xieyinlu/ruoyi-ai
1
0
Fork 0
mirror of https://gitcode.com/ageerle/ruoyi-ai.git synced 2026-04-17 05:43:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

v3.0.0 init

Browse Source
This commit is contained in:
ageerle
2026-02-06 03:00:23 +08:00
parent eb2e8f3ff8
commit 7b8cfe02a1
1524 changed files with 53132 additions and 58866 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
ruoyi-common/ruoyi-common-encrypt/src/main/java/org/ruoyi/common/encrypt/annotation/ApiEncrypt.java Normal file
View File

@@ -0,0 +1,20 @@
package org.ruoyi.common.encrypt.annotation;
import java.lang.annotation.*;
/**
* 强制加密注解
*
* @author Michelle.Chung
*/
@Documented
@Target({ElementType.METHOD})
@Retention(RetentionPolicy.RUNTIME)
public @interface ApiEncrypt {
/**
* 响应加密忽略,默认不加密,为 true 时加密
*/
boolean response() default false;
}

2
ruoyi-common/ruoyi-common-encrypt/src/main/java/org/ruoyi/common/encrypt/annotation/EncryptField.java
View File

@@ -32,7 +32,7 @@ public @interface EncryptField {
String publicKey() default "";
/**
* 钥。RSA、SM2需要
* 钥。RSA、SM2需要
*/
String privateKey() default "";

34
ruoyi-common/ruoyi-common-encrypt/src/main/java/org/ruoyi/common/encrypt/config/ApiDecryptAutoConfiguration.java Normal file
View File

@@ -0,0 +1,34 @@
package org.ruoyi.common.encrypt.config;
import jakarta.servlet.DispatcherType;
import org.ruoyi.common.encrypt.filter.CryptoFilter;
import org.ruoyi.common.encrypt.properties.ApiDecryptProperties;
import org.springframework.boot.autoconfigure.AutoConfiguration;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.boot.web.servlet.FilterRegistration;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
/**
* api 解密自动配置
*
* @author wdhcr
*/
@AutoConfiguration
@EnableConfigurationProperties(ApiDecryptProperties.class)
@ConditionalOnProperty(value = "api-decrypt.enabled", havingValue = "true")
public class ApiDecryptAutoConfiguration {
@Bean
@FilterRegistration(
name = "cryptoFilter",
urlPatterns = "/*",
order = FilterRegistrationBean.HIGHEST_PRECEDENCE,
dispatcherTypes = DispatcherType.REQUEST
)
public CryptoFilter cryptoFilter(ApiDecryptProperties properties) {
return new CryptoFilter(properties);
}
}

14
ruoyi-common/ruoyi-common-encrypt/src/main/java/org/ruoyi/common/encrypt/config/EncryptorAutoConfiguration.java
View File

@@ -1,5 +1,8 @@
package org.ruoyi.common.encrypt.config;
import com.baomidou.mybatisplus.autoconfigure.MybatisPlusAutoConfiguration;
import com.baomidou.mybatisplus.autoconfigure.MybatisPlusProperties;
import lombok.extern.slf4j.Slf4j;
import org.ruoyi.common.encrypt.core.EncryptorManager;
import org.ruoyi.common.encrypt.interceptor.MybatisDecryptInterceptor;
import org.ruoyi.common.encrypt.interceptor.MybatisEncryptInterceptor;
@@ -16,17 +19,18 @@ import org.springframework.context.annotation.Bean;
* @author 老马
* @version 4.6.0
*/
@AutoConfiguration
@AutoConfiguration(after = MybatisPlusAutoConfiguration.class)
@EnableConfigurationProperties(EncryptorProperties.class)
@ConditionalOnProperty(value = "mybatis-encryptor.enable", havingValue = "true")
@Slf4j
public class EncryptorAutoConfiguration {
@Autowired
private EncryptorProperties properties;
@Bean
public EncryptorManager encryptorManager() {
return new EncryptorManager();
public EncryptorManager encryptorManager(MybatisPlusProperties mybatisPlusProperties) {
return new EncryptorManager(mybatisPlusProperties.getTypeAliasesPackage());
}
@Bean
@@ -38,4 +42,8 @@ public class EncryptorAutoConfiguration {
public MybatisDecryptInterceptor mybatisDecryptInterceptor(EncryptorManager encryptorManager) {
return new MybatisDecryptInterceptor(encryptorManager, properties);
}
}

2
ruoyi-common/ruoyi-common-encrypt/src/main/java/org/ruoyi/common/encrypt/core/EncryptContext.java
View File

@@ -1,8 +1,8 @@
package org.ruoyi.common.encrypt.core;
import lombok.Data;
import org.ruoyi.common.encrypt.enumd.AlgorithmType;
import org.ruoyi.common.encrypt.enumd.EncodeType;
import lombok.Data;
/**
* 加密上下文 用于encryptor传递必要的参数。

108
ruoyi-common/ruoyi-common-encrypt/src/main/java/org/ruoyi/common/encrypt/core/EncryptorManager.java
View File

