feature: implement business data source query MCP tool on the console module

console/pom.xml

@@ -32,6 +32,7 @@
     <description>console for Seata built with Maven</description>
 
     <properties>
+        <java.version>25</java.version>
         <spring-boot-for-server.version>3.5.2</spring-boot-for-server.version>
         <spring-framework-for-server.version>6.2.8</spring-framework-for-server.version>
         <snakeyaml-for-server.version>2.0</snakeyaml-for-server.version>
@@ -168,6 +169,22 @@
             <artifactId>spring-ai-starter-mcp-server-webmvc</artifactId>
             <version>${spring-ai.version}</version>
         </dependency>
+        <dependency>
+            <groupId>com.alibaba</groupId>
+            <artifactId>druid</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.commons</groupId>
+            <artifactId>commons-dbcp2</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>com.zaxxer</groupId>
+            <artifactId>HikariCP</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>com.mysql</groupId>
+            <artifactId>mysql-connector-j</artifactId>
+        </dependency>
     </dependencies>
 
     <build>

console/src/main/java/org/apache/seata/console/controller/BusinessDataSourceController.java

@@ -0,0 +1,114 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.seata.console.controller;
+
+import org.apache.seata.common.result.SingleResult;
+import org.apache.seata.common.util.StringUtils;
+import org.apache.seata.console.security.DataSourcePasswordCipher;
+import org.apache.seata.console.security.DataSourcePasswordTransportCipher;
+import org.apache.seata.mcp.entity.dto.MysqlDataSourceRegisterRequest;
+import org.apache.seata.mcp.entity.vo.MysqlDataSourceInfo;
+import org.apache.seata.mcp.entity.vo.MysqlDataSourceTestResult;
+import org.apache.seata.mcp.service.BusinessDataSourceService;
+import org.springframework.web.bind.annotation.DeleteMapping;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+import java.util.List;
+
+@RestController
+@RequestMapping("/api/v1/businessDataSources")
+public class BusinessDataSourceController {
+
+    private final BusinessDataSourceService dataSourceService;
+
+    private final DataSourcePasswordCipher passwordCipher;
+
+    private final DataSourcePasswordTransportCipher passwordTransportCipher;
+
+    public BusinessDataSourceController(
+            BusinessDataSourceService dataSourceService,
+            DataSourcePasswordCipher passwordCipher,
+            DataSourcePasswordTransportCipher passwordTransportCipher) {
+        this.dataSourceService = dataSourceService;
+        this.passwordCipher = passwordCipher;
+        this.passwordTransportCipher = passwordTransportCipher;
+    }
+
+    @GetMapping
+    public SingleResult<List<MysqlDataSourceInfo>> listDataSources() {
+        return SingleResult.success(dataSourceService.getMysqlDataSources());
+    }
+
+    @GetMapping("/password/publicKey")
+    public SingleResult<String> getPasswordPublicKey() {
+        return SingleResult.success(passwordTransportCipher.getPublicKey());
+    }
+
+    @PostMapping
+    public SingleResult<String> registerDataSource(@RequestBody MysqlDataSourceRegisterRequest request) {
+        try {
+            preparePassword(request);
+            return SingleResult.success(dataSourceService.registerMysqlDataSource(request));
+        } catch (Exception e) {
+            return SingleResult.failure(e.getMessage());
+        }
+    }
+
+    @PostMapping("/test")
+    public SingleResult<MysqlDataSourceTestResult> testDataSource(@RequestBody MysqlDataSourceRegisterRequest request) {
+        try {
+            preparePassword(request);
+            return SingleResult.success(dataSourceService.testMysqlDataSource(request));
+        } catch (Exception e) {
+            MysqlDataSourceTestResult result = new MysqlDataSourceTestResult();
+            result.setSuccess(false);
+            result.setMessage(e.getMessage());
+            return SingleResult.success(result);
+        }
+    }
+
+    @DeleteMapping("/{name}")
+    public SingleResult<String> unregisterDataSource(@PathVariable String name) {
+        try {
+            return SingleResult.success(dataSourceService.unregisterMysqlDataSource(name));
+        } catch (Exception e) {
+            return SingleResult.failure(e.getMessage());
+        }
+    }
+
+    private void preparePassword(MysqlDataSourceRegisterRequest request) {
+        if (request == null) {
+            return;
+        }
+        if (StringUtils.isBlank(request.getPassword())) {
+            return;
+        }
+        if (passwordTransportCipher.isEncrypted(request.getPassword())) {
+            request.setPassword(passwordTransportCipher.decrypt(request.getPassword()));
+            return;
+        }
+        if (!passwordCipher.isEnabled()) {
+            return;
+        }
+        request.setPassword(passwordCipher.decrypt(request.getPassword()));
+    }
+}

console/src/main/java/org/apache/seata/console/security/DataSourcePasswordCipher.java

