xw 5 napja
szülő
commit
74462877ac

+ 36 - 0
fs-common/src/main/java/com/fs/common/utils/LogSensitiveUtils.java

@@ -0,0 +1,36 @@
+package com.fs.common.utils;
+
+import org.apache.commons.lang3.StringUtils;
+import java.util.regex.Pattern;
+
+/**
+ * 日志敏感信息脱敏工具类
+ */
+public class LogSensitiveUtils {
+
+    /**
+     * 匹配JSON中敏感字段正则(忽略大小写)
+     * 匹配字段:password、oldPassword、newPassword、confirmPassword、pwd、secret、accessKeySecret、aliyunAccessKeySecret、huaweiSK、tmpSecretKey、sessionToken
+     */
+    private static final Pattern SENSITIVE_JSON_PATTERN = Pattern.compile(
+            "(\"(?:password|oldPassword|newPassword|confirmPassword|pwd|secret|accessKeySecret|aliyunAccessKeySecret|huaweiSK|tmpSecretKey|sessionToken)\"\\s*:\\s*\")([^\"\\\\]*)(\")",
+            Pattern.CASE_INSENSITIVE);
+
+    // 私有构造,禁止实例化
+    private LogSensitiveUtils() {
+        throw new AssertionError("工具类不允许实例化");
+    }
+
+    /**
+     * 敏感信息脱敏,密码/密钥类值替换为******
+     * @param content 原始日志JSON字符串
+     * @return 脱敏后字符串
+     */
+    public static String maskSensitive(String content) {
+        if (StringUtils.isEmpty(content)) {
+            return content;
+        }
+        // $1=key引号部分,$3=结尾引号,中间值替换为星号
+        return SENSITIVE_JSON_PATTERN.matcher(content).replaceAll("$1******$3");
+    }
+}

+ 9 - 1
fs-company/src/main/java/com/fs/company/controller/company/CompanyOperlogController.java

@@ -6,6 +6,7 @@ import com.fs.common.core.controller.BaseController;
 import com.fs.common.core.domain.AjaxResult;
 import com.fs.common.core.page.TableDataInfo;
 import com.fs.common.enums.BusinessType;
+import com.fs.common.utils.LogSensitiveUtils;
 import com.fs.common.utils.ServletUtils;
 import com.fs.common.utils.poi.ExcelUtil;
 import com.fs.company.domain.CompanyOperLog;
@@ -33,7 +34,7 @@ public class CompanyOperlogController extends BaseController
     private TokenService tokenService;
 
 
-//    @PreAuthorize("@ss.hasPermi('monitor:operlog:list')")
+    @PreAuthorize("@ss.hasPermi('monitor:operlog:list')")
     @GetMapping("/list")
     @DataScope
     public TableDataInfo list(CompanyOperLog operLog)
@@ -42,9 +43,15 @@ public class CompanyOperlogController extends BaseController
         startPage();
         operLog.setCompanyId(loginUser.getCompany().getCompanyId());
         List<CompanyOperLog> list = operLogService.selectCompanyOperLogList(operLog);
+        list.forEach(this::maskOperLogSensitiveFields);
         return getDataTable(list);
     }
 
+    private void maskOperLogSensitiveFields(CompanyOperLog operLog) {
+        operLog.setOperParam(LogSensitiveUtils.maskSensitive(operLog.getOperParam()));
+        operLog.setJsonResult(LogSensitiveUtils.maskSensitive(operLog.getJsonResult()));
+    }
+
     @Log(title = "操作日志", businessType = BusinessType.EXPORT)
     @PreAuthorize("@ss.hasPermi('monitor:operlog:export')")
     @GetMapping("/export")
@@ -53,6 +60,7 @@ public class CompanyOperlogController extends BaseController
         LoginUser loginUser = tokenService.getLoginUser(ServletUtils.getRequest());
         operLog.setCompanyId(loginUser.getCompany().getCompanyId());
         List<CompanyOperLog> list = operLogService.selectCompanyOperLogList(operLog);
+        list.forEach(this::maskOperLogSensitiveFields);
         ExcelUtil<CompanyOperLog> util = new ExcelUtil<CompanyOperLog>(CompanyOperLog.class);
         return util.exportExcel(list, "操作日志");
     }

+ 3 - 2
fs-company/src/main/java/com/fs/framework/aspectj/LogAspect.java

@@ -5,6 +5,7 @@ import com.fs.common.annotation.Log;
 import com.fs.common.enums.BusinessStatus;
 import com.fs.common.enums.HttpMethod;
 import com.fs.common.utils.ServletUtils;
+import com.fs.common.utils.LogSensitiveUtils;
 import com.fs.common.utils.StringUtils;
 import com.fs.common.utils.ip.IpUtils;
 import com.fs.common.utils.spring.SpringUtils;
@@ -93,7 +94,7 @@ public class LogAspect
             String ip = IpUtils.getIpAddr(ServletUtils.getRequest());
             operLog.setOperIp(ip);
             // 返回参数
-            operLog.setJsonResult(JSON.toJSONString(jsonResult));
+            operLog.setJsonResult(LogSensitiveUtils.maskSensitive(JSON.toJSONString(jsonResult)));
 
             operLog.setOperUrl(ServletUtils.getRequest().getRequestURI());
             if (loginUser != null)
@@ -161,7 +162,7 @@ public class LogAspect
         if (HttpMethod.PUT.name().equals(requestMethod) || HttpMethod.POST.name().equals(requestMethod))
         {
             String params = argsArrayToString(joinPoint.getArgs());
-            operLog.setOperParam(StringUtils.substring(params, 0, 2000));
+            operLog.setOperParam(StringUtils.substring(LogSensitiveUtils.maskSensitive(params), 0, 2000));
         }
         else
         {