add 新增 请求加密传输 合并优化 !pr377

疯狂的狮子Li

2023-07-10 af08632c37b10c0927cf3fb9c75fac0d3a58b9f1

add 新增 请求加密传输 合并优化 !pr377

 ruoyi-admin/pom.xml

@@ -87,13 +87,6 @@
            <artifactId>JustAuth</artifactId>
        </dependency>

        <!-- æŽ¥å£è¯·æ±‚参数加密模块 -->
        <dependency>
            <groupId>org.dromara</groupId>
            <artifactId>ruoyi-common-cryptapi</artifactId>
        </dependency>


        <!-- skywalking æ•´åˆ logback -->
<!--        <dependency>-->
<!--            <groupId>org.apache.skywalking</groupId>-->

 ruoyi-admin/src/main/resources/application.yml

@@ -176,10 +176,10 @@
# api接口加密
api-decrypt:
  # æ˜¯å¦å¼€å¯å…¨å±€æŽ¥å£åŠ å¯†
  enable: false
  enabled: true
  # AES åŠ å¯†å¤´æ ‡è¯†
  headerFlag: AES
  # å…¬ç§é’¥ éžå¯¹ç§°ç®—法的公私钥 å¦‚：SM2，RSA
  headerFlag: encrypt-key
  # å…¬ç§é’¥ éžå¯¹ç§°ç®—法的公私钥 å¦‚：SM2，RSA ä½¿ç”¨è€…请自行更换
  publicKey: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKoR8mX0rGKLqzcWmOzbfj64K8ZIgOdHnzkXSOVOZbFu/TJhZ7rFAN+eaGkl3C4buccQd/EjEsj9ir7ijT7h96MCAwEAAQ==
  privateKey: MIIBVAIBADANBgkqhkiG9w0BAQEFAASCAT4wggE6AgEAAkEAqhHyZfSsYourNxaY7Nt+PrgrxkiA50efORdI5U5lsW79MmFnusUA355oaSXcLhu5xxB38SMSyP2KvuKNPuH3owIDAQABAkAfoiLyL+Z4lf4Myxk6xUDgLaWGximj20CUf+5BKKnlrK+Ed8gAkM0HqoTt2UZwA5E2MzS4EI2gjfQhz5X28uqxAiEA3wNFxfrCZlSZHb0gn2zDpWowcSxQAgiCstxGUoOqlW8CIQDDOerGKH5OmCJ4Z21v+F25WaHYPxCFMvwxpcw99EcvDQIgIdhDTIqD2jfYjPTY8Jj3EDGPbH2HHuffvflECt3Ek60CIQCFRlCkHpi7hthhYhovyloRYsM+IS9h/0BzlEAuO0ktMQIgSPT3aFAgJYwKpqRYKlLDVcflZFCKY7u3UP8iWi1Qw0Y=


 ruoyi-common/pom.xml

@@ -33,7 +33,6 @@
        <module>ruoyi-common-encrypt</module>
        <module>ruoyi-common-tenant</module>
        <module>ruoyi-common-websocket</module>
        <module>ruoyi-common-cryptapi</module>
    </modules>

    <artifactId>ruoyi-common</artifactId>

 ruoyi-common/ruoyi-common-bom/pom.xml

@@ -172,12 +172,6 @@
                <version>${revision}</version>
            </dependency>

            <!-- æŽ¥å£è¯·æ±‚参数加密模块 -->
            <dependency>
                <groupId>org.dromara</groupId>
                <artifactId>ruoyi-common-cryptapi</artifactId>
                <version>${revision}</version>
            </dependency>
        </dependencies>
    </dependencyManagement>


 ruoyi-common/ruoyi-common-cryptapi/pom.xml

ÎļþÒÑɾ³ý

 ruoyi-common/ruoyi-common-cryptapi/src/main/java/org/dromara/cryptapi/annotation/ApiDecrypt.java

ÎļþÒÑɾ³ý

 ruoyi-common/ruoyi-common-cryptapi/src/main/java/org/dromara/cryptapi/config/ApiDecryptConfig.java

ÎļþÒÑɾ³ý

 ruoyi-common/ruoyi-common-cryptapi/src/main/java/org/dromara/cryptapi/core/AesEncryptor.java

