Merge remote-tracking branch 'refs/remotes/ztcloud/test' into dev

zt-module-databus/zt-module-databus-server-app/Dockerfile

@@ -0,0 +1,19 @@
+## AdoptOpenJDK 停止发布 OpenJDK 二进制，而 Eclipse Temurin 是它的延伸，提供更好的稳定性
+
+FROM 172.16.46.66:10043/base-service/eclipse-temurin:21-jre
+
+## 创建目录，并使用它作为工作目录
+RUN mkdir -p /zt-module-databus-server-app
+WORKDIR /zt-module-databus-server-app
+## 将后端项目的 Jar 文件，复制到镜像中
+COPY ./target/zt-module-databus-server-app.jar app.jar
+
+## 设置 TZ 时区
+## 设置 JAVA_OPTS 环境变量，可通过 docker run -e "JAVA_OPTS=" 进行覆盖
+ENV TZ=Asia/Shanghai JAVA_OPTS="-Xms512m -Xmx1024m"
+
+## 暴露后端项目的 48080 端口
+EXPOSE 48082
+
+## 启动后端项目
+CMD java ${JAVA_OPTS} -Djava.security.egd=file:/dev/./urandom -jar app.jar

zt-module-databus/zt-module-databus-server/src/main/java/com/zt/plat/module/databus/controller/admin/gateway/vo/credential/ApiClientCredentialRespVO.java

@@ -42,6 +42,9 @@ public class ApiClientCredentialRespVO {
     @Schema(description = "匿名访问固定用户昵称", example = "张三")
     private String anonymousUserNickname;
 
+    @Schema(description = "是否启用加密", example = "true")
+    private Boolean enableEncryption;
+
     @Schema(description = "创建时间")
     private LocalDateTime createTime;
 

zt-module-databus/zt-module-databus-server/src/main/java/com/zt/plat/module/databus/controller/admin/gateway/vo/credential/ApiClientCredentialSaveReqVO.java

@@ -45,4 +45,8 @@ public class ApiClientCredentialSaveReqVO {
     @Schema(description = "匿名访问固定用户 ID", example = "1024")
     private Long anonymousUserId;
 
+    @Schema(description = "是否启用加密", example = "true")
+    @NotNull(message = "启用加密标识不能为空")
+    private Boolean enableEncryption;
+
 }

zt-module-databus/zt-module-databus-server/src/main/java/com/zt/plat/module/databus/dal/dataobject/gateway/ApiClientCredentialDO.java

@@ -38,4 +38,6 @@ public class ApiClientCredentialDO extends BaseDO {
 
     private Long anonymousUserId;
 
+    private Boolean enableEncryption;
+
 }

zt-module-databus/zt-module-databus-server/src/main/java/com/zt/plat/module/databus/framework/integration/gateway/security/GatewaySecurityFilter.java

@@ -238,6 +238,11 @@ public class GatewaySecurityFilter extends OncePerRequestFilter {
     private byte[] decryptRequestBody(byte[] originalBody,
                                       ApiClientCredentialDO credential,
                                       ApiGatewayProperties.Security security) {
+        // 检查是否启用加密，如果未启用则直接返回原文
+        if (credential != null && Boolean.FALSE.equals(credential.getEnableEncryption())) {
+            return originalBody != null ? originalBody : new byte[0];
+        }
+
         if (originalBody == null || originalBody.length == 0) {
             return new byte[0];
         }
@@ -390,6 +395,11 @@ public class GatewaySecurityFilter extends OncePerRequestFilter {
     private void encryptResponse(ContentCachingResponseWrapper responseWrapper,
                                  ApiClientCredentialDO credential,
                                  ApiGatewayProperties.Security security) throws IOException {
+        // 检查是否启用加密，如果未启用则直接返回，不加密响应
+        if (credential != null && Boolean.FALSE.equals(credential.getEnableEncryption())) {
+            return;
+        }
+
         if (!security.isEncryptResponse()) {
             return;
         }
@@ -524,6 +534,10 @@ public class GatewaySecurityFilter extends OncePerRequestFilter {
         if (security == null || credential == null) {
             return false;
         }
+        // 检查是否启用加密，如果未启用则不加密错误响应
+        if (Boolean.FALSE.equals(credential.getEnableEncryption())) {
+            return false;
+        }
         if (!security.isEncryptResponse()) {
             return false;
         }