package com.zbkj.admin.acpect; import cn.hutool.core.date.DateTime; import com.alibaba.fastjson.JSON; import com.alibaba.fastjson.JSONObject; import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper; import com.zbkj.common.annotation.Loggable; import com.zbkj.common.exception.CarException; import com.zbkj.common.model.log.SystemLog; import com.zbkj.common.model.system.SystemAdmin; import com.zbkj.common.request.SystemAdminLoginRequest; import com.zbkj.common.utils.RequestUtil; import com.zbkj.common.utils.UserUtil; import com.zbkj.service.service.SystemAdminService; import com.zbkj.service.service.SystemLogService; import org.aspectj.lang.ProceedingJoinPoint; import org.aspectj.lang.annotation.Around; import org.aspectj.lang.annotation.Aspect; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; import org.springframework.web.multipart.MultipartFile; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.smartcardio.CardException; import java.time.LocalDateTime; import java.util.Arrays; import java.util.List; import java.util.stream.Collectors; @Aspect @Component public class LogAspect { @Autowired private SystemLogService systemLogService; @Autowired private SystemAdminService systemAdminService; // @Around("@annotation(apiOperation)") // public Object around(ProceedingJoinPoint joinPoint, ApiOperation apiOperation, Loggable loggable) throws Throwable { @Around("@annotation(loggable)") public Object around(ProceedingJoinPoint joinPoint, Loggable loggable) throws Throwable { HttpServletRequest request = RequestUtil.getRequest(); String userName = "匿名用户"; String requestParams = ""; // 获取操作类型描述(优先使用Loggable注解) // String operationType = apiOperation.value(); SystemLog log = new SystemLog(); String operationType = loggable.value(); if ("PC登录".equals(operationType)) { // 从请求参数中获取用户名 Object[] args = joinPoint.getArgs(); for (Object arg : args) { if (arg instanceof SystemAdminLoginRequest) { SystemAdminLoginRequest systemAdminLoginRequest = (SystemAdminLoginRequest) arg; SystemAdmin systemAdmin = systemAdminService.getOne(new LambdaQueryWrapper().eq(SystemAdmin::getAccount, systemAdminLoginRequest.getAccount())); if (systemAdmin != null) { userName = systemAdmin.getRealName(); } else { throw new CarException("账号或者密码不正确"); } requestParams = maskSensitiveInfo(JSON.toJSONString(systemAdminLoginRequest)); break; } } } else { userName = UserUtil.getLoginUserName(); requestParams = loggable.trackParams() ? maskSensitiveInfo(getRequestParams(joinPoint)) : "参数追踪已禁用"; } log.setUsername(userName) .setIp(RequestUtil.getIpAddress(request)) // .setOperationType(apiOperation.value()) // .setOperationContent(getRequestParams(joinPoint)) .setOperationContent(requestParams) .setOperationType(operationType) .setOperationTime(DateTime.now()); try { Object result = joinPoint.proceed(); log.setResult("成功"); return result; } catch (Exception e) { log.setResult("失败"); throw e; } finally { systemLogService.save(log); } } // 新增敏感信息脱敏方法 private String maskSensitiveInfo(String jsonStr) { try { JSONObject jsonObject = JSON.parseObject(jsonStr); if (jsonObject.containsKey("password")) { jsonObject.put("password", "***"); } if (jsonObject.containsKey("pwd")) { jsonObject.put("pwd", "***"); } if (jsonObject.containsKey("idCard")) { jsonObject.put("idCard", "***"); } return jsonObject.toJSONString(); } catch (Exception e) { return jsonStr; // 非JSON格式直接返回 } } private String getRequestParams(ProceedingJoinPoint joinPoint) { Object[] args = joinPoint.getArgs(); // 过滤掉不可序列化的请求参数 List filteredArgs = Arrays.stream(args) .filter(arg -> !(arg instanceof HttpServletRequest)) .filter(arg -> !(arg instanceof HttpServletResponse)) .filter(arg -> !(arg instanceof MultipartFile)) .collect(Collectors.toList()); // 新增密码参数过滤(即使未脱敏也二次保障) filteredArgs.removeIf(arg -> { if (arg instanceof SystemAdminLoginRequest) { ((SystemAdminLoginRequest) arg).setPwd(null); return false; } return false; }); return JSON.toJSONString(filteredArgs); } }