public/dataease
1
0
Fork 0
mirror of https://github.com/dataease/dataease.git synced 2026-05-13 20:02:27 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix: 【漏洞】修复DataEase X-DE-TOKEN JWT 签名校验绕过

Browse Source
This commit is contained in:
tjlygdx
2026-05-13 17:45:02 +08:00
parent 3efda9d29c
commit 9587336b9a
1 changed files with 33 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
sdk/common/src/main/java/io/dataease/utils/TokenUtils.java
View File

@@ -1,15 +1,19 @@
package io.dataease.utils;
import com.auth0.jwt.JWTVerifier;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.JWT;
import com.auth0.jwt.interfaces.DecodedJWT;
import com.auth0.jwt.interfaces.Verification;
import io.dataease.auth.bo.TokenUserBO;
import io.dataease.auth.config.SubstituleLoginConfig;
import io.dataease.exception.DEException;
import org.apache.commons.lang3.ObjectUtils;
import org.apache.commons.lang3.StringUtils;
import org.springframework.util.ReflectionUtils;
public class TokenUtils {
public static TokenUserBO userBOByToken(String token) {
DecodedJWT jwt = JWT.decode(token);
Long userId = jwt.getClaim("uid").asLong();
@@ -28,7 +32,13 @@ public class TokenUtils {
if (StringUtils.length(token) < 100) {
DEException.throwException("token is invalid");
}
return userBOByToken(token);
Object apisixTokenManage = CommonBeanFactory.getBean("apisixTokenManage");
if (ObjectUtils.isNotEmpty(apisixTokenManage)) {
return validateByApisixTokenManage(apisixTokenManage, token);
}
TokenUserBO userBO = userBOByToken(token);
validateSubstituteToken(token, userBO);
return userBO;
}
@@ -48,4 +58,25 @@ public class TokenUtils {
}
return new TokenUserBO(userId, oid);
}
private static TokenUserBO validateByApisixTokenManage(Object apisixTokenManage, String token) {
Object tokenBO = ReflectionUtils.invokeMethod(ReflectionUtils.findMethod(apisixTokenManage.getClass(), "validate", String.class), apisixTokenManage, token);
if (ObjectUtils.isEmpty(tokenBO)) {
DEException.throwException("token is invalid");
}
Long userId = (Long) ReflectionUtils.invokeMethod(DeReflectUtil.findMethod(tokenBO.getClass(), "getUserId"), tokenBO);
Long defaultOid = (Long) ReflectionUtils.invokeMethod(DeReflectUtil.findMethod(tokenBO.getClass(), "getDefaultOid"), tokenBO);
return new TokenUserBO(userId, defaultOid);
}
private static void validateSubstituteToken(String token, TokenUserBO userBO) {
String secret = SubstituleLoginConfig.getTokenSecret();
if (StringUtils.isBlank(secret)) {
DEException.throwException("token is invalid");
}
Algorithm algorithm = Algorithm.HMAC256(secret);
Verification verification = JWT.require(algorithm).withClaim("uid", userBO.getUserId()).withClaim("oid", userBO.getDefaultOid());
JWTVerifier verifier = verification.build();
verifier.verify(token);
}
}