[Feature][scaleph] fix error

.github/workflows/docker-flink.yml

@@ -22,11 +22,11 @@ on:
       flinkVersion:
         description: 'flink version'
         required: true
-        default: '1.16.1'
+        default: '1.18.0'
         type: choice
         options:
-          - 1.17.0
-          - 1.16.1
+          - 1.18.0
+          - 1.17.1
 env:
   HUB: ghcr.io/flowerfine/scaleph_flink
   FLINK_VERSION: ${{ inputs.flinkVersion }}

.github/workflows/docker-sql-template.yml

@@ -22,11 +22,11 @@ on:
       flinkVersion:
         description: 'flink version'
         required: true
-        default: '1.17'
+        default: '1.18'
         type: choice
         options:
-          - 1.16
           - 1.17
+          - 1.18
 env:
   HUB: ghcr.io/flowerfine/scaleph-sql-template
   FLINK_VERSION: ${{ inputs.flinkVersion }}

pom.xml

@@ -125,25 +125,25 @@
         <docker.build.skip>true</docker.build.skip>
         <docker.push.skip>true</docker.push.skip>
 
-        <spring.boot.version>2.7.4</spring.boot.version>
+        <spring.boot.version>2.7.17</spring.boot.version>
         <spring.cloud.version>2021.0.7</spring.cloud.version>
-        <mybatis.plus.version>3.5.1</mybatis.plus.version>
+        <mybatis.plus.version>3.5.4</mybatis.plus.version>
         <org.mapstruct.extensions.spring.version>0.1.1</org.mapstruct.extensions.spring.version>
         <org.mapstruct.version>1.4.2.Final</org.mapstruct.version>
         <mapstruct.lombok.binding.version>0.2.0</mapstruct.lombok.binding.version>
         <org.projectlombok.version>1.18.24</org.projectlombok.version>
         <velocity.engine.version>2.2</velocity.engine.version>
-        <knife4j.version>4.1.0</knife4j.version>
+        <knife4j.version>4.3.0</knife4j.version>
         <auto-service.version>1.0.1</auto-service.version>
-        <hutool.version>5.5.4</hutool.version>
+        <hutool.version>5.8.22</hutool.version>
         <commons.lang3.version>3.12.0</commons.lang3.version>
         <commons.beanutils.version>1.9.4</commons.beanutils.version>
         <commons.text.version>1.9</commons.text.version>
         <commons.compress.version>1.19</commons.compress.version>
         <commons.io.version>2.11.0</commons.io.version>
         <commons.cli.version>1.5.0</commons.cli.version>
         <semver.version>0.9.0</semver.version>
-        <disruptor.version>3.4.4</disruptor.version>
+        <disruptor.version>4.0.0</disruptor.version>
         <ojdbc.version>21.1.0.0</ojdbc.version>
         <mysql.version>8.0.28</mysql.version>
         <clickhouse-jdbc.version>0.3.2</clickhouse-jdbc.version>
@@ -153,9 +153,10 @@
         <calcite-druid.version>1.29.0</calcite-druid.version>
         <config.version>1.3.3</config.version>
         <okhttp.version>4.10.0</okhttp.version>
-        <guava.version>31.0-jre</guava.version>
+        <guava.version>32.1.3-jre</guava.version>
         <minio.version>8.3.8</minio.version>
         <milky.version>1.0.7</milky.version>
+        <sakura.version>1.0.2-SNAPSHOT</sakura.version>
         <hadoop.version>3.3.4</hadoop.version>
         <akka.version>2.5.21</akka.version>
         <protobuf.version>3.21.5</protobuf.version>
@@ -574,6 +575,12 @@
                 <version>${paimon.version}</version>
             </dependency>
 
+            <dependency>
+                <groupId>cn.sliew</groupId>
+                <artifactId>sakura-catalog</artifactId>
+                <version>${sakura.version}</version>
+            </dependency>
+
             <dependency>
                 <groupId>org.apache.flink</groupId>
                 <artifactId>flink-kubernetes</artifactId>

scaleph-api/src/main/java/cn/sliew/scaleph/api/config/WebMvcConfig.java

@@ -104,7 +104,7 @@ public void addInterceptors(InterceptorRegistry registry) {
      */
     @Slf4j
     @Component
-    public static class WebLogInterceptor extends OncePerRequestFilter implements Ordered {
+    public static class RequestResponseCacheFilter extends OncePerRequestFilter implements Ordered {
 
