xinyin025/RuoYi-Vue-Plus
1
0
Fork 0
mirror of https://github.com/dromara/RuoYi-Vue-Plus.git synced 2025-12-27 18:46:00 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

update 优化 接口访问日志 排除敏感参数输出

Browse Source
This commit is contained in:
疯狂的狮子Li
2025-12-08 10:00:57 +08:00
parent 581203ba15
commit 0c08455b32
5 changed files with 30 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
ruoyi-common/ruoyi-common-core/src/main/java/org/dromara/common/core/constant/SystemConstants.java
View File

@@ -82,4 +82,10 @@ public interface SystemConstants {
*/ */
Long DEFAULT_DEPT_ID = 100L; Long DEFAULT_DEPT_ID = 100L;
/**
* 排除敏感属性字段
*/
String[] EXCLUDE_PROPERTIES = { "password", "oldPassword", "newPassword", "confirmPassword" };
} }

2
ruoyi-common/ruoyi-common-sensitive/src/main/java/org/dromara/common/sensitive/utils/DesensitizedUtils.java → ruoyi-common/ruoyi-common-core/src/main/java/org/dromara/common/core/utils/DesensitizedUtils.java
View File

@@ -1,4 +1,4 @@
package org.dromara.common.sensitive.utils; package org.dromara.common.core.utils;
import cn.hutool.core.util.DesensitizedUtil; import cn.hutool.core.util.DesensitizedUtil;
import cn.hutool.core.util.StrUtil; import cn.hutool.core.util.StrUtil;

11
ruoyi-common/ruoyi-common-log/src/main/java/org/dromara/common/log/aspect/LogAspect.java
View File

@@ -13,6 +13,7 @@ import org.aspectj.lang.annotation.AfterReturning;
import org.aspectj.lang.annotation.AfterThrowing; import org.aspectj.lang.annotation.AfterThrowing;
import org.aspectj.lang.annotation.Aspect; import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Before; import org.aspectj.lang.annotation.Before;
import org.dromara.common.core.constant.SystemConstants;
import org.dromara.common.core.domain.model.LoginUser; import org.dromara.common.core.domain.model.LoginUser;
import org.dromara.common.core.utils.ServletUtils; import org.dromara.common.core.utils.ServletUtils;
import org.dromara.common.core.utils.SpringUtils; import org.dromara.common.core.utils.SpringUtils;
@@ -39,12 +40,6 @@ import java.util.*;
@AutoConfiguration @AutoConfiguration
public class LogAspect { public class LogAspect {
/**
* 排除敏感属性字段
*/
public static final String[] EXCLUDE_PROPERTIES = { "password", "oldPassword", "newPassword", "confirmPassword" };
/** /**
* 计时 key * 计时 key
*/ */
@@ -160,7 +155,7 @@ public class LogAspect {
String params = argsArrayToString(joinPoint.getArgs(), excludeParamNames); String params = argsArrayToString(joinPoint.getArgs(), excludeParamNames);
operLog.setOperParam(StringUtils.substring(params, 0, 3800)); operLog.setOperParam(StringUtils.substring(params, 0, 3800));
} else { } else {
MapUtil.removeAny(paramsMap, EXCLUDE_PROPERTIES); MapUtil.removeAny(paramsMap, SystemConstants.EXCLUDE_PROPERTIES);
MapUtil.removeAny(paramsMap, excludeParamNames); MapUtil.removeAny(paramsMap, excludeParamNames);
operLog.setOperParam(StringUtils.substring(JsonUtils.toJsonString(paramsMap), 0, 3800)); operLog.setOperParam(StringUtils.substring(JsonUtils.toJsonString(paramsMap), 0, 3800));
} }
@@ -174,7 +169,7 @@ public class LogAspect {
if (ArrayUtil.isEmpty(paramsArray)) { if (ArrayUtil.isEmpty(paramsArray)) {
return params.toString(); return params.toString();
} }
String[] exclude = ArrayUtil.addAll(excludeParamNames, EXCLUDE_PROPERTIES); String[] exclude = ArrayUtil.addAll(excludeParamNames, SystemConstants.EXCLUDE_PROPERTIES);
for (Object o : paramsArray) { for (Object o : paramsArray) {
if (ObjectUtil.isNotNull(o) && !isFilterObject(o)) { if (ObjectUtil.isNotNull(o) && !isFilterObject(o)) {
String str = ""; String str = "";

