From d1256b9323be6161574f81d62442c4d8120fa29a Mon Sep 17 00:00:00 2001
From: richie <richie@fanruan.com>
Date: Tue, 15 Jan 2019 10:56:07 +0800
Subject: [PATCH] Initial Commit

---
 .gitignore                                    |   5 +
 build.xml                                     | 130 ++++++++++++++++++
 plugin.xml                                    |  23 ++++
 pom.xml                                       |  35 +++++
 .../function/RemoteEvalFunctionDefender.java  |  38 +++++
 .../function/RemoteEvalInitializeMonitor.java |  22 +++
 .../function/RemoteEvalLocaleFinder.java      |  15 ++
 .../function/conf/RemoteEvalConfig.java       |  70 ++++++++++
 .../function/holder/HolderFunction.java       |  29 ++++
 .../signature/SignatureGenerator.java         |  46 +++++++
 .../com/fr/security/function/ref.properties   |   6 +
 .../fr/security/function/ref_zh_CN.properties |   6 +
 12 files changed, 425 insertions(+)
 create mode 100644 .gitignore
 create mode 100644 build.xml
 create mode 100755 plugin.xml
 create mode 100644 pom.xml
 create mode 100644 src/main/java/com/fr/security/function/RemoteEvalFunctionDefender.java
 create mode 100644 src/main/java/com/fr/security/function/RemoteEvalInitializeMonitor.java
 create mode 100644 src/main/java/com/fr/security/function/RemoteEvalLocaleFinder.java
 create mode 100644 src/main/java/com/fr/security/function/conf/RemoteEvalConfig.java
 create mode 100644 src/main/java/com/fr/security/function/holder/HolderFunction.java
 create mode 100644 src/main/java/com/fr/security/function/signature/SignatureGenerator.java
 create mode 100644 src/main/resources/com/fr/security/function/ref.properties
 create mode 100644 src/main/resources/com/fr/security/function/ref_zh_CN.properties

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..3189420
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,5 @@
+*.iml
+.idea/
+.DS_Store
+.classpath
+lib/report/*
\ No newline at end of file
diff --git a/build.xml b/build.xml
new file mode 100644
index 0000000..c3fb472
--- /dev/null
+++ b/build.xml
@@ -0,0 +1,130 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<project basedir="." default="jar" name="plugin">
+    <!-- JDK路径，根据自己机器上实际位置修改-->
+    <property name="jdk.home" value="/Library/Java/JavaVirtualMachines/jdk1.8/Contents/Home"/>
+
+    <property name="libs" value="${basedir}/lib"/>
+    <property name="publicLibs" value=""/>
+    <property name="reportLibs" value="lib/report"/>
+    <property name="destLoc" value="."/>
+    <property name="classes" value="classes"/>
+    <xmlproperty file="${basedir}/plugin.xml"/>
+    <property name="current-version" value="${plugin.version}"/>
+
+    <!-- 插件版本-->
+    <property name="plugin-version" value="${current-version}"/>
+    <!-- 插件名字-->
+    <property name="plugin-name" value="function-defender"/>
+    <property name="plugin-jar" value="fr-plugin-${plugin-name}-${plugin-version}.jar"/>
+
+    <target name="prepare">
+        <delete dir="${classes}"/>
+        <delete dir="fr-plugin-${plugin-name}-${plugin-version}"/>
+        <xmlproperty file="${basedir}/plugin.xml"/>
+        <delete dir="${destLoc}/${plugin.name}"/>
+    </target>
+    <path id="compile.classpath">
+        <fileset dir="${libs}">
+            <include name="**/*.jar"/>
+        </fileset>
+        <fileset dir="${publicLibs}">
+            <include name="**/*.jar"/>
+        </fileset>
+        <fileset dir="${reportLibs}">
+            <include name="**/*.jar"/>
+        </fileset>
+    </path>
+    <patternset id="resources4Jar">
+        <exclude name="**/.settings/**"/>
+        <exclude name=".classpath"/>
+        <exclude name=".project"/>
+
+        <exclude name="**/*.java"/>
+        <exclude name="**/*.db"/>
+        <exclude name="**/*.g"/>
+        <exclude name="**/package.html"/>
+    </patternset>
+    <target name="copy_resources">
+        <echo message="从${resources_from}拷贝图片,JS,CSS等资源文件"/>