         @Override
         public int getOrder() {

scaleph-api/src/main/java/cn/sliew/scaleph/api/config/WebSecurityConfig.java

@@ -23,6 +23,8 @@
 import cn.sliew.scaleph.common.util.SpringApplicationContextUtil;
 import cn.sliew.scaleph.security.authentication.CustomAccessDeniedHandler;
 import cn.sliew.scaleph.security.authentication.CustomAuthenticationEntryPoint;
+import cn.sliew.scaleph.security.authorization.CustomAuthorizationManager;
+import cn.sliew.scaleph.security.authorization.CustomRequestMatcher;
 import cn.sliew.scaleph.security.config.TokenConfigurer;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest;
@@ -37,6 +39,7 @@
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.session.data.redis.config.annotation.web.http.EnableRedisHttpSession;
 import org.springframework.util.ObjectUtils;
 import org.springframework.web.cors.CorsConfiguration;
 import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
@@ -45,13 +48,17 @@
 import org.springframework.web.servlet.mvc.method.RequestMappingInfo;
 import org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping;
 
-import java.util.*;
+import java.util.Arrays;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Set;
 
 /**
  * https://spring.io/blog/2022/02/21/spring-security-without-the-websecurityconfigureradapter
  */
 @Configuration
 @EnableWebSecurity
+@EnableRedisHttpSession(redisNamespace = "${spring.application.name}")
 @EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
 public class WebSecurityConfig {
 
@@ -62,11 +69,25 @@ public class WebSecurityConfig {
     @Autowired
     private CustomAccessDeniedHandler customAccessDeniedHandler;
 
+    @Autowired
+    private CustomRequestMatcher customRequestMatcher;
+    @Autowired
+    private CustomAuthorizationManager customAuthorizationManager;
+
+    /**
+     * BCryptPasswordEncoder 自带加盐功能。密钥迭代次数为 2^strength。strength 区间为 4~31，默认 10
+     * 数据库存入的 sys_admin 用户密码即为使用这个加密的，对这里做任何调整，都要调整数据库中的密码
+     */
     @Bean
     public PasswordEncoder passwordEncoder() {
         return new BCryptPasswordEncoder();
     }
 
+//    @Bean
+//    public HttpSessionEventPublisher httpSessionEventPublisher() {
+//        return new HttpSessionEventPublisher();
+//    }
+
     @Bean
     public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         ApplicationContext applicationContext = SpringApplicationContextUtil.getApplicationContext();
@@ -89,18 +110,35 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
                 //禁用cors
                 .csrf().disable()
 
-                //.addFilterBefore(corsFilter, UsernamePasswordAuthenticationFilter.class)
-
-                .sessionManagement()
-                    .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
-                .and()
-
                 //禁用iframe
                 .headers()
                     .frameOptions().disable()
                 .and()
 
+                //fixme 表单登陆不能用于前后端分离模式下的登陆
+                //fixme 如果要实现前后端分离，使用 json 获取登陆信息，需要自定义拦截器
+                .formLogin().disable()
+
+//                .rememberMe()
+                // 用于散列的值，随便填写即可
+//                .key("remember")
+                // remember-me 将信息存入 cookie，如果用户拿到 cookie 里面的信息，则可以直接绕过登陆
+                // PersistentTokenRepository 记录 remember-me cookie 生成时的地址，防止攻击者使用用户 cookie 绕过登陆
+//                .tokenRepository(new JdbcTokenRepositoryImpl())
+//                .tokenValiditySeconds((int) TimeUnit.HOURS.toSeconds(16L))
+//                .and()
+
+                // fixme 注销
+//                .logout()
+//                .logoutUrl("/logout")
+//                .deleteCookies()
+//                .clearAuthentication(true)
+//                .invalidateHttpSession(true)
+//                .permitAll()
+//                .and()
+
                 //请求权限配置
+                // spring-security 按照从上往下顺序来匹配，一旦匹配成功则不在匹配
                 .authorizeRequests()
                     //放行endpoint
                     .requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll()
@@ -114,6 +152,7 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
                     .antMatchers("/ui/**").permitAll()
                     //放行options请求
                     .antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
+                    // todo 自定义请求拦截器
                     .anyRequest().authenticated()
                 .and()
 
