Merge branch 'dev' into test

2025-12-23 17:53:25 +08:00
parent cda360572e 5843e2eb7a
commit 48660f75cf
3 changed files with 44 additions and 23 deletions
--- a/sql/dm/数据总线API凭证绑定与访问日志补充_20251209.sql
+++ b/sql/dm/数据总线API凭证绑定与访问日志补充_20251209.sql
@@ -19,7 +19,8 @@ CREATE TABLE databus_api_definition_credential (
    deleted BIT DEFAULT '0' NOT NULL
 );

-CREATE UNIQUE INDEX uk_databus_api_definition_credential ON databus_api_definition_credential (api_id, credential_id, deleted);
+-- 去掉错误的唯一索引逻辑
+-- CREATE UNIQUE INDEX uk_databus_api_definition_credential ON databus_api_definition_credential (api_id, credential_id, deleted);
 CREATE INDEX idx_databus_api_definition_credential_api ON databus_api_definition_credential (api_id);
 CREATE INDEX idx_databus_api_definition_credential_cred ON databus_api_definition_credential (credential_id);

--- a/zt-module-databus/zt-module-databus-server/src/main/java/com/zt/plat/module/databus/framework/integration/gateway/security/GatewaySecurityFilter.java
+++ b/zt-module-databus/zt-module-databus-server/src/main/java/com/zt/plat/module/databus/framework/integration/gateway/security/GatewaySecurityFilter.java
@@ -33,6 +33,7 @@ import org.springframework.web.util.ContentCachingResponseWrapper;
 import org.springframework.web.util.UriComponentsBuilder;

 import java.io.IOException;
+import java.net.URLDecoder;
 import java.net.URLEncoder;
 import java.nio.charset.Charset;
 import java.nio.charset.StandardCharsets;
@@ -304,15 +305,28 @@ public class GatewaySecurityFilter extends OncePerRequestFilter {
                    .build()
                    .getQueryParams();
            params.forEach((key, values) -> {
-                if (!StringUtils.hasText(key) || "signature".equalsIgnoreCase(key)) {
+                String decodedKey = URLDecoder.decode(key, StandardCharsets.UTF_8);
+                if (!StringUtils.hasText(decodedKey) || "signature".equalsIgnoreCase(decodedKey)) {
                    return;
                }
                if (CollectionUtils.isEmpty(values)) {
-                    target.put(key, "");
-                } else if (values.size() == 1) {
-                    target.put(key, values.get(0));
+                    target.put(decodedKey, "");
+                    return;
+                }
+                // 对每一个 value 做 URL 解码，确保与客户端原文签名一致
+                List<String> decodedValues = values.stream()
+                        .map(val -> URLDecoder.decode(val, StandardCharsets.UTF_8))
+                        .toList();
+                boolean allNullLiteral = decodedValues.stream()
+                        .allMatch(v -> "null".equals(v));
+                if (allNullLiteral) {
+                    // 过滤掉仅包含字符串 "null" 的参数
+                    return;
+                }
+                if (decodedValues.size() == 1) {
+                    target.put(decodedKey, decodedValues.get(0));
                } else {
-                    target.put(key, String.join(",", values));
+                    target.put(decodedKey, String.join(",", decodedValues));
                }
            });
        } catch (IllegalArgumentException ex) {
--- a/zt-module-databus/zt-module-databus-server/src/test/java/com/zt/plat/module/databus/framework/integration/gateway/sample/DatabusApiInvocationExample.java
+++ b/zt-module-databus/zt-module-databus-server/src/test/java/com/zt/plat/module/databus/framework/integration/gateway/sample/DatabusApiInvocationExample.java