+        <delete dir="tmp"/>
+        <copy todir="tmp">
+            <fileset dir="${resources_from}/src/main/resources">
+                <patternset refid="resources4Jar"/>
+            </fileset>
+        </copy>
+        <copy todir="${classes}">
+            <fileset dir="tmp"/>
+        </copy>
+        <delete dir="tmp"/>
+    </target>
+    <target name="compile_javas">
+        <echo message="编译${compile_files}下的Java文件"/>
+        <javac destdir="${classes}" debug="false" optimize="on" source="${source_jdk_version}"
+               target="${target_jdk_version}"
+               fork="true" memoryMaximumSize="512m" listfiles="false" srcdir="${basedir}"
+               executable="${compile_jdk_version}/bin/javac">
+            <src path="${basedir}/src/main/java"/>
+            <exclude name="**/.svn/**"/>
+            <compilerarg line="-encoding UTF8 "/>
+            <classpath refid="compile.classpath"/>
+        </javac>
+        <taskdef name="pretreatment" classname="com.fr.plugin.pack.PluginPretreatmentTask">
+            <classpath refid="compile.classpath"/>
+        </taskdef>
+        <pretreatment baseDir="${basedir}"/>
+    </target>
+
+    <target name="jar_classes">
+        <echo message="打Jar包:${jar_name}"/>
+        <delete file="${basedir}/${jar_name}"/>
+        <jar jarfile="${basedir}/${jar_name}">
+            <fileset dir="${classes}">
+            </fileset>
+        </jar>
+    </target>
+
+    <target name="super_jar" depends="prepare">
+        <antcall target="copy_resources">
+            <param name="resources_from" value="${basedir}"/>
+        </antcall>
+        <antcall target="compile_javas">
+            <param name="source_jdk_version" value="1.6"/>
+            <param name="target_jdk_version" value="1.6"/>
+            <param name="compile_jdk_version" value="${jdk.home}"/>
+            <param name="compile_files" value="${basedir}/src"/>
+        </antcall>
+        <echo message="compile plugin success!"/>
+
+        <antcall target="jar_classes">
+            <param name="jar_name" value="${plugin-jar}"/>
+        </antcall>
+        <delete dir="${classes}"/>
+
+    </target>
+
+    <target name="jar" depends="super_jar">
+        <antcall target="zip"/>
+    </target>
+
+    <target name="zip">
+        <property name="plugin-folder" value="fr-plugin-${plugin-name}-${plugin-version}"/>
+        <echo message="----------zip files----------"/>
+        <mkdir dir="${plugin-folder}"/>
+        <copy todir="${plugin-folder}">
+            <fileset dir=".">
+                <include name="${plugin-jar}"/>
+                <include name="plugin.xml"/>
+            </fileset>
+            <fileset dir="${libs}">
+                <include name="*.jar"/>
+                <include name="*.dll"/>
+            </fileset>
+        </copy>
+        <zip destfile="${basedir}/${plugin-folder}.zip" basedir=".">
+            <include name="${plugin-folder}/*.jar"/>
+            <include name="${plugin-folder}/*.dll"/>
+            <include name="${plugin-folder}/plugin.xml"/>
+        </zip>
+        <move file="${plugin-folder}.zip" todir="${destLoc}/install"/>
+    </target>
+</project>
\ No newline at end of file
diff --git a/plugin.xml b/plugin.xml
new file mode 100755
index 0000000..1f12bdd
--- /dev/null
+++ b/plugin.xml
@@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<plugin>
+    <id>com.fr.security.function</id>
+    <main-package>com.fr.security.function</main-package>
+    <name><![CDATA[函数远程调用限制]]></name>
+    <active>yes</active>
+    <version>1.2</version>
+    <env-version>10.0</env-version>
+    <jartime>2019-01-11</jartime>
+    <vendor>richie</vendor>
+    <description><![CDATA[限制能够被远程调用的函数。]]></description>
+    <change-notes><![CDATA[
+        [2019-01-14]增加数字签名生成函数。<br/>
+        [2019-01-12]初始化插件。<br/>
+    ]]></change-notes>
+    <extra-core>
+        <LocaleFinder class="com.fr.security.function.RemoteEvalLocaleFinder"/>