@@ -122,7 +161,23 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
                     .accessDeniedHandler(customAccessDeniedHandler)
                 .and()
 
-                //禁用session
+                // session
+                .sessionManagement()
+                    // 不创建 session
+                    .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
+                    // 同一个用户最多有 1 个 session，可达成后面登陆会自动踢掉前面的登陆
+//                    .maximumSessions(1)
+                    // 在最多有 1 个 session 存在的限制下，默认的是后面登陆会自动踢掉前面的登陆
+                    // 如果要达成已经登陆后，后面无法登陆的效果，则通过如下配置即可
+                    // 加上这个限制后，需设置 HttpSessionEventPublisher 监听 session 时间，
+                    // 发布 session 的创建、销毁时间，触发 spring-security 内部的机制
+//                    .maxSessionsPreventsLogin(true)
+//                    .and()
+                    // session 固定攻击
+//                    .sessionFixation().migrateSession()
+                .and()
+
+                // u_token
                 .apply(tokenConfigurer)
         ;
         // @formatter:on

scaleph-api/src/main/java/cn/sliew/scaleph/api/controller/CommonController.java

@@ -18,13 +18,10 @@
 
 package cn.sliew.scaleph.api.controller;
 
-import cn.hutool.captcha.CaptchaUtil;
-import cn.hutool.captcha.LineCaptcha;
-import cn.hutool.core.util.RandomUtil;
 import cn.sliew.scaleph.api.annotation.AnonymousAccess;
 import cn.sliew.scaleph.api.annotation.Logging;
-import cn.sliew.scaleph.cache.util.RedisUtil;
-import cn.sliew.scaleph.common.constant.Constants;
+import cn.sliew.scaleph.security.service.SecAuthenticateService;
+import cn.sliew.scaleph.security.service.dto.SecCaptchaDTO;
 import cn.sliew.scaleph.system.snowflake.UidGenerator;
 import cn.sliew.scaleph.system.snowflake.exception.UidGenerateException;
 import io.swagger.v3.oas.annotations.Operation;
@@ -36,13 +33,6 @@
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.awt.*;
-import java.util.HashMap;
-import java.util.Map;
-import java.util.UUID;
-
 /**
  * @author gleiyu
  */
@@ -51,33 +41,20 @@
 @Tag(name = "公共模块")
 public class CommonController {
 
-    @Autowired
-    private RedisUtil redisUtil;
     @Autowired
     private UidGenerator defaultUidGenerator;
+    @Autowired
+    private SecAuthenticateService secAuthenticateService;
 
     /**
      * 生成验证码
-     *
-     * @param req  request
-     * @param resp response
      */
     @AnonymousAccess
     @Operation(summary = "查询验证码", description = "查询验证码信息")
     @GetMapping(path = {"/authCode"})
-    public ResponseEntity<Object> authCode(HttpServletRequest req, HttpServletResponse resp) {
-        LineCaptcha lineCaptcha =
-                CaptchaUtil.createLineCaptcha(150, 32, 5, RandomUtil.randomInt(6, 10));
-        Font font = new Font("Stencil", Font.BOLD + Font.ITALIC, 20);
-        lineCaptcha.setFont(font);
-        lineCaptcha.setBackground(new Color(246, 250, 254));
-        lineCaptcha.createCode();
-        String uuid = Constants.AUTH_CODE_KEY + UUID.randomUUID().toString();
-        redisUtil.set(uuid, lineCaptcha.getCode(), 10 * 60);
-        Map<String, Object> map = new HashMap<>(2);
-        map.put("uuid", uuid);
-        map.put("img", lineCaptcha.getImageBase64Data());
-        return new ResponseEntity<>(map, HttpStatus.OK);
+    public ResponseEntity<Object> authCode() {
+        SecCaptchaDTO captcha = secAuthenticateService.getCaptcha();
+        return new ResponseEntity<>(captcha, HttpStatus.OK);
     }
 
     @Logging