我们多年来一直致力于开发一款应用程序,其特色是 Forge (Autodesk) Viewer。
我们的方法与https://tutorials.autodesk.io/中描述的方法类似,只是我们使用三足身份验证。
我们将成功三足身份验证后收到的访问令牌存储在数据库中:
function getAutodeskClient(): AuthClientThreeLegged {
if (oAuth2ThreeLegged) return oAuth2ThreeLegged;
oAuth2ThreeLegged = new ForgeSDK.AuthClientThreeLegged(
AUTODESK_CLIENT_ID,
AUTODESK_CLIENT_SECRET,
AUTODESK_REDIRECT_URL,
[
"data:read",
"data:write",
"bucket:read",
"bucket:update",
"bucket:create",
],
autoRefresh,
);
return oAuth2ThreeLegged;
}
然后我们在客户端使用此过程中获得的访问令牌来初始化查看器:
const options: Autodesk.Viewing.InitializerOptions = {
env: "AutodeskProduction2",
api: "streamingV2",
getAccessToken: getForgeToken,
};
function launchViewer(urn: string, container: HTMLElement) {
Autodesk.Viewing.Initializer(options, () => {
viewer.current = new Autodesk.Viewing.GuiViewer3D(container, {
extensions: ["Autodesk.DocumentBrowser"],
});
viewer.current.start();
const documentId = `urn:${urn}`;
Autodesk.Viewing.Document.load(
documentId,
onDocumentLoadSuccess,
onDocumentLoadFailure,
);
});
}
这段代码运行良好 1 年多了,但大约一周前,当我们尝试加载模型文件时,我们开始收到 401 错误。
虽然我可以打开https://viewer.autodesk.com/id/dXJuOmFkc2sub2JqZWN0czpvcy5vYmplY3Q6YTM2MHZpZXdlci1wcm90ZWN0ZWQvdDE2OTA0MzgxNDNfNGE1MjIzMTUtODI4Yy00ZjVkLWEzNzItNzgw ZGEzM2U0YzRhLnJ2dA?sheetId=NTgzYjMzZDUtMmM1Mi1lMzBhLTA4ZTgtN2MwYTE3N2YzNjlh 很好,当我尝试使用查看器 API 加载相同的文件时,出现 401 错误:
curl 'https://cdn.derivative.autodesk.com/modeldata/manifest/dXJuOmFkc2sub2JqZWN0czpvcy5vYmplY3Q6YTM2MHZpZXdlci1wcm90ZWN0ZWQvdDE2OTA0MzgxNDNfNGE1MjIzMTUtODI4Yy00ZjVkLWEzNzItNzgwZGEzM2U0YzRhLnJ2dA?domain=http%3A%2F%2Flocalhost%3A3000' \
-H 'authority: cdn.derivative.autodesk.com' \
-H 'accept: */*' \
-H 'accept-language: en-GB,en-US;q=0.9,en;q=0.8,sr;q=0.7' \
-H 'authorization: Bearer <our bearer token>' \
-H 'origin: http://localhost:3000' \
-H 'referer: http://localhost:3000/' \
-H 'sec-ch-ua: "Not/A)Brand";v="99", "Brave";v="115", "Chromium";v="115"' \
-H 'sec-ch-ua-mobile: ?0' \
-H 'sec-ch-ua-platform: "macOS"' \
-H 'sec-fetch-dest: empty' \
-H 'sec-fetch-mode: cors' \
-H 'sec-fetch-site: cross-site' \
-H 'sec-gpc: 1' \
-H 'user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36' \
--compressed
此请求源自:
Autodesk.Viewing.Document.load(
documentId,
onDocumentLoadSuccess,
onDocumentLoadFailure,
);
响应是
{"diagnostic":"Unauthorized"}
,以下是响应标头:
我的应用程序可以访问所有 API:
查看器本身或其他一些 API 端点发生了更改,但从现在开始,您只能打开您可以访问的文件。
按照官方文档,我还创建了一个 Next.js 项目,它嵌入了 Autodesk Viewer,加载该帐户有权查看的所有模型,并且可以对查看器实例进行一些基本过滤。