@@ -1,11 +1,25 @@
package org.ruoyi.common.encrypt.core;
import cn.hutool.core.collection.CollUtil;
import cn.hutool.core.util.ReflectUtil;
import lombok.NoArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import org.apache.ibatis.io.Resources;
import org.ruoyi.common.core.constant.Constants;
import org.ruoyi.common.core.utils.ObjectUtils;
import org.ruoyi.common.core.utils.StringUtils;
import org.ruoyi.common.encrypt.annotation.EncryptField;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.core.io.Resource;
import org.springframework.core.io.support.PathMatchingResourcePatternResolver;
import org.springframework.core.io.support.ResourcePatternResolver;
import org.springframework.core.type.ClassMetadata;
import org.springframework.core.type.classreading.CachingMetadataReaderFactory;
import org.springframework.util.ClassUtils;
import java.lang.reflect.Field;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
@@ -18,32 +32,34 @@ import java.util.stream.Collectors;
* @version 4.6.0
*/
@Slf4j
@NoArgsConstructor
public class EncryptorManager {
/**
* 缓存加密器
*/
Map<EncryptContext, IEncryptor> encryptorMap = new ConcurrentHashMap<>();
Map<Integer, IEncryptor> encryptorMap = new ConcurrentHashMap<>();
/**
* 类加密字段缓存
*/
Map<Class<?>, Set<Field>> fieldCache = new ConcurrentHashMap<>();
/**
* 构造方法传入类加密字段缓存
*
* @param typeAliasesPackage 实体类包
*/
public EncryptorManager(String typeAliasesPackage) {
scanEncryptClasses(typeAliasesPackage);
}
/**
* 获取类加密字段缓存
*/
public Set<Field> getFieldCache(Class<?> sourceClazz) {
return fieldCache.computeIfAbsent(sourceClazz, clazz -> {
Field[] declaredFields = clazz.getDeclaredFields();
Set<Field> fieldSet = Arrays.stream(declaredFields).filter(field ->
field.isAnnotationPresent(EncryptField.class) && field.getType() == String.class)
.collect(Collectors.toSet());
for (Field field : fieldSet) {
field.setAccessible(true);
}
return fieldSet;
});
return ObjectUtils.notNullGetter(fieldCache, f -> f.get(sourceClazz));
}
/**
@@ -52,11 +68,12 @@ public class EncryptorManager {
* @param encryptContext 加密执行者需要的相关配置参数
*/
public IEncryptor registAndGetEncryptor(EncryptContext encryptContext) {
if (encryptorMap.containsKey(encryptContext)) {
return encryptorMap.get(encryptContext);
int key = encryptContext.hashCode();
if (encryptorMap.containsKey(key)) {
return encryptorMap.get(key);
}
IEncryptor encryptor = ReflectUtil.newInstance(encryptContext.getAlgorithm().getClazz(), encryptContext);
encryptorMap.put(encryptContext, encryptor);
encryptorMap.put(key, encryptor);
return encryptor;
}
@@ -66,7 +83,7 @@ public class EncryptorManager {
* @param encryptContext 加密执行者需要的相关配置参数
*/
public void removeEncryptor(EncryptContext encryptContext) {
this.encryptorMap.remove(encryptContext);
this.encryptorMap.remove(encryptContext.hashCode());
}
/**
@@ -76,8 +93,12 @@ public class EncryptorManager {
* @param encryptContext 加密相关的配置信息
*/
public String encrypt(String value, EncryptContext encryptContext) {
if (StringUtils.startsWith(value, Constants.ENCRYPT_HEADER)) {
return value;
}
IEncryptor encryptor = this.registAndGetEncryptor(encryptContext);
return encryptor.encrypt(value, encryptContext.getEncode());
String encrypt = encryptor.encrypt(value, encryptContext.getEncode());
return Constants.ENCRYPT_HEADER + encrypt;
}
/**
@@ -87,8 +108,61 @@ public class EncryptorManager {
* @param encryptContext 加密相关的配置信息
*/
public String decrypt(String value, EncryptContext encryptContext) {
if (!StringUtils.startsWith(value, Constants.ENCRYPT_HEADER)) {
return value;
}
IEncryptor encryptor = this.registAndGetEncryptor(encryptContext);
return encryptor.decrypt(value);
String str = StringUtils.removeStart(value, Constants.ENCRYPT_HEADER);
return encryptor.decrypt(str);
}
/**
* 通过 typeAliasesPackage 设置的扫描包 扫描缓存实体
*/
private void scanEncryptClasses(String typeAliasesPackage) {
PathMatchingResourcePatternResolver resolver = new PathMatchingResourcePatternResolver();
CachingMetadataReaderFactory factory = new CachingMetadataReaderFactory();
String[] packagePatternArray = StringUtils.splitPreserveAllTokens(typeAliasesPackage, ConfigurableApplicationContext.CONFIG_LOCATION_DELIMITERS);
String classpath = ResourcePatternResolver.CLASSPATH_ALL_URL_PREFIX;
try {
for (String packagePattern : packagePatternArray) {
String path = ClassUtils.convertClassNameToResourcePath(packagePattern);
Resource[] resources = resolver.getResources(classpath + path + "/*.class");
for (Resource resource : resources) {
ClassMetadata classMetadata = factory.getMetadataReader(resource).getClassMetadata();
Class<?> clazz = Resources.classForName(classMetadata.getClassName());
Set<Field> encryptFieldSet = getEncryptFieldSetFromClazz(clazz);
if (CollUtil.isNotEmpty(encryptFieldSet)) {
fieldCache.put(clazz, encryptFieldSet);
}
}
}
} catch (Exception e) {
log.error("初始化数据安全缓存时出错:{}", e.getMessage());
}
}
/**
* 获得一个类的加密字段集合
*/
private Set<Field> getEncryptFieldSetFromClazz(Class<?> clazz) {
Set<Field> fieldSet = new HashSet<>();
// 判断clazz如果是接口,内部类,匿名类就直接返回
if (clazz.isInterface() || clazz.isMemberClass() || clazz.isAnonymousClass()) {
return fieldSet;
}
while (clazz != null) {
Field[] fields = clazz.getDeclaredFields();
fieldSet.addAll(Arrays.asList(fields));
clazz = clazz.getSuperclass();
}
fieldSet = fieldSet.stream().filter(field ->
field.isAnnotationPresent(EncryptField.class) && field.getType() == String.class)
.collect(Collectors.toSet());
for (Field field : fieldSet) {
field.setAccessible(true);
}
return fieldSet;
}
}

