feat(config): 更新开发环境数据库连接和安全过滤器加密功能

- 修改 application-dev.yml 中的数据库连接地址和凭据信息
- 在 GatewaySecurityFilter 中实现条件加密验证逻辑
- 添加 wzy 环境配置文件支持 Nacos 配置中心连接
- 优化请求体解密和签名验证流程以支持选择性加密处理
- 更新缓存请求体构造以确保解密后数据正确传递

pom.xml

@@ -243,6 +243,19 @@
                 <config.version>1.0.0</config.version>
             </properties>
         </profile>
+        <profile>
+            <id>wzy</id>
+            <properties>
+                <env.name>dev</env.name>
+                <!--Nacos 配置-->
+                <config.server-addr>172.16.46.63:30848</config.server-addr>
+                <config.namespace>wzy</config.namespace>
+                <config.group>DEFAULT_GROUP</config.group>
+                <config.username>nacos</config.username>
+                <config.password>P@ssword25</config.password>
+                <config.version>1.0.0</config.version>
+            </properties>
+        </profile>
         <profile>
             <id>klw-dev</id>
             <properties>

zt-module-databus/zt-module-databus-server-app/src/main/resources/application-dev.yml

@@ -37,14 +37,14 @@ spring:
       primary: master
       datasource:
         master:
-          url: jdbc:dm://172.16.46.247:1050?schema=RUOYI-VUE-PRO
+          url: jdbc:dm://172.17.11.98:20870?schema=JYGK_TEST
           username: SYSDBA
-          password: pgbsci6ddJ6Sqj@e
+          password: P@ssword25
         slave: # 模拟从库，可根据自己需要修改 # 模拟从库，可根据自己需要修改
           lazy: true # 开启懒加载，保证启动速度
-          url: jdbc:dm://172.16.46.247:1050?schema=RUOYI-VUE-PRO
+          url: jdbc:dm://172.17.11.98:20870?schema=JYGK_TEST
           username: SYSDBA
-          password: pgbsci6ddJ6Sqj@e
+          password: P@ssword25
 
   # Redis 配置。Redisson 默认的配置足够使用，一般不需要进行调优
   data:

zt-module-databus/zt-module-databus-server/src/main/java/com/zt/plat/module/databus/framework/integration/gateway/security/GatewaySecurityFilter.java

@@ -108,7 +108,9 @@ public class GatewaySecurityFilter extends OncePerRequestFilter {
             credential = credentialService.findActiveCredential(appId)
                     .orElseThrow(() -> new SecurityValidationException(HttpStatus.UNAUTHORIZED, "应用凭证不存在或已禁用"));
             boolean allowAnonymous = Boolean.TRUE.equals(credential.getAllowAnonymous());
+            boolean enableEncryption = Boolean.TRUE.equals(credential.getEnableEncryption());
             ApiAnonymousUserService.AnonymousUserDetails anonymousDetails = null;
+            byte[] requestBody = StreamUtils.copyToByteArray(request.getInputStream());
             if (allowAnonymous) {
                 Long anonymousUserId = credential.getAnonymousUserId();
                 if (anonymousUserId == null) {
@@ -117,24 +119,25 @@ public class GatewaySecurityFilter extends OncePerRequestFilter {
                 anonymousDetails = anonymousUserService.find(anonymousUserId)
                         .orElseThrow(() -> new SecurityValidationException(HttpStatus.UNAUTHORIZED, "匿名访问固定用户不可用"));
             }
-
             String timestampHeader = requireHeader(request, TIMESTAMP_HEADER, "缺少时间戳");
             // 校验时间戳与随机数，防止请求被重放
             validateTimestamp(timestampHeader, security);
-            String nonce = requireHeader(request, NONCE_HEADER, "缺少随机数");
-            if (nonce.length() < 8) {
-                throw new SecurityValidationException(HttpStatus.BAD_REQUEST, "随机数长度不足");
-            }
-            String signature = requireHeader(request, SIGNATURE_HEADER, "缺少签名");
+            if (enableEncryption){
+                String nonce = requireHeader(request, NONCE_HEADER, "缺少随机数");
+                if (nonce.length() < 8) {
+                    throw new SecurityValidationException(HttpStatus.BAD_REQUEST, "随机数长度不足");
+                }
+                String signature = requireHeader(request, SIGNATURE_HEADER, "缺少签名");
 
-            byte[] originalBody = StreamUtils.copyToByteArray(request.getInputStream());
-            // 尝试按凭证配置解密请求体，并构建签名载荷进行校验
-            byte[] decryptedBody = decryptRequestBody(originalBody, credential, security);
-            verifySignature(request, decryptedBody, signature, credential, security, appId, timestampHeader);
-            ensureNonce(tenantId, appId, nonce, security);
+                // 尝试按凭证配置解密请求体，并构建签名载荷进行校验
+                byte[] decryptedBody = decryptRequestBody(requestBody, credential, security);
+                verifySignature(request, decryptedBody, signature, credential, security, appId, timestampHeader);
+                ensureNonce(tenantId, appId, nonce, security);
+                requestBody = decryptedBody;
+            }
 
             // 使用可重复读取的请求包装，供后续过滤器继续消费
-            CachedBodyHttpServletRequest securedRequest = new CachedBodyHttpServletRequest(request, decryptedBody);
+            CachedBodyHttpServletRequest securedRequest = new CachedBodyHttpServletRequest(request, requestBody);
             securedRequest.setHeader(APP_ID_HEADER, credential.getAppId());
             securedRequest.setHeader(HEADER_CREDENTIAL_ID, credential.getId() != null ? String.valueOf(credential.getId()) : null);
             ApiGatewayAccessLogger.propagateLogIdHeader(securedRequest, accessLogId);