Merge remote-tracking branch 'base-version/test' into dev

# Conflicts: # zt-module-databus/zt-module-databus-server-app/src/main/resources/application-dev.yml
2026-01-15 22:43:56 +08:00
parent db91848cd4 d6e72f6045
commit e2688268ac
5 changed files with 67 additions and 26 deletions
--- a/zt-module-databus/zt-module-databus-server-app/src/main/resources/application-dev.yml
+++ b/zt-module-databus/zt-module-databus-server-app/src/main/resources/application-dev.yml
@@ -37,17 +37,11 @@ spring:
      primary: master
      datasource:
        master:
-          #url: jdbc:dm://172.16.46.247:1050?schema=RUOYI-VUE-PRO
-          #username: SYSDBA
-          #password: pgbsci6ddJ6Sqj@e
          url: jdbc:dm://172.17.11.98:20870?schema=JYGK_TEST
          username: SYSDBA
          password: P@ssword25
        slave: # 模拟从库，可根据自己需要修改 # 模拟从库，可根据自己需要修改
          lazy: true # 开启懒加载，保证启动速度
-          #url: jdbc:dm://172.16.46.247:1050?schema=RUOYI-VUE-PRO
-          #username: SYSDBA
-          #password: pgbsci6ddJ6Sqj@e
          url: jdbc:dm://172.17.11.98:20870?schema=JYGK_TEST
          username: SYSDBA
          password: P@ssword25
@@ -58,8 +52,9 @@ spring:
      host: 172.16.46.63 # 地址
      port: 30379 # 端口
      database: 0 # 数据库索引
-      username: zt-redis # 密码，建议生产环境开启
+      username: zt-redis
      password: P@ssword25
+#    password: 123456 # 密码，建议生产环境开启

 xxl:
  job:
--- a/zt-module-databus/zt-module-databus-server/src/main/java/com/zt/plat/module/databus/framework/integration/gateway/security/GatewaySecurityFilter.java
+++ b/zt-module-databus/zt-module-databus-server/src/main/java/com/zt/plat/module/databus/framework/integration/gateway/security/GatewaySecurityFilter.java
@@ -108,7 +108,9 @@ public class GatewaySecurityFilter extends OncePerRequestFilter {
            credential = credentialService.findActiveCredential(appId)
                    .orElseThrow(() -> new SecurityValidationException(HttpStatus.UNAUTHORIZED, "应用凭证不存在或已禁用"));
            boolean allowAnonymous = Boolean.TRUE.equals(credential.getAllowAnonymous());
+            boolean enableEncryption = Boolean.TRUE.equals(credential.getEnableEncryption());
            ApiAnonymousUserService.AnonymousUserDetails anonymousDetails = null;
+            byte[] requestBody = StreamUtils.copyToByteArray(request.getInputStream());
            if (allowAnonymous) {
                Long anonymousUserId = credential.getAnonymousUserId();
                if (anonymousUserId == null) {
@@ -117,24 +119,25 @@ public class GatewaySecurityFilter extends OncePerRequestFilter {
                anonymousDetails = anonymousUserService.find(anonymousUserId)
                        .orElseThrow(() -> new SecurityValidationException(HttpStatus.UNAUTHORIZED, "匿名访问固定用户不可用"));
            }
-
            String timestampHeader = requireHeader(request, TIMESTAMP_HEADER, "缺少时间戳");
            // 校验时间戳与随机数，防止请求被重放
            validateTimestamp(timestampHeader, security);
-            String nonce = requireHeader(request, NONCE_HEADER, "缺少随机数");
-            if (nonce.length() < 8) {
-                throw new SecurityValidationException(HttpStatus.BAD_REQUEST, "随机数长度不足");
-            }
-            String signature = requireHeader(request, SIGNATURE_HEADER, "缺少签名");
+            if (enableEncryption){
+                String nonce = requireHeader(request, NONCE_HEADER, "缺少随机数");
+                if (nonce.length() < 8) {
+                    throw new SecurityValidationException(HttpStatus.BAD_REQUEST, "随机数长度不足");
+                }
+                String signature = requireHeader(request, SIGNATURE_HEADER, "缺少签名");

-            byte[] originalBody = StreamUtils.copyToByteArray(request.getInputStream());
-            // 尝试按凭证配置解密请求体，并构建签名载荷进行校验
-            byte[] decryptedBody = decryptRequestBody(originalBody, credential, security);
-            verifySignature(request, decryptedBody, signature, credential, security, appId, timestampHeader);
-            ensureNonce(tenantId, appId, nonce, security);
+                // 尝试按凭证配置解密请求体，并构建签名载荷进行校验
+                byte[] decryptedBody = decryptRequestBody(requestBody, credential, security);
+                verifySignature(request, decryptedBody, signature, credential, security, appId, timestampHeader);
+                ensureNonce(tenantId, appId, nonce, security);
+                requestBody = decryptedBody;
+            }

            // 使用可重复读取的请求包装，供后续过滤器继续消费
-            CachedBodyHttpServletRequest securedRequest = new CachedBodyHttpServletRequest(request, decryptedBody);
+            CachedBodyHttpServletRequest securedRequest = new CachedBodyHttpServletRequest(request, requestBody);
            securedRequest.setHeader(APP_ID_HEADER, credential.getAppId());
            securedRequest.setHeader(HEADER_CREDENTIAL_ID, credential.getId() != null ? String.valueOf(credential.getId()) : null);
            ApiGatewayAccessLogger.propagateLogIdHeader(securedRequest, accessLogId);