mirrors/pig
1
0
Fork 0
mirror of https://gitee.com/log4j/pig.git synced 2024-12-23 05:00:23 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

🐛 Fixing a bug. close #3414 包含特殊字符+的密码,登录验证失败

Browse Source
This commit is contained in:
lbw 2021-12-05 11:28:43 +08:00
parent 77f2f139c4
commit cb1a6c6948
1 changed files with 96 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

129
pig-gateway/src/main/java/com/pig4cloud/pig/gateway/filter/PasswordDecoderFilter.java
View File

@ -16,9 +16,9 @@
package com.pig4cloud.pig.gateway.filter; package com.pig4cloud.pig.gateway.filter;
import cn.hutool.core.codec.Base64; import cn.hutool.core.net.URLEncodeUtil;
import cn.hutool.core.text.CharSequenceUtil;
import cn.hutool.core.util.CharsetUtil; import cn.hutool.core.util.CharsetUtil;
import cn.hutool.core.util.StrUtil;
import cn.hutool.crypto.Mode; import cn.hutool.crypto.Mode;
import cn.hutool.crypto.Padding; import cn.hutool.crypto.Padding;
import cn.hutool.crypto.symmetric.AES; import cn.hutool.crypto.symmetric.AES;
@ -29,15 +29,28 @@ import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j; import lombok.extern.slf4j.Slf4j;
import org.springframework.cloud.gateway.filter.GatewayFilter; import org.springframework.cloud.gateway.filter.GatewayFilter;
import org.springframework.cloud.gateway.filter.factory.AbstractGatewayFilterFactory; import org.springframework.cloud.gateway.filter.factory.AbstractGatewayFilterFactory;
import org.springframework.cloud.gateway.filter.factory.rewrite.CachedBodyOutputMessage;
import org.springframework.cloud.gateway.support.BodyInserterContext;
import org.springframework.core.io.buffer.DataBuffer;
import org.springframework.http.HttpHeaders;
import org.springframework.http.MediaType;
import org.springframework.http.codec.HttpMessageReader;
import org.springframework.http.server.reactive.ServerHttpRequest; import org.springframework.http.server.reactive.ServerHttpRequest;
import org.springframework.web.util.UriComponentsBuilder; import org.springframework.http.server.reactive.ServerHttpRequestDecorator;
import org.springframework.web.reactive.function.BodyInserter;
import org.springframework.web.reactive.function.BodyInserters;
import org.springframework.web.reactive.function.server.HandlerStrategies;
import org.springframework.web.reactive.function.server.ServerRequest;
import org.springframework.web.server.ServerWebExchange;
import reactor.core.publisher.Flux;
import reactor.core.publisher.Mono; import reactor.core.publisher.Mono;
import javax.crypto.spec.IvParameterSpec; import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec; import javax.crypto.spec.SecretKeySpec;
import java.net.URI; import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets; import java.util.List;
import java.util.Map; import java.util.Map;
import java.util.function.Function;
/** /**
* @author lengleng * @author lengleng
@ -47,52 +60,102 @@ import java.util.Map;
@RequiredArgsConstructor @RequiredArgsConstructor
public class PasswordDecoderFilter extends AbstractGatewayFilterFactory { public class PasswordDecoderFilter extends AbstractGatewayFilterFactory {
private static final List<HttpMessageReader<?>> messageReaders = HandlerStrategies.withDefaults().messageReaders();
private static final String PASSWORD = "password"; private static final String PASSWORD = "password";
private static final String KEY_ALGORITHM = "AES"; private static final String KEY_ALGORITHM = "AES";
private final GatewayConfigProperties configProperties; private final GatewayConfigProperties gatewayConfig;
@Override @Override
public GatewayFilter apply(Object config) { public GatewayFilter apply(Object config) {
return (exchange, chain) -> { return (exchange, chain) -> {
ServerHttpRequest request = exchange.getRequest(); ServerHttpRequest request = exchange.getRequest();
