jiangyc/RuoYi-Vue-Plus
1
0
Fork 0
mirror of https://github.com/dromara/RuoYi-Vue-Plus.git synced 2025-09-24 07:19:46 +08:00
Code Issues Packages Projects Releases Wiki Activity

!274 add 新增 基于 Mybatis 实现数据库字段加解密功能

Browse Source
This commit is contained in:
_老马_
2023-01-18 04:13:43 +00:00
committed by 疯狂的狮子Li
parent 540afd839d
commit e20dacbfd9
22 changed files with 1129 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
ruoyi-framework/src/main/java/com/ruoyi/framework/config/EncryptorConfig.java Normal file
View File

@ -0,0 +1,37 @@
package com.ruoyi.framework.config;
import com.ruoyi.framework.config.properties.EncryptorProperties;
import com.ruoyi.framework.encrypt.EncryptorManager;
import com.ruoyi.framework.encrypt.MybatisDecryptInterceptor;
import com.ruoyi.framework.encrypt.MybatisEncryptInterceptor;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
/**
* 加解密配置
*
* @author 老马
* @date 2023-01-11 10:03
*/
@Configuration
@ConditionalOnProperty(value = "mybatis-encryptor.enabled", havingValue = "true")
public class EncryptorConfig {
@Bean
public EncryptorManager mybatisCryptHandler(EncryptorProperties properties) {
EncryptorManager encryptorManager = new EncryptorManager();
encryptorManager.registAndGetEncryptor(properties);
return encryptorManager;
}
@Bean
public MybatisEncryptInterceptor mybatisEncryptInterceptor(EncryptorProperties properties) {
return new MybatisEncryptInterceptor();
}
@Bean
public MybatisDecryptInterceptor mybatisDecryptInterceptor(EncryptorProperties properties) {
return new MybatisDecryptInterceptor();
}
}

49
ruoyi-framework/src/main/java/com/ruoyi/framework/config/properties/EncryptorProperties.java Normal file
View File

@ -0,0 +1,49 @@
package com.ruoyi.framework.config.properties;
import com.ruoyi.common.enums.AlgorithmType;
import com.ruoyi.common.enums.EncodeType;
import lombok.Data;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.stereotype.Component;
/**
* 加解密属性配置类
*
* @author 老马
* @date 2023-01-10 16:52
*/
@Data
@Component
@ConfigurationProperties(prefix = "mybatis-encryptor")
public class EncryptorProperties {
/**
* 过滤开关
*/
private Boolean enabled;
/**
* 默认算法
*/
private AlgorithmType algorithm;
/**
* 安全秘钥
*/
private String password;
/**
* 公钥
*/
private String publicKey;
/**
* 私钥
*/
private String privateKey;
/**
* 编码方式base64/hex
*/
private EncodeType encode;
}

33
ruoyi-framework/src/main/java/com/ruoyi/framework/encrypt/EncryptedFieldsCache.java Normal file
View File

@ -0,0 +1,33 @@
package com.ruoyi.framework.encrypt;
import com.ruoyi.common.annotation.EncryptField;
import java.lang.reflect.Field;
import java.util.Arrays;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.stream.Collectors;
/**
* 类加密字段缓存类
*
* @author 老马
* @date 2023-01-12 11:07
*/
public class EncryptedFieldsCache {
private static final Map<Class<?>, Set<Field>> ENCRYPTED_FIELD_CACHE = new ConcurrentHashMap<>();
public static Set<Field> get(Class<?> sourceClazz) {
return ENCRYPTED_FIELD_CACHE.computeIfAbsent(sourceClazz, clazz -> {
Field[] declaredFields = clazz.getDeclaredFields();
Set<Field> fieldSet = Arrays.stream(declaredFields).filter(field ->
field.isAnnotationPresent(EncryptField.class) && field.getType() == String.class)
.collect(Collectors.toSet());
for (Field field : fieldSet) {
field.setAccessible(true);
}
return fieldSet;
});
}
}

120
ruoyi-framework/src/main/java/com/ruoyi/framework/encrypt/EncryptorManager.java Normal file
View File

