增加脱敏配置。

lili: system: sensitiveLevel: 2
zhiweicoding · Sep 13, 2021 · a210565 · a210565
1 parent d1d91b7
commit a210565
Show file tree

Hide file tree

Showing 10 changed files with 156 additions and 52 deletions.
diff --git a/common-api/src/main/java/cn/lili/controller/common/UploadController.java b/common-api/src/main/java/cn/lili/controller/common/UploadController.java
@@ -104,11 +104,4 @@ public ResultMessage<Object> upload(MultipartFile file,
         }
         return ResultUtil.data(result);
     }
-
-
-    @ApiOperation(value = "返回licences")
-    @PostMapping(value = "/licences")
-    public ResultMessage<Object> licences() {
-        return ResultUtil.data(systemSettingProperties.getLicences());
-    }
 }
diff --git a/framework/src/main/java/cn/lili/common/properties/SystemSettingProperties.java b/framework/src/main/java/cn/lili/common/properties/SystemSettingProperties.java
@@ -27,7 +27,34 @@ public class SystemSettingProperties {
     private Boolean isTestModel = false;
 
     /**
-     * 授权信息
+     * 脱敏级别：
+     * 0：不做脱敏处理
+     * 1：管理端用户手机号等信息脱敏
+     * 2：商家端信息脱敏（为2时，表示管理端，商家端同时脱敏）
+     * <p>
+     * PS:
      */
-    private String licences = "";
+    private Integer sensitiveLevel = 0;
+
+
+    public Boolean getDemoSite() {
+        if (isDemoSite == null) {
+            return false;
+        }
+        return isDemoSite;
+    }
+
+    public Boolean getTestModel() {
+        if (isTestModel == null) {
+            return false;
+        }
+        return isTestModel;
+    }
+
+    public Integer getSensitiveLevel() {
+        if (sensitiveLevel == null) {
+            return 0;
+        }
+        return sensitiveLevel;
+    }
 }
diff --git a/framework/src/main/java/cn/lili/common/security/filter/SensitiveJsonSerializer.java b/framework/src/main/java/cn/lili/common/security/filter/SensitiveJsonSerializer.java
diff --git a/...ili/common/security/filter/Sensitive.java → .../common/security/sensitive/Sensitive.java b/...ili/common/security/filter/Sensitive.java → .../common/security/sensitive/Sensitive.java
@@ -1,5 +1,6 @@
-package cn.lili.common.security.filter;
+package cn.lili.common.security.sensitive;
 
+import cn.lili.common.security.sensitive.enums.SensitiveStrategy;
 import com.fasterxml.jackson.annotation.JacksonAnnotationsInside;
 import com.fasterxml.jackson.databind.annotation.JsonSerialize;
 
@@ -8,6 +9,15 @@
 import java.lang.annotation.RetentionPolicy;
 import java.lang.annotation.Target;
 
+
+/**
+ * 敏感注解
+ *
+ * @author liushuai(liushuai711 @ gmail.com)
+ * @version v4.0
+ * @Description:
+ * @since 2021/9/10 16:45
+ */
 @Retention(RetentionPolicy.RUNTIME)
 @Target(ElementType.FIELD)
 @JacksonAnnotationsInside

diff --git a/framework/src/main/java/cn/lili/common/security/sensitive/SensitiveJsonSerializer.java b/framework/src/main/java/cn/lili/common/security/sensitive/SensitiveJsonSerializer.java
@@ -0,0 +1,101 @@
+package cn.lili.common.security.sensitive;
+
+import cn.lili.common.properties.SystemSettingProperties;
+import cn.lili.common.security.AuthUser;
+import cn.lili.common.security.context.UserContext;
+import cn.lili.common.security.enums.UserEnums;
+import cn.lili.common.security.sensitive.enums.SensitiveStrategy;
+import com.fasterxml.jackson.core.JsonGenerator;
+import com.fasterxml.jackson.databind.BeanProperty;
+import com.fasterxml.jackson.databind.JsonMappingException;
+import com.fasterxml.jackson.databind.JsonSerializer;
+import com.fasterxml.jackson.databind.SerializerProvider;
+import com.fasterxml.jackson.databind.ser.ContextualSerializer;
+import org.springframework.beans.BeansException;
+import org.springframework.context.ApplicationContext;
+import org.springframework.context.ApplicationContextAware;
+
+import java.io.IOException;
+import java.util.Objects;
+
+/**
+ * 敏感信息序列化时 过滤
+ *
+ * @author liushuai(liushuai711 