feat(backend): 接口数据脱敏 #8662

dbm-ui/backend/bk_web/middleware.py

@@ -26,7 +26,6 @@
 from backend import env
 from backend.bk_web.constants import (
     EXTERNAL_TICKET_TYPE_WHITELIST,
-    IP_RE,
     NON_EXTERNAL_PROXY_ROUTING,
     ROUTING_WHITELIST_PATTERNS,
 )
@@ -250,10 +249,6 @@ def __call__(self, request):
 
         return response
 
-    @staticmethod
-    def replace_ip(text):
-        return re.sub(IP_RE, "*.*.*.*", text)
-
 
 class JWTUserModelBackend(UserModelBackend):
     """dbm jwt用户认证后端"""

dbm-ui/backend/bk_web/viewsets.py

@@ -10,7 +10,6 @@
 """
 import copy
 import json
-import re
 from typing import Any, Dict, List, Optional, Tuple, Union
 
 from blueapps.account.decorators import login_exempt
@@ -22,7 +21,8 @@
 from rest_framework.viewsets import ModelViewSet, ReadOnlyModelViewSet
 
 from backend import env
-from backend.bk_web.constants import EXTERNAL_TICKET_TYPE_WHITELIST, IP_RE
+from backend.bk_web.constants import EXTERNAL_TICKET_TYPE_WHITELIST
+from backend.components import BKBaseApi
 from backend.components.dbconsole.client import DBConsoleApi
 from backend.iam_app.dataclass.actions import ActionEnum
 from backend.iam_app.handlers.drf_perm.base import RejectPermission
@@ -233,7 +233,7 @@ def after_response(self, request, response, *args, **kwargs):
         if request.path.startswith("/external/apis/") and response.headers.get("Content-Type").startswith(
             "application/json"
         ):
-            data = re.sub(IP_RE, "*.*.*.*", response.content.decode("utf-8"))
+            data = BKBaseApi.data_desensitization(response.content.decode("utf-8"))
             return Response(json.loads(data))
 
         # 按原样补充响应头

dbm-ui/backend/components/__init__.py

@@ -11,6 +11,7 @@
 
 from django.apps import AppConfig
 
+from .bkbase.client import BKBaseApi
 from .bklog.client import BKLogApi
 from .bkmonitorv3.client import BKMonitorV3Api
 from .cc.client import CCApi
@@ -44,6 +45,7 @@
     "DRSApi",
     "BKMonitorV3Api",
     "NameServiceApi",
+    "BKBaseApi",
 ]
 
 

dbm-ui/backend/components/bkbase/__init__.py

@@ -0,0 +1,10 @@
+# -*- coding: utf-8 -*-
+"""
+TencentBlueKing is pleased to support the open source community by making 蓝鲸智云-DB管理系统(BlueKing-BK-DBM) available.
+Copyright (C) 2017-2023 THL A29 Limited, a Tencent company. All rights reserved.
+Licensed under the MIT License (the "License"); you may not use this file except in compliance with the License.
+You may obtain a copy of the License at https://opensource.org/licenses/MIT
+Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
+an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
+specific language governing permissions and limitations under the License.
+"""

dbm-ui/backend/components/bkbase/client.py

@@ -0,0 +1,55 @@
+# -*- coding: utf-8 -*-
+"""
+TencentBlueKing is pleased to support the open source community by making 蓝鲸智云-DB管理系统(BlueKing-BK-DBM) available.
+Copyright (C) 2017-2023 THL A29 Limited, a Tencent company. All rights reserved.
+Licensed under the MIT License (the "License"); you may not use this file except in compliance with the License.
+You may obtain a copy of the License at https://opensource.org/licenses/MIT
+Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
+an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
+specific language governing permissions and limitations under the License.
+"""
+
+from django.utils.translation import ugettext_lazy as _
+
+from ... import env
+from ..base import BaseApi
+from ..domains import BKBASE_APIGW_DOMAIN
+
+
+class _BKBaseApi(BaseApi):
+    MODULE = _("基础计算平台")
+    BASE = BKBASE_APIGW_DOMAIN
+
+    def __init__(self):
+        self.sensitive_text_classification_normal = self.generate_data_api(
+            method="POST",
+            url="v3/aiops/serving/processing/sensitive_text_classification_normal/execute/",
+            description=_("敏感信息识别"),
+        )
+
+    def data_desensitization(self, text):
+        """
+        敏感信息识别，并把敏感信息转为*
+        """
+        detect_texts = self.sensitive_text_classification_normal(
+            {
+                "bkdata_authentication_method": "token",
+                "bkdata_data_token": env.BKDATA_DATA_TOKEN,
+                "data": {"inputs": [{"target_content": text}]},
+                "config": {
+                    # 心跳超时时间
+                    "timeout": 30,
+                    # 返回结果不包含输入文本
+                    "passthrough_input": False,
+                    "predict_args": {
+                        # 填入可选参数，也可不填入，保持为空即按默认配置检测
+                        "input_config": "1,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22",
+                        "is_masked": "yes",
+                    },
+                },
+            }
+        )
+        return detect_texts["data"]["data"][0]["output"][0]["masked_text"]
+
+
+BKBaseApi = _BKBaseApi()

