From 06fb92462c4ca79029b4a6a7c0abc00c3516c0d2 Mon Sep 17 00:00:00 2001
From: wuzongyong <13203449218@163.com>
Date: Thu, 15 Jan 2026 18:06:26 +0800
Subject: [PATCH] =?UTF-8?q?feat(config):=20=E6=9B=B4=E6=96=B0=E5=BC=80?=
 =?UTF-8?q?=E5=8F=91=E7=8E=AF=E5=A2=83=E6=95=B0=E6=8D=AE=E5=BA=93=E8=BF=9E?=
 =?UTF-8?q?=E6=8E=A5=E5=92=8C=E5=AE=89=E5=85=A8=E8=BF=87=E6=BB=A4=E5=99=A8?=
 =?UTF-8?q?=E5=8A=A0=E5=AF=86=E5=8A=9F=E8=83=BD?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- 修改 application-dev.yml 中的数据库连接地址和凭据信息
- 在 GatewaySecurityFilter 中实现条件加密验证逻辑
- 添加 wzy 环境配置文件支持 Nacos 配置中心连接
- 优化请求体解密和签名验证流程以支持选择性加密处理
- 更新缓存请求体构造以确保解密后数据正确传递
---
 pom.xml                                       | 13 +++++++++
 .../src/main/resources/application-dev.yml    |  8 +++---
 .../security/GatewaySecurityFilter.java       | 27 ++++++++++---------
 3 files changed, 32 insertions(+), 16 deletions(-)

diff --git a/pom.xml b/pom.xml
index 6743a5ca..1b493aeb 100644
--- a/pom.xml
+++ b/pom.xml
@@ -243,6 +243,19 @@
                 <config.version>1.0.0</config.version>
             </properties>
         </profile>
+        <profile>
+            <id>wzy</id>
+            <properties>
+                <env.name>dev</env.name>
+                <!--Nacos 配置-->
+                <config.server-addr>172.16.46.63:30848</config.server-addr>
+                <config.namespace>wzy</config.namespace>
+                <config.group>DEFAULT_GROUP</config.group>
+                <config.username>nacos</config.username>
+                <config.password>P@ssword25</config.password>
+                <config.version>1.0.0</config.version>
+            </properties>
+        </profile>
         <profile>
             <id>klw-dev</id>
             <properties>
diff --git a/zt-module-databus/zt-module-databus-server-app/src/main/resources/application-dev.yml b/zt-module-databus/zt-module-databus-server-app/src/main/resources/application-dev.yml
index 87dad43b..0428df40 100644
--- a/zt-module-databus/zt-module-databus-server-app/src/main/resources/application-dev.yml
+++ b/zt-module-databus/zt-module-databus-server-app/src/main/resources/application-dev.yml
@@ -37,14 +37,14 @@ spring:
       primary: master
       datasource:
         master:
-          url: jdbc:dm://172.16.46.247:1050?schema=RUOYI-VUE-PRO
+          url: jdbc:dm://172.17.11.98:20870?schema=JYGK_TEST
           username: SYSDBA
-          password: pgbsci6ddJ6Sqj@e
+          password: P@ssword25
         slave: # 模拟从库，可根据自己需要修改 # 模拟从库，可根据自己需要修改
           lazy: true # 开启懒加载，保证启动速度
-          url: jdbc:dm://172.16.46.247:1050?schema=RUOYI-VUE-PRO
+          url: jdbc:dm://172.17.11.98:20870?schema=JYGK_TEST
           username: SYSDBA
-          password: pgbsci6ddJ6Sqj@e
+          password: P@ssword25
 
