userId,
             projectId = projectCode,
             pipelineId = pipelineId,
             buildId = buildId,
@@ -97,8 +108,9 @@ class BuildFileResourceImpl @Autowired constructor(
         fileType: FileTypeEnum,
         customFilePath: String?
     ): Result<GetFileDownloadUrlsResponse?> {
+        val userId = getLastModifyUser(projectCode, pipelineId)
         val urls = archiveFileService.getFileDownloadUrls(
-            userId = "",
+            userId = userId,
             projectId = projectCode,
             pipelineId = pipelineId,
             buildId = buildId,
@@ -108,4 +120,9 @@ class BuildFileResourceImpl @Autowired constructor(
         )
         return Result(urls)
     }
+
+    private fun getLastModifyUser(projectId: String, pipelineId: String): String {
+        return client.get(ServicePipelineResource::class)
+            .getPipelineInfo(projectId, pipelineId, null).data!!.lastModifyUser
+    }
 }

src/backend/ci/core/artifactory/biz-artifactory/src/main/kotlin/com/tencent/devops/artifactory/resources/ServiceFileResourceImpl.kt

@@ -58,7 +58,7 @@ class ServiceFileResourceImpl @Autowired constructor(private val archiveFileServ
         return Result(url)
     }
 
-    override fun downloadFile(filePath: String, response: HttpServletResponse) {
-        archiveFileService.downloadFileToLocal(filePath, response)
+    override fun downloadFile(userId: String, filePath: String, response: HttpServletResponse) {
+        archiveFileService.downloadFileToLocal(userId, filePath, response)
     }
 }

src/backend/ci/core/artifactory/biz-artifactory/src/main/kotlin/com/tencent/devops/artifactory/service/ArchiveFileService.kt

@@ -95,17 +95,17 @@ interface ArchiveFileService {
     /**
      * 下载文件至输出流
      */
-    fun downloadFile(filePath: String, outputStream: OutputStream)
+    fun downloadFile(userId: String, filePath: String, outputStream: OutputStream)
 
     /**
      * 下载文件
      */
-    fun downloadFile(filePath: String, response: HttpServletResponse)
+    fun downloadFile(userId: String, filePath: String, response: HttpServletResponse)
 
     /**
      * 下载文件到本地
      */
-    fun downloadFileToLocal(filePath: String, response: HttpServletResponse)
+    fun downloadFileToLocal(userId: String, filePath: String, response: HttpServletResponse)
 
     /**
      * 下载报告文件
@@ -151,6 +151,7 @@ interface ArchiveFileService {
      * [fullUrl]表示是否返回包含域名的全url地址
      */
     fun getFileDownloadUrls(
+        userId: String,
         filePath: String,
         artifactoryType: ArtifactoryType,
         fileChannelType: FileChannelTypeEnum,
@@ -207,6 +208,7 @@ interface ArchiveFileService {
      * 跨项目拷贝文件
      */
     fun acrossProjectCopy(
+        userId: String,
         projectId: String,
         artifactoryType: ArtifactoryType,
         path: String,
@@ -218,6 +220,7 @@ interface ArchiveFileService {
      * 删除文件
      */
     fun deleteFile(
+        userId: String,
         filePath: String
     )
 }