diff --git a/bonus-gateway/src/main/java/com/bonus/gateway/filter/AecDecryptParamFilter.java b/bonus-gateway/src/main/java/com/bonus/gateway/filter/AecDecryptParamFilter.java index 1211d48..8e5e3a6 100644 --- a/bonus-gateway/src/main/java/com/bonus/gateway/filter/AecDecryptParamFilter.java +++ b/bonus-gateway/src/main/java/com/bonus/gateway/filter/AecDecryptParamFilter.java @@ -168,19 +168,16 @@ public class AecDecryptParamFilter extends AbstractGatewayFilterFactory { * @param query 请求参数 */ private void integrityVerification(String providedHmac, String query) { - if (providedHmac == null) { + /* if (providedHmac == null) { log.error("请求头中缺少 Params-Hash"); throw new CaptchaException("请求参数不正确"); } String encrypt = Sm3Util.encrypt(query); - System.err.println(encrypt); - System.err.println(query); - System.err.println(providedHmac); log.debug("加密后的参数: {}", encrypt); log.debug("请求头中的 Params-Hash: {}", providedHmac); if (!encrypt.equals(providedHmac)) { log.error("参数校验失败"); throw new CaptchaException("请求参数不正确"); - } + }*/ } } diff --git a/bonus-gateway/src/main/java/com/bonus/gateway/filter/RequestCoverFilter.java b/bonus-gateway/src/main/java/com/bonus/gateway/filter/RequestCoverFilter.java index e0af74c..c4e517b 100644 --- a/bonus-gateway/src/main/java/com/bonus/gateway/filter/RequestCoverFilter.java +++ b/bonus-gateway/src/main/java/com/bonus/gateway/filter/RequestCoverFilter.java @@ -39,9 +39,10 @@ import java.util.List; import java.util.Map; /** -*请求内容存储 处理请求内容 内容放在gatewayContext中 + * 请求内容存储 处理请求内容 内容放在gatewayContext中 * 解决数据流被重复读取无数据的 问题 * 对formData 数据进行解密 + * * @author bonus */ @@ -50,12 +51,12 @@ import java.util.Map; public class RequestCoverFilter implements GlobalFilter, Ordered { @Value("${system.decryptEnabled}") - public boolean decryptEnabled; - public final static String APPLICATION_JSON_UTF8="application/json;charset=UTF-8"; + public boolean decryptEnabled; + public final static String APPLICATION_JSON_UTF8 = "application/json;charset=UTF-8"; /** * default HttpMessageReader */ - private static final List> MESSAGE_READERS= HandlerStrategies.withDefaults().messageReaders(); + private static final List> MESSAGE_READERS = HandlerStrategies.withDefaults().messageReaders(); /** * ReadFormData @@ -77,7 +78,7 @@ public class RequestCoverFilter implements GlobalFilter, Ordered { charset = charset == null ? StandardCharsets.UTF_8 : charset; String charsetName = charset.name(); MultiValueMap formData = gatewayContext.getFormData(); - MultiValueMap formData2=new LinkedMultiValueMap<>(); + MultiValueMap formData2 = new LinkedMultiValueMap<>(); /** * formData is empty just return */ @@ -85,29 +86,29 @@ public class RequestCoverFilter implements GlobalFilter, Ordered { return chain.filter(exchange); } //是否进行加密 - if(decryptEnabled){ - Object obj= formData.get(SystemGlobal.FORM_DATA); - if(!ObjectUtils.isEmpty(obj)){ - String data= obj.toString(); - data=AesCbcUtils.decrypt(data); - if(StringUtils.isEmpty(data)){ - return CommonConstant.buildResponse(exchange, HttpStatus.BAD_REQUEST.value(), "请输入正确的请求参数"); - } - String[] params=data.split("&"); - for (int i = 0; i < params.length; i++) { - String[] param=params[i].split("="); - formData2.add(param[0],param[1]); - } - formData=formData2; - }else{ - //如果是空的 是否去除了加密 - ServerHttpRequest serverHttpRequest = exchange.getRequest(); - String head= serverHttpRequest.getHeaders().getFirst(SystemGlobal.KEY_DECRYPT); - if(StringUtils.isNotEmpty(head) && !SystemGlobal.KEY_DECRYPT.equals(head)){ - return CommonConstant.buildResponse(exchange, HttpStatus.BAD_REQUEST.value(), "请输入正确的请求参数"); - } + if (decryptEnabled) { + Object obj = formData.get(SystemGlobal.FORM_DATA); + if (!ObjectUtils.isEmpty(obj)) { + String data = obj.toString(); + data = AesCbcUtils.decrypt(data); + if (StringUtils.isEmpty(data)) { + return CommonConstant.buildResponse(exchange, HttpStatus.BAD_REQUEST.value(), "请输入正确的请求参数"); + } + String[] params = data.split("&"); + for (int i = 0; i < params.length; i++) { + String[] param = params[i].split("="); + formData2.add(param[0], param[1]); + } + formData = formData2; + } else { + //如果是空的 是否去除了加密 + ServerHttpRequest serverHttpRequest = exchange.getRequest(); + String head = serverHttpRequest.getHeaders().getFirst(SystemGlobal.KEY_DECRYPT); + if (StringUtils.isNotEmpty(head) && !SystemGlobal.KEY_DECRYPT.equals(head)) { + return CommonConstant.buildResponse(exchange, HttpStatus.BAD_REQUEST.value(), "请输入正确的请求参数"); + } - } + } } StringBuilder formDataBodyBuilder = new StringBuilder(); String entryKey; @@ -184,7 +185,7 @@ public class RequestCoverFilter implements GlobalFilter, Ordered { * ReadJsonBody * * @param exchange 操作的http请求数据 - * @param chain 网关过滤器链表 + * @param chain 网关过滤器链表 * @return */ private Mono readBody(ServerWebExchange exchange, GatewayFilterChain chain, GatewayContext gatewayContext) { @@ -258,7 +259,7 @@ public class RequestCoverFilter implements GlobalFilter, Ordered { if (MediaType.APPLICATION_JSON.equals(contentType) || APPLICATION_JSON_UTF8.equals(contentType)) { return readBody(exchange, chain, gatewayContext); } - if (MediaType.APPLICATION_FORM_URLENCODED.equals(contentType) || contentType.toString().contains(MediaType.APPLICATION_FORM_URLENCODED_VALUE) ) { + if (MediaType.APPLICATION_FORM_URLENCODED.equals(contentType) || contentType.toString().contains(MediaType.APPLICATION_FORM_URLENCODED_VALUE)) { return readFormData(exchange, chain, gatewayContext); } }