加密jar配合修改

gt-club/gt-club-biz/src/main/java/cn/gintone/controller/DesCorporationController.java

@@ -15,6 +15,7 @@ import io.swagger.v3.oas.annotations.tags.Tag;
 import io.swagger.v3.oas.annotations.Parameter;
 import io.swagger.v3.oas.annotations.Operation;
 
+import javax.annotation.security.PermitAll;
 import javax.validation.*;
 import javax.servlet.http.*;
 import java.io.IOException;
@@ -109,6 +110,7 @@ public class DesCorporationController {
         return CommonResult.success(str);
     }
 
+    @PermitAll
     @PostMapping("/corporationRuleDesMap")
     @Operation(summary = "法人脱敏")
     public CommonResult<Map<String, Object>> corporationRuleDesMap(@RequestBody Map<String, Object> map) {
@@ -124,6 +126,7 @@ public class DesCorporationController {
     }
 
 
+    @PermitAll
     @PostMapping("/corporationRuleDesListMap")
     @Operation(summary = "法人批量脱敏")
     public CommonResult<List<Map<String, Object>>> corporationRuleDesListMap(@RequestBody List<Map<String, Object>> lisetMap) {

gt-club/gt-club-biz/src/main/java/cn/gintone/controller/KeyCodeController.java

@@ -12,6 +12,7 @@ import cn.gintone.iotdbUtils.FileIotDbUtil;
 import cn.gintone.iotdbUtils.SpecialPeopleIotDbUtils;
 import cn.gintone.service.KeyCodeService;
 import cn.iocoder.yudao.framework.common.pojo.PageResult;
+import cn.iocoder.yudao.module.system.service.auth.AdminAuthService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.*;
 import javax.annotation.Resource;
@@ -21,6 +22,7 @@ import io.swagger.v3.oas.annotations.tags.Tag;
 import io.swagger.v3.oas.annotations.Parameter;
 import io.swagger.v3.oas.annotations.Operation;
 
+import javax.annotation.security.PermitAll;
 import javax.validation.*;
 import javax.servlet.http.*;
 import java.io.IOException;
@@ -31,6 +33,8 @@ import java.util.Map;
 import cn.iocoder.yudao.framework.common.pojo.PageParam;
 import cn.iocoder.yudao.framework.common.pojo.CommonResult;
 import cn.iocoder.yudao.framework.common.util.object.BeanUtils;
+
+import static cn.iocoder.yudao.framework.common.pojo.CommonResult.error;
 import static cn.iocoder.yudao.framework.common.pojo.CommonResult.success;
 
 import cn.iocoder.yudao.framework.excel.core.util.ExcelUtils;
@@ -50,6 +54,9 @@ public class KeyCodeController {
     @Autowired
     private IotDbConfig iotDbConfig;
 
+    @Resource
+    private AdminAuthService authService;
+
     @PostMapping("/create")
     @Operation(summary = "创建公钥私钥管理")
     @PreAuthorize("@ss.hasPermission('gintone:key-code:create')")
@@ -110,17 +117,36 @@ public class KeyCodeController {
         return success(keyCodeService.initKey());
     }
 
+    @PermitAll
     @PostMapping("/rasEncryption")
-    @Operation(summary = "RAS加密")
+    @Operation(summary = "外部RAS加密")
     public CommonResult<EncInfo> rasEncryption(@RequestBody Map<String, Object> requestMap) {
         EncInfo encInfo = keyCodeService.rasEncryption(requestMap);
         return success(encInfo);
     }
 
+    @PermitAll
     @PostMapping("/rasDecrypt")
-    @Operation(summary = "RAS解密")
-    public CommonResult<Map<String, Object>> rasDecrypt(@RequestBody EncInfo encInfo) {
-        Map<String, Object> map = keyCodeService.rasDecrypt(encInfo);
+    @Operation(summary = "外部RAS解密")
+    public CommonResult<Map<String, Object>> rasDecrypt(@RequestBody EncInfo encInfo, HttpServletRequest request) {
+        String pdToken = request.getHeader("pdToken");
+        String ip = request.getHeader("X-Forwarded-For");
+        if (isInvalidIp(ip)) {
+            ip = request.getHeader("Proxy-Client-IP");
+        }
+        if (isInvalidIp(ip)) {
+            ip = request.getHeader("WL-Proxy-Client-IP");
+        }
+        if (isInvalidIp(ip)) {
+            ip = request.getHeader("HTTP_CLIENT_IP");
+        }
+        if (isInvalidIp(ip)) {
+            ip = request.getHeader("HTTP_X_FORWARDED_FOR");
+        }
+        if (isInvalidIp(ip)) {
+            ip = request.getRemoteAddr();
+        }
+        Map<String, Object> map = keyCodeService.rasDecrypt(encInfo, ip, pdToken, true);
         return success(map);
     }
     @PostMapping("/smTwoEncryption")
@@ -133,6 +159,7 @@ public class KeyCodeController {
     @PostMapping("/smTwoDecrypt")
     @Operation(summary = "sm2解密")
     public CommonResult<Map<String, Object>> smTwoDecrypt(@RequestBody EncInfo encInfo, HttpServletRequest request) {
+        String pdToken = request.getHeader("pdToken");
         String ip = request.getHeader("X-Forwarded-For");
         if (isInvalidIp(ip)) {
             ip = request.getHeader("Proxy-Client-IP");
@@ -159,7 +186,7 @@ public class KeyCodeController {
                     .orElse(request.getRemoteAddr());
         }
 
