管理员日志-入参出差脱敏处理

2025-06-08 02:04:04 +08:00 · 2023-07-29 15:04:20 +08:00 · 2023-07-29 15:04:20 +08:00 · bc194e6be2
commit bc194e6be2
parent e28e2e30af
1 changed files with 35 additions and 10 deletions
--- a/src/main/java/xyz/playedu/api/aspectj/AdminLogAspect.java
+++ b/src/main/java/xyz/playedu/api/aspectj/AdminLogAspect.java
@ -53,7 +53,7 @@ public class AdminLogAspect {
    /** 排除敏感属性字段 */
    public static final String[] EXCLUDE_PROPERTIES = {
-        "password", "oldPassword", "newPassword", "confirmPassword"
+        "password", "oldPassword", "newPassword", "confirmPassword", "token"
    };
    /** Controller层切点 注解拦截 */
@ -118,20 +118,19 @@ public class AdminLogAspect {
                }
            }
            if (StringUtil.isNotEmpty(params)) {
-                JSONObject paramObj = JSONUtil.parseObj(params);
+                JSONObject paramObj = excludeProperties(params);
-                for (String i : Arrays.asList(EXCLUDE_PROPERTIES)) {
+                adminLog.setParam(JSONUtil.toJsonStr(paramObj));
                    if (paramObj.containsKey(i)) {
                        paramObj.put(i, "******");
                    }
                }
                adminLog.setParam(StringUtils.substring(JSONUtil.toJsonStr(paramObj), 0, 2000));
            }
-            adminLog.setResult(JSONUtil.toJsonStr(jsonResult));
+            if (null != jsonResult) {
                jsonResult = excludeProperties(JSONUtil.toJsonStr(jsonResult));
                adminLog.setResult(JSONUtil.toJsonStr(jsonResult));
            }
            adminLog.setIp(IpUtil.getIpAddress());
            adminLog.setIpArea(IpUtil.getRealAddressByIP(IpUtil.getIpAddress()));
            if (null != e) {
-                adminLog.setErrorMsg(StringUtil.substring(e.getMessage(), 0, 2000));
+                adminLog.setErrorMsg(e.getMessage());
            }
            adminLog.setCreatedAt(new Date());
            // 保存数据库
@ -152,4 +151,30 @@ public class AdminLogAspect {
        }
        return null;
    }
    public JSONObject excludeProperties(String jsonData) {
        JSONObject jsonObjectResult = new JSONObject();
        // 把传入String类型转换成JSONObject对象
        if(JSONUtil.isTypeJSON(jsonData)){
            JSONObject jsonObject = JSONUtil.parseObj(jsonData);
            for (Map.Entry<String, Object> entry : jsonObject.entrySet()) {
                String key = entry.getKey();
                Object value = entry.getValue();
                if(StringUtil.isNotNull(value)){
                    // 如果value依旧是json类型的话继续递归解析
                    if (JSONUtil.isTypeJSON(value.toString())) {
                        jsonObjectResult.put(key, excludeProperties(entry.getValue().toString()));
                    } else {
                        // 如果value是单纯的数据,执行脱敏操作
                        for (String i : Arrays.asList(EXCLUDE_PROPERTIES)) {
                            if(key.equals(i)){
                                jsonObjectResult.put(key, "******");
                            }
                        }
                    }
                }
            }
        }
        return jsonObjectResult;
    }
 }