xinyin025/RuoYi-Vue-Plus
1
0
Fork 0
mirror of https://github.com/dromara/RuoYi-Vue-Plus.git synced 2025-11-04 16:23:42 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

update 优化 去除加密请求类型限制

Browse Source
This commit is contained in:
疯狂的狮子Li
2024-04-11 22:54:02 +08:00
parent 9ff0b09d4d
commit 8352f18b3a
1 changed files with 16 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
ruoyi-common/ruoyi-common-encrypt/src/main/java/org/dromara/common/encrypt/filter/CryptoFilter.java
View File

@@ -11,7 +11,6 @@ import org.dromara.common.core.utils.StringUtils;
import org.dromara.common.encrypt.annotation.ApiEncrypt; import org.dromara.common.encrypt.annotation.ApiEncrypt;
import org.dromara.common.encrypt.properties.ApiDecryptProperties; import org.dromara.common.encrypt.properties.ApiDecryptProperties;
import org.springframework.http.HttpMethod; import org.springframework.http.HttpMethod;
import org.springframework.http.MediaType;
import org.springframework.web.method.HandlerMethod; import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.HandlerExceptionResolver; import org.springframework.web.servlet.HandlerExceptionResolver;
import org.springframework.web.servlet.HandlerExecutionChain; import org.springframework.web.servlet.HandlerExecutionChain;
@@ -43,27 +42,25 @@ public class CryptoFilter implements Filter {
ServletResponse responseWrapper = null; ServletResponse responseWrapper = null;
EncryptResponseBodyWrapper responseBodyWrapper = null; EncryptResponseBodyWrapper responseBodyWrapper = null;
// 是否为 json 请求 // 是否为 put 或者 post 请求
if (StringUtils.startsWithIgnoreCase(request.getContentType(), MediaType.APPLICATION_JSON_VALUE)) { if (HttpMethod.PUT.matches(servletRequest.getMethod()) || HttpMethod.POST.matches(servletRequest.getMethod())) {
// 是否为 put 或者 post 请求 // 是否存在加密标头
if (HttpMethod.PUT.matches(servletRequest.getMethod()) || HttpMethod.POST.matches(servletRequest.getMethod())) { String headerValue = servletRequest.getHeader(properties.getHeaderFlag());
// 是否存在加密标头 if (StringUtils.isNotBlank(headerValue)) {
String headerValue = servletRequest.getHeader(properties.getHeaderFlag()); // 请求解密
if (StringUtils.isNotBlank(headerValue)) { requestWrapper = new DecryptRequestBodyWrapper(servletRequest, properties.getPrivateKey(), properties.getHeaderFlag());
// 请求解密 } else {
requestWrapper = new DecryptRequestBodyWrapper(servletRequest, properties.getPrivateKey(), properties.getHeaderFlag()); // 是否有注解,有就报错,没有放行
} else { if (ObjectUtil.isNotNull(apiEncrypt)) {
// 是否有注解,有就报错,没有放行 HandlerExceptionResolver exceptionResolver = SpringUtils.getBean("handlerExceptionResolver", HandlerExceptionResolver.class);
if (ObjectUtil.isNotNull(apiEncrypt)) { exceptionResolver.resolveException(
HandlerExceptionResolver exceptionResolver = SpringUtils.getBean("handlerExceptionResolver", HandlerExceptionResolver.class); servletRequest, servletResponse, null,
exceptionResolver.resolveException( new ServiceException("没有访问权限,请联系管理员授权", HttpStatus.FORBIDDEN));
servletRequest, servletResponse, null, return;
new ServiceException("没有访问权限,请联系管理员授权", HttpStatus.FORBIDDEN));
return;
}
} }
} }
} }
// 判断是否响应加密 // 判断是否响应加密
if (responseFlag) { if (responseFlag) {
responseBodyWrapper = new EncryptResponseBodyWrapper(servletResponse); responseBodyWrapper = new EncryptResponseBodyWrapper(servletResponse);