-        Map<String, Object> map = keyCodeService.smTwoDecrypt(encInfo, ip);
+        Map<String, Object> map = keyCodeService.smTwoDecrypt(encInfo, ip, pdToken);
         return success(map);
     }
 

gt-club/gt-club-biz/src/main/java/cn/gintone/controller/MyFileController.java

@@ -48,6 +48,7 @@ public class MyFileController {
     @PostMapping("/fileRasDecrypt")
     @Operation(summary = "文件解密接口")
     public CommonResult<Map<String, Object>> rasDecrypt(@RequestBody ImportantFileSaveReqVO createReqVO, HttpServletRequest request) throws Exception {
+        String pdToken = request.getHeader("pdToken");
         String ip = request.getHeader("X-Forwarded-For");
         if (isInvalidIp(ip)) {
             ip = request.getHeader("Proxy-Client-IP");
@@ -73,7 +74,7 @@ public class MyFileController {
                     .findFirst()
                     .orElse(request.getRemoteAddr());
         }
-        Map<String, Object> map = keyCodeService.fileRasDecrypt(createReqVO, ip);
+        Map<String, Object> map = keyCodeService.fileRasDecrypt(createReqVO, ip, pdToken);
         return success(map);
     }
 

gt-club/gt-club-biz/src/main/java/cn/gintone/controller/UserDesRuleController.java

@@ -14,6 +14,7 @@ import io.swagger.v3.oas.annotations.tags.Tag;
 import io.swagger.v3.oas.annotations.Parameter;
 import io.swagger.v3.oas.annotations.Operation;
 
+import javax.annotation.security.PermitAll;
 import javax.validation.*;
 import javax.servlet.http.*;
 import java.io.IOException;
@@ -102,7 +103,7 @@ public class UserDesRuleController {
         return success(userDesRuleService.checkName(name, id));
     }
 
-
+    @PermitAll
     @PostMapping("/userRuleDes")
     @Operation(summary = "人员脱敏")
     public CommonResult<String> userRuleDes(@RequestBody DesInfo desInfo) {
@@ -110,13 +111,14 @@ public class UserDesRuleController {
         return CommonResult.success(str);
     }
 
+    @PermitAll
     @PostMapping("/userRuleDesMap")
     @Operation(summary = "人员脱敏")
     public CommonResult<Map<String, Object>> userRuleDesMap(@RequestBody Map<String, Object> map) {
         Map<String, Object> resultMap = userDesRuleService.userRuleDesMap(map);
         return CommonResult.success(resultMap);
     }
-
+    @PermitAll
     @PostMapping("/userRuleDesList")
     @Operation(summary = "人员批量脱敏")
     public CommonResult<String> userRuleDesList(@RequestBody DesInfo desInfo) {
@@ -124,7 +126,7 @@ public class UserDesRuleController {
         return CommonResult.success(str);
     }
 
-
+    @PermitAll
     @PostMapping("/userRuleDesListMap")
     @Operation(summary = "人员批量脱敏")
     public CommonResult<List<Map<String, Object>>> userRuleDesListMap(@RequestBody List<Map<String, Object>> lisetMap) {

gt-club/gt-club-biz/src/main/java/cn/gintone/controller/WebLogInfoController.java

@@ -4,10 +4,7 @@ import cn.gintone.config.IotDbConfig;
 import cn.gintone.dto.WebIllLogInfo;
 import cn.gintone.dto.WebLogInfo;
 import cn.gintone.dto.WebLogInfoVo;
-import cn.gintone.iotdbUtils.FileIotDbUtil;
-import cn.gintone.iotdbUtils.MyDateUtils;
-import cn.gintone.iotdbUtils.MyIotDbUtils;
-import cn.gintone.iotdbUtils.SpecialPeopleIotDbUtils;
+import cn.gintone.iotdbUtils.*;
 import cn.iocoder.yudao.framework.common.pojo.CommonResult;
 import com.alibaba.fastjson.JSON;
 import io.swagger.v3.oas.annotations.Operation;
@@ -61,6 +58,13 @@ public class WebLogInfoController {
         return CommonResult.success("初始化成功");
     }
 
