zgty/zt-dsc
9
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat(config): 更新开发环境数据库连接和安全过滤器加密功能

Browse Source 
- 修改 application-dev.yml 中的数据库连接地址和凭据信息
- 在 GatewaySecurityFilter 中实现条件加密验证逻辑
- 添加 wzy 环境配置文件支持 Nacos 配置中心连接
- 优化请求体解密和签名验证流程以支持选择性加密处理
- 更新缓存请求体构造以确保解密后数据正确传递
This commit is contained in:
wuzongyong
2026-01-15 18:06:26 +08:00
parent 2a1af3ed6b
commit 06fb92462c
3 changed files with 32 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
pom.xml
View File

@@ -243,6 +243,19 @@
<config.version>1.0.0</config.version> <config.version>1.0.0</config.version>
</properties> </properties>
</profile> </profile>
<profile>
<id>wzy</id>
<properties>
<env.name>dev</env.name>
<!--Nacos 配置-->
<config.server-addr>172.16.46.63:30848</config.server-addr>
<config.namespace>wzy</config.namespace>
<config.group>DEFAULT_GROUP</config.group>
<config.username>nacos</config.username>
<config.password>P@ssword25</config.password>
<config.version>1.0.0</config.version>
</properties>
</profile>
<profile> <profile>
<id>klw-dev</id> <id>klw-dev</id>
<properties> <properties>

8
zt-module-databus/zt-module-databus-server-app/src/main/resources/application-dev.yml
View File

@@ -37,14 +37,14 @@ spring:
primary: master primary: master
datasource: datasource:
master: master:
url: jdbc:dm://172.16.46.247:1050?schema=RUOYI-VUE-PRO url: jdbc:dm://172.17.11.98:20870?schema=JYGK_TEST
username: SYSDBA username: SYSDBA
password: pgbsci6ddJ6Sqj@e password: P@ssword25
slave: # 模拟从库,可根据自己需要修改 # 模拟从库,可根据自己需要修改 slave: # 模拟从库,可根据自己需要修改 # 模拟从库,可根据自己需要修改
lazy: true # 开启懒加载,保证启动速度 lazy: true # 开启懒加载,保证启动速度
url: jdbc:dm://172.16.46.247:1050?schema=RUOYI-VUE-PRO url: jdbc:dm://172.17.11.98:20870?schema=JYGK_TEST
username: SYSDBA username: SYSDBA
password: pgbsci6ddJ6Sqj@e password: P@ssword25
# Redis 配置。Redisson 默认的配置足够使用,一般不需要进行调优 # Redis 配置。Redisson 默认的配置足够使用,一般不需要进行调优
data: data:

11
zt-module-databus/zt-module-databus-server/src/main/java/com/zt/plat/module/databus/framework/integration/gateway/security/GatewaySecurityFilter.java
View File

@@ -108,7 +108,9 @@ public class GatewaySecurityFilter extends OncePerRequestFilter {
credential = credentialService.findActiveCredential(appId) credential = credentialService.findActiveCredential(appId)
.orElseThrow(() -> new SecurityValidationException(HttpStatus.UNAUTHORIZED, "应用凭证不存在或已禁用")); .orElseThrow(() -> new SecurityValidationException(HttpStatus.UNAUTHORIZED, "应用凭证不存在或已禁用"));
boolean allowAnonymous = Boolean.TRUE.equals(credential.getAllowAnonymous()); boolean allowAnonymous = Boolean.TRUE.equals(credential.getAllowAnonymous());
boolean enableEncryption = Boolean.TRUE.equals(credential.getEnableEncryption());
ApiAnonymousUserService.AnonymousUserDetails anonymousDetails = null; ApiAnonymousUserService.AnonymousUserDetails anonymousDetails = null;
byte[] requestBody = StreamUtils.copyToByteArray(request.getInputStream());
if (allowAnonymous) { if (allowAnonymous) {
Long anonymousUserId = credential.getAnonymousUserId(); Long anonymousUserId = credential.getAnonymousUserId();
if (anonymousUserId == null) { if (anonymousUserId == null) {
@@ -117,24 +119,25 @@ public class GatewaySecurityFilter extends OncePerRequestFilter {
anonymousDetails = anonymousUserService.find(anonymousUserId) anonymousDetails = anonymousUserService.find(anonymousUserId)
.orElseThrow(() -> new SecurityValidationException(HttpStatus.UNAUTHORIZED, "匿名访问固定用户不可用")); .orElseThrow(() -> new SecurityValidationException(HttpStatus.UNAUTHORIZED, "匿名访问固定用户不可用"));
} }
String timestampHeader = requireHeader(request, TIMESTAMP_HEADER, "缺少时间戳"); String timestampHeader = requireHeader(request, TIMESTAMP_HEADER, "缺少时间戳");
// 校验时间戳与随机数,防止请求被重放 // 校验时间戳与随机数,防止请求被重放
validateTimestamp(timestampHeader, security); validateTimestamp(timestampHeader, security);
if (enableEncryption){
String nonce = requireHeader(request, NONCE_HEADER, "缺少随机数"); String nonce = requireHeader(request, NONCE_HEADER, "缺少随机数");
if (nonce.length() < 8) { if (nonce.length() < 8) {
throw new SecurityValidationException(HttpStatus.BAD_REQUEST, "随机数长度不足"); throw new SecurityValidationException(HttpStatus.BAD_REQUEST, "随机数长度不足");
} }
String signature = requireHeader(request, SIGNATURE_HEADER, "缺少签名"); String signature = requireHeader(request, SIGNATURE_HEADER, "缺少签名");
byte[] originalBody = StreamUtils.copyToByteArray(request.getInputStream());
// 尝试按凭证配置解密请求体,并构建签名载荷进行校验 // 尝试按凭证配置解密请求体,并构建签名载荷进行校验
byte[] decryptedBody = decryptRequestBody(originalBody, credential, security); byte[] decryptedBody = decryptRequestBody(requestBody, credential, security);
verifySignature(request, decryptedBody, signature, credential, security, appId, timestampHeader); verifySignature(request, decryptedBody, signature, credential, security, appId, timestampHeader);
ensureNonce(tenantId, appId, nonce, security); ensureNonce(tenantId, appId, nonce, security);
requestBody = decryptedBody;
}
// 使用可重复读取的请求包装,供后续过滤器继续消费 // 使用可重复读取的请求包装,供后续过滤器继续消费
CachedBodyHttpServletRequest securedRequest = new CachedBodyHttpServletRequest(request, decryptedBody); CachedBodyHttpServletRequest securedRequest = new CachedBodyHttpServletRequest(request, requestBody);
securedRequest.setHeader(APP_ID_HEADER, credential.getAppId()); securedRequest.setHeader(APP_ID_HEADER, credential.getAppId());
securedRequest.setHeader(HEADER_CREDENTIAL_ID, credential.getId() != null ? String.valueOf(credential.getId()) : null); securedRequest.setHeader(HEADER_CREDENTIAL_ID, credential.getId() != null ? String.valueOf(credential.getId()) : null);
ApiGatewayAccessLogger.propagateLogIdHeader(securedRequest, accessLogId); ApiGatewayAccessLogger.propagateLogIdHeader(securedRequest, accessLogId);