2
ruoyi-common/ruoyi-common-encrypt/src/main/java/org/ruoyi/common/encrypt/core/IEncryptor.java
View File

@@ -28,7 +28,7 @@ public interface IEncryptor {
/**
* 解密
*
* @param value 待加密字符串
* @param value 待加密字符串
* @return 解密后的字符串
*/
String decrypt(String value);

28
ruoyi-common/ruoyi-common-encrypt/src/main/java/org/ruoyi/common/encrypt/core/encryptor/AesEncryptor.java
View File

@@ -1,14 +1,9 @@
package org.ruoyi.common.encrypt.core.encryptor;
import cn.hutool.core.util.ArrayUtil;
import cn.hutool.core.util.StrUtil;
import cn.hutool.crypto.SecureUtil;
import cn.hutool.crypto.symmetric.AES;
import org.ruoyi.common.encrypt.core.EncryptContext;
import org.ruoyi.common.encrypt.enumd.AlgorithmType;
import org.ruoyi.common.encrypt.enumd.EncodeType;
import java.nio.charset.StandardCharsets;
import org.ruoyi.common.encrypt.utils.EncryptUtils;
/**
* AES算法实现
@@ -18,20 +13,11 @@ import java.nio.charset.StandardCharsets;
*/
public class AesEncryptor extends AbstractEncryptor {
private final AES aes;
private final EncryptContext context;
public AesEncryptor(EncryptContext context) {
super(context);
String password = context.getPassword();
if (StrUtil.isBlank(password)) {
throw new IllegalArgumentException("AES没有获得秘钥信息");
}
// aes算法的秘钥要求是16位、24位、32位
int[] array = {16, 24, 32};
if (!ArrayUtil.contains(array, password.length())) {
throw new IllegalArgumentException("AES秘钥长度应该为16位、24位、32位实际为" + password.length() + "");
}
aes = SecureUtil.aes(context.getPassword().getBytes(StandardCharsets.UTF_8));
this.context = context;
}
/**
@@ -51,19 +37,19 @@ public class AesEncryptor extends AbstractEncryptor {
@Override
public String encrypt(String value, EncodeType encodeType) {
if (encodeType == EncodeType.HEX) {
return aes.encryptHex(value);
return EncryptUtils.encryptByAesHex(value, context.getPassword());
} else {
return aes.encryptBase64(value);
return EncryptUtils.encryptByAes(value, context.getPassword());
}
}
/**
* 解密
*
* @param value 待加密字符串
* @param value 待加密字符串
*/
@Override
public String decrypt(String value) {
return this.aes.decryptStr(value);
return EncryptUtils.decryptByAes(value, context.getPassword());
}
}

8
ruoyi-common/ruoyi-common-encrypt/src/main/java/org/ruoyi/common/encrypt/core/encryptor/Base64Encryptor.java
View File

@@ -1,9 +1,9 @@
package org.ruoyi.common.encrypt.core.encryptor;
import cn.hutool.core.codec.Base64;
import org.ruoyi.common.encrypt.core.EncryptContext;
import org.ruoyi.common.encrypt.enumd.AlgorithmType;
import org.ruoyi.common.encrypt.enumd.EncodeType;
import org.ruoyi.common.encrypt.utils.EncryptUtils;
/**
* Base64算法实现
@@ -33,16 +33,16 @@ public class Base64Encryptor extends AbstractEncryptor {
*/
@Override
public String encrypt(String value, EncodeType encodeType) {
return Base64.encode(value);
return EncryptUtils.encryptByBase64(value);
}
/**
* 解密
*
* @param value 待加密字符串
* @param value 待加密字符串
*/
@Override
public String decrypt(String value) {
return Base64.decodeStr(value);
return EncryptUtils.decryptByBase64(value);
}
}

17
ruoyi-common/ruoyi-common-encrypt/src/main/java/org/ruoyi/common/encrypt/core/encryptor/RsaEncryptor.java
View File