+    @PostMapping("/initJarDecLogIotDBTable")
+    @Operation(summary = "初始化jar加密时间序列")
+    public CommonResult<String> initJarDecLogIotDBTable() {
+        JarDecLogIotDbUtil.createJarDecLogInfoTimeseries(iotDbConfig);
+        return CommonResult.success("初始化成功");
+    }
+
     @PostMapping("/saveWebLogInfo")
     @Operation(summary = "外部性请求保存日志")
     public CommonResult<String> saveWebLogInfo(@RequestBody WebLogInfo webLogInfo) {

gt-club/gt-club-biz/src/main/java/cn/gintone/dto/JarDecLogInfo.java

+package cn.gintone.dto;
+
+/**
+ * 外部jar解密记录
+ */
+public class JarDecLogInfo {
+    private Long timesta;
+    private String timestaStr;
+    private String sysAbbre; // 系统简称
+    private String content; // 解密内容
+    private String privateKey; // 私钥
+    private String clientIp; // 访问端ip
+    private String userId; // 用户id
+    private String username; // 用户名
+    private String type; // 解密方式
+
+    private Long beginTime;
+    private Long endTime;
+    private Integer pageSize;
+    private Integer pageNum;
+
+    public Long getTimesta() {
+        return timesta;
+    }
+
+    public void setTimesta(Long timesta) {
+        this.timesta = timesta;
+    }
+
+    public String getTimestaStr() {
+        return timestaStr;
+    }
+
+    public void setTimestaStr(String timestaStr) {
+        this.timestaStr = timestaStr;
+    }
+
+    public String getSysAbbre() {
+        return sysAbbre;
+    }
+
+    public void setSysAbbre(String sysAbbre) {
+        this.sysAbbre = sysAbbre;
+    }
+
+    public String getContent() {
+        return content;
+    }
+
+    public void setContent(String content) {
+        this.content = content;
+    }
+
+    public String getPrivateKey() {
+        return privateKey;
+    }
+
+    public void setPrivateKey(String privateKey) {
+        this.privateKey = privateKey;
+    }
+
+    public String getClientIp() {
+        return clientIp;
+    }
+
+    public void setClientIp(String clientIp) {
+        this.clientIp = clientIp;
+    }
+
+    public String getUserId() {
+        return userId;
+    }
+
+    public void setUserId(String userId) {
+        this.userId = userId;
+    }
+
+    public String getUsername() {
+        return username;
+    }
+
+    public void setUsername(String username) {
+        this.username = username;
+    }
+
+    public String getType() {
+        return type;
+    }
+
+    public void setType(String type) {
+        this.type = type;
+    }
+
+    public Long getBeginTime() {
+        return beginTime;
+    }
+
+    public void setBeginTime(Long beginTime) {
+        this.beginTime = beginTime;
+    }
+
+    public Long getEndTime() {
+        return endTime;
+    }
+
+    public void setEndTime(Long endTime) {
+        this.endTime = endTime;
+    }
+
+    public Integer getPageSize() {
+        return pageSize;
+    }
+
+    public void setPageSize(Integer pageSize) {
+        this.pageSize = pageSize;
+    }
+
+    public Integer getPageNum() {
+        return pageNum;
+    }
+
+    public void setPageNum(Integer pageNum) {
+        this.pageNum = pageNum;
+    }
+
+    @Override
+    public String toString() {
+        return "JarDecLogInfo{" +
+                "timesta=" + timesta +
+                ", timestaStr='" + timestaStr + '\'' +
+                ", sysAbbre='" + sysAbbre + '\'' +
+                ", content='" + content + '\'' +
+                ", privateKey='" + privateKey + '\'' +
+                ", clientIp='" + clientIp + '\'' +
+                ", userId='" + userId + '\'' +
+                ", username='" + username + '\'' +
+                ", type='" + type + '\'' +
+                ", beginTime=" + beginTime +
+                ", endTime=" + endTime +
+                ", pageSize=" + pageSize +
+                ", pageNum=" + pageNum +
+                '}';
+    }
+}

gt-club/gt-club-biz/src/main/java/cn/gintone/service/KeyCodeService.java

@@ -73,7 +73,7 @@ public interface KeyCodeService {
      * @param encInfo
      * @return
      */
-    Map<String, Object> rasDecrypt(EncInfo encInfo);
+    Map<String, Object> rasDecrypt(EncInfo encInfo, String clientIp, String pdToken, boolean isWai);
 
