From 8995209a159a0aeed3175a481efe34092258c63b Mon Sep 17 00:00:00 2001 From: "Captain.B" Date: Tue, 23 Mar 2021 09:49:10 +0800 Subject: [PATCH 1/3] chore: sync --- frontend/src/business/components/xpack | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/frontend/src/business/components/xpack b/frontend/src/business/components/xpack index f63ebb68eb..3571feccf7 160000 --- a/frontend/src/business/components/xpack +++ b/frontend/src/business/components/xpack @@ -1 +1 @@ -Subproject commit f63ebb68ebad78de42fd711f17e2671e34577a86 +Subproject commit 3571feccf7c2bc68e4b619f6c367ac47d37c6723 From 42023ee85a4e4327c37273acd0fc3396d2887054 Mon Sep 17 00:00:00 2001 From: chenjianxing Date: Tue, 23 Mar 2021 10:12:08 +0800 Subject: [PATCH 2/3] =?UTF-8?q?refactor:=20swagger2.0=20=E5=A2=9E=E5=8A=A0?= =?UTF-8?q?base-url?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../metersphere/api/dto/definition/parse/Swagger2Parser.java | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/backend/src/main/java/io/metersphere/api/dto/definition/parse/Swagger2Parser.java b/backend/src/main/java/io/metersphere/api/dto/definition/parse/Swagger2Parser.java index 3b05aefa87..c51b92ac47 100644 --- a/backend/src/main/java/io/metersphere/api/dto/definition/parse/Swagger2Parser.java +++ b/backend/src/main/java/io/metersphere/api/dto/definition/parse/Swagger2Parser.java @@ -58,6 +58,7 @@ public class Swagger2Parser extends SwaggerAbstractParser { ApiModule parentNode = ApiDefinitionImportUtil.getSelectModule(importRequest.getModuleId()); + String basePath = swagger.getBasePath(); for (String pathName : pathNames) { Path path = paths.get(pathName); Map operationMap = path.getOperationMap(); @@ -68,6 +69,10 @@ public class Swagger2Parser extends SwaggerAbstractParser { ApiDefinitionWithBLOBs apiDefinition = buildApiDefinition(request.getId(), operation, pathName, method.name(),importRequest); parseParameters(operation, request); addBodyHeader(request); + if (StringUtils.isNotBlank(basePath)) { + apiDefinition.setPath(basePath + apiDefinition.getPath()); + request.setPath(basePath + request.getPath()); + } apiDefinition.setRequest(JSON.toJSONString(request)); apiDefinition.setResponse(JSON.toJSONString(parseResponse(operation, operation.getResponses()))); buildModule(parentNode, apiDefinition, operation.getTags()); From 3c05d1c4860343764cb6af3e7ce7ff2704d13c85 Mon Sep 17 00:00:00 2001 From: "Captain.B" Date: Tue, 23 Mar 2021 10:12:19 +0800 Subject: [PATCH 3/3] =?UTF-8?q?fix:=20=E4=BF=AE=E5=A4=8DCSRF-TOKEN?= =?UTF-8?q?=E8=BF=87=E6=9C=9F=E6=97=B6=E6=B2=A1=E6=9C=89=E8=B7=B3=E8=BD=AC?= =?UTF-8?q?=E5=88=B0=E7=99=BB=E5=BD=95=E9=A1=B5=E7=9A=84=E9=97=AE=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../src/main/java/io/metersphere/security/CsrfFilter.java | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/backend/src/main/java/io/metersphere/security/CsrfFilter.java b/backend/src/main/java/io/metersphere/security/CsrfFilter.java index 32f6bc9ae0..66ef15689e 100644 --- a/backend/src/main/java/io/metersphere/security/CsrfFilter.java +++ b/backend/src/main/java/io/metersphere/security/CsrfFilter.java @@ -42,7 +42,12 @@ public class CsrfFilter extends AnonymousFilter { // 请求头取出的token value String csrfToken = httpServletRequest.getHeader(TOKEN_NAME); // 校验 token - validateToken(csrfToken); + try { + validateToken(csrfToken); + } catch (ExpiredCredentialsException e) { + ((HttpServletResponse) response).setHeader("Authentication-Status", "invalid"); + return true; + } // 校验 referer validateReferer(httpServletRequest); return true;