+        <FunctionDefendProvider class="com.fr.security.function.RemoteEvalFunctionDefender"/>
+        <FunctionDefineProvider class="com.fr.security.function.signature.SignatureGenerator" name="SignatureGenerator" description="生成模板路径的数字签名"/>
+    </extra-core>
+    <function-recorder class="com.fr.security.function.RemoteEvalFunctionDefender"/>
+    <lifecycle-monitor class="com.fr.security.function.RemoteEvalInitializeMonitor"/>
+</plugin>
\ No newline at end of file
diff --git a/pom.xml b/pom.xml
new file mode 100644
index 0000000..9b11897
--- /dev/null
+++ b/pom.xml
@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+
+    <parent>
+        <groupId>com.fr.maven</groupId>
+        <artifactId>finereport-maven</artifactId>
+        <version>10.0</version>
+    </parent>
+    <packaging>jar</packaging>
+    <artifactId>demo-function-defender</artifactId>
+    <dependencies>
+        <dependency>
+            <groupId>com.fr.core</groupId>
+            <artifactId>fine-core-sdk</artifactId>
+            <version>10.0</version>
+        </dependency>
+    </dependencies>
+    <build>
+        <!---如果要更改调试插件，改这里的配置就可以了-->
+        <outputDirectory>${web-inf-path}/plugins/plugin-com.fr.security.function-1.0/classes</outputDirectory>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-compiler-plugin</artifactId>
+                <configuration>
+                    <source>6</source>
+                    <target>6</target>
+                </configuration>
+            </plugin>
+        </plugins>
+    </build>
+</project>
\ No newline at end of file
diff --git a/src/main/java/com/fr/security/function/RemoteEvalFunctionDefender.java b/src/main/java/com/fr/security/function/RemoteEvalFunctionDefender.java
new file mode 100644
index 0000000..320782e
--- /dev/null
+++ b/src/main/java/com/fr/security/function/RemoteEvalFunctionDefender.java
@@ -0,0 +1,38 @@
+package com.fr.security.function;
+
+import com.fr.intelli.record.Focus;
+import com.fr.record.analyzer.EnableMetrics;
+import com.fr.security.function.conf.RemoteEvalConfig;
+import com.fr.security.function.holder.HolderFunction;
+import com.fr.stable.fun.impl.AbstractFunctionDefendProvider;
+import com.fr.stable.script.CalculatorProvider;
+import com.fr.stable.script.Function;
+
+import java.lang.annotation.Annotation;
+
+/**
+ * @author richie
+ * @version 10.0
+ * Created by richie on 2019-01-12
+ */
+@EnableMetrics
+public class RemoteEvalFunctionDefender extends AbstractFunctionDefendProvider {
+
+    @Override
+    @Focus(id = "com.fr.security.function", text = "defender")
+    public Function replacer(CalculatorProvider calculator, Class clazz) {
+        return HolderFunction.ONE;
+    }
+
+    @Override
+    public boolean match(CalculatorProvider calculator, Class clazz) {
+        if (RemoteEvalConfig.getInstance().isEnable()) {
+            Boolean mark = calculator.getAttribute(RestrictScriptKey.KEY);
+            if (mark != null && mark) {
+                Annotation restrict = clazz.getAnnotation(RestrictScript.class);
+                return restrict != null;
+            }
+        }
+        return false;
+    }
+}
diff --git a/src/main/java/com/fr/security/function/RemoteEvalInitializeMonitor.java b/src/main/java/com/fr/security/function/RemoteEvalInitializeMonitor.java
new file mode 100644
index 0000000..0bdb115
--- /dev/null
+++ b/src/main/java/com/fr/security/function/RemoteEvalInitializeMonitor.java
@@ -0,0 +1,22 @@
+package com.fr.security.function;
+
+import com.fr.plugin.context.PluginContext;
+import com.fr.plugin.observer.inner.AbstractPluginLifecycleMonitor;
+import com.fr.security.function.conf.RemoteEvalConfig;
+
+/**
+ * @author richie
+ * @version 10.0
+ * Created by richie on 2019-01-12
+ */
+public class RemoteEvalInitializeMonitor extends AbstractPluginLifecycleMonitor {
+    @Override
+    public void afterRun(PluginContext context) {
