From 3e05a4d1bbde99e0689c345f0d10186767af7e06 Mon Sep 17 00:00:00 2001 From: chenhaojie Date: Fri, 21 Jun 2024 13:41:03 +0800 Subject: [PATCH] =?UTF-8?q?das=E9=A1=B9=E7=9B=AE=E7=BB=93=E6=9E=84?= =?UTF-8?q?=E4=BF=AE=E6=94=B9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../DecryptingOncePerRequestFilter.java | 19 ++++++++++++------- .../TokenOncePerRequestFilter.java | 1 + .../auth/service/impl/LoginServiceImpl.java | 8 ++++---- 3 files changed, 17 insertions(+), 11 deletions(-) diff --git a/das/src/main/java/com/das/common/interceptor/DecryptingOncePerRequestFilter.java b/das/src/main/java/com/das/common/interceptor/DecryptingOncePerRequestFilter.java index f4e93174..91c0a8ff 100644 --- a/das/src/main/java/com/das/common/interceptor/DecryptingOncePerRequestFilter.java +++ b/das/src/main/java/com/das/common/interceptor/DecryptingOncePerRequestFilter.java @@ -34,15 +34,20 @@ public class DecryptingOncePerRequestFilter extends OncePerRequestFilter { protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { String iv = request.getHeader("v"); + String contentType = request.getHeader("Content-Type"); + String method = request.getMethod(); + if ("POST".equals(method) && StringUtils.isNotBlank(contentType) && contentType.contains("application/json")) { + // 读取加密的请求体数据 + String encryptedData = readRequestBody(request); + if (StringUtils.isNotBlank(encryptedData)) { + encryptedData = AESUtil.decrypt(aeskey, encryptedData, iv); - // 读取加密的请求体数据 - String encryptedData = readRequestBody(request); - if (StringUtils.isNotBlank(encryptedData)) { - encryptedData = AESUtil.decrypt(aeskey, encryptedData, iv); - - // 使用自定义的请求包装器替换原始请求 - filterChain.doFilter(new DecryptingHttpServletRequestWrapper(request, encryptedData), response); + // 使用自定义的请求包装器替换原始请求 + filterChain.doFilter(new DecryptingHttpServletRequestWrapper(request, encryptedData), response); + } else { + filterChain.doFilter(request, response); + } } else { filterChain.doFilter(request, response); } diff --git a/das/src/main/java/com/das/common/interceptor/TokenOncePerRequestFilter.java b/das/src/main/java/com/das/common/interceptor/TokenOncePerRequestFilter.java index 82c356e0..3a20b724 100644 --- a/das/src/main/java/com/das/common/interceptor/TokenOncePerRequestFilter.java +++ b/das/src/main/java/com/das/common/interceptor/TokenOncePerRequestFilter.java @@ -31,6 +31,7 @@ public class TokenOncePerRequestFilter extends OncePerRequestFilter { @Override protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { + String iv = request.getHeader("v"); // token解密 String token = request.getHeader("token"); diff --git a/das/src/main/java/com/das/modules/auth/service/impl/LoginServiceImpl.java b/das/src/main/java/com/das/modules/auth/service/impl/LoginServiceImpl.java index 5731dc78..71b09af6 100644 --- a/das/src/main/java/com/das/modules/auth/service/impl/LoginServiceImpl.java +++ b/das/src/main/java/com/das/modules/auth/service/impl/LoginServiceImpl.java @@ -67,10 +67,10 @@ public class LoginServiceImpl implements ILoginService { loginInfo.setMsg("无账号信息"); return loginInfo; } -// if (!CaptchaUtil.checkVerificationCode(key, code, adminRedisTemplate)) { -// loginInfo.setMsg("验证码不正确"); -// return loginInfo; -// } + if (!CaptchaUtil.checkVerificationCode(key, code, adminRedisTemplate)) { + loginInfo.setMsg("验证码不正确"); + return loginInfo; + } if (!BCrypt.checkpw(password, sysUser.getPassword())) { loginInfo.setMsg("账号密码错误"); return loginInfo;