@@ -1,13 +1,10 @@
package org.ruoyi.common.encrypt.core.encryptor;
import cn.hutool.core.codec.Base64;
import cn.hutool.crypto.SecureUtil;
import cn.hutool.crypto.asymmetric.KeyType;
import cn.hutool.crypto.asymmetric.RSA;
import org.ruoyi.common.core.utils.StringUtils;
import org.ruoyi.common.encrypt.core.EncryptContext;
import org.ruoyi.common.encrypt.enumd.AlgorithmType;
import org.ruoyi.common.encrypt.enumd.EncodeType;
import org.ruoyi.common.encrypt.utils.EncryptUtils;
/**
@@ -18,7 +15,7 @@ import org.ruoyi.common.encrypt.enumd.EncodeType;
*/
public class RsaEncryptor extends AbstractEncryptor {
private final RSA rsa;
private final EncryptContext context;
public RsaEncryptor(EncryptContext context) {
super(context);
@@ -27,7 +24,7 @@ public class RsaEncryptor extends AbstractEncryptor {
if (StringUtils.isAnyEmpty(privateKey, publicKey)) {
throw new IllegalArgumentException("RSA公私钥均需要提供公钥加密私钥解密。");
}
this.rsa = SecureUtil.rsa(Base64.decode(privateKey), Base64.decode(publicKey));
this.context = context;
}
/**
@@ -47,19 +44,19 @@ public class RsaEncryptor extends AbstractEncryptor {
@Override
public String encrypt(String value, EncodeType encodeType) {
if (encodeType == EncodeType.HEX) {
return rsa.encryptHex(value, KeyType.PublicKey);
return EncryptUtils.encryptByRsaHex(value, context.getPublicKey());
} else {
return rsa.encryptBase64(value, KeyType.PublicKey);
return EncryptUtils.encryptByRsa(value, context.getPublicKey());
}
}
/**
* 解密
*
* @param value 待加密字符串
* @param value 待加密字符串
*/
@Override
public String decrypt(String value) {
return this.rsa.decryptStr(value, KeyType.PrivateKey);
return EncryptUtils.decryptByRsa(value, context.getPrivateKey());
}
}

17
ruoyi-common/ruoyi-common-encrypt/src/main/java/org/ruoyi/common/encrypt/core/encryptor/Sm2Encryptor.java
View File

@@ -1,13 +1,10 @@
package org.ruoyi.common.encrypt.core.encryptor;
import cn.hutool.core.codec.Base64;
import cn.hutool.crypto.SmUtil;
import cn.hutool.crypto.asymmetric.KeyType;
import cn.hutool.crypto.asymmetric.SM2;
import org.ruoyi.common.core.utils.StringUtils;
import org.ruoyi.common.encrypt.core.EncryptContext;
import org.ruoyi.common.encrypt.enumd.AlgorithmType;
import org.ruoyi.common.encrypt.enumd.EncodeType;
import org.ruoyi.common.encrypt.utils.EncryptUtils;
/**
* sm2算法实现
@@ -17,7 +14,7 @@ import org.ruoyi.common.encrypt.enumd.EncodeType;
*/
public class Sm2Encryptor extends AbstractEncryptor {
private final SM2 sm2;
private final EncryptContext context;
public Sm2Encryptor(EncryptContext context) {
super(context);
@@ -26,7 +23,7 @@ public class Sm2Encryptor extends AbstractEncryptor {
if (StringUtils.isAnyEmpty(privateKey, publicKey)) {
throw new IllegalArgumentException("SM2公私钥均需要提供公钥加密私钥解密。");
}
this.sm2 = SmUtil.sm2(Base64.decode(privateKey), Base64.decode(publicKey));
this.context = context;
}
/**
@@ -46,19 +43,19 @@ public class Sm2Encryptor extends AbstractEncryptor {
@Override
public String encrypt(String value, EncodeType encodeType) {
if (encodeType == EncodeType.HEX) {
return sm2.encryptHex(value, KeyType.PublicKey);
return EncryptUtils.encryptBySm2Hex(value, context.getPublicKey());
} else {
return sm2.encryptBase64(value, KeyType.PublicKey);
return EncryptUtils.encryptBySm2(value, context.getPublicKey());
}
}
/**
* 解密
*
* @param value 待加密字符串
* @param value 待加密字符串
*/
@Override
public String decrypt(String value) {
return this.sm2.decryptStr(value, KeyType.PrivateKey);
return EncryptUtils.decryptBySm2(value, context.getPrivateKey());
}
}

26
ruoyi-common/ruoyi-common-encrypt/src/main/java/org/ruoyi/common/encrypt/core/encryptor/Sm4Encryptor.java
View File

@@ -1,13 +1,9 @@
package org.ruoyi.common.encrypt.core.encryptor;
import cn.hutool.core.util.StrUtil;
import cn.hutool.crypto.SmUtil;
import cn.hutool.crypto.symmetric.SM4;
import org.ruoyi.common.encrypt.core.EncryptContext;
import org.ruoyi.common.encrypt.enumd.AlgorithmType;
import org.ruoyi.common.encrypt.enumd.EncodeType;
import java.nio.charset.StandardCharsets;
import org.ruoyi.common.encrypt.utils.EncryptUtils;
/**
* sm4算法实现
@@ -17,19 +13,11 @@ import java.nio.charset.StandardCharsets;
*/
public class Sm4Encryptor extends AbstractEncryptor {
private final SM4 sm4;
private final EncryptContext context;
public Sm4Encryptor(EncryptContext context) {
super(context);
String password = context.getPassword();
if (StrUtil.isBlank(password)) {
throw new IllegalArgumentException("SM4没有获得秘钥信息");
}
// sm4算法的秘钥要求是16位长度
if (16 != password.length()) {
throw new IllegalArgumentException("SM4秘钥长度应该为16位实际为" + password.length() + "");
}
this.sm4 = SmUtil.sm4(password.getBytes(StandardCharsets.UTF_8));
this.context = context;
}
/**
@@ -49,19 +37,19 @@ public class Sm4Encryptor extends AbstractEncryptor {
@Override
public String encrypt(String value, EncodeType encodeType) {
if (encodeType == EncodeType.HEX) {
return sm4.encryptHex(value);
return EncryptUtils.encryptBySm4Hex(value, context.getPassword());
} else {
return sm4.encryptBase64(value);
return EncryptUtils.encryptBySm4(value, context.getPassword());
}
}
/**
* 解密
*
* @param value 待加密字符串
* @param value 待加密字符串
*/
@Override
public String decrypt(String value) {
return this.sm4.decryptStr(value);
return EncryptUtils.decryptBySm4(value, context.getPassword());
}
}