ÎļþÒÑɾ³ý

 ruoyi-common/ruoyi-common-cryptapi/src/main/java/org/dromara/cryptapi/core/EncryptContext.java

ÎļþÒÑɾ³ý

 ruoyi-common/ruoyi-common-cryptapi/src/main/java/org/dromara/cryptapi/core/RsaEncryptor.java

ÎļþÒÑɾ³ý

 ruoyi-common/ruoyi-common-cryptapi/src/main/java/org/dromara/cryptapi/enums/EncodeType.java

ÎļþÒÑɾ³ý

 ruoyi-common/ruoyi-common-cryptapi/src/main/java/org/dromara/cryptapi/filter/CryptoFilter.java

ÎļþÒÑɾ³ý

 ruoyi-common/ruoyi-common-cryptapi/src/main/java/org/dromara/cryptapi/handler/DecryptUrlHandler.java

ÎļþÒÑɾ³ý

 ruoyi-common/ruoyi-common-cryptapi/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports

ÎļþÒÑɾ³ý

 ruoyi-common/ruoyi-common-encrypt/src/main/java/org/dromara/common/encrypt/config/ApiDecryptAutoConfiguration.java

¶Ô±ÈÐÂÎļþ
@@ -0,0 +1,32 @@
package org.dromara.common.encrypt.config;

import jakarta.servlet.DispatcherType;
import org.dromara.common.encrypt.filter.CryptoFilter;
import org.dromara.common.encrypt.properties.ApiDecryptProperties;
import org.springframework.boot.autoconfigure.AutoConfiguration;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;

/**
 * api è§£å¯†è‡ªåŠ¨é…ç½®
 *
 * @author wdhcr
 */
@AutoConfiguration
@EnableConfigurationProperties(ApiDecryptProperties.class)
@ConditionalOnProperty(value = "api-decrypt.enabled", havingValue = "true")
public class ApiDecryptAutoConfiguration {

    @Bean
    public FilterRegistrationBean<CryptoFilter> cryptoFilterRegistration(ApiDecryptProperties properties) {
        FilterRegistrationBean<CryptoFilter> registration = new FilterRegistrationBean<>();
        registration.setDispatcherTypes(DispatcherType.REQUEST);
        registration.setFilter(new CryptoFilter(properties));
        registration.addUrlPatterns("/*");
        registration.setName("cryptoFilter");
        registration.setOrder(FilterRegistrationBean.HIGHEST_PRECEDENCE);
        return registration;
    }
}

 ruoyi-common/ruoyi-common-encrypt/src/main/java/org/dromara/common/encrypt/filter/CryptoFilter.java

¶Ô±ÈÐÂÎļþ
@@ -0,0 +1,48 @@
package org.dromara.common.encrypt.filter;

import jakarta.servlet.*;
import jakarta.servlet.http.HttpServletRequest;
import org.dromara.common.core.utils.StringUtils;
import org.dromara.common.encrypt.properties.ApiDecryptProperties;
import org.springframework.http.HttpMethod;
import org.springframework.http.MediaType;

import java.io.IOException;
import java.util.Objects;


/**
 * Crypto è¿‡æ»¤å™¨
 *
 * @author wdhcr
 */
public class CryptoFilter implements Filter {
    private final ApiDecryptProperties properties;

    public CryptoFilter(ApiDecryptProperties properties) {
        this.properties = properties;
    }

    @Override
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
        ServletRequest requestWrapper = null;
        HttpServletRequest servletRequest = (HttpServletRequest) request;
        // æ˜¯å¦ä¸º json è¯·æ±‚
        if (StringUtils.startsWithIgnoreCase(request.getContentType(), MediaType.APPLICATION_JSON_VALUE)) {
            // æ˜¯å¦ä¸º put æˆ–者 post è¯·æ±‚
            if (HttpMethod.PUT.matches(servletRequest.getMethod()) || HttpMethod.POST.matches(servletRequest.getMethod())) {
                // æ˜¯å¦å­˜åœ¨åŠ å¯†æ ‡å¤´
                String headerValue = servletRequest.getHeader(properties.getHeaderFlag());
                if (StringUtils.isNotBlank(headerValue)) {
                    requestWrapper = new DecryptRequestBodyWrapper(servletRequest, properties.getPublicKey(), properties.getPrivateKey(), properties.getHeaderFlag());
                }
            }
        }
        chain.doFilter(Objects.requireNonNullElse(requestWrapper, request), response);
    }