@@ -0,0 +1,108 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.seata.console.security;
+
+import org.apache.seata.common.util.StringUtils;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.stereotype.Component;
+
+import javax.crypto.Cipher;
+import javax.crypto.spec.GCMParameterSpec;
+import javax.crypto.spec.SecretKeySpec;
+import java.nio.charset.StandardCharsets;
+import java.security.MessageDigest;
+import java.security.SecureRandom;
+import java.util.Arrays;
+import java.util.Base64;
+
+@Component
+public class DataSourcePasswordCipher {
+
+    private static final String AES_ALGORITHM = "AES";
+
+    private static final String AES_GCM_TRANSFORMATION = "AES/GCM/NoPadding";
+
+    private static final int GCM_IV_LENGTH = 12;
+
+    private static final int GCM_TAG_LENGTH_BITS = 128;
+
+    private final SecretKeySpec secretKeySpec;
+
+    private final boolean enabled;
+
+    private final SecureRandom secureRandom = new SecureRandom();
+
+    public DataSourcePasswordCipher(
+            @Value("${seata.security.secretKey}") String secretKey,
+            @Value("${seata.businessDataSources.encryption.enabled:true}") boolean enabled) {
+        if (StringUtils.isBlank(secretKey)) {
+            throw new IllegalArgumentException("seata.security.secretKey cannot be empty");
+        }
+        this.secretKeySpec = new SecretKeySpec(sha256(secretKey), AES_ALGORITHM);
+        this.enabled = enabled;
+    }
+
+    public boolean isEnabled() {
+        return enabled;
+    }
+
+    public String decrypt(String encryptedPassword) {
+        if (StringUtils.isBlank(encryptedPassword)) {
+            return "";
+        }
+        try {
+            byte[] payload = Base64.getDecoder().decode(encryptedPassword);
+            if (payload.length <= GCM_IV_LENGTH) {
+                throw new IllegalArgumentException("Invalid datasource password ciphertext");
+            }
+            byte[] iv = Arrays.copyOfRange(payload, 0, GCM_IV_LENGTH);
+            byte[] ciphertext = Arrays.copyOfRange(payload, GCM_IV_LENGTH, payload.length);
+            Cipher cipher = Cipher.getInstance(AES_GCM_TRANSFORMATION);
+            cipher.init(Cipher.DECRYPT_MODE, secretKeySpec, new GCMParameterSpec(GCM_TAG_LENGTH_BITS, iv));
+            return new String(cipher.doFinal(ciphertext), StandardCharsets.UTF_8);
+        } catch (Exception e) {
+            throw new IllegalArgumentException("Unable to decrypt datasource password");
+        }
+    }
+
+    public String encrypt(String password) {
+        if (StringUtils.isBlank(password)) {
+            return "";
+        }
+        try {
+            byte[] iv = new byte[GCM_IV_LENGTH];
+            secureRandom.nextBytes(iv);
+            Cipher cipher = Cipher.getInstance(AES_GCM_TRANSFORMATION);
+            cipher.init(Cipher.ENCRYPT_MODE, secretKeySpec, new GCMParameterSpec(GCM_TAG_LENGTH_BITS, iv));
+            byte[] ciphertext = cipher.doFinal(password.getBytes(StandardCharsets.UTF_8));
+            byte[] payload = new byte[iv.length + ciphertext.length];
+            System.arraycopy(iv, 0, payload, 0, iv.length);
+            System.arraycopy(ciphertext, 0, payload, iv.length, ciphertext.length);
+            return Base64.getEncoder().encodeToString(payload);
+        } catch (Exception e) {
+            throw new IllegalArgumentException("Unable to encrypt datasource password");
+        }
+    }
+
+    private byte[] sha256(String secretKey) {
+        try {
+            return MessageDigest.getInstance("SHA-256").digest(secretKey.getBytes(StandardCharsets.UTF_8));
+        } catch (Exception e) {
+            throw new IllegalArgumentException("Unable to initialize datasource password cipher");
+        }
+    }
+}

console/src/main/java/org/apache/seata/console/security/DataSourcePasswordTransportCipher.java