110
ruoyi-common/ruoyi-common-encrypt/src/main/java/org/ruoyi/common/encrypt/filter/CryptoFilter.java Normal file
View File

@@ -0,0 +1,110 @@
package org.ruoyi.common.encrypt.filter;
import cn.hutool.core.util.ObjectUtil;
import jakarta.servlet.*;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import org.ruoyi.common.core.constant.HttpStatus;
import org.ruoyi.common.core.exception.ServiceException;
import org.ruoyi.common.core.utils.SpringUtils;
import org.ruoyi.common.core.utils.StringUtils;
import org.ruoyi.common.encrypt.annotation.ApiEncrypt;
import org.ruoyi.common.encrypt.properties.ApiDecryptProperties;
import org.springframework.http.HttpMethod;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.HandlerExceptionResolver;
import org.springframework.web.servlet.HandlerExecutionChain;
import org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping;
import java.io.IOException;
/**
* Crypto 过滤器
*
* @author wdhcr
*/
public class CryptoFilter implements Filter {
private final ApiDecryptProperties properties;
public CryptoFilter(ApiDecryptProperties properties) {
this.properties = properties;
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest servletRequest = (HttpServletRequest) request;
HttpServletResponse servletResponse = (HttpServletResponse) response;
// 获取加密注解
ApiEncrypt apiEncrypt = this.getApiEncryptAnnotation(servletRequest);
boolean responseFlag = apiEncrypt != null && apiEncrypt.response();
ServletRequest requestWrapper = null;
ServletResponse responseWrapper = null;
EncryptResponseBodyWrapper responseBodyWrapper = null;
// 是否为 put 或者 post 请求
if (HttpMethod.PUT.matches(servletRequest.getMethod()) || HttpMethod.POST.matches(servletRequest.getMethod())) {
// 是否存在加密标头
String headerValue = servletRequest.getHeader(properties.getHeaderFlag());
if (StringUtils.isNotBlank(headerValue)) {
// 请求解密
requestWrapper = new DecryptRequestBodyWrapper(servletRequest, properties.getPrivateKey(), properties.getHeaderFlag());
} else {
// 是否有注解,有就报错,没有放行
if (ObjectUtil.isNotNull(apiEncrypt)) {
HandlerExceptionResolver exceptionResolver = SpringUtils.getBean("handlerExceptionResolver", HandlerExceptionResolver.class);
exceptionResolver.resolveException(
servletRequest, servletResponse, null,
new ServiceException("没有访问权限,请联系管理员授权", HttpStatus.FORBIDDEN));
return;
}
}
}
// 判断是否响应加密
if (responseFlag) {
responseBodyWrapper = new EncryptResponseBodyWrapper(servletResponse);
responseWrapper = responseBodyWrapper;
}
chain.doFilter(
ObjectUtil.defaultIfNull(requestWrapper, request),
ObjectUtil.defaultIfNull(responseWrapper, response));
if (responseFlag) {
servletResponse.reset();
// 对原始内容加密
String encryptContent = responseBodyWrapper.getEncryptContent(
servletResponse, properties.getPublicKey(), properties.getHeaderFlag());
// 对加密后的内容写出
servletResponse.getWriter().write(encryptContent);
}
}
/**
* 获取 ApiEncrypt 注解
*/
private ApiEncrypt getApiEncryptAnnotation(HttpServletRequest servletRequest) {
RequestMappingHandlerMapping handlerMapping = SpringUtils.getBean("requestMappingHandlerMapping", RequestMappingHandlerMapping.class);
// 获取注解
try {
HandlerExecutionChain mappingHandler = handlerMapping.getHandler(servletRequest);
if (ObjectUtil.isNotNull(mappingHandler)) {
Object handler = mappingHandler.getHandler();
if (ObjectUtil.isNotNull(handler)) {
// 从handler获取注解
if (handler instanceof HandlerMethod handlerMethod) {
return handlerMethod.getMethodAnnotation(ApiEncrypt.class);
}
}
}
} catch (Exception e) {
return null;
}
return null;
}
@Override
public void destroy() {
}
}

94
ruoyi-common/ruoyi-common-encrypt/src/main/java/org/ruoyi/common/encrypt/filter/DecryptRequestBodyWrapper.java Normal file
View File

