perf: Embed Parameter Optimization

Author: fit2cloud-chenyw

backend/apps/system/api/assistant.py

@@ -38,6 +38,23 @@ async def info(request: Request, response: Response, session: SessionDep, trans:
         raise RuntimeError(trans('i18n_embedded.invalid_origin', origin = origin or ''))
     return db_model
 
+@router.get("/app/{appId}") 
+async def getApp(request: Request, response: Response, session: SessionDep, trans: Trans, appId: str) -> AssistantModel:
+    if not appId:
+        raise Exception('miss assistant appId')
+    db_model = session.exec(select(AssistantModel).where(AssistantModel.app_id == appId)).first()
+    if not db_model:
+        raise RuntimeError(f"assistant application not exist")
+    db_model = AssistantModel.model_validate(db_model)
+    response.headers["Access-Control-Allow-Origin"] = db_model.domain
+    origin = request.headers.get("origin") or get_origin_from_referer(request)
+    if not origin:
+        raise RuntimeError(trans('i18n_embedded.invalid_origin', origin = origin or ''))
+    origin = origin.rstrip('/')
+    if origin != db_model.domain:
+        raise RuntimeError(trans('i18n_embedded.invalid_origin', origin = origin or ''))
+    return db_model
+
 @router.get("/validator", response_model=AssistantValidator) 
 async def validator(session: SessionDep, id: int, virtual: Optional[int] = Query(None)):
     if not id:

backend/apps/system/middleware/auth.py

@@ -1,4 +1,5 @@
 
+import base64
 from typing import Optional
 from fastapi import Request
 from fastapi.responses import JSONResponse
@@ -127,11 +128,12 @@ async def validateEmbedded(self, param: str, trans: I18n) -> tuple[any]:
                 options={"verify_signature": False, "verify_exp": False},
                 algorithms=[security.ALGORITHM]
             )
-            if not payload['embeddedId']:
-                return False, f"Miss embeddedId payload error!"
+            app_key = payload.get('appId', '')
+            embeddedId = payload.get('embeddedId', None)
+            if not embeddedId:
+                embeddedId = xor_decrypt(app_key)
             if not payload['account']:
                 return False, f"Miss account payload error!"
-            embeddedId = payload['embeddedId']
             account = payload['account']
             with Session(engine) as session:
                 """ session_user = await get_user_info(session = session, user_id = token_data.id)
@@ -156,4 +158,10 @@ async def validateEmbedded(self, param: str, trans: I18n) -> tuple[any]:
         except Exception as e:
             SQLBotLogUtil.exception(f"Embedded validation error: {str(e)}")
             # Return False and the exception message
-            return False, e
+            return False, e
+    
+def xor_decrypt(encrypted_str: str, key: int = 0xABCD1234) -> int:
+    encrypted_bytes = base64.urlsafe_b64decode(encrypted_str)
+    hex_str = encrypted_bytes.hex()
+    encrypted_num = int(hex_str, 16)
+    return encrypted_num ^ key

backend/common/utils/whitelist.py

@@ -31,6 +31,7 @@
     "/system/appearance/picture/*",
     "/system/assistant/validator*",
     "/system/assistant/info/*",
+    "/system/assistant/app/*",
     "/system/assistant/picture/*",
     "/datasource/uploadExcel"
 ]