@ -0,0 +1,120 @@
package com.ruoyi.framework.encrypt;
import cn.hutool.core.util.ObjectUtil;
import cn.hutool.core.util.ReflectUtil;
import com.ruoyi.common.encrypt.EncryptContext;
import com.ruoyi.common.encrypt.IEncryptor;
import com.ruoyi.common.utils.StringUtils;
import com.ruoyi.framework.config.properties.EncryptorProperties;
import lombok.extern.slf4j.Slf4j;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
/**
* 加密管理类
*
* @author 老马
* @date 2023-01-11 10:07
*/
@Slf4j
public class EncryptorManager {
/**
* 缓存加密器
*/
Map<String, IEncryptor> encryptorMap = new ConcurrentHashMap<>();
/**
* 注册加密执行者到缓存
*
* @param properties 加密执行者需要的相关配置参数
* @author 老马
* @date 2023/1/11 15:09
*/
public IEncryptor registAndGetEncryptor(EncryptorProperties properties) {
String encryptorKey = this.getEncryptorKeyFromProperties(properties);
if (encryptorMap.containsKey(encryptorKey)) {
return encryptorMap.get(encryptorKey);
}
EncryptContext encryptContext = new EncryptContext();
encryptContext.setPassword(properties.getPassword());
encryptContext.setPrivateKey(properties.getPrivateKey());
encryptContext.setPublicKey(properties.getPublicKey());
encryptContext.setEncode(properties.getEncode());
IEncryptor encryptor = ReflectUtil.newInstance(properties.getAlgorithm().getClazz(), encryptContext);
encryptorMap.put(encryptorKey, encryptor);
return encryptorMap.get(encryptorKey);
}
/**
* 移除缓存中的加密执行者
*
* @param properties 加密执行者需要的相关配置参数
* @author 老马
* @date 2023/1/11 15:55
*/
public void removeEncryptor(EncryptorProperties properties) {
this.encryptorMap.remove(getEncryptorKeyFromProperties(properties));
}
/**
* 根据配置进行加密。会进行本地缓存对应的算法和对应的秘钥信息。
*
* @param value 待加密的值
* @param properties 加密相关的配置信息
* @return java.lang.String 加密后的结果
* @author 老马
* @date 2023/1/11 16:46
*/
public String encrypt(String value, EncryptorProperties properties) {
try {
IEncryptor encryptor = this.registAndGetEncryptor(properties);
if(ObjectUtil.isNull(encryptor)){
return value;
}
return encryptor.encrypt(value, properties.getEncode());
} catch (Exception e) {
log.error("字段加密异常,原样返回", e);
return value;
}
}
/**
* 根据配置进行解密
*
* @param value 待解密的值
* @param properties 加密相关的配置信息
* @return java.lang.String
* @author 老马
* @date 2023/1/11 17:43
*/
public String decrypt(String value, EncryptorProperties properties) {
try {
IEncryptor encryptor = this.registAndGetEncryptor(properties);
if(ObjectUtil.isNull(encryptor)){
return value;
}
return encryptor.decrypt(value, properties.getEncode());
} catch (Exception e) {
log.error("字段解密异常,原样返回", e);
return value;
}
}
/**
* 从配置内容中提取缓存的KEY
*
* @param properties 加密相关的配置信息
* @return java.lang.String
* @author 老马
* @date 2023/1/11 17:39
*/
private String getEncryptorKeyFromProperties(EncryptorProperties properties) {
return properties.getAlgorithm() + StringUtils.defaultString(properties.getPassword()) +
StringUtils.defaultString(properties.getPublicKey()) + StringUtils.defaultString(properties.getPrivateKey());
}
}

105
ruoyi-framework/src/main/java/com/ruoyi/framework/encrypt/MybatisDecryptInterceptor.java Normal file
View File

@ -0,0 +1,105 @@
package com.ruoyi.framework.encrypt;
import cn.hutool.core.collection.CollectionUtil;
import com.ruoyi.common.annotation.EncryptField;
import com.ruoyi.common.utils.StringUtils;
import com.ruoyi.common.utils.spring.SpringUtils;
import com.ruoyi.framework.config.properties.EncryptorProperties;
import lombok.extern.slf4j.Slf4j;
import org.apache.ibatis.executor.resultset.ResultSetHandler;
import org.apache.ibatis.plugin.*;
import java.lang.reflect.Field;
import java.sql.Statement;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
/**
* 出参解密拦截器
*
* @author 老马
* @date 2023-01-12 13:47
*/
@Slf4j
@Intercepts({@Signature(
type = ResultSetHandler.class,
method = "handleResultSets",
args = {Statement.class})
})
public class MybatisDecryptInterceptor implements Interceptor {
private final EncryptorManager encryptorManager = SpringUtils.getBean(EncryptorManager.class);
private final EncryptorProperties defaultProperties = SpringUtils.getBean(EncryptorProperties.class);
@Override
public Object intercept(Invocation invocation) throws Throwable {
// 获取执行mysql执行结果
Object result = invocation.proceed();
if (result == null) {
return null;
}
decryptHandler(result);
return result;
}
/**
* 解密对象
*
* @param sourceObject 待加密对象
*/
private void decryptHandler(Object sourceObject) {
if (sourceObject instanceof Map) {
((Map<?, Object>) sourceObject).values().forEach(this::decryptHandler);
return;
}
if (sourceObject instanceof List) {
// 判断第一个元素是否含有注解。如果没有直接返回,提高效率
Object firstItem = ((List<?>) sourceObject).get(0);
if (CollectionUtil.isEmpty(EncryptedFieldsCache.get(firstItem.getClass()))) {
return;
}
((List<?>) sourceObject).forEach(this::decryptHandler);
return;
}
Set<Field> fields = EncryptedFieldsCache.get(sourceObject.getClass());
try {
for (Field field : fields) {
field.set(sourceObject, this.decryptField(String.valueOf(field.get(sourceObject)), field));
}
} catch (Exception e) {
log.error("处理解密字段时出错", e);
}
}
/**
* 字段值进行加密。通过字段的批注注册新的加密算法
*
* @param value 待加密的值
* @param field 待加密字段
* @return 加密后结果
*/
private String decryptField(String value, Field field) {
EncryptField encryptField = field.getAnnotation(EncryptField.class);
EncryptorProperties properties = new EncryptorProperties();
properties.setEnabled(true);
properties.setAlgorithm(encryptField.algorithm());
properties.setEncode(encryptField.encode());
properties.setPassword(StringUtils.isEmpty(encryptField.password()) ? defaultProperties.getPassword() : encryptField.password());
properties.setPrivateKey(StringUtils.isEmpty(encryptField.privateKey()) ? defaultProperties.getPrivateKey() : encryptField.privateKey());
properties.setPublicKey(StringUtils.isEmpty(encryptField.publicKey()) ? defaultProperties.getPublicKey() : encryptField.publicKey());
this.encryptorManager.registAndGetEncryptor(properties);
return this.encryptorManager.decrypt(value, properties);
}
@Override
public Object plugin(Object target) {
return Plugin.wrap(target, this);
}
@Override
public void setProperties(Properties properties) {
}
}

