feat: 临时token无效，返回具体原因 TencentBlueKing#1618 (TencentBlueKing#1629)

src/backend/common/common-artifact/artifact-api/src/main/resources/i18n/messages_en.properties

@@ -52,7 +52,7 @@ artifact.package.not-found=Package [{0}] not found
 artifact.package.existed=Package [{0}] existed
 artifact.version.not-found=Package version [{0}-{1}] not found
 artifact.version.existed=Package version [{0}-{1}] existed
-artifact.temporary-token.invalid=Temporary token invalid
+artifact.temporary-token.invalid=Temporary token invalid: [{0}]
 artifact.temporary-token.expired=Temporary token expired
 artifact.pipeline.banned=The action on Pipeline repository is banned
 artifact.repository.over-quota=Exceeded repository [{0}] quota value [{1}]

src/backend/common/common-artifact/artifact-api/src/main/resources/i18n/messages_zh_CN.properties

@@ -49,7 +49,7 @@ artifact.package.not-found=制品包[{0}]不存在
 artifact.package.existed=制品包[{0}]已存在
 artifact.version.not-found=制品包版本[{0}]不存在
 artifact.version.existed=制品包版本[{0}]已存在
-artifact.temporary-token.invalid=临时token无效
+artifact.temporary-token.invalid=临时token无效: [{0}]
 artifact.temporary-token.expired=临时token过期
 artifact.pipeline.banned=流水线仓库禁止此类操作
 artifact.download.forbidden=正在下载的制品不符合下载规则，请联系{0}项目的管理员

src/backend/common/common-artifact/artifact-api/src/main/resources/i18n/messages_zh_TW.properties

@@ -49,7 +49,7 @@ artifact.package.not-found=制品包[{0}]不存在
 artifact.package.existed=制品包[{0}]已存在
 artifact.version.not-found=制品包版本[{0}]不存在
 artifact.version.existed=制品包版本[{0}]已存在
-artifact.temporary-token.invalid=臨時token無效
+artifact.temporary-token.invalid=臨時token無效: [{0}]
 artifact.temporary-token.expired=臨時token過期
 artifact.pipeline.banned=流水線倉庫禁止此類操作
 artifact.download.forbidden=正在下載的製品不符合下載規則，請聯係{0}項目的管理員

src/backend/generic/biz-generic/src/main/kotlin/com/tencent/bkrepo/generic/service/TemporaryAccessService.kt

@@ -264,10 +264,10 @@ class TemporaryAccessService(
      */
     private fun checkToken(token: String): TemporaryTokenInfo {
         if (token.isBlank()) {
-            throw ErrorCodeException(ArtifactMessageCode.TEMPORARY_TOKEN_INVALID)
+            throw ErrorCodeException(ArtifactMessageCode.TEMPORARY_TOKEN_INVALID, token)
         }
         return temporaryTokenClient.getTokenInfo(token).data
-            ?: throw ErrorCodeException(ArtifactMessageCode.TEMPORARY_TOKEN_INVALID)
+            ?: throw ErrorCodeException(ArtifactMessageCode.TEMPORARY_TOKEN_INVALID, token)
     }
 
     /**
@@ -298,7 +298,7 @@ class TemporaryAccessService(
      */
     private fun checkAccessType(grantedType: TokenType, accessType: TokenType) {
         if (grantedType != TokenType.ALL && grantedType != accessType) {
-            throw ErrorCodeException(ArtifactMessageCode.TEMPORARY_TOKEN_INVALID)
+            throw ErrorCodeException(ArtifactMessageCode.TEMPORARY_TOKEN_INVALID, accessType)
         }
     }
 
@@ -308,11 +308,14 @@ class TemporaryAccessService(
     private fun checkAccessResource(tokenInfo: TemporaryTokenInfo, artifactInfo: ArtifactInfo) {
         // 校验项目/仓库
         if (tokenInfo.projectId != artifactInfo.projectId || tokenInfo.repoName != artifactInfo.repoName) {
-            throw ErrorCodeException(ArtifactMessageCode.TEMPORARY_TOKEN_INVALID)
+            throw ErrorCodeException(
+                ArtifactMessageCode.TEMPORARY_TOKEN_INVALID,
+                "${artifactInfo.projectId}/${artifactInfo.repoName}"
+            )
         }
         // 校验路径
         if (!PathUtils.isSubPath(artifactInfo.getArtifactFullPath(), tokenInfo.fullPath)) {
-            throw ErrorCodeException(ArtifactMessageCode.TEMPORARY_TOKEN_INVALID)
+            throw ErrorCodeException(ArtifactMessageCode.TEMPORARY_TOKEN_INVALID, artifactInfo.getArtifactFullPath())
         }
         // 校验创建人权限
         permissionManager.checkNodePermission(
@@ -333,7 +336,7 @@ class TemporaryAccessService(
         val authenticatedUid = SecurityUtils.getUserId()
         // 使用认证uid校验授权
         if (tokenInfo.authorizedUserList.isNotEmpty() && authenticatedUid !in tokenInfo.authorizedUserList) {
-            throw ErrorCodeException(ArtifactMessageCode.TEMPORARY_TOKEN_INVALID)
+            throw ErrorCodeException(ArtifactMessageCode.TEMPORARY_TOKEN_INVALID, authenticatedUid)
         }
         // 获取需要审计的uid
         val auditedUid = if (SecurityUtils.isAnonymous()) {
@@ -346,7 +349,7 @@ class TemporaryAccessService(
         // 校验ip授权
         val clientIp = HttpContextHolder.getClientAddress()
         if (tokenInfo.authorizedIpList.isNotEmpty() && clientIp !in tokenInfo.authorizedIpList) {
-            throw ErrorCodeException(ArtifactMessageCode.TEMPORARY_TOKEN_INVALID)
+            throw ErrorCodeException(ArtifactMessageCode.TEMPORARY_TOKEN_INVALID, clientIp)
         }
     }
 

src/backend/repository/biz-repository/src/main/kotlin/com/tencent/bkrepo/repository/service/file/impl/ShareServiceImpl.kt

@@ -112,7 +112,7 @@ class ShareServiceImpl(
                     .and(TShareRecord::token).isEqualTo(token),
             )
             val shareRecord = mongoTemplate.findOne(query, TShareRecord::class.java)
-                ?: throw ErrorCodeException(ArtifactMessageCode.TEMPORARY_TOKEN_INVALID)
+                ?: throw ErrorCodeException(ArtifactMessageCode.TEMPORARY_TOKEN_INVALID, token)
             if (shareRecord.authorizedUserList.isNotEmpty() && userId !in shareRecord.authorizedUserList) {
                 throw PermissionException("unauthorized")
             }