@@ -0,0 +1,94 @@
package org.ruoyi.common.encrypt.filter;
import cn.hutool.core.io.IoUtil;
import jakarta.servlet.ReadListener;
import jakarta.servlet.ServletInputStream;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletRequestWrapper;
import org.ruoyi.common.core.constant.Constants;
import org.ruoyi.common.encrypt.utils.EncryptUtils;
import org.springframework.http.MediaType;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.nio.charset.StandardCharsets;
/**
* 解密请求参数工具类
*
* @author wdhcr
*/
public class DecryptRequestBodyWrapper extends HttpServletRequestWrapper {
private final byte[] body;
public DecryptRequestBodyWrapper(HttpServletRequest request, String privateKey, String headerFlag) throws IOException {
super(request);
// 获取 AES 密码 采用 RSA 加密
String headerRsa = request.getHeader(headerFlag);
String decryptAes = EncryptUtils.decryptByRsa(headerRsa, privateKey);
// 解密 AES 密码
String aesPassword = EncryptUtils.decryptByBase64(decryptAes);
request.setCharacterEncoding(Constants.UTF8);
byte[] readBytes = IoUtil.readBytes(request.getInputStream(), false);
String requestBody = new String(readBytes, StandardCharsets.UTF_8);
// 解密 body 采用 AES 加密
String decryptBody = EncryptUtils.decryptByAes(requestBody, aesPassword);
body = decryptBody.getBytes(StandardCharsets.UTF_8);
}
@Override
public BufferedReader getReader() {
return new BufferedReader(new InputStreamReader(getInputStream()));
}
@Override
public int getContentLength() {
return body.length;
}
@Override
public long getContentLengthLong() {
return body.length;
}
@Override
public String getContentType() {
return MediaType.APPLICATION_JSON_VALUE;
}
@Override
public ServletInputStream getInputStream() {
final ByteArrayInputStream bais = new ByteArrayInputStream(body);
return new ServletInputStream() {
@Override
public int read() {
return bais.read();
}
@Override
public int available() {
return body.length;
}
@Override
public boolean isFinished() {
return false;
}
@Override
public boolean isReady() {
return false;
}
@Override
public void setReadListener(ReadListener readListener) {
}
};
}
}

123
ruoyi-common/ruoyi-common-encrypt/src/main/java/org/ruoyi/common/encrypt/filter/EncryptResponseBodyWrapper.java Normal file
View File

@@ -0,0 +1,123 @@
package org.ruoyi.common.encrypt.filter;
import cn.hutool.core.util.RandomUtil;
import jakarta.servlet.ServletOutputStream;
import jakarta.servlet.WriteListener;
import jakarta.servlet.http.HttpServletResponse;
import jakarta.servlet.http.HttpServletResponseWrapper;
import org.ruoyi.common.encrypt.utils.EncryptUtils;
import java.io.*;
import java.nio.charset.StandardCharsets;
/**
* 加密响应参数包装类
*
* @author Michelle.Chung
*/
public class EncryptResponseBodyWrapper extends HttpServletResponseWrapper {
private final ByteArrayOutputStream byteArrayOutputStream;
private final ServletOutputStream servletOutputStream;
private final PrintWriter printWriter;
public EncryptResponseBodyWrapper(HttpServletResponse response) throws IOException {
super(response);
this.byteArrayOutputStream = new ByteArrayOutputStream();
this.servletOutputStream = this.getOutputStream();
this.printWriter = new PrintWriter(new OutputStreamWriter(byteArrayOutputStream));
}
@Override
public PrintWriter getWriter() {
return printWriter;
}
@Override
public void flushBuffer() throws IOException {
if (servletOutputStream != null) {
servletOutputStream.flush();
}
if (printWriter != null) {
printWriter.flush();
}
}
@Override
public void reset() {
byteArrayOutputStream.reset();
}
public byte[] getResponseData() throws IOException {
flushBuffer();
return byteArrayOutputStream.toByteArray();
}
public String getContent() throws IOException {
flushBuffer();
return byteArrayOutputStream.toString();
}
/**
* 获取加密内容
*
* @param servletResponse response
* @param publicKey RSA公钥 (用于加密 AES 秘钥)
* @param headerFlag 请求头标志
* @return 加密内容
* @throws IOException
*/
public String getEncryptContent(HttpServletResponse servletResponse, String publicKey, String headerFlag) throws IOException {
// 生成秘钥
String aesPassword = RandomUtil.randomString(32);
// 秘钥使用 Base64 编码
String encryptAes = EncryptUtils.encryptByBase64(aesPassword);
// Rsa 公钥加密 Base64 编码
String encryptPassword = EncryptUtils.encryptByRsa(encryptAes, publicKey);
// 设置响应头
// vue版本需要设置
servletResponse.addHeader("Access-Control-Expose-Headers", headerFlag);
servletResponse.setHeader("Access-Control-Allow-Origin", "*");
servletResponse.setHeader("Access-Control-Allow-Methods", "*");
servletResponse.setHeader(headerFlag, encryptPassword);
servletResponse.setCharacterEncoding(StandardCharsets.UTF_8.toString());
// 获取原始内容
String originalBody = this.getContent();
// 对内容进行加密
return EncryptUtils.encryptByAes(originalBody, aesPassword);
}
@Override
public ServletOutputStream getOutputStream() throws IOException {
return new ServletOutputStream() {
@Override
public boolean isReady() {
return false;
}
@Override
public void setWriteListener(WriteListener writeListener) {
}
@Override
public void write(int b) throws IOException {
byteArrayOutputStream.write(b);
}
@Override
public void write(byte[] b) throws IOException {
byteArrayOutputStream.write(b);
}
@Override
public void write(byte[] b, int off, int len) throws IOException {
byteArrayOutputStream.write(b, off, len);
}
};
}
}

29
ruoyi-common/ruoyi-common-encrypt/src/main/java/org/ruoyi/common/encrypt/interceptor/MybatisDecryptInterceptor.java
View File