// 1. 不是登录请求直接向下执行
// 不是登录请求直接向下执行 if (!StrUtil.containsAnyIgnoreCase(request.getURI().getPath(), SecurityConstants.OAUTH_TOKEN_URL)) {
if (!CharSequenceUtil.containsAnyIgnoreCase(request.getURI().getPath(),
SecurityConstants.OAUTH_TOKEN_URL)) {
return chain.filter(exchange); return chain.filter(exchange);
} }
URI uri = exchange.getRequest().getURI(); // 2. 刷新token类型直接向下执行
String queryParam = uri.getRawQuery(); String grantType = request.getQueryParams().getFirst("grant_type");
Map<String, String> paramMap = HttpUtil.decodeParamMap(queryParam, CharsetUtil.CHARSET_UTF_8); if (StrUtil.equals(SecurityConstants.REFRESH_TOKEN, grantType)) {
return chain.filter(exchange);
String password = paramMap.get(PASSWORD);
if (CharSequenceUtil.isNotBlank(password)) {
try {
password = decrypt(password, configProperties.getEncodeKey());
}
catch (Exception e) {
log.error("密码解密失败:{}", password);
return Mono.error(e);
}
paramMap.put(PASSWORD, password.trim());
} }
URI newUri = UriComponentsBuilder.fromUri(uri).replaceQuery(HttpUtil.toParams(paramMap)).build(true) // 3. 前端加密密文解密逻辑
.toUri(); Class inClass = String.class;
Class outClass = String.class;
ServerRequest serverRequest = ServerRequest.create(exchange, messageReaders);
ServerHttpRequest newRequest = exchange.getRequest().mutate().uri(newUri).build(); // 4. 解密生成新的报文
return chain.filter(exchange.mutate().request(newRequest).build()); Mono<?> modifiedBody = serverRequest.bodyToMono(inClass).flatMap(decryptAES());
BodyInserter bodyInserter = BodyInserters.fromPublisher(modifiedBody, outClass);
HttpHeaders headers = new HttpHeaders();
headers.putAll(exchange.getRequest().getHeaders());
headers.remove(HttpHeaders.CONTENT_LENGTH);
headers.set(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_FORM_URLENCODED_VALUE);
CachedBodyOutputMessage outputMessage = new CachedBodyOutputMessage(exchange, headers);
return bodyInserter.insert(outputMessage, new BodyInserterContext()).then(Mono.defer(() -> {
ServerHttpRequest decorator = decorate(exchange, headers, outputMessage);
return chain.filter(exchange.mutate().request(decorator).build());
}));
}; };
} }
private static String decrypt(String data, String pass) { /**
AES aes = new AES(Mode.CBC, Padding.NoPadding, new SecretKeySpec(pass.getBytes(), KEY_ALGORITHM), * 原文解密
new IvParameterSpec(pass.getBytes())); * @return
byte[] result = aes.decrypt(Base64.decode(data.getBytes(StandardCharsets.UTF_8))); */
return new String(result, StandardCharsets.UTF_8); private Function decryptAES() {
return s -> {
// 构建前端对应解密AES 因子
AES aes = new AES(Mode.CFB, Padding.NoPadding,
new SecretKeySpec(gatewayConfig.getEncodeKey().getBytes(), KEY_ALGORITHM),
new IvParameterSpec(gatewayConfig.getEncodeKey().getBytes()));
// 获取请求密码并解密
Map<String, String> inParamsMap = HttpUtil.decodeParamMap((String) s, CharsetUtil.CHARSET_UTF_8);
if (inParamsMap.containsKey(PASSWORD)) {
String password = aes.decryptStr(inParamsMap.get(PASSWORD));
// 返回修改后报文字符
inParamsMap.put(PASSWORD, password);
}
else {
log.error("非法请求数据:{}", s);
}
return Mono.just(HttpUtil.toParams(inParamsMap, Charset.defaultCharset(), true));
};
}
/**
* 报文转换
* @return
*/
private ServerHttpRequestDecorator decorate(ServerWebExchange exchange, HttpHeaders headers,
CachedBodyOutputMessage outputMessage) {
return new ServerHttpRequestDecorator(exchange.getRequest()) {
@Override
public HttpHeaders getHeaders() {
long contentLength = headers.getContentLength();
HttpHeaders httpHeaders = new HttpHeaders();
httpHeaders.putAll(super.getHeaders());
if (contentLength > 0) {
httpHeaders.setContentLength(contentLength);
}
else {
httpHeaders.set(HttpHeaders.TRANSFER_ENCODING, "chunked");
}
return httpHeaders;
}
@Override
public Flux<DataBuffer> getBody() {
return outputMessage.getBody();
}
};
} }
} }