+        RemoteEvalConfig.getInstance();
+    }
+
+    @Override
+    public void beforeStop(PluginContext context) {
+
+    }
+}
diff --git a/src/main/java/com/fr/security/function/RemoteEvalLocaleFinder.java b/src/main/java/com/fr/security/function/RemoteEvalLocaleFinder.java
new file mode 100644
index 0000000..9cba375
--- /dev/null
+++ b/src/main/java/com/fr/security/function/RemoteEvalLocaleFinder.java
@@ -0,0 +1,15 @@
+package com.fr.security.function;
+
+import com.fr.stable.fun.impl.AbstractLocaleFinder;
+
+/**
+ * @author richie
+ * @version 10.0
+ * Created by richie on 2019-01-12
+ */
+public class RemoteEvalLocaleFinder extends AbstractLocaleFinder {
+    @Override
+    public String find() {
+        return "com/fr/security/function/ref";
+    }
+}
diff --git a/src/main/java/com/fr/security/function/conf/RemoteEvalConfig.java b/src/main/java/com/fr/security/function/conf/RemoteEvalConfig.java
new file mode 100644
index 0000000..c65e378
--- /dev/null
+++ b/src/main/java/com/fr/security/function/conf/RemoteEvalConfig.java
@@ -0,0 +1,70 @@
+package com.fr.security.function.conf;
+
+import com.fr.config.ConfigContext;
+import com.fr.config.DefaultConfiguration;
+import com.fr.config.Identifier;
+import com.fr.config.Status;
+import com.fr.config.Visualization;
+import com.fr.config.holder.Conf;
+import com.fr.config.holder.factory.Holders;
+import com.fr.stable.StringUtils;
+
+/**
+ * @author richie
+ * @version 10.0
+ * Created by richie on 2019-01-12
+ */
+@Visualization(category = "Plugin-Security")
+public class RemoteEvalConfig extends DefaultConfiguration {
+
+    private static volatile RemoteEvalConfig config = null;
+
+    public static RemoteEvalConfig getInstance() {
+        if (config == null) {
+            config = ConfigContext.getConfigInstance(RemoteEvalConfig.class);
+        }
+        return config;
+    }
+
+    @Identifier(value = "enable", name = "Plugin-Remote_Eval_Restrict", description = "Plugin-Remote_Eval_Restrict_Description", status = Status.SHOW)
+    private Conf<Boolean> enable = Holders.simple(true);
+
+    @Identifier(value = "text", name = "Plugin-Remote_Eval_Restrict_Text", description = "Plugin-Remote_Eval_Restrict_Text_Description", status = Status.SHOW)
+    private Conf<String> text = Holders.simple(StringUtils.EMPTY);
+
+    @Identifier(value = "signatureText", name = "Plugin-Remote_Signature_Key", description = "Plugin-Remote_Signature_Key", status = Status.SHOW)
+    private Conf<String> signatureText = Holders.simple(StringUtils.EMPTY);
+
+    public boolean isEnable() {
+        return enable.get();
+    }
+
+    public void setEnable(boolean enable) {
+        this.enable.set(enable);
+    }
+
+    public String getText() {
+        return text.get();
+    }
+
+    public void setText(String text) {
+        this.text.set(text);
+    }
+
+    public String getSignatureText() {
+        return signatureText.get();
+    }
+
+    public void setSignatureText(String signatureText) {
+        this.signatureText.set(signatureText);
+    }
+
+    @Override
+    public Object clone() throws CloneNotSupportedException {
+        RemoteEvalConfig cloned = (RemoteEvalConfig) super.clone();
+        cloned.enable = (Conf<Boolean>) enable.clone();
+        cloned.text = (Conf<String>) text.clone();
+        cloned.signatureText = (Conf<String>) signatureText.clone();
+        return cloned;
+    }
+}
diff --git a/src/main/java/com/fr/security/function/holder/HolderFunction.java b/src/main/java/com/fr/security/function/holder/HolderFunction.java
new file mode 100644
index 0000000..03e14a9
--- /dev/null
+++ b/src/main/java/com/fr/security/function/holder/HolderFunction.java
@@ -0,0 +1,29 @@
+package com.fr.security.function.holder;
+
+import com.fr.script.AbstractFunction;
+import com.fr.security.function.conf.RemoteEvalConfig;
+import com.fr.stable.StringUtils;
+
+/**
+ * @author richie
+ * @version 10.0
+ * Created by richie on 2019-01-12