@@ -0,0 +1,99 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.seata.console.security;
+
+import org.apache.seata.common.util.StringUtils;
+import org.springframework.stereotype.Component;
+
+import javax.crypto.Cipher;
+import javax.crypto.spec.OAEPParameterSpec;
+import javax.crypto.spec.PSource;
+import java.nio.charset.StandardCharsets;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.spec.MGF1ParameterSpec;
+import java.util.Base64;
+
+@Component
+public class DataSourcePasswordTransportCipher {
+
+    private static final String RSA_ALGORITHM = "RSA";
+
+    private static final String RSA_OAEP_TRANSFORMATION = "RSA/ECB/OAEPWithSHA-256AndMGF1Padding";
+
+    private static final int RSA_KEY_SIZE = 2048;
+
+    private static final String TRANSPORT_CIPHER_PREFIX = "rsa:";
+
+    private final KeyPair keyPair;
+
+    public DataSourcePasswordTransportCipher() {
+        try {
+            KeyPairGenerator generator = KeyPairGenerator.getInstance(RSA_ALGORITHM);
+            generator.initialize(RSA_KEY_SIZE);
+            this.keyPair = generator.generateKeyPair();
+        } catch (Exception e) {
+            throw new IllegalArgumentException("Unable to initialize datasource password transport cipher");
+        }
+    }
+
+    public String getPublicKey() {
+        return Base64.getEncoder().encodeToString(keyPair.getPublic().getEncoded());
+    }
+
+    public boolean isEncrypted(String password) {
+        return StringUtils.isNotBlank(password) && password.startsWith(TRANSPORT_CIPHER_PREFIX);
+    }
+
+    public String encrypt(String password) {
+        if (StringUtils.isBlank(password)) {
+            return "";
+        }
+        try {
+            Cipher cipher = newCipher(Cipher.ENCRYPT_MODE);
+            byte[] ciphertext = cipher.doFinal(password.getBytes(StandardCharsets.UTF_8));
+            return TRANSPORT_CIPHER_PREFIX + Base64.getEncoder().encodeToString(ciphertext);
+        } catch (Exception e) {
+            throw new IllegalArgumentException("Unable to encrypt datasource password for transport");
+        }
+    }
+
+    public String decrypt(String encryptedPassword) {
+        if (StringUtils.isBlank(encryptedPassword)) {
+            return "";
+        }
+        if (!isEncrypted(encryptedPassword)) {
+            throw new IllegalArgumentException("Invalid datasource password transport ciphertext");
+        }
+        try {
+            String ciphertext = encryptedPassword.substring(TRANSPORT_CIPHER_PREFIX.length());
+            byte[] payload = Base64.getDecoder().decode(ciphertext);
+            Cipher cipher = newCipher(Cipher.DECRYPT_MODE);
+            return new String(cipher.doFinal(payload), StandardCharsets.UTF_8);
+        } catch (Exception e) {
+            throw new IllegalArgumentException("Unable to decrypt datasource password for transport");
+        }
+    }
+
+    private Cipher newCipher(int mode) throws Exception {
+        Cipher cipher = Cipher.getInstance(RSA_OAEP_TRANSFORMATION);
+        OAEPParameterSpec spec =
+                new OAEPParameterSpec("SHA-256", "MGF1", MGF1ParameterSpec.SHA256, PSource.PSpecified.DEFAULT);
+        cipher.init(mode, mode == Cipher.ENCRYPT_MODE ? keyPair.getPublic() : keyPair.getPrivate(), spec);
+        return cipher;
+    }
+}

console/src/main/java/org/apache/seata/mcp/core/constant/SqlConstant.java

@@ -0,0 +1,32 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.seata.mcp.core.constant;
+
+public class SqlConstant {
+
+    public static final String GET_TABLE_NAME_SQL =
+            "SELECT TABLE_NAME, TABLE_COMMENT FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA = ? "
+                    + "ORDER BY TABLE_NAME";
+
+    public static final String GET_SCHEMA_SQL =
+            "SELECT COLUMN_NAME, DATA_TYPE, COLUMN_COMMENT FROM INFORMATION_SCHEMA.COLUMNS "
+                    + "WHERE TABLE_SCHEMA = ? AND TABLE_NAME = ? ORDER BY ORDINAL_POSITION";
+
+    public static final String MYSQL_VALIDATION_SQL = "SELECT 1";
+
+    public static final String MYSQL_EXPLAIN_PREFIX = "EXPLAIN ";
+}