From 830537e0363495381c9fb2f4e532264ccfb1c6e4 Mon Sep 17 00:00:00 2001
From: levy <levy@fanruan.com>
Date: Mon, 27 Feb 2023 14:30:28 +0800
Subject: [PATCH] =?UTF-8?q?REPORT-89007=20websocket=20url=20=E6=98=8E?=
 =?UTF-8?q?=E6=96=87=E4=BC=A0=E8=BE=93token=20-=E6=8A=A5=E8=A1=A8?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../design/mainframe/socketio/AbstractSocketConfig.java  | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/designer-realize/src/main/java/com/fr/design/mainframe/socketio/AbstractSocketConfig.java b/designer-realize/src/main/java/com/fr/design/mainframe/socketio/AbstractSocketConfig.java
index 2f86907763..b087ed0b7a 100644
--- a/designer-realize/src/main/java/com/fr/design/mainframe/socketio/AbstractSocketConfig.java
+++ b/designer-realize/src/main/java/com/fr/design/mainframe/socketio/AbstractSocketConfig.java
@@ -1,6 +1,5 @@
 package com.fr.design.mainframe.socketio;
 
-import com.fr.decision.webservice.utils.DecisionServiceConstants;
 import com.fr.general.ComparatorUtils;
 import com.fr.log.FineLoggerFactory;
 import com.fr.report.RemoteDesignConstants;
@@ -14,6 +13,7 @@ import com.fr.workspace.Workspace;
 import com.fr.workspace.base.WorkspaceConstants;
 import com.fr.workspace.connect.WorkspaceConnection;
 import com.fr.workspace.connect.WorkspaceConnectionInfo;
+import com.fr.workspace.server.socket.SocketVerifierOperator;
 import io.socket.client.IO;
 import io.socket.engineio.client.transports.Polling;
 import io.socket.engineio.client.transports.WebSocket;
@@ -83,14 +83,17 @@ public abstract class AbstractSocketConfig {
         WorkspaceConnection connection = current.getConnection();
         currentProtocol = getCurrentProtocolFromUrl(url);
         String[] result = new String[ports.length];
+        // REPORT-89007: websocket 避免url明文传输token。兼容旧版本服务器：旧版传递token，新版传递加密后的wsid
+        String verifierPrefix = WorkContext.getCurrent().get(SocketVerifierOperator.class).getVerifierPrefix();
+        String verifierCode = WorkContext.getCurrent().get(SocketVerifierOperator.class).getVerifierCode(connection.getToken());
         for (int i = 0; i < ports.length; i++) {
             result[i] = String.format("%s://%s:%s%s?%s=%s&%s=%s",
                                       currentProtocol,
                                       url.getHost(),
                                       ports[i],
                                       WorkspaceConstants.WS_NAMESPACE,
-                                      DecisionServiceConstants.WEB_SOCKET_TOKEN_NAME,
-                                      connection.getToken(),
+                                      verifierPrefix,
+                                      verifierCode,
                                       RemoteDesignConstants.USER_LOCK_ID,
                                       connection.getId());
         }