修改配置文件

chenhj

3 天以前 83d250a0cfecdf3284dbf80fb8bd13a849340c78

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
package com.zbkj.admin.acpect;
 
import cn.hutool.core.date.DateTime;
import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONObject;
import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
import com.zbkj.common.annotation.Loggable;
import com.zbkj.common.exception.CarException;
import com.zbkj.common.model.log.SystemLog;
import com.zbkj.common.model.system.SystemAdmin;
import com.zbkj.common.request.SystemAdminLoginRequest;
import com.zbkj.common.utils.RequestUtil;
import com.zbkj.common.utils.UserUtil;
import com.zbkj.service.service.SystemAdminService;
import com.zbkj.service.service.SystemLogService;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.springframework.web.multipart.MultipartFile;
 
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.smartcardio.CardException;
import java.time.LocalDateTime;
import java.util.Arrays;
import java.util.List;
import java.util.stream.Collectors;
 
@Aspect
@Component
public class LogAspect {
    @Autowired
    private SystemLogService systemLogService;
 
    @Autowired
    private SystemAdminService systemAdminService;
 
    //    @Around("@annotation(apiOperation)")
//    public Object around(ProceedingJoinPoint joinPoint, ApiOperation apiOperation, Loggable loggable) throws Throwable {
    @Around("@annotation(loggable)")
    public Object around(ProceedingJoinPoint joinPoint, Loggable loggable) throws Throwable {
        HttpServletRequest request = RequestUtil.getRequest();
 
        String userName = "匿名用户";
        String requestParams = "";
        // 获取操作类型描述（优先使用Loggable注解）
//        String operationType = apiOperation.value();
        SystemLog log = new SystemLog();
        String operationType = loggable.value();
        if ("PC登录".equals(operationType)) {
            // 从请求参数中获取用户名
            Object[] args = joinPoint.getArgs();
            for (Object arg : args) {
                if (arg instanceof SystemAdminLoginRequest) {
                    SystemAdminLoginRequest systemAdminLoginRequest = (SystemAdminLoginRequest) arg;
                    SystemAdmin systemAdmin = systemAdminService.getOne(new LambdaQueryWrapper<SystemAdmin>().eq(SystemAdmin::getAccount, systemAdminLoginRequest.getAccount()));
                    if (systemAdmin != null) {
                        userName = systemAdmin.getRealName();
                    } else {
                        throw new CarException("账号或者密码不正确");
                    }
                    requestParams = maskSensitiveInfo(JSON.toJSONString(systemAdminLoginRequest));
                    break;
                }
            }
        } else {
            userName = UserUtil.getLoginUserName();
            requestParams = loggable.trackParams() ?
                    maskSensitiveInfo(getRequestParams(joinPoint)) : "参数追踪已禁用";
        }
        log.setUsername(userName)
                .setIp(RequestUtil.getIpAddress(request))
//                .setOperationType(apiOperation.value())
//                .setOperationContent(getRequestParams(joinPoint))
                .setOperationContent(requestParams)
                .setOperationType(operationType)
                .setOperationTime(DateTime.now());
 
        try {
            Object result = joinPoint.proceed();
            log.setResult("成功");
            return result;
        } catch (Exception e) {
            log.setResult("失败");
            throw e;
        } finally {
            systemLogService.save(log);
        }
    }
 
    // 新增敏感信息脱敏方法
    private String maskSensitiveInfo(String jsonStr) {
        try {
            JSONObject jsonObject = JSON.parseObject(jsonStr);
            if (jsonObject.containsKey("password")) {
                jsonObject.put("password", "***");
            }
            if (jsonObject.containsKey("pwd")) {
                jsonObject.put("pwd", "***");
            }
            if (jsonObject.containsKey("idCard")) {
                jsonObject.put("idCard", "***");
            }
            return jsonObject.toJSONString();
        } catch (Exception e) {
            return jsonStr; // 非JSON格式直接返回
        }
    }
 
    private String getRequestParams(ProceedingJoinPoint joinPoint) {
        Object[] args = joinPoint.getArgs();
        // 过滤掉不可序列化的请求参数
        List<Object> filteredArgs = Arrays.stream(args)
                .filter(arg -> !(arg instanceof HttpServletRequest))
                .filter(arg -> !(arg instanceof HttpServletResponse))
                .filter(arg -> !(arg instanceof MultipartFile))
                .collect(Collectors.toList());
        // 新增密码参数过滤（即使未脱敏也二次保障）
        filteredArgs.removeIf(arg -> {
            if (arg instanceof SystemAdminLoginRequest) {
                ((SystemAdminLoginRequest) arg).setPwd(null);
                return false;
            }
            return false;
        });
        return JSON.toJSONString(filteredArgs);
    }
}