@@ -1,9 +1,11 @@
package org.ruoyi.common.encrypt.interceptor;
import cn.hutool.core.collection.CollUtil;
import cn.hutool.core.convert.Convert;
import cn.hutool.core.util.ObjectUtil;
import lombok.AllArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import org.apache.ibatis.executor.parameter.ParameterHandler;
import org.apache.ibatis.executor.resultset.ResultSetHandler;
import org.apache.ibatis.plugin.*;
import org.ruoyi.common.core.utils.StringUtils;
@@ -26,9 +28,9 @@ import java.util.*;
*/
@Slf4j
@Intercepts({@Signature(
type = ResultSetHandler.class,
method = "handleResultSets",
args = {Statement.class})
type = ResultSetHandler.class,
method = "handleResultSets",
args = {Statement.class})
})
@AllArgsConstructor
public class MybatisDecryptInterceptor implements Interceptor {
@@ -38,12 +40,23 @@ public class MybatisDecryptInterceptor implements Interceptor {
@Override
public Object intercept(Invocation invocation) throws Throwable {
// 开始进行参数解密
ResultSetHandler resultSetHandler = (ResultSetHandler) invocation.getTarget();
Field parameterHandlerField = resultSetHandler.getClass().getDeclaredField("parameterHandler");
parameterHandlerField.setAccessible(true);
Object target = parameterHandlerField.get(resultSetHandler);
if (target instanceof ParameterHandler parameterHandler) {
Object parameterObject = parameterHandler.getParameterObject();
if (ObjectUtil.isNotNull(parameterObject) && !(parameterObject instanceof String)) {
this.decryptHandler(parameterObject);
}
}
// 获取执行mysql执行结果
Object result = invocation.proceed();
if (result == null) {
return null;
}
decryptHandler(result);
this.decryptHandler(result);
return result;
}
@@ -61,7 +74,7 @@ public class MybatisDecryptInterceptor implements Interceptor {
return;
}
if (sourceObject instanceof List<?> list) {
if (CollUtil.isEmpty(list)) {
if(CollUtil.isEmpty(list)) {
return;
}
// 判断第一个元素是否含有注解。如果没有直接返回,提高效率
@@ -72,10 +85,14 @@ public class MybatisDecryptInterceptor implements Interceptor {
list.forEach(this::decryptHandler);
return;
}
// 不在缓存中的类,就是没有加密注解的类(当然也有可能是typeAliasesPackage写错)
Set<Field> fields = encryptorManager.getFieldCache(sourceObject.getClass());
if(ObjectUtil.isNull(fields)){
return;
}
try {
for (Field field : fields) {
field.set(sourceObject, this.decryptField(String.valueOf(field.get(sourceObject)), field));
field.set(sourceObject, this.decryptField(Convert.toStr(field.get(sourceObject)), field));
}
} catch (Exception e) {
log.error("处理解密字段时出错", e);

15
ruoyi-common/ruoyi-common-encrypt/src/main/java/org/ruoyi/common/encrypt/interceptor/MybatisEncryptInterceptor.java
View File

@@ -1,6 +1,7 @@
package org.ruoyi.common.encrypt.interceptor;
import cn.hutool.core.collection.CollUtil;
import cn.hutool.core.convert.Convert;
import cn.hutool.core.util.ObjectUtil;
import lombok.AllArgsConstructor;
import lombok.extern.slf4j.Slf4j;
@@ -29,9 +30,9 @@ import java.util.*;
*/
@Slf4j
@Intercepts({@Signature(
type = ParameterHandler.class,
method = "setParameters",
args = {PreparedStatement.class})
type = ParameterHandler.class,
method = "setParameters",
args = {PreparedStatement.class})
})
@AllArgsConstructor
public class MybatisEncryptInterceptor implements Interceptor {
@@ -70,7 +71,7 @@ public class MybatisEncryptInterceptor implements Interceptor {
return;
}
if (sourceObject instanceof List<?> list) {
if (CollUtil.isEmpty(list)) {
if(CollUtil.isEmpty(list)) {
return;
}
// 判断第一个元素是否含有注解。如果没有直接返回,提高效率
@@ -81,10 +82,14 @@ public class MybatisEncryptInterceptor implements Interceptor {
list.forEach(this::encryptHandler);
return;
}
// 不在缓存中的类,就是没有加密注解的类(当然也有可能是typeAliasesPackage写错)
Set<Field> fields = encryptorManager.getFieldCache(sourceObject.getClass());
if(ObjectUtil.isNull(fields)){
return;
}
try {
for (Field field : fields) {
field.set(sourceObject, this.encryptField(String.valueOf(field.get(sourceObject)), field));
field.set(sourceObject, this.encryptField(Convert.toStr(field.get(sourceObject)), field));
}
} catch (Exception e) {
log.error("处理加密字段时出错", e);

34
ruoyi-common/ruoyi-common-encrypt/src/main/java/org/ruoyi/common/encrypt/properties/ApiDecryptProperties.java Normal file
View File

@@ -0,0 +1,34 @@
package org.ruoyi.common.encrypt.properties;
import lombok.Data;
import org.springframework.boot.context.properties.ConfigurationProperties;
/**
* api解密属性配置类
* @author wdhcr
*/
@Data
@ConfigurationProperties(prefix = "api-decrypt")
public class ApiDecryptProperties {
/**
* 加密开关
*/
private Boolean enabled;
/**
* 头部标识
*/
private String headerFlag;
/**
* 响应加密公钥
*/
private String publicKey;
/**
* 请求解密私钥
*/
private String privateKey;
}

