From 287d24fc7f17f1899508af9cc83ad2c2e480b7fe Mon Sep 17 00:00:00 2001 From: wuzongyong <13203449218@163.com> Date: Wed, 14 Jan 2026 18:11:02 +0800 Subject: [PATCH] =?UTF-8?q?feat(gateway):=20=E6=B7=BB=E5=8A=A0API=E5=AE=A2?= =?UTF-8?q?=E6=88=B7=E7=AB=AF=E5=87=AD=E8=AF=81=E5=8A=A0=E5=AF=86=E5=8A=9F?= =?UTF-8?q?=E8=83=BD=E6=94=AF=E6=8C=81?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - 在ApiClientCredentialDO实体类中新增enableEncryption字段 - 在ApiClientCredentialRespVO响应对象中添加加密启用状态字段 - 在ApiClientCredentialSaveReqVO请求对象中添加加密启用状态字段 - 在GatewaySecurityFilter中实现加密启用状态检查逻辑 - 添加数据库表结构变更脚本支持加密字段 --- ...s_api_credential_enable_encryption_20260114.sql | 7 +++++++ .../vo/credential/ApiClientCredentialRespVO.java | 3 +++ .../credential/ApiClientCredentialSaveReqVO.java | 4 ++++ .../dataobject/gateway/ApiClientCredentialDO.java | 2 ++ .../gateway/security/GatewaySecurityFilter.java | 14 ++++++++++++++ 5 files changed, 30 insertions(+) create mode 100644 sql/dm/databus_api_credential_enable_encryption_20260114.sql diff --git a/sql/dm/databus_api_credential_enable_encryption_20260114.sql b/sql/dm/databus_api_credential_enable_encryption_20260114.sql new file mode 100644 index 00000000..c7e0da21 --- /dev/null +++ b/sql/dm/databus_api_credential_enable_encryption_20260114.sql @@ -0,0 +1,7 @@ +-- 为 API 客户端凭证表添加"是否启用加密"字段 +-- 2026-01-14 + +ALTER TABLE databus_api_client_credential + ADD enable_encryption BIT DEFAULT '1' NOT NULL; + +COMMENT ON COLUMN databus_api_client_credential.enable_encryption IS '是否启用加密传输'; diff --git a/zt-module-databus/zt-module-databus-server/src/main/java/com/zt/plat/module/databus/controller/admin/gateway/vo/credential/ApiClientCredentialRespVO.java b/zt-module-databus/zt-module-databus-server/src/main/java/com/zt/plat/module/databus/controller/admin/gateway/vo/credential/ApiClientCredentialRespVO.java index 33e2dbe7..a4cc7ec5 100644 --- a/zt-module-databus/zt-module-databus-server/src/main/java/com/zt/plat/module/databus/controller/admin/gateway/vo/credential/ApiClientCredentialRespVO.java +++ b/zt-module-databus/zt-module-databus-server/src/main/java/com/zt/plat/module/databus/controller/admin/gateway/vo/credential/ApiClientCredentialRespVO.java @@ -42,6 +42,9 @@ public class ApiClientCredentialRespVO { @Schema(description = "匿名访问固定用户昵称", example = "张三") private String anonymousUserNickname; + @Schema(description = "是否启用加密", example = "true") + private Boolean enableEncryption; + @Schema(description = "创建时间") private LocalDateTime createTime; diff --git a/zt-module-databus/zt-module-databus-server/src/main/java/com/zt/plat/module/databus/controller/admin/gateway/vo/credential/ApiClientCredentialSaveReqVO.java b/zt-module-databus/zt-module-databus-server/src/main/java/com/zt/plat/module/databus/controller/admin/gateway/vo/credential/ApiClientCredentialSaveReqVO.java index 11043ac5..796b1704 100644 --- a/zt-module-databus/zt-module-databus-server/src/main/java/com/zt/plat/module/databus/controller/admin/gateway/vo/credential/ApiClientCredentialSaveReqVO.java +++ b/zt-module-databus/zt-module-databus-server/src/main/java/com/zt/plat/module/databus/controller/admin/gateway/vo/credential/ApiClientCredentialSaveReqVO.java @@ -45,4 +45,8 @@ public class ApiClientCredentialSaveReqVO { @Schema(description = "匿名访问固定用户 ID", example = "1024") private Long anonymousUserId; + @Schema(description = "是否启用加密", example = "true") + @NotNull(message = "启用加密标识不能为空") + private Boolean enableEncryption; + } diff --git a/zt-module-databus/zt-module-databus-server/src/main/java/com/zt/plat/module/databus/dal/dataobject/gateway/ApiClientCredentialDO.java b/zt-module-databus/zt-module-databus-server/src/main/java/com/zt/plat/module/databus/dal/dataobject/gateway/ApiClientCredentialDO.java index 0bf5134f..7b44ecce 100644 --- a/zt-module-databus/zt-module-databus-server/src/main/java/com/zt/plat/module/databus/dal/dataobject/gateway/ApiClientCredentialDO.java +++ b/zt-module-databus/zt-module-databus-server/src/main/java/com/zt/plat/module/databus/dal/dataobject/gateway/ApiClientCredentialDO.java @@ -38,4 +38,6 @@ public class ApiClientCredentialDO extends BaseDO { private Long anonymousUserId; + private Boolean enableEncryption; + } diff --git a/zt-module-databus/zt-module-databus-server/src/main/java/com/zt/plat/module/databus/framework/integration/gateway/security/GatewaySecurityFilter.java b/zt-module-databus/zt-module-databus-server/src/main/java/com/zt/plat/module/databus/framework/integration/gateway/security/GatewaySecurityFilter.java index f9e5754d..b37dfb76 100644 --- a/zt-module-databus/zt-module-databus-server/src/main/java/com/zt/plat/module/databus/framework/integration/gateway/security/GatewaySecurityFilter.java +++ b/zt-module-databus/zt-module-databus-server/src/main/java/com/zt/plat/module/databus/framework/integration/gateway/security/GatewaySecurityFilter.java @@ -238,6 +238,11 @@ public class GatewaySecurityFilter extends OncePerRequestFilter { private byte[] decryptRequestBody(byte[] originalBody, ApiClientCredentialDO credential, ApiGatewayProperties.Security security) { + // 检查是否启用加密,如果未启用则直接返回原文 + if (credential != null && Boolean.FALSE.equals(credential.getEnableEncryption())) { + return originalBody != null ? originalBody : new byte[0]; + } + if (originalBody == null || originalBody.length == 0) { return new byte[0]; } @@ -390,6 +395,11 @@ public class GatewaySecurityFilter extends OncePerRequestFilter { private void encryptResponse(ContentCachingResponseWrapper responseWrapper, ApiClientCredentialDO credential, ApiGatewayProperties.Security security) throws IOException { + // 检查是否启用加密,如果未启用则直接返回,不加密响应 + if (credential != null && Boolean.FALSE.equals(credential.getEnableEncryption())) { + return; + } + if (!security.isEncryptResponse()) { return; } @@ -524,6 +534,10 @@ public class GatewaySecurityFilter extends OncePerRequestFilter { if (security == null || credential == null) { return false; } + // 检查是否启用加密,如果未启用则不加密错误响应 + if (Boolean.FALSE.equals(credential.getEnableEncryption())) { + return false; + } if (!security.isEncryptResponse()) { return false; }