     /**
      * 使用sm2加密
@@ -87,12 +87,14 @@ public interface KeyCodeService {
      * @param encInfo
      * @return
      */
-    Map<String, Object> smTwoDecrypt(EncInfo encInfo, String clientIp);
+    Map<String, Object> smTwoDecrypt(EncInfo encInfo, String clientIp, String pdToken);
 
     /**
      * 文件解密接口
      * @param encInfo
      * @return
      */
-    Map<String, Object> fileRasDecrypt(ImportantFileSaveReqVO fileSaveReqVO, String clientIp);
+    Map<String, Object> fileRasDecrypt(ImportantFileSaveReqVO fileSaveReqVO, String clientIp, String pdToken);
+
+    KeyCodeDO getByType(Integer type);
 }
\ No newline at end of file

gt-club/gt-club-biz/src/main/java/cn/gintone/service/KeyCodeServiceImpl.java

@@ -8,10 +8,12 @@ import cn.gintone.controller.vo.KeyCodeSaveReqVO;
 import cn.gintone.dal.KeyCodeMapper;
 import cn.gintone.dto.EncInfo;
 import cn.gintone.dto.FileDecLogInfo;
+import cn.gintone.dto.JarDecLogInfo;
 import cn.gintone.dto.SpePeoLogInfo;
 import cn.gintone.encryptionUtils.*;
 import cn.gintone.entity.KeyCodeDO;
 import cn.gintone.iotdbUtils.FileIotDbUtil;
+import cn.gintone.iotdbUtils.JarDecLogIotDbUtil;
 import cn.gintone.iotdbUtils.SpecialPeopleIotDbUtils;
 import cn.iocoder.yudao.framework.common.pojo.PageResult;
 import cn.iocoder.yudao.module.system.dal.dataobject.user.AdminUserDO;
@@ -154,9 +156,14 @@ public class KeyCodeServiceImpl implements KeyCodeService {
     }
 
     @Override
-    public Map<String, Object> rasDecrypt(EncInfo encInfo) {
+    public Map<String, Object> rasDecrypt(EncInfo encInfo, String clientIp, String pdToken, boolean isWai) {
         try {
-            PrivateKey privateKey = SecureHybridDecryptor.loadPrivateKey(encInfo.getPrivateKey());
+            PrivateKey pteKey = null;
+            if (!isWai) {
+                pteKey = SecureHybridDecryptor.loadPrivateKey(encInfo.getPrivateKey());
+            } else {
+                pteKey = SecureHybridDecryptor.loadPrivateKey(encInfo.getPrivateKey());
+            }
             // 解密
             Map<String, Object> resultMap = new HashMap<>();
             Map<String, Object> infoMap = encInfo.getInfo();
@@ -164,9 +171,24 @@ public class KeyCodeServiceImpl implements KeyCodeService {
             for (Map.Entry<String, Object> entry : entries) {
                 String key = entry.getKey();
                 String info = entry.getValue().toString();
-                String decrypted = SecureHybridDecryptor.decrypt(info, privateKey);
+                String decrypted = SecureHybridDecryptor.decrypt(info, pteKey);
                 resultMap.put(key, decrypted);
             }
+
+            if (isWai) {
+                AdminUserDO user = authService.getPdUserByToken(pdToken);
+                JarDecLogInfo jarDecLogInfo = new JarDecLogInfo();
+                jarDecLogInfo.setClientIp(clientIp);
+                jarDecLogInfo.setSysAbbre(encInfo.getSysAbbre());
+                jarDecLogInfo.setContent(JSON.toJSONString(infoMap));
+                jarDecLogInfo.setPrivateKey(encInfo.getPrivateKey());
+                jarDecLogInfo.setUserId(user.getId() + "");
+                jarDecLogInfo.setUsername(user.getUsername());
+                jarDecLogInfo.setType("ras");
+                JarDecLogIotDbUtil.inserOne(iotDbConfig, jarDecLogInfo);
+            }
+
+
             return resultMap;
         } catch (Exception e) {
             e.printStackTrace();
@@ -202,7 +224,7 @@ public class KeyCodeServiceImpl implements KeyCodeService {
     }
 
