Domovská stránka Prehľadávať Pomoc
Registrovať Prihlásiť sa
lianghanqiang
/
ldt
2
0
Fork 0

2 Commity c1b6617a52 ... 7d05edde58

Autor SHA1 Správa Dátum
  hmp 7d05edde58 Merge remote-tracking branch 'origin/dev' into dev 4 rokov pred
  hmp aa839d98ec 修改 4 rokov pred
3 zmenil súbory, kde vykonal 47 pridanie a 5 odobranie
Jednotné zobrazenie Ukázať štatistiku rozdielnych dát
  1. 18 0
      ldt-core/src/main/java/org/springblade/common/filter/utils/CryptoConfig.java
  2. 21 5
      ldt-core/src/main/java/org/springblade/common/filter/utils/HttpUtil.java
  3. 8 0
      ldt-core/src/main/resources/application.yml

+ 18 - 0
ldt-core/src/main/java/org/springblade/common/filter/utils/CryptoConfig.java
Zobraziť súbor 

@@ -0,0 +1,18 @@
 
+package org.springblade.common.filter.utils;
 
+
 
+import lombok.Data;
 
+import org.springframework.boot.context.properties.ConfigurationProperties;
 
+import org.springframework.context.annotation.Configuration;
 
+
 
+import java.util.List;
 
+
 
+/**
 
+ * @author cy-computer
 
+ */
 
+@Configuration
 
+@ConfigurationProperties(prefix = "crypto")
 
+@Data
 
+public class CryptoConfig {
 
+	private String key;
 
+	private List<String> whiteList;
 
+}

+ 21 - 5
ldt-core/src/main/java/org/springblade/common/filter/utils/HttpUtil.java
Zobraziť súbor 

@@ -42,14 +42,15 @@ import static cn.hutool.core.util.StrUtil.*;
 
 @Component
 
 @Component
 
 public class HttpUtil {
 
 public class HttpUtil {
 
 
 
-	@Value("${crypto.key}")
 
-	private String cryptoKey;
 
+	@Resource
 
+	private CryptoConfig cryptoConfig;
 
+
 
 
 
 	public void modifyHttpData(ServletRequest request, ServletResponse response, FilterChain chain) throws Exception {
 
 	public void modifyHttpData(ServletRequest request, ServletResponse response, FilterChain chain) throws Exception {
 
 		HttpServletRequest originalRequest = (HttpServletRequest) request;
 
 		HttpServletRequest originalRequest = (HttpServletRequest) request;
 
 		String url = originalRequest.getRequestURI();
 
 		String url = originalRequest.getRequestURI();
 
-		if (HttpMethod.POST.matches(originalRequest.getMethod()) && url.indexOf("put-file") < 0) {
 
-			//只处理不是上传文件的post请求
 
+		if (HttpMethod.POST.matches(originalRequest.getMethod()) && !this.isInWhiteList(url)) {
 
+			//只处理不在白名单下的post请求
 
 			this.handelPost(request,response,chain,originalRequest);
 
 			this.handelPost(request,response,chain,originalRequest);
 
 		}else{
 
 		}else{
 
 			//其他请求直接通过
 
 			//其他请求直接通过
 
@@ -84,9 +85,24 @@ public class HttpUtil {
 
 		String originalRequestBody = ServletUtil.getBody(request);
 
 		String originalRequestBody = ServletUtil.getBody(request);
 
 		if (StrUtil.isNotBlank(originalRequestBody)) {
 
 		if (StrUtil.isNotBlank(originalRequestBody)) {
 
 			//报文不为空,解密
 
 			//报文不为空,解密
 
-			String modifyRequestBody = SecureUtil.aes(cryptoKey.getBytes()).decryptStr(originalRequestBody);
 
+			String modifyRequestBody = SecureUtil.aes(cryptoConfig.getKey().getBytes()).decryptStr(originalRequestBody);
 
 			request = this.modifyRequestBodyAndContentType(originalRequest, modifyRequestBody, null);
 
 			request = this.modifyRequestBodyAndContentType(originalRequest, modifyRequestBody, null);
 
 		}
 
 		}
 
 		chain.doFilter(request, response);
 
 		chain.doFilter(request, response);
 
 	}
 
 	}
 
+
 
+	/**
 
+	 * 白名单配置
 
+	 * @param uri
 
+	 * @return
 
+	 */
 
+	private boolean isInWhiteList(String  uri){
 
+		for(String url: cryptoConfig.getWhiteList()){
 
+			if(uri.contains(url)){
 
+				return true;
 
+			}
 
+		}
 
+		return false;
 
+	}
 
+
 
 }
 
 }

+ 8 - 0
ldt-core/src/main/resources/application.yml
Zobraziť súbor 

@@ -255,3 +255,11 @@ blade:
 
 
 
 crypto:
 
 crypto:
 
   key: uAY9ugkHQpvozZeA
 
   key: uAY9ugkHQpvozZeA
 
+  whiteList:
 
+    - /put-file
 
+    - /payment/callback/
 
+    - /payment/csurl/
 
+    - /withdraw/callback/
 
+    - /withdraw/csurl/
 
+
 
+