dbm-ui/backend/components/domains.py

@@ -26,6 +26,8 @@
 ITSM_APIGW_DOMAIN = env.ITSM_APIGW_DOMAIN or ESB_DOMAIN_TPL.format("itsm")
 BKLOG_APIGW_DOMAIN = env.BKLOG_APIGW_DOMAIN or ESB_DOMAIN_TPL.format("bk_log")
 BKNODEMAN_APIGW_DOMAIN = env.BKNODEMAN_APIGW_DOMAIN or ESB_DOMAIN_TPL.format("nodeman")
+BKBASE_APIGW_DOMAIN = env.BKBASE_APIGW_DOMAIN or ESB_DOMAIN_TPL.format("bkbase")
+
 DBCONFIG_APIGW_DOMAIN = env.DBCONFIG_APIGW_DOMAIN or ESB_DOMAIN_TPL.format("dbconfig")
 DNS_APIGW_DOMAIN = env.DNS_APIGW_DOMAIN or ESB_DOMAIN_TPL.format("dbdns")
 MYSQL_PRIV_MANAGER_APIGW_DOMAIN = env.MYSQL_PRIV_MANAGER_APIGW_DOMAIN or ESB_DOMAIN_TPL.format("mysql_priv_manager")

dbm-ui/backend/env/__init__.py

@@ -165,6 +165,10 @@
 ASYMMETRIC_CIPHER_TYPE = get_type_env(key="ASYMMETRIC_CIPHER_TYPE", _type=str, default=AsymmetricCipherType.RSA.value)
 SYMMETRIC_CIPHER_TYPE = get_type_env(key="SYMMETRIC_CIPHER_TYPE", _type=str, default=SymmetricCipherType.AES.value)
 
+# 数据平台应用 token
+BKDATA_DATA_TOKEN = get_type_env(key="BKDATA_DATA_TOKEN", _type=str, default="")
+
+
 # gcs/scr平台
 GCS_SCR_OPERATOR = get_type_env(key="GCS_SCR_OPERATOR", _type=str, default="scr-system")
 

dbm-ui/backend/env/apigw_domains.py

@@ -23,6 +23,7 @@
 ITSM_APIGW_DOMAIN = get_type_env(key="ITSM_APIGW_DOMAIN", _type=str)
 BKLOG_APIGW_DOMAIN = get_type_env(key="BKLOG_APIGW_DOMAIN", _type=str)
 BKNODEMAN_APIGW_DOMAIN = get_type_env(key="BKNODEMAN_APIGW_DOMAIN", _type=str)
+BKBASE_APIGW_DOMAIN = get_type_env(key="BKBASE_APIGW_DOMAIN", _type=str)
 BKMONITORV3_APIGW_DOMAIN = get_type_env(key="BKMONITORV3_APIGW_DOMAIN", _type=str)
 
 DRS_APIGW_DOMAIN = get_type_env(key="DRS_APIGW_DOMAIN", _type=str)

dbm-ui/bin/build_frontend.sh

@@ -4,7 +4,7 @@ SCRIPT_DIR=`dirname $0`
 cd $SCRIPT_DIR && cd ../frontend || exit 1
 npm config set registry https://mirrors.tencent.com/npm/
 export NODE_OPTIONS="--max_old_space_size=8192"
-npm install . && npm run build
+yarn install && yarn build
 mkdir -p ../static/
 cp -rf dist/* ../static/
 cd ..

dbm-ui/frontend/src/types/auto-imports.d.ts

@@ -71,6 +71,6 @@ declare global {
 // for type re-export
 declare global {
   // @ts-ignore
-  export type { Component, ComponentPublicInstance, ComputedRef, ExtractDefaultPropTypes, ExtractPropTypes, ExtractPublicPropTypes, InjectionKey, PropType, Ref, VNode, WritableComputedRef } from 'vue'
+  export type { Component, ComponentPublicInstance, ComputedRef, DirectiveBinding, ExtractDefaultPropTypes, ExtractPropTypes, ExtractPublicPropTypes, InjectionKey, PropType, Ref, MaybeRef, MaybeRefOrGetter, VNode, WritableComputedRef } from 'vue'
   import('vue')
 }