2
ruoyi-common/ruoyi-common-sensitive/src/main/java/org/dromara/common/sensitive/core/SensitiveStrategy.java
View File

@@ -3,7 +3,7 @@ package org.dromara.common.sensitive.core;
import cn.hutool.core.convert.Convert; import cn.hutool.core.convert.Convert;
import cn.hutool.core.util.DesensitizedUtil; import cn.hutool.core.util.DesensitizedUtil;
import lombok.AllArgsConstructor; import lombok.AllArgsConstructor;
import org.dromara.common.sensitive.utils.DesensitizedUtils; import org.dromara.common.core.utils.DesensitizedUtils;
import java.util.function.Function; import java.util.function.Function;

19
ruoyi-common/ruoyi-common-web/src/main/java/org/dromara/common/web/interceptor/PlusWebInvokeTimeInterceptor.java
View File

@@ -1,12 +1,14 @@
package org.dromara.common.web.interceptor; package org.dromara.common.web.interceptor;
import cn.hutool.core.io.IoUtil; import cn.hutool.core.io.IoUtil;
import cn.hutool.core.lang.Dict;
import cn.hutool.core.map.MapUtil; import cn.hutool.core.map.MapUtil;
import cn.hutool.core.util.ObjectUtil; import cn.hutool.core.util.ObjectUtil;
import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse; import jakarta.servlet.http.HttpServletResponse;
import lombok.extern.slf4j.Slf4j; import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang3.time.StopWatch; import org.apache.commons.lang3.time.StopWatch;
import org.dromara.common.core.constant.SystemConstants;
import org.dromara.common.core.utils.StringUtils; import org.dromara.common.core.utils.StringUtils;
import org.dromara.common.json.utils.JsonUtils; import org.dromara.common.json.utils.JsonUtils;
import org.dromara.common.web.filter.RepeatedlyRequestWrapper; import org.dromara.common.web.filter.RepeatedlyRequestWrapper;
@@ -15,6 +17,8 @@ import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView; import org.springframework.web.servlet.ModelAndView;
import java.io.BufferedReader; import java.io.BufferedReader;
import java.util.ArrayList;
import java.util.List;
import java.util.Map; import java.util.Map;
/** /**
@@ -38,11 +42,26 @@ public class PlusWebInvokeTimeInterceptor implements HandlerInterceptor {
if (request instanceof RepeatedlyRequestWrapper) { if (request instanceof RepeatedlyRequestWrapper) {
BufferedReader reader = request.getReader(); BufferedReader reader = request.getReader();
jsonParam = IoUtil.read(reader); jsonParam = IoUtil.read(reader);
List<Dict> list = new ArrayList<>();
if (JsonUtils.isJsonArray(jsonParam)) {
List<String> list1 = JsonUtils.parseArray(jsonParam, String.class);
for (String str : list1) {
Dict map = JsonUtils.parseMap(str);
MapUtil.removeAny(map, SystemConstants.EXCLUDE_PROPERTIES);
list.add(map);
}
jsonParam = JsonUtils.toJsonString(list);
} else {
Dict map = JsonUtils.parseMap(jsonParam);
MapUtil.removeAny(map, SystemConstants.EXCLUDE_PROPERTIES);
jsonParam = JsonUtils.toJsonString(map);
}
} }
log.info("[PLUS]开始请求 => URL[{}],参数类型[json],参数:[{}]", url, jsonParam); log.info("[PLUS]开始请求 => URL[{}],参数类型[json],参数:[{}]", url, jsonParam);
} else { } else {
Map<String, String[]> parameterMap = request.getParameterMap(); Map<String, String[]> parameterMap = request.getParameterMap();
if (MapUtil.isNotEmpty(parameterMap)) { if (MapUtil.isNotEmpty(parameterMap)) {
MapUtil.removeAny(parameterMap, SystemConstants.EXCLUDE_PROPERTIES);
String parameters = JsonUtils.toJsonString(parameterMap); String parameters = JsonUtils.toJsonString(parameterMap);
log.info("[PLUS]开始请求 => URL[{}],参数类型[param],参数:[{}]", url, parameters); log.info("[PLUS]开始请求 => URL[{}],参数类型[param],参数:[{}]", url, parameters);
} else { } else {