避免FE日志打印URL打印明文token，修改GET请求为POST。

Signed-off-by: [email protected] Signed-off-by: xyllq999 <[email protected]>
StarRocks · Oct 31, 2024 · b90ac07 · b90ac07
1 parent 7f6af6a
commit b90ac07
Show file tree

Hide file tree

Showing 4 changed files with 56 additions and 22 deletions.
diff --git a/fe/fe-core/src/main/java/com/starrocks/common/util/Util.java b/fe/fe-core/src/main/java/com/starrocks/common/util/Util.java
@@ -47,11 +47,8 @@
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
 
-import java.io.BufferedReader;
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.InputStreamReader;
+import java.io.*;
+import java.net.HttpURLConnection;
 import java.net.URI;
 import java.net.URL;
 import java.net.URLConnection;
@@ -318,9 +315,10 @@ public static int generateSchemaHash() {
     //      Base64.encodeBase64String("user:passwd".getBytes());
     // If no auth info, pass a null.
     public static String getResultForUrl(String urlStr, String encodedAuthInfo, int connectTimeoutMs,
-                                         int readTimeoutMs) {
+                                         int readTimeoutMs, String postData) {
         StringBuilder sb = new StringBuilder();
         InputStream stream = null;
+        OutputStream outputStream = null;
         try {
             URL url = new URL(urlStr);
             URLConnection conn = url.openConnection();
@@ -330,7 +328,17 @@ public static String getResultForUrl(String urlStr, String encodedAuthInfo, int
             conn.setConnectTimeout(connectTimeoutMs);
             conn.setReadTimeout(readTimeoutMs);
 
-            stream = (InputStream) conn.getContent();
+            ((HttpURLConnection) conn).setRequestMethod("POST");
+            conn.setDoOutput(true);
+            conn.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
+
+            if (postData != null && !postData.isEmpty()) {
+                outputStream = conn.getOutputStream();
+                outputStream.write(postData.getBytes(StandardCharsets.UTF_8));
+                outputStream.flush();
+            }
+
+            stream = conn.getInputStream();
             BufferedReader br = new BufferedReader(new InputStreamReader(stream));
 
             String line;
@@ -341,12 +349,15 @@ public static String getResultForUrl(String urlStr, String encodedAuthInfo, int
             LOG.warn("failed to get result from url: {}. {}", urlStr, e.getMessage());
             return null;
         } finally {
-            if (stream != null) {
-                try {
+            try {
+                if (stream != null) {
                     stream.close();
-                } catch (IOException e) {
-                    LOG.warn("failed to close stream when get result from url: {}", urlStr, e);
                 }
+                if (outputStream != null) {
+                    outputStream.close();
+                }
+            } catch (IOException e) {
+                LOG.warn("failed to close stream when get result from url: {}", urlStr, e);
             }
         }
         LOG.debug("get result from url {}: {}", urlStr, sb.toString());

diff --git a/fe/fe-core/src/main/java/com/starrocks/http/BaseRequest.java b/fe/fe-core/src/main/java/com/starrocks/http/BaseRequest.java
@@ -44,6 +44,7 @@
 import io.netty.handler.codec.http.QueryStringDecoder;
 import io.netty.handler.codec.http.cookie.ClientCookieDecoder;
 import io.netty.handler.codec.http.cookie.Cookie;
+import io.netty.util.ReferenceCountUtil;
 
 import java.net.InetSocketAddress;
 import java.nio.charset.StandardCharsets;
@@ -58,6 +59,7 @@ public class BaseRequest {
 
     private boolean isAuthorized = false;
     private QueryStringDecoder decoder;
+    private Map<String, List<String>> cachedPostParams = null;
 
     public BaseRequest(ChannelHandlerContext ctx, HttpRequest request, HttpConnectContext connectContext) {
         this.context = ctx;
@@ -119,14 +121,34 @@ public String getCookieValue(String cookieName) {
     // get a single parameter.
     // return null if key is not exist; return the first value if key is an array
     public String getSingleParameter(String key) {
-        String uri = request.uri();
-        if (decoder == null) {
-            decoder = new QueryStringDecoder(uri);
-        }
+        if ("POST".equalsIgnoreCase(request.method().name())) {
+            if (cachedPostParams == null) {
+                String content = null;
+                try {
+                    content = getContent();
+                    cachedPostParams = new QueryStringDecoder("?" + content, false).parameters();
+                } catch (DdlException e) {
+                    return null;
+                } finally {
+                    if (request instanceof FullHttpRequest) {
+                        ReferenceCountUtil.safeRelease(request);
+                    }
+                }
+            }
+            List<String> values = cachedPostParams.get(key);
+            if (values != null && !values.isEmpty()) {
+                return values.get(0);
+            }
+        } else if ("GET".equalsIgnoreCase(request.method().name())) {
+            String uri = request.uri();
+            if (decoder == null) {
+                decoder = new QueryStringDecoder(uri);
+            }
 
-        List<String> values = decoder.parameters().get(key);
-        if (values != null && !values.isEmpty()) {
-            return values.get(0);
+            List<String> values = decoder.parameters().get(key);
+            if (values != null && !values.isEmpty()) {
+                return values.get(0);
+            }
         }
 
         return params.get(key);

diff --git a/fe/fe-core/src/main/java/com/starrocks/http/rest/BootstrapFinishAction.java b/fe/fe-core/src/main/java/com/starrocks/http/rest/BootstrapFinishAction.java
@@ -71,7 +71,7 @@ public BootstrapFinishAction(ActionController controller) {
     }
 
     public static void registerAction(ActionController controller) throws IllegalArgException {
-        controller.registerHandler(HttpMethod.GET, "/api/bootstrap", new BootstrapFinishAction(controller));
+        controller.registerHandler(HttpMethod.POST, "/api/bootstrap", new BootstrapFinishAction(controller));
     }
 
     @Override

diff --git a/fe/fe-core/src/main/java/com/starrocks/system/HeartbeatMgr.java b/fe/fe-core/src/main/java/com/starrocks/system/HeartbeatMgr.java
@@ -367,11 +367,12 @@ public HeartbeatResponse call() {
             }
 
             String accessibleHostPort = NetUtils.getHostPortInAccessibleFormat(fe.getHost(), Config.http_port);
-            String url = "http://" + accessibleHostPort
-                    + "/api/bootstrap?cluster_id=" + clusterId + "&token=" + token;
+            String url = "http://" + accessibleHostPort + "/api/bootstrap";
+            String postData = "cluster_id=" + clusterId + "&token=" + token;
             try {
                 String result = Util.getResultForUrl(url, null,
-                        Config.heartbeat_timeout_second * 1000, Config.heartbeat_timeout_second * 1000);
+                        Config.heartbeat_timeout_second * 1000,
+                        Config.heartbeat_timeout_second * 1000, postData);
                 /*
                  * return:
                  * {"replayedJournalId":191224,"queryPort":9131,"rpcPort":9121,"status":"OK","msg":"Success"}