feat(gateway): 添加API客户端凭证加密功能支持
- 在ApiClientCredentialDO实体类中新增enableEncryption字段 - 在ApiClientCredentialRespVO响应对象中添加加密启用状态字段 - 在ApiClientCredentialSaveReqVO请求对象中添加加密启用状态字段 - 在GatewaySecurityFilter中实现加密启用状态检查逻辑 - 添加数据库表结构变更脚本支持加密字段
This commit is contained in:
wuzongyong
@@ -0,0 +1,7 @@
|
|||||||
|
-- 为 API 客户端凭证表添加"是否启用加密"字段
|
||||||
|
-- 2026-01-14
|
||||||
|
|
||||||
|
ALTER TABLE databus_api_client_credential
|
||||||
|
ADD enable_encryption BIT DEFAULT '1' NOT NULL;
|
||||||
|
|
||||||
|
COMMENT ON COLUMN databus_api_client_credential.enable_encryption IS '是否启用加密传输';
|
||||||
@@ -42,6 +42,9 @@ public class ApiClientCredentialRespVO {
|
|||||||
@Schema(description = "匿名访问固定用户昵称", example = "张三")
|
@Schema(description = "匿名访问固定用户昵称", example = "张三")
|
||||||
private String anonymousUserNickname;
|
private String anonymousUserNickname;
|
||||||
|
|
||||||
|
@Schema(description = "是否启用加密", example = "true")
|
||||||
|
private Boolean enableEncryption;
|
||||||
|
|
||||||
@Schema(description = "创建时间")
|
@Schema(description = "创建时间")
|
||||||
private LocalDateTime createTime;
|
private LocalDateTime createTime;
|
||||||
|
|
||||||
|
|||||||
@@ -45,4 +45,8 @@ public class ApiClientCredentialSaveReqVO {
|
|||||||
@Schema(description = "匿名访问固定用户 ID", example = "1024")
|
@Schema(description = "匿名访问固定用户 ID", example = "1024")
|
||||||
private Long anonymousUserId;
|
private Long anonymousUserId;
|
||||||
|
|
||||||
|
@Schema(description = "是否启用加密", example = "true")
|
||||||
|
@NotNull(message = "启用加密标识不能为空")
|
||||||
|
private Boolean enableEncryption;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -38,4 +38,6 @@ public class ApiClientCredentialDO extends BaseDO {
|
|||||||
|
|
||||||
private Long anonymousUserId;
|
private Long anonymousUserId;
|
||||||
|
|
||||||
|
private Boolean enableEncryption;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -238,6 +238,11 @@ public class GatewaySecurityFilter extends OncePerRequestFilter {
|
|||||||
private byte[] decryptRequestBody(byte[] originalBody,
|
private byte[] decryptRequestBody(byte[] originalBody,
|
||||||
ApiClientCredentialDO credential,
|
ApiClientCredentialDO credential,
|
||||||
ApiGatewayProperties.Security security) {
|
ApiGatewayProperties.Security security) {
|
||||||
|
// 检查是否启用加密,如果未启用则直接返回原文
|
||||||
|
if (credential != null && Boolean.FALSE.equals(credential.getEnableEncryption())) {
|
||||||
|
return originalBody != null ? originalBody : new byte[0];
|
||||||
|
}
|
||||||
|
|
||||||
if (originalBody == null || originalBody.length == 0) {
|
if (originalBody == null || originalBody.length == 0) {
|
||||||
return new byte[0];
|
return new byte[0];
|
||||||
}
|
}
|
||||||
@@ -390,6 +395,11 @@ public class GatewaySecurityFilter extends OncePerRequestFilter {
|
|||||||
private void encryptResponse(ContentCachingResponseWrapper responseWrapper,
|
private void encryptResponse(ContentCachingResponseWrapper responseWrapper,
|
||||||
ApiClientCredentialDO credential,
|
ApiClientCredentialDO credential,
|
||||||
ApiGatewayProperties.Security security) throws IOException {
|
ApiGatewayProperties.Security security) throws IOException {
|
||||||
|
// 检查是否启用加密,如果未启用则直接返回,不加密响应
|
||||||
|
if (credential != null && Boolean.FALSE.equals(credential.getEnableEncryption())) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
if (!security.isEncryptResponse()) {
|
if (!security.isEncryptResponse()) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
@@ -524,6 +534,10 @@ public class GatewaySecurityFilter extends OncePerRequestFilter {
|
|||||||
if (security == null || credential == null) {
|
if (security == null || credential == null) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
// 检查是否启用加密,如果未启用则不加密错误响应
|
||||||
|
if (Boolean.FALSE.equals(credential.getEnableEncryption())) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
if (!security.isEncryptResponse()) {
|
if (!security.isEncryptResponse()) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user