111
ruoyi-framework/src/main/java/com/ruoyi/framework/encrypt/MybatisEncryptInterceptor.java Normal file
View File

@ -0,0 +1,111 @@
package com.ruoyi.framework.encrypt;
import cn.hutool.core.collection.CollectionUtil;
import cn.hutool.core.util.ObjectUtil;
import com.ruoyi.common.annotation.EncryptField;
import com.ruoyi.common.utils.StringUtils;
import com.ruoyi.common.utils.spring.SpringUtils;
import com.ruoyi.framework.config.properties.EncryptorProperties;
import lombok.extern.slf4j.Slf4j;
import org.apache.ibatis.executor.parameter.ParameterHandler;
import org.apache.ibatis.plugin.Interceptor;
import org.apache.ibatis.plugin.Intercepts;
import org.apache.ibatis.plugin.Invocation;
import org.apache.ibatis.plugin.Signature;
import java.lang.reflect.Field;
import java.sql.PreparedStatement;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
/**
* 入参加密拦截器
*
* @author 老马
* @date 2023-01-10 16:42
*/
@Slf4j
@Intercepts({@Signature(
type = ParameterHandler.class,
method = "setParameters",
args = {PreparedStatement.class})
})
public class MybatisEncryptInterceptor implements Interceptor {
private final EncryptorManager encryptorManager = SpringUtils.getBean(EncryptorManager.class);
private final EncryptorProperties defaultProperties = SpringUtils.getBean(EncryptorProperties.class);
@Override
public Object intercept(Invocation invocation) throws Throwable {
return invocation;
}
@Override
public Object plugin(Object target) {
if (target instanceof ParameterHandler) {
// 进行加密操作
ParameterHandler parameterHandler = (ParameterHandler) target;
Object parameterObject = parameterHandler.getParameterObject();
if (ObjectUtil.isNotNull(parameterObject) && !(parameterObject instanceof String)) {
this.encryptHandler(parameterObject);
}
}
return target;
}
/**
* 加密对象
*
* @param sourceObject 待加密对象
*/
private void encryptHandler(Object sourceObject) {
if (sourceObject instanceof Map) {
((Map<?, Object>) sourceObject).values().forEach(this::encryptHandler);
return;
}
if (sourceObject instanceof List) {
// 判断第一个元素是否含有注解。如果没有直接返回,提高效率
Object firstItem = ((List<?>) sourceObject).get(0);
if (CollectionUtil.isEmpty(EncryptedFieldsCache.get(firstItem.getClass()))) {
return;
}
((List<?>) sourceObject).forEach(this::encryptHandler);
return;
}
Set<Field> fields = EncryptedFieldsCache.get(sourceObject.getClass());
try {
for (Field field : fields) {
field.set(sourceObject, this.encryptField(String.valueOf(field.get(sourceObject)), field));
}
} catch (Exception e) {
log.error("处理加密字段时出错", e);
}
}
/**
* 字段值进行加密。通过字段的批注注册新的加密算法
*
* @param value 待加密的值
* @param field 待加密字段
* @return 加密后结果
*/
private String encryptField(String value, Field field) {
EncryptField encryptField = field.getAnnotation(EncryptField.class);
EncryptorProperties properties = new EncryptorProperties();
properties.setEnabled(true);
properties.setAlgorithm(encryptField.algorithm());
properties.setEncode(encryptField.encode());
properties.setPassword(StringUtils.isEmpty(encryptField.password()) ? defaultProperties.getPassword() : encryptField.password());
properties.setPrivateKey(StringUtils.isEmpty(encryptField.privateKey()) ? defaultProperties.getPrivateKey() : encryptField.privateKey());
properties.setPublicKey(StringUtils.isEmpty(encryptField.publicKey()) ? defaultProperties.getPublicKey() : encryptField.publicKey());
this.encryptorManager.registAndGetEncryptor(properties);
return this.encryptorManager.encrypt(value, properties);
}
@Override
public void setProperties(Properties properties) {
}
}