完善API加解密

2024-01-16 08:49:04 +08:00 · 2024-01-16 08:49:04 +08:00 · 8f1ce9a5df
commit 8f1ce9a5df
parent 2868e20c86
1 changed files with 10 additions and 10 deletions
--- a/ruoyi-common/ruoyi-common-encrypt/src/main/java/com/ruoyi/common/encrypt/filter/CryptoFilter.java
+++ b/ruoyi-common/ruoyi-common-encrypt/src/main/java/com/ruoyi/common/encrypt/filter/CryptoFilter.java
@ -37,7 +37,7 @@ public class CryptoFilter implements Filter {
        HttpServletRequest servletRequest = (HttpServletRequest) request;
        HttpServletResponse servletResponse = (HttpServletResponse) response;

-        boolean encryptFlag = false;
+        boolean responseFlag = false;
        ServletRequest requestWrapper = null;
        ServletResponse responseWrapper = null;
        EncryptResponseBodyWrapper responseBodyWrapper = null;
@ -48,24 +48,24 @@ public class CryptoFilter implements Filter {
            if (HttpMethod.PUT.matches(servletRequest.getMethod()) || HttpMethod.POST.matches(servletRequest.getMethod())) {
                // 是否存在加密标头
                String headerValue = servletRequest.getHeader(properties.getHeaderFlag());
+                // 获取加密注解
+                ApiEncrypt apiEncrypt = this.getApiEncryptAnnotation(servletRequest);
+                responseFlag = apiEncrypt != null && apiEncrypt.response();
                if (StringUtils.isNotBlank(headerValue)) {
                    // 请求解密
                    requestWrapper = new DecryptRequestBodyWrapper(servletRequest, properties.getPrivateKey(), properties.getHeaderFlag());
-                    // 获取加密注解
-                    ApiEncrypt apiEncrypt = this.getApiEncryptAnnotation(servletRequest);
-                    if (ObjectUtil.isNotNull(apiEncrypt)) {
-                        // 响应加密标志
-                        encryptFlag = apiEncrypt.response();
                } else {
                    // 是否有注解，有就报错，没有放行
-                        HandlerExceptionResolver exceptionResolver = SpringUtils.getBean(HandlerExceptionResolver.class);
+                    if (ObjectUtil.isNotNull(apiEncrypt)) {
+                        HandlerExceptionResolver exceptionResolver = SpringUtils.getBean("handlerExceptionResolver", HandlerExceptionResolver.class);
                        exceptionResolver.resolveException(
                            servletRequest, servletResponse, null,
                            new ServiceException("没有访问权限，请联系管理员授权", HttpStatus.FORBIDDEN));
+                        return;
                    }
                }
                // 判断是否响应加密
-                if (encryptFlag) {
+                if (responseFlag) {
                    responseBodyWrapper = new EncryptResponseBodyWrapper(servletResponse);
                    responseWrapper = responseBodyWrapper;
                }
@ -76,7 +76,7 @@ public class CryptoFilter implements Filter {
            ObjectUtil.defaultIfNull(requestWrapper, request),
            ObjectUtil.defaultIfNull(responseWrapper, response));

-        if (encryptFlag) {
+        if (responseFlag) {
            servletResponse.reset();
            // 对原始内容加密
            String encryptContent = responseBodyWrapper.getEncryptContent(