fix: 添加任务结果上传接口的认证拦截逻辑

chrisis58 · chrisis58 · commit e68f1ff4e2bd · 2025-12-13T16:09:08.000+08:00
diff --git a/win-diag-doctor-app/src/main/java/cn/teacy/wdd/config/GeneralConfig.java b/win-diag-doctor-app/src/main/java/cn/teacy/wdd/config/GeneralConfig.java
@@ -2,6 +2,7 @@
 
 import cn.teacy.wdd.common.interfaces.TaskIdGenerator;
 import cn.teacy.wdd.config.interceptor.ProbeContextInterceptor;
+import cn.teacy.wdd.config.interceptor.TaskResultAuthInterceptor;
 import cn.teacy.wdd.protocol.WsMessageMapper;
 import cn.teacy.wdd.protocol.WsProtocolHandlerRegistry;
 import cn.teacy.wdd.support.ProbeContext;
@@ -53,6 +54,9 @@ public void addInterceptors(@NonNull InterceptorRegistry registry) {
         registry.addInterceptor(new ProbeContextInterceptor(probeContext))
                 .addPathPatterns("/chatui/index.html")
                 .addPathPatterns("/run_sse");
+
+        registry.addInterceptor(new TaskResultAuthInterceptor())
+                .addPathPatterns("/task_result/**");
     }
 
     @Bean
diff --git a/win-diag-doctor-app/src/main/java/cn/teacy/wdd/config/interceptor/ProbeContextInterceptor.java b/win-diag-doctor-app/src/main/java/cn/teacy/wdd/config/interceptor/ProbeContextInterceptor.java
@@ -9,6 +9,8 @@
 import org.springframework.web.servlet.HandlerInterceptor;
 import org.springframework.web.util.UriComponentsBuilder;
 
+import static cn.teacy.wdd.common.constants.ProbeConstants.PROBE_ID_HEADER;
+
 @Slf4j
 @RequiredArgsConstructor
 public class ProbeContextInterceptor implements HandlerInterceptor {
@@ -23,7 +25,7 @@ public boolean preHandle(@NonNull HttpServletRequest request, @NonNull HttpServl
 
         // 尝试从 Header 获取
         if (probeId == null || probeId.isBlank()) {
-            probeId = request.getHeader("X-Probe-ID");
+            probeId = request.getHeader(PROBE_ID_HEADER);
         }
 
         // 从 Referer 获取
diff --git a/win-diag-doctor-app/src/main/java/cn/teacy/wdd/config/interceptor/TaskResultAuthInterceptor.java b/win-diag-doctor-app/src/main/java/cn/teacy/wdd/config/interceptor/TaskResultAuthInterceptor.java
@@ -0,0 +1,39 @@
+package cn.teacy.wdd.config.interceptor;
+
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.codec.digest.DigestUtils;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.lang.NonNull;
+import org.springframework.web.servlet.HandlerInterceptor;
+
+import java.util.Objects;
+
+import static cn.teacy.wdd.common.constants.ProbeConstants.PROBE_ID_HEADER;
+
+@Slf4j
+public class TaskResultAuthInterceptor implements HandlerInterceptor {
+
+    @Value("${wdd.probe.connect-key}")
+    private String probeConnectKey;
+
+    @Override
+    public boolean preHandle(@NonNull HttpServletRequest request, @NonNull HttpServletResponse response, @NonNull Object handler) {
+
+        String probeId = request.getHeader(PROBE_ID_HEADER);
+
+        String authHeader = request.getHeader("Authorization");
+
+        log.debug("Authenticating task result callback: probeId={}, Authorization={}", probeId, authHeader);
+
+        if (Objects.nonNull(authHeader) && authHeader.equals("Bearer " + DigestUtils.md5Hex(probeConnectKey + probeId))) {
+            return true;
+        } else  {
+            response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+            log.warn("Unauthorized access attempt for probeId={}", probeId);
+            return false;
+        }
+    }
+
+}
diff --git a/win-diag-doctor-common/src/main/java/cn/teacy/wdd/common/constants/ProbeConstants.java b/win-diag-doctor-common/src/main/java/cn/teacy/wdd/common/constants/ProbeConstants.java
@@ -2,6 +2,8 @@
 
 public interface ProbeConstants {
 
+    String PROBE_ID_HEADER = "X-Probe-Id";
+
     /**
      * 探针配置文件名称
      */
diff --git a/win-diag-doctor-probe/src/main/java/cn/teacy/wdd/probe/shipper/HttpProbeShipper.java b/win-diag-doctor-probe/src/main/java/cn/teacy/wdd/probe/shipper/HttpProbeShipper.java
@@ -16,6 +16,8 @@
 import java.net.http.HttpResponse;
 import java.time.Duration;
 
+import static cn.teacy.wdd.common.constants.ProbeConstants.PROBE_ID_HEADER;
+
 @Slf4j
 @Component
 @RequiredArgsConstructor
@@ -33,6 +35,8 @@ public <T> boolean ship(ExecutionResultEndpoint endpoint, TaskExecutionResult<T>
                     .timeout(Duration.ofMinutes(2))
                     .header("Content-Type", "application/json")
                     .header("Accept", "application/json")
+                    .header(PROBE_ID_HEADER, properties.getProbeId())
+                    .header("Authorization", "Bearer " + properties.getProbeSecret())
                     .POST(HttpRequest.BodyPublishers.ofString(objectMapper.writeValueAsString(
                             result
                     ))).build();