   # Redis 配置。Redisson 默认的配置足够使用，一般不需要进行调优
   data:
diff --git a/zt-module-databus/zt-module-databus-server/src/main/java/com/zt/plat/module/databus/framework/integration/gateway/security/GatewaySecurityFilter.java b/zt-module-databus/zt-module-databus-server/src/main/java/com/zt/plat/module/databus/framework/integration/gateway/security/GatewaySecurityFilter.java
index b37dfb76..7bd4e98f 100644
--- a/zt-module-databus/zt-module-databus-server/src/main/java/com/zt/plat/module/databus/framework/integration/gateway/security/GatewaySecurityFilter.java
+++ b/zt-module-databus/zt-module-databus-server/src/main/java/com/zt/plat/module/databus/framework/integration/gateway/security/GatewaySecurityFilter.java
@@ -108,7 +108,9 @@ public class GatewaySecurityFilter extends OncePerRequestFilter {
             credential = credentialService.findActiveCredential(appId)
                     .orElseThrow(() -> new SecurityValidationException(HttpStatus.UNAUTHORIZED, "应用凭证不存在或已禁用"));
             boolean allowAnonymous = Boolean.TRUE.equals(credential.getAllowAnonymous());
+            boolean enableEncryption = Boolean.TRUE.equals(credential.getEnableEncryption());
             ApiAnonymousUserService.AnonymousUserDetails anonymousDetails = null;
+            byte[] requestBody = StreamUtils.copyToByteArray(request.getInputStream());
             if (allowAnonymous) {
                 Long anonymousUserId = credential.getAnonymousUserId();
                 if (anonymousUserId == null) {
@@ -117,24 +119,25 @@ public class GatewaySecurityFilter extends OncePerRequestFilter {
                 anonymousDetails = anonymousUserService.find(anonymousUserId)
                         .orElseThrow(() -> new SecurityValidationException(HttpStatus.UNAUTHORIZED, "匿名访问固定用户不可用"));
             }
-
             String timestampHeader = requireHeader(request, TIMESTAMP_HEADER, "缺少时间戳");
             // 校验时间戳与随机数，防止请求被重放
             validateTimestamp(timestampHeader, security);
-            String nonce = requireHeader(request, NONCE_HEADER, "缺少随机数");
-            if (nonce.length() < 8) {
-                throw new SecurityValidationException(HttpStatus.BAD_REQUEST, "随机数长度不足");
-            }
-            String signature = requireHeader(request, SIGNATURE_HEADER, "缺少签名");
+            if (enableEncryption){
+                String nonce = requireHeader(request, NONCE_HEADER, "缺少随机数");
+                if (nonce.length() < 8) {
+                    throw new SecurityValidationException(HttpStatus.BAD_REQUEST, "随机数长度不足");
+                }
+                String signature = requireHeader(request, SIGNATURE_HEADER, "缺少签名");
 
-            byte[] originalBody = StreamUtils.copyToByteArray(request.getInputStream());
-            // 尝试按凭证配置解密请求体，并构建签名载荷进行校验
-            byte[] decryptedBody = decryptRequestBody(originalBody, credential, security);
-            verifySignature(request, decryptedBody, signature, credential, security, appId, timestampHeader);
-            ensureNonce(tenantId, appId, nonce, security);
+                // 尝试按凭证配置解密请求体，并构建签名载荷进行校验
+                byte[] decryptedBody = decryptRequestBody(requestBody, credential, security);
+                verifySignature(request, decryptedBody, signature, credential, security, appId, timestampHeader);
+                ensureNonce(tenantId, appId, nonce, security);
+                requestBody = decryptedBody;
+            }
 
             // 使用可重复读取的请求包装，供后续过滤器继续消费
-            CachedBodyHttpServletRequest securedRequest = new CachedBodyHttpServletRequest(request, decryptedBody);
+            CachedBodyHttpServletRequest securedRequest = new CachedBodyHttpServletRequest(request, requestBody);
             securedRequest.setHeader(APP_ID_HEADER, credential.getAppId());
             securedRequest.setHeader(HEADER_CREDENTIAL_ID, credential.getId() != null ? String.valueOf(credential.getId()) : null);
             ApiGatewayAccessLogger.propagateLogIdHeader(securedRequest, accessLogId);