4 жил өмнө · aa839d98ec
--- a/ldt-core/src/main/java/org/springblade/common/filter/utils/CryptoConfig.java
+++ b/ldt-core/src/main/java/org/springblade/common/filter/utils/CryptoConfig.java
@@ -0,0 +1,18 @@
 
				+package org.springblade.common.filter.utils;
			
 
				+
			
 
				+import lombok.Data;
			
 
				+import org.springframework.boot.context.properties.ConfigurationProperties;
			
 
				+import org.springframework.context.annotation.Configuration;
			
 
				+
			
 
				+import java.util.List;
			
 
				+
			
 
				+/**
			
 
				+ * @author cy-computer
			
 
				+ */
			
 
				+@Configuration
			
 
				+@ConfigurationProperties(prefix = "crypto")
			
 
				+@Data
			
 
				+public class CryptoConfig {
			
 
				+	private String key;
			
 
				+	private List<String> whiteList;
			
 
				+}
			
--- a/ldt-core/src/main/java/org/springblade/common/filter/utils/HttpUtil.java
+++ b/ldt-core/src/main/java/org/springblade/common/filter/utils/HttpUtil.java
@@ -42,14 +42,15 @@ import static cn.hutool.core.util.StrUtil.*;
 
				 @Component
			
 
				 public class HttpUtil {
			
 
				 
			
 
				-	@Value("${crypto.key}")
			
 
				-	private String cryptoKey;
			
 
				+	@Resource
			
 
				+	private CryptoConfig cryptoConfig;
			
 
				+
			
 
				 
			
 
				 	public void modifyHttpData(ServletRequest request, ServletResponse response, FilterChain chain) throws Exception {
			
 
				 		HttpServletRequest originalRequest = (HttpServletRequest) request;
			
 
				 		String url = originalRequest.getRequestURI();
			
 
				-		if (HttpMethod.POST.matches(originalRequest.getMethod()) && url.indexOf("put-file") < 0) {
			
 
				-			//只处理不是上传文件的post请求
			
 
				+		if (HttpMethod.POST.matches(originalRequest.getMethod()) && !this.isInWhiteList(url)) {
			
 
				+			//只处理不在白名单下的post请求
			
 
				 			this.handelPost(request,response,chain,originalRequest);
			
 
				 		}else{
			
 
				 			//其他请求直接通过
			
@@ -84,9 +85,24 @@ public class HttpUtil {
 
				 		String originalRequestBody = ServletUtil.getBody(request);
			
 
				 		if (StrUtil.isNotBlank(originalRequestBody)) {
			
 
				 			//报文不为空，解密
			
 
				-			String modifyRequestBody = SecureUtil.aes(cryptoKey.getBytes()).decryptStr(originalRequestBody);
			
 
				+			String modifyRequestBody = SecureUtil.aes(cryptoConfig.getKey().getBytes()).decryptStr(originalRequestBody);
			
 
				 			request = this.modifyRequestBodyAndContentType(originalRequest, modifyRequestBody, null);
			
 
				 		}
			
 
				 		chain.doFilter(request, response);
			
 
				 	}
			
 
				+
			
 
				+	/**
			
 
				+	 * 白名单配置
			
 
				+	 * @param uri
			
 
				+	 * @return
			
 
				+	 */
			
 
				+	private boolean isInWhiteList(String  uri){
			
 
				+		for(String url: cryptoConfig.getWhiteList()){
			
 
				+			if(uri.contains(url)){
			
 
				+				return true;
			
 
				+			}
			
 
				+		}
			
 
				+		return false;
			
 
				+	}
			
 
				+
			
 
				 }
			
--- a/ldt-core/src/main/resources/application.yml
+++ b/ldt-core/src/main/resources/application.yml
@@ -255,3 +255,11 @@ blade:
 
				 
			
 
				 crypto:
			
 
				   key: uAY9ugkHQpvozZeA
			
 
				+  whiteList:
			
 
				+    - /put-file
			
 
				+    - /payment/callback/
			
 
				+    - /payment/csurl/
			
 
				+    - /withdraw/callback/
			
 
				+    - /withdraw/csurl/
			
 
				+
			
 
				+