    @Override
    public void destroy() {

    }
}

 ruoyi-common/ruoyi-common-encrypt/src/main/java/org/dromara/common/encrypt/filter/DecryptRequestBodyWrapper.java

ÎļþÃû´Ó ruoyi-common/ruoyi-common-cryptapi/src/main/java/org/dromara/cryptapi/filter/DecryptRequestBodyWrapper.java ÐÞ¸Ä
@@ -1,18 +1,12 @@
package org.dromara.cryptapi.filter;
package org.dromara.common.encrypt.filter;

import cn.hutool.core.codec.Base64;
import cn.hutool.core.io.IoUtil;
import jakarta.servlet.ReadListener;
import jakarta.servlet.ServletInputStream;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletRequestWrapper;
import org.dromara.common.core.constant.Constants;
import org.dromara.common.core.exception.base.BaseException;
import org.dromara.common.core.utils.StringUtils;
import org.dromara.cryptapi.core.AesEncryptor;
import org.dromara.cryptapi.core.EncryptContext;
import org.dromara.cryptapi.core.RsaEncryptor;
import org.dromara.cryptapi.enums.EncodeType;
import org.dromara.common.encrypt.utils.EncryptUtils;
import org.springframework.http.MediaType;

import java.io.BufferedReader;
@@ -30,21 +24,18 @@

    private final byte[] body;

    public DecryptRequestBodyWrapper(HttpServletRequest request, RsaEncryptor rsaEncryptor, String headerFlag) throws IOException {
    public DecryptRequestBodyWrapper(HttpServletRequest request, String publicKey, String privateKey, String headerFlag) throws IOException {
        super(request);
        String requestRsa = request.getHeader(headerFlag);
        if (StringUtils.isEmpty(requestRsa)) {
            throw new BaseException("加密AES的动态密码不能为空");
        }
        String decryptAes = new String(Base64.decode(rsaEncryptor.decrypt(requestRsa)));
        // èŽ·å– AES å¯†ç  é‡‡ç”¨ RSA åŠ å¯†
        String headerRsa = request.getHeader(headerFlag);
        String decryptAes = EncryptUtils.decryptByRsa(headerRsa, privateKey);
        // è§£å¯† AES å¯†ç 
        String aesPassword = EncryptUtils.decryptByBase64(decryptAes);
        request.setCharacterEncoding(Constants.UTF8);
        byte[] readBytes = IoUtil.readBytes(request.getInputStream(), false);
        String requestBody = StringUtils.toEncodedString(readBytes, StandardCharsets.UTF_8);
        EncryptContext encryptContext = new EncryptContext();
        encryptContext.setPassword(decryptAes);
        encryptContext.setEncode(EncodeType.BASE64);
        AesEncryptor aesEncryptor = new AesEncryptor(encryptContext);
        String decryptBody = aesEncryptor.decrypt(requestBody);
        String requestBody = new String(readBytes, StandardCharsets.UTF_8);
        // è§£å¯† body é‡‡ç”¨ AES åŠ å¯†
        String decryptBody = EncryptUtils.decryptByAes(requestBody, aesPassword);
        body = decryptBody.getBytes(StandardCharsets.UTF_8);
    }


 ruoyi-common/ruoyi-common-encrypt/src/main/java/org/dromara/common/encrypt/properties/ApiDecryptProperties.java

ÎļþÃû´Ó ruoyi-common/ruoyi-common-cryptapi/src/main/java/org/dromara/cryptapi/properties/ApiDecryptProperties.java ÐÞ¸Ä
@@ -1,4 +1,4 @@
package org.dromara.cryptapi.properties;
package org.dromara.common.encrypt.properties;

import lombok.Data;
import org.springframework.boot.context.properties.ConfigurationProperties;
@@ -14,7 +14,7 @@
    /**
     * åŠ å¯†å¼€å…³
     */
    private Boolean enable;
    private Boolean enabled;

    /**
     * å¤´éƒ¨æ ‡è¯†

 ruoyi-common/ruoyi-common-encrypt/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports

@@ -1 +1,3 @@
org.dromara.common.encrypt.config.EncryptorAutoConfiguration
org.dromara.common.encrypt.config.ApiDecryptAutoConfiguration