From 9b4433fddf5b401edb0aace8a404ac733b122702 Mon Sep 17 00:00:00 2001
From: 田源 <tianyuan@vci-tech.com>
Date: 星期四, 03 四月 2025 14:35:02 +0800
Subject: [PATCH] 添加非密字段显示
---
Source/BladeX-Tool/blade-core-secure/src/main/java/org/springblade/core/secure/interceptor/SignInterceptor.java | 170 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
1 files changed, 170 insertions(+), 0 deletions(-)
diff --git a/Source/BladeX-Tool/blade-core-secure/src/main/java/org/springblade/core/secure/interceptor/SignInterceptor.java b/Source/BladeX-Tool/blade-core-secure/src/main/java/org/springblade/core/secure/interceptor/SignInterceptor.java
new file mode 100644
index 0000000..f8951e2
--- /dev/null
+++ b/Source/BladeX-Tool/blade-core-secure/src/main/java/org/springblade/core/secure/interceptor/SignInterceptor.java
@@ -0,0 +1,170 @@
+/*
+ * Copyright (c) 2018-2028, Chill Zhuang All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * Neither the name of the dreamlu.net developer nor the names of its
+ * contributors may be used to endorse or promote products derived from
+ * this software without specific prior written permission.
+ * Author: Chill 搴勯獮 (smallchill@163.com)
+ */
+package org.springblade.core.secure.interceptor;
+
+import lombok.AllArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.springblade.core.secure.props.SignSecure;
+import org.springblade.core.secure.provider.HttpMethod;
+import org.springblade.core.secure.provider.ResponseProvider;
+import org.springblade.core.tool.jackson.JsonUtil;
+import org.springblade.core.tool.utils.DateUtil;
+import org.springblade.core.tool.utils.DigestUtil;
+import org.springblade.core.tool.utils.Func;
+import org.springblade.core.tool.utils.WebUtil;
+import org.springframework.lang.NonNull;
+import org.springframework.util.AntPathMatcher;
+import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.time.Duration;
+import java.util.Date;
+import java.util.List;
+
+/**
+ * 绛惧悕璁よ瘉鎷︽埅鍣ㄦ牎楠�
+ *
+ * @author Chill
+ */
+@Slf4j
+@AllArgsConstructor
+public class SignInterceptor extends HandlerInterceptorAdapter {
+
+ /**
+ * 琛ㄨ揪寮忓尮閰�
+ */
+ private static final AntPathMatcher ANT_PATH_MATCHER = new AntPathMatcher();
+
+ /**
+ * 鎺堟潈闆嗗悎
+ */
+ private final List<SignSecure> signSecures;
+
+ /**
+ * 璇锋眰鏃堕棿
+ */
+ private final static String TIMESTAMP = "timestamp";
+
+ /**
+ * 闅忔満鏁�
+ */
+ private final static String NONCE = "nonce";
+
+ /**
+ * 鏃堕棿闅忔満鏁扮粍鍚堝姞瀵嗕覆
+ */
+ private final static String SIGNATURE = "signature";
+
+ /**
+ * sha1鍔犲瘑鏂瑰紡
+ */
+ private final static String SHA1 = "sha1";
+
+ /**
+ * md5鍔犲瘑鏂瑰紡
+ */
+ private final static String MD5 = "md5";
+
+ /**
+ * 鏃堕棿宸渶灏忓��
+ */
+ private final static Integer SECOND_MIN = 0;
+
+ /**
+ * 鏃堕棿宸渶澶у��
+ */
+ private final static Integer SECOND_MAX = 10;
+
+ @Override
+ public boolean preHandle(@NonNull HttpServletRequest request, @NonNull HttpServletResponse response, @NonNull Object handler) {
+ boolean check = signSecures.stream().filter(signSecure -> checkAuth(request, signSecure)).findFirst().map(
+ authSecure -> checkSign(authSecure.getCrypto())
+ ).orElse(Boolean.TRUE);
+ if (!check) {
+ log.warn("鎺堟潈璁よ瘉澶辫触锛岃姹傛帴鍙o細{}锛岃姹侷P锛歿}锛岃姹傚弬鏁帮細{}", request.getRequestURI(), WebUtil.getIP(request), JsonUtil.toJson(request.getParameterMap()));
+ ResponseProvider.write(response);
+ return false;
+ }
+ return true;
+ }
+
+ /**
+ * 妫�娴嬫巿鏉�
+ */
+ private boolean checkAuth(HttpServletRequest request, SignSecure signSecure) {
+ return checkMethod(request, signSecure.getMethod()) && checkPath(request, signSecure.getPattern());
+ }
+
+ /**
+ * 妫�娴嬭姹傛柟娉�
+ */
+ private boolean checkMethod(HttpServletRequest request, HttpMethod method) {
+ return method == HttpMethod.ALL || (
+ method != null && method == HttpMethod.of(request.getMethod())
+ );
+ }
+
+ /**
+ * 妫�娴嬭矾寰勫尮閰�
+ */
+ private boolean checkPath(HttpServletRequest request, String pattern) {
+ String servletPath = request.getServletPath();
+ String pathInfo = request.getPathInfo();
+ if (pathInfo != null && pathInfo.length() > 0) {
+ servletPath = servletPath + pathInfo;
+ }
+ return ANT_PATH_MATCHER.match(pattern, servletPath);
+ }
+
+ /**
+ * 妫�娴嬭〃杈惧紡
+ */
+ private boolean checkSign(String crypto) {
+ try {
+ HttpServletRequest request = WebUtil.getRequest();
+ if (request == null) {
+ return false;
+ }
+ // 鑾峰彇澶撮儴鍔ㄦ�佺鍚嶄俊鎭�
+ String timestamp = request.getHeader(TIMESTAMP);
+ // 鍒ゆ柇鏄惁鍦ㄥ悎娉曟椂闂存
+ long seconds = Duration.between(new Date(Func.toLong(timestamp)).toInstant(), DateUtil.now().toInstant()).getSeconds();
+ if (seconds < SECOND_MIN || seconds > SECOND_MAX) {
+ log.warn("鎺堟潈璁よ瘉澶辫触锛岄敊璇俊鎭細{}", "璇锋眰鏃堕棿鎴抽潪娉�");
+ return false;
+ }
+ String nonce = request.getHeader(NONCE);
+ String signature = request.getHeader(SIGNATURE);
+ // 鍔犲瘑绛惧悕姣斿锛屽彲鑷鎷撳睍鍔犲瘑瑙勫垯
+ String sign;
+ if (crypto.equals(MD5)) {
+ sign = DigestUtil.md5Hex(timestamp + nonce);
+ } else if (crypto.equals(SHA1)) {
+ sign = DigestUtil.sha1Hex(timestamp + nonce);
+ } else {
+ sign = DigestUtil.sha1Hex(timestamp + nonce);
+ }
+ return sign.equalsIgnoreCase(signature);
+ } catch (Exception e) {
+ log.warn("鎺堟潈璁よ瘉澶辫触锛岄敊璇俊鎭細{}", e.getMessage());
+ return false;
+ }
+ }
+
+
+}
--
Gitblit v1.9.3