package com.ruoyi.extend.datasecurity.aesencrypt.filter; import com.alibaba.fastjson2.JSON; import com.alibaba.fastjson2.JSONObject; import com.fasterxml.jackson.databind.ObjectMapper; import com.ruoyi.common.core.domain.AjaxResult; import com.ruoyi.common.enums.HttpMethod; import com.ruoyi.extend.datasecurity.aesencrypt.utils.AesEncryptUtils; import com.ruoyi.extend.datasecurity.aesencrypt.wrapper.GetParamsRequestWrapper; import com.ruoyi.extend.datasecurity.aesencrypt.wrapper.PostParamsRequestWrapper; import lombok.extern.slf4j.Slf4j; import org.apache.commons.lang3.StringUtils; import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty; import org.springframework.stereotype.Component; import org.springframework.web.filter.OncePerRequestFilter; import javax.servlet.FilterChain; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.ByteArrayOutputStream; import java.io.IOException; import java.io.PrintStream; import java.net.URLDecoder; import java.util.Arrays; import java.util.HashMap; import java.util.List; /** * 解密过滤器 * * @author Tellsea * @date 2021/09/27 */ @Slf4j @Component @ConditionalOnProperty(prefix = "business.aes-encrypt", name = "enabled", havingValue = "true") public class AesEncryptFilter extends OncePerRequestFilter { private static final String CONTENT_TYPE_CHARSET = "application/json;charset=UTF-8"; @Override public void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws IOException, ServletException { List whiteUrlList = Arrays.asList( "/ruoyi-vue-service/au/weiXinMp/callback", "/ruoyi-vue-service/common", "/ruoyi-vue-service/profile", "/ruoyi-vue-service/common/download", "/ruoyi-vue-service/common/download/resource", "/ruoyi-vue-service/doc.html", "/ruoyi-vue-service/swagger-resources", "/ruoyi-vue-service/webjars", "/ruoyi-vue-service/druid", "/ruoyi-vue-service/actuator" ); for (String whiteUrl : whiteUrlList) { if (request.getRequestURI().startsWith(whiteUrl)) { filterChain.doFilter(request, response); return; } } ObjectMapper om = new ObjectMapper(); response.setContentType(CONTENT_TYPE_CHARSET); if (HttpMethod.POST.name().equals(request.getMethod())) { PostParamsRequestWrapper requestWrapper = new PostParamsRequestWrapper(request); filterChain.doFilter(requestWrapper, response); return; } String dataParams = request.getParameter("dataParams"); if (StringUtils.isEmpty(dataParams)) { om.writeValue(response.getWriter(), AjaxResult.error("参数解析错误,不能为空")); return; } try { String decode = URLDecoder.decode(dataParams, "UTF-8"); String decrypt = AesEncryptUtils.decrypt(decode); JSONObject jSONObject = JSON.parseObject(decrypt); HashMap params = new HashMap(request.getParameterMap()); params.remove("dataParams"); params.remove("noData"); for (String str : jSONObject.keySet()) { if (str.equals("params")) { params.remove(str); } else { params.put(str, jSONObject.get(str)); } } GetParamsRequestWrapper requestWrapper = new GetParamsRequestWrapper(request, params); filterChain.doFilter(requestWrapper, response); } catch (Exception e) { log.error("转换错误" + getExceptionInfo(e)); om.writeValue(response.getWriter(), AjaxResult.error("参数异常")); return; } } public static String getExceptionInfo(Exception e) { ByteArrayOutputStream baos = new ByteArrayOutputStream(); e.printStackTrace(new PrintStream(baos)); return baos.toString(); } }