管理员日志-入参出差脱敏处理

2025-06-08 02:04:04 +08:00 · 2023-07-29 15:04:20 +08:00 · 2023-07-29 15:04:20 +08:00 · bc194e6be2
commit bc194e6be2
parent e28e2e30af
1 changed files with 35 additions and 10 deletions
--- a/src/main/java/xyz/playedu/api/aspectj/AdminLogAspect.java
+++ b/src/main/java/xyz/playedu/api/aspectj/AdminLogAspect.java
@ -53,7 +53,7 @@ public class AdminLogAspect {

    /** 排除敏感属性字段 */
    public static final String[] EXCLUDE_PROPERTIES = {
-        "password", "oldPassword", "newPassword", "confirmPassword"
+        "password", "oldPassword", "newPassword", "confirmPassword", "token"
    };

    /** Controller层切点 注解拦截 */
@ -118,20 +118,19 @@ public class AdminLogAspect {
                }
            }
            if (StringUtil.isNotEmpty(params)) {
-                JSONObject paramObj = JSONUtil.parseObj(params);
-                for (String i : Arrays.asList(EXCLUDE_PROPERTIES)) {
-                    if (paramObj.containsKey(i)) {
-                        paramObj.put(i, "******");
-                    }
-                }
-                adminLog.setParam(StringUtils.substring(JSONUtil.toJsonStr(paramObj), 0, 2000));
+                JSONObject paramObj = excludeProperties(params);
+                adminLog.setParam(JSONUtil.toJsonStr(paramObj));
            }
+            if (null != jsonResult) {
+                jsonResult = excludeProperties(JSONUtil.toJsonStr(jsonResult));
                adminLog.setResult(JSONUtil.toJsonStr(jsonResult));
+            }
+
            adminLog.setIp(IpUtil.getIpAddress());
            adminLog.setIpArea(IpUtil.getRealAddressByIP(IpUtil.getIpAddress()));

            if (null != e) {
-                adminLog.setErrorMsg(StringUtil.substring(e.getMessage(), 0, 2000));
+                adminLog.setErrorMsg(e.getMessage());
            }
            adminLog.setCreatedAt(new Date());
            // 保存数据库
@ -152,4 +151,30 @@ public class AdminLogAspect {
        }
        return null;
    }
+
+    public JSONObject excludeProperties(String jsonData) {
+        JSONObject jsonObjectResult = new JSONObject();
+        // 把传入String类型转换成JSONObject对象
+        if(JSONUtil.isTypeJSON(jsonData)){
+            JSONObject jsonObject = JSONUtil.parseObj(jsonData);
+            for (Map.Entry<String, Object> entry : jsonObject.entrySet()) {
+                String key = entry.getKey();
+                Object value = entry.getValue();
+                if(StringUtil.isNotNull(value)){
+                    // 如果value依旧是json类型的话继续递归解析
+                    if (JSONUtil.isTypeJSON(value.toString())) {
+                        jsonObjectResult.put(key, excludeProperties(entry.getValue().toString()));
+                    } else {
+                        // 如果value是单纯的数据,执行脱敏操作
+                        for (String i : Arrays.asList(EXCLUDE_PROPERTIES)) {
+                            if(key.equals(i)){
+                                jsonObjectResult.put(key, "******");
+                            }
+                        }
+                    }
+                }
+            }
+        }
+        return jsonObjectResult;
+    }
 }