2
ruoyi-common/ruoyi-common-encrypt/src/main/java/org/ruoyi/common/encrypt/properties/EncryptorProperties.java
View File

@@ -1,8 +1,8 @@
package org.ruoyi.common.encrypt.properties;
import lombok.Data;
import org.ruoyi.common.encrypt.enumd.AlgorithmType;
import org.ruoyi.common.encrypt.enumd.EncodeType;
import lombok.Data;
import org.springframework.boot.context.properties.ConfigurationProperties;
/**

80
ruoyi-common/ruoyi-common-encrypt/src/main/java/org/ruoyi/common/encrypt/utils/EncryptUtils.java
View File

@@ -19,10 +19,12 @@ import java.util.Map;
* @author 老马
*/
public class EncryptUtils {
/**
* 公钥
*/
public static final String PUBLIC_KEY = "publicKey";
/**
* 私钥
*/
@@ -51,7 +53,7 @@ public class EncryptUtils {
/**
* AES加密
*
* @param data 待密数据
* @param data 待密数据
* @param password 秘钥字符串
* @return 加密后字符串, 采用Base64编码
*/
@@ -67,6 +69,25 @@ public class EncryptUtils {
return SecureUtil.aes(password.getBytes(StandardCharsets.UTF_8)).encryptBase64(data, StandardCharsets.UTF_8);
}
/**
* AES加密
*
* @param data 待加密数据
* @param password 秘钥字符串
* @return 加密后字符串, 采用Hex编码
*/
public static String encryptByAesHex(String data, String password) {
if (StrUtil.isBlank(password)) {
throw new IllegalArgumentException("AES需要传入秘钥信息");
}
// aes算法的秘钥要求是16位、24位、32位
int[] array = {16, 24, 32};
if (!ArrayUtil.contains(array, password.length())) {
throw new IllegalArgumentException("AES秘钥长度要求为16位、24位、32位");
}
return SecureUtil.aes(password.getBytes(StandardCharsets.UTF_8)).encryptHex(data, StandardCharsets.UTF_8);
}
/**
* AES解密
*
@@ -87,7 +108,7 @@ public class EncryptUtils {
}
/**
* sm4加密
* SM4加密Base64编码
*
* @param data 待加密数据
* @param password 秘钥字符串
@@ -105,10 +126,29 @@ public class EncryptUtils {
return SmUtil.sm4(password.getBytes(StandardCharsets.UTF_8)).encryptBase64(data, StandardCharsets.UTF_8);
}
/**
* SM4加密Hex编码
*
* @param data 待加密数据
* @param password 秘钥字符串
* @return 加密后字符串, 采用Hex编码
*/
public static String encryptBySm4Hex(String data, String password) {
if (StrUtil.isBlank(password)) {
throw new IllegalArgumentException("SM4需要传入秘钥信息");
}
// sm4算法的秘钥要求是16位长度
int sm4PasswordLength = 16;
if (sm4PasswordLength != password.length()) {
throw new IllegalArgumentException("SM4秘钥长度要求为16位");
}
return SmUtil.sm4(password.getBytes(StandardCharsets.UTF_8)).encryptHex(data, StandardCharsets.UTF_8);
}
/**
* sm4解密
*
* @param data 待解密数据
* @param data 待解密数据可以是Base64或Hex编码
* @param password 秘钥字符串
* @return 解密后字符串
*/
@@ -152,10 +192,25 @@ public class EncryptUtils {
return sm2.encryptBase64(data, StandardCharsets.UTF_8, KeyType.PublicKey);
}
/**
* sm2公钥加密
*
* @param data 待加密数据
* @param publicKey 公钥
* @return 加密后字符串, 采用Hex编码
*/
public static String encryptBySm2Hex(String data, String publicKey) {
if (StrUtil.isBlank(publicKey)) {
throw new IllegalArgumentException("SM2需要传入公钥进行加密");
}
SM2 sm2 = SmUtil.sm2(null, publicKey);
return sm2.encryptHex(data, StandardCharsets.UTF_8, KeyType.PublicKey);
}
/**
* sm2私钥解密
*
* @param data 待密数据
* @param data 待密数据
* @param privateKey 私钥
* @return 解密后字符串
*/
@@ -195,10 +250,25 @@ public class EncryptUtils {
return rsa.encryptBase64(data, StandardCharsets.UTF_8, KeyType.PublicKey);
}
/**
* rsa公钥加密
*
* @param data 待加密数据
* @param publicKey 公钥
* @return 加密后字符串, 采用Hex编码
*/
public static String encryptByRsaHex(String data, String publicKey) {
if (StrUtil.isBlank(publicKey)) {
throw new IllegalArgumentException("RSA需要传入公钥进行加密");
}
RSA rsa = SecureUtil.rsa(null, publicKey);
return rsa.encryptHex(data, StandardCharsets.UTF_8, KeyType.PublicKey);
}
/**
* rsa私钥解密
*
* @param data 待密数据
* @param data 待密数据
* @param privateKey 私钥
* @return 解密后字符串
*/

2
ruoyi-common/ruoyi-common-encrypt/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports
View File

@@ -1 +1,3 @@
org.ruoyi.common.encrypt.config.EncryptorAutoConfiguration
org.ruoyi.common.encrypt.config.ApiDecryptAutoConfiguration