     @Override
-    public Map<String, Object> smTwoDecrypt(EncInfo encInfo, String clientIp) {
+    public Map<String, Object> smTwoDecrypt(EncInfo encInfo, String clientIp, String pdToken) {
         try {
             PrivateKey privateKey = SM2KeyUtils.stringToPrivateKey(encInfo.getPrivateKey());
             // 解密
@@ -218,8 +240,7 @@ public class KeyCodeServiceImpl implements KeyCodeService {
                 resultMap.put(key, decrypted);
             }
 
-            AdminUserDO user = authService.getPdUserByToken("123");
-
+            AdminUserDO user = authService.getPdUserByToken(pdToken);
             SpePeoLogInfo spePeoLogInfo = new SpePeoLogInfo();
             spePeoLogInfo.setClientIp(clientIp);
             spePeoLogInfo.setSysAbbre(encInfo.getSysAbbre());
@@ -235,16 +256,15 @@ public class KeyCodeServiceImpl implements KeyCodeService {
     }
 
     @Override
-    public Map<String, Object> fileRasDecrypt(ImportantFileSaveReqVO saveReqVO, String clientIp) {
+    public Map<String, Object> fileRasDecrypt(ImportantFileSaveReqVO saveReqVO, String clientIp, String pdToken) {
         EncInfo encInfo = new EncInfo();
         Map<String, Object> map = new HashMap<>();
         map.put("url", saveReqVO.getUrl());
         encInfo.setInfo(map);
         encInfo.setPrivateKey(saveReqVO.getPrivateKey());
-        Map<String, Object> resultMap = rasDecrypt(encInfo);
-
-        AdminUserDO user = authService.getPdUserByToken("123");
+        Map<String, Object> resultMap = rasDecrypt(encInfo, clientIp, pdToken, false);
 
+        AdminUserDO user = authService.getPdUserByToken(pdToken);
         FileDecLogInfo fileDecLogInfo = new FileDecLogInfo();
         fileDecLogInfo.setClientIp(clientIp);
         fileDecLogInfo.setSysAbbre("sec");
@@ -258,4 +278,10 @@ public class KeyCodeServiceImpl implements KeyCodeService {
         return resultMap;
     }
 
+    @Override
+    public KeyCodeDO getByType(Integer type) {
+        KeyCodeDO keyCodeDO = keyCodeMapper.selectOne(new QueryWrapper<KeyCodeDO>().lambda().eq(KeyCodeDO::getType, type));
+        return keyCodeDO;
+    }
+
 }
\ No newline at end of file

yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/config/YudaoWebSecurityConfigurerAdapter.java

@@ -130,7 +130,6 @@ public class YudaoWebSecurityConfigurerAdapter {
                 .authorizeHttpRequests(c -> c
                     // 1.1 静态资源，可匿名访问
                     .requestMatchers(HttpMethod.GET, "/*.html", "/*.css", "/*.js").permitAll()
-                    .requestMatchers(HttpMethod.GET, "/admin-api/pdTokenCheck/**").permitAll()
                     // 1.2 设置 @PermitAll 无需认证
                     .requestMatchers(HttpMethod.GET, permitAllUrls.get(HttpMethod.GET).toArray(new String[0])).permitAll()
                     .requestMatchers(HttpMethod.POST, permitAllUrls.get(HttpMethod.POST).toArray(new String[0])).permitAll()

yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/controller/admin/auth/AuthController.java

@@ -74,7 +74,7 @@ public class AuthController {
     @Operation(summary = "验证平台token")
     public CommonResult<Boolean> checkPdToken(String pdToken) {
         if (null != pdToken && !"".equals(pdToken)) {
-            return CommonResult.success(true);
+            return CommonResult.success(authService.checkPdToken(pdToken));
 
         }
         return CommonResult.success(false);

yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/service/auth/AdminAuthService.java

@@ -91,4 +91,6 @@ public interface AdminAuthService {
      * @return
      */
     public AdminUserDO getPdUserByToken(String token);
+
+    boolean checkPdToken(String pdToken);
 }

yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/service/auth/AdminAuthServiceImpl.java

@@ -307,7 +307,21 @@ public class AdminAuthServiceImpl implements AdminAuthService {
     @Override
     public AdminUserDO getPdUserByToken(String token) {
         LoginUser loginUser = SecurityFrameworkUtils.getLoginUser();
+        if (null == loginUser) {
+            AdminUserDO user = new AdminUserDO();
+            user.setId(-1l);
+            user.setUsername("非法用户");
+            return user;
+        }
         AdminUserDO user = userService.getUserById(loginUser.getId());
         return user;
     }
+
+    @Override
+    public boolean checkPdToken(String pdToken) {
+        if (null != pdToken && !"".equals(pdToken)) {
+            return true;
+        }
+        return false;
+    }
 }