0ctDay/encrypt-decrypt-vuls
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

new

Browse Source
This commit is contained in:
Administrator
2024-05-14 14:43:07 +08:00
parent 0060942fb5
commit d61619d46e
3 changed files with 53 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

73
gateway/src/main/java/com/demo/gateway/filter/BodyDecryptGlobalFilter.java
View File

@@ -11,6 +11,7 @@ import org.springframework.core.Ordered;
import org.springframework.core.io.buffer.DataBuffer;
import org.springframework.core.io.buffer.DataBufferUtils;
import org.springframework.http.HttpHeaders;
import org.springframework.http.server.reactive.ServerHttpRequest;
import org.springframework.http.server.reactive.ServerHttpRequestDecorator;
import org.springframework.lang.NonNull;
import org.springframework.stereotype.Component;
@@ -19,6 +20,7 @@ import reactor.core.publisher.Flux;
import reactor.core.publisher.Mono;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.util.Map;
@@ -36,57 +38,54 @@ public class BodyDecryptGlobalFilter implements GlobalFilter, Ordered {
@Override
public int getOrder() {
return 0;
return 10;
}
@Override
public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) {
ObjectMapper objectMapper = new ObjectMapper();
objectMapper.registerModule(new JavaTimeModule());
ServerHttpRequest request = exchange.getRequest();
ServerHttpRequestDecorator decorator = new ServerHttpRequestDecorator(exchange.getRequest()) {
return DataBufferUtils.join(request.getBody())
.flatMap(dataBuffer -> {
byte[] bytes = new byte[dataBuffer.readableByteCount()];
dataBuffer.read(bytes);
DataBufferUtils.release(dataBuffer);
@NonNull
@Override
public Flux<DataBuffer> getBody() {
return super.getBody().buffer()
.map(dataBuffer -> {
DataBuffer join = exchange.getResponse().bufferFactory().join(dataBuffer);
byte[] bytes = new byte[join.readableByteCount()];
join.read(bytes);
DataBufferUtils.release(join);
String bodyString = new String(bytes);
System.out.println("解密前 body{}"+ new String(bytes));
// 这里可以对bodyString进行任何你需要的操作比如日志记录或修改内容
System.out.println("请求解密前: " + bodyString);
byte[] decrypt;
String decrypt = AESUtil.decrypt(bodyString);
try {
decrypt = AESUtil.decrypt(new String(bytes)).getBytes();
} catch (Exception e) {
decrypt = bytes;
System.out.println("数据类型不是 JSON不解密" + e);
}
// 重新创建一个新的请求对象
Flux<DataBuffer> bodyFlux = Flux.defer(() -> {
DataBuffer buffer = exchange.getResponse().bufferFactory().wrap(decrypt.getBytes());
System.out.println("请求解密后: " + bodyString);
return Mono.just(buffer);
});
System.out.println("解密后 body{}" + new String(decrypt));
ServerHttpRequest mutatedRequest = new ServerHttpRequestDecorator(request) {
@Override
public Flux<DataBuffer> getBody() {
return bodyFlux;
}
@NonNull
@Override
public HttpHeaders getHeaders() {
HttpHeaders headers = new HttpHeaders();
headers.addAll(super.getHeaders());
headers.remove(HttpHeaders.CONTENT_LENGTH);
headers.setContentLength(bytes.length);
return headers;
}
};
return exchange.getResponse().bufferFactory().wrap(decrypt);
});
}
return chain.filter(exchange.mutate().request(mutatedRequest).build());
});
@NonNull
@Override
public HttpHeaders getHeaders() {
HttpHeaders headers = new HttpHeaders();
headers.addAll(super.getHeaders());
headers.remove(HttpHeaders.CONTENT_LENGTH);
return headers;
}
};
return chain.filter(exchange.mutate().request(decorator).build());
}
}

7
gateway/src/main/java/com/demo/gateway/filter/RequestEncryptionGlobalFilter.java → gateway/src/main/java/com/demo/gateway/filter/RequestDecryptionGlobalFilter.java
View File

@@ -3,7 +3,6 @@ package com.demo.gateway.filter;
import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONObject;
import com.alibaba.nacos.common.utils.Md5Utils;
import com.demo.gateway.annotations.LoggableGlobalFilter;
import com.demo.gateway.config.FilterUtils;
import com.demo.gateway.pojo.MyCachedBodyOutputMessage;
import com.demo.gateway.utils.AESUtil;
@@ -44,9 +43,9 @@ import java.util.concurrent.TimeUnit;
* @Author: rosh
* @Date: 2021/10/26 22:24
*/
@Configuration
@Component
public class RequestEncryptionGlobalFilter implements GlobalFilter, Ordered {
//@Configuration
//@Component
public class RequestDecryptionGlobalFilter implements GlobalFilter, Ordered {
public static final String AES_SECURTY = "MTIzNDU2Nzg5MTIzNDU2Nw==";
@Autowired

15
library/src/main/java/com/example/library/filter/AccessControlInterceptor.java
View File

@@ -9,8 +9,11 @@ import org.springframework.web.servlet.HandlerInterceptor;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.util.Enumeration;
import java.util.stream.Collectors;
public class AccessControlInterceptor implements HandlerInterceptor {
@Autowired
@@ -18,8 +21,18 @@ public class AccessControlInterceptor implements HandlerInterceptor {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
throws Exception {
String header = request.getHeader("content-length");
System.out.println(header);
System.out.println("请求长度: "+header);
StringBuilder stringBuilder = new StringBuilder();
try (BufferedReader reader = new BufferedReader(new InputStreamReader(request.getInputStream()))) {
stringBuilder.append(reader.lines().collect(Collectors.joining(System.lineSeparator())));
} catch (IOException e) {
e.printStackTrace();
}
System.out.println("请求内容: "+ stringBuilder);
// 获取请求中的所有 Cookie
try {
String token = request.getHeader("token");