From 0da1c9d0d2b0c8bd99110850bf8b0e0410442103 Mon Sep 17 00:00:00 2001
From: wsw <wsw@winning.com.cn>
Date: Wed, 26 Jul 2023 22:11:00 +0800
Subject: [PATCH] =?UTF-8?q?=E7=AE=A1=E7=90=86=E5=91=98=E6=97=A5=E5=BF=97--?=
 =?UTF-8?q?=E5=85=A5=E5=8F=82=E5=81=9A=E8=84=B1=E6=95=8F=E6=93=8D=E4=BD=9C?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../playedu/api/aspectj/AdminLogAspect.java   | 21 +++++++++++++++----
 1 file changed, 17 insertions(+), 4 deletions(-)

diff --git a/src/main/java/xyz/playedu/api/aspectj/AdminLogAspect.java b/src/main/java/xyz/playedu/api/aspectj/AdminLogAspect.java
index b4a6e5f..4154eae 100644
--- a/src/main/java/xyz/playedu/api/aspectj/AdminLogAspect.java
+++ b/src/main/java/xyz/playedu/api/aspectj/AdminLogAspect.java
@@ -15,6 +15,7 @@
  */
 package xyz.playedu.api.aspectj;
 
+import cn.hutool.json.JSONObject;
 import cn.hutool.json.JSONUtil;
 import jakarta.servlet.http.HttpServletRequest;
 import lombok.extern.slf4j.Slf4j;
@@ -33,6 +34,7 @@ import xyz.playedu.api.util.RequestUtil;
 import xyz.playedu.api.util.StringUtil;
 
 import java.lang.reflect.Method;
+import java.util.Arrays;
 import java.util.Date;
 import java.util.Map;
 
@@ -45,6 +47,9 @@ public class AdminLogAspect {
 
     @Autowired private AdminLogService adminLogService;
 
+    /** 排除敏感属性字段 */
+    public static final String[] EXCLUDE_PROPERTIES = { "password", "oldPassword", "newPassword", "confirmPassword" };
+
     /**
      * Controller层切点 注解拦截
      */
@@ -98,17 +103,25 @@ public class AdminLogAspect {
             }
             adminLog.setRequestMethod(request.getMethod());
             adminLog.setUrl(request.getRequestURL().toString());
+            String params = "";
             Map<String, String[]> parameterMap = request.getParameterMap();
             if (StringUtil.isNotEmpty(parameterMap)) {
-                String params = JSONUtil.toJsonStr(parameterMap);
-                adminLog.setParam(StringUtils.substring(params, 0, 2000));
+                params = JSONUtil.toJsonStr(parameterMap);
             }else {
                 Object[] args = joinPoint.getArgs();
                 if (StringUtil.isNotNull(args)) {
-                    String params = StringUtil.arrayToString(args);
-                    adminLog.setParam(StringUtils.substring(params, 0, 2000));
+                    params = StringUtil.arrayToString(args);
                 }
             }
+            if(StringUtil.isNotEmpty(params)){
+                JSONObject paramObj = JSONUtil.parseObj(params);
+                for(String i : Arrays.asList(EXCLUDE_PROPERTIES)){
+                    if(paramObj.containsKey(i)){
+                        paramObj.put(i,"******");
+                    }
+                }
+                adminLog.setParam(StringUtils.substring(JSONUtil.toJsonStr(paramObj), 0, 2000));
+            }
             adminLog.setResult(JSONUtil.toJsonStr(jsonResult));
             adminLog.setIp(IpUtil.getIpAddress());
             adminLog.setIpArea(IpUtil.getRealAddressByIP(IpUtil.getIpAddress()));