+ */
+public class HolderFunction extends AbstractFunction {
+
+    public static final HolderFunction ONE = new HolderFunction();
+
+    private HolderFunction() {
+
+    }
+
+    @Override
+    public Object run(Object[] args) {
+        String text = RemoteEvalConfig.getInstance().getText();
+        if (StringUtils.isBlank(text)) {
+            throw new IllegalStateException("FR.remoteEvaluate cannot call this formula because of safety.");
+        } else {
+            return text;
+        }
+    }
+}
diff --git a/src/main/java/com/fr/security/function/signature/SignatureGenerator.java b/src/main/java/com/fr/security/function/signature/SignatureGenerator.java
new file mode 100644
index 0000000..fd79e3e
--- /dev/null
+++ b/src/main/java/com/fr/security/function/signature/SignatureGenerator.java
@@ -0,0 +1,46 @@
+package com.fr.security.function.signature;
+
+import com.fr.cert.token.JwtBuilder;
+import com.fr.cert.token.Jwts;
+import com.fr.cert.token.SignatureAlgorithm;
+import com.fr.general.GeneralUtils;
+import com.fr.script.AbstractFunction;
+import com.fr.security.function.conf.RemoteEvalConfig;
+import com.fr.stable.ArrayUtils;
+import com.fr.stable.Primitive;
+
+import java.util.Date;
+
+/**
+ * @author richie
+ * @version 10.0
+ * Created by richie on 2019-01-14
+ */
+public class SignatureGenerator extends AbstractFunction {
+
+    private static final long VALIDATE_TIME = 10 * 60 * 1000;
+    @Override
+    public Object run(Object[] args) {
+        if (ArrayUtils.isEmpty(args)) {
+            return Primitive.NULL;
+        }
+        return createJwt(GeneralUtils.objectToString(args[0]),  RemoteEvalConfig.getInstance().getSignatureText());
+    }
+
+    private String createJwt(String subject, String key) {
+        SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.HS256;
+        Date currentTime = new Date();
+        Date expirationTime = new Date(currentTime.getTime() + VALIDATE_TIME);
+        JwtBuilder builder = Jwts.builder()
+                .setSubject(subject)
+                .setIssuedAt(currentTime)
+                .setExpiration(expirationTime)
+                .signWith(signatureAlgorithm, key);
+        return builder.compact();
+    }
+
+    public static void main(String... args) {
+        SignatureGenerator generator = new SignatureGenerator();
+        System.out.println(generator.createJwt("/习题9.cpt", "GhzUsb4fmGwmSk57d3uBZ9jVFCRgZ9CVMT3WoomMHi4="));
+    }
+}
diff --git a/src/main/resources/com/fr/security/function/ref.properties b/src/main/resources/com/fr/security/function/ref.properties
new file mode 100644
index 0000000..98f2276
--- /dev/null
+++ b/src/main/resources/com/fr/security/function/ref.properties
@@ -0,0 +1,6 @@
+Plugin-Remote_Eval_Restrict=Remote Eval Enable
+Plugin-Remote_Eval_Restrict_Description=Allow Remote Function Eval
+Plugin-Security=Security
+Plugin-Remote_Eval_Restrict_Text=Return Error Text
+Plugin-Remote_Eval_Restrict_Text_Description=Replace the real formula
+Plugin-Remote_Signature_Key=Signature Key
\ No newline at end of file
diff --git a/src/main/resources/com/fr/security/function/ref_zh_CN.properties b/src/main/resources/com/fr/security/function/ref_zh_CN.properties
new file mode 100644
index 0000000..be86e0f
--- /dev/null
+++ b/src/main/resources/com/fr/security/function/ref_zh_CN.properties
@@ -0,0 +1,6 @@
+Plugin-Remote_Eval_Restrict=\u542F\u7528\u811A\u672C\u4E2D\u516C\u5F0F\u8C03\u7528\u9650\u5236
+Plugin-Remote_Eval_Restrict_Description=\u4E0D\u5141\u8BB8\u5728\u811A\u672C\u51FD\u6570\u4E2D\u8C03\u7528\u6570\u636E\u5E93\u76F8\u5173\u7684\u51FD\u6570
+Plugin-Security=\u5B89\u5168
+Plugin-Remote_Eval_Restrict_Text=\u51FD\u6570\u8FD4\u56DE\u503C
+Plugin-Remote_Eval_Restrict_Text_Description=\u66FF\u6362\u6B63\u786E\u7684\u516C\u5F0F\u6267\u884C\u540E\u7684\u8FD4\u56DE\u503C
+Plugin-Remote_Signature_Key=\u6570\u5B57\u7B7E\u540D\u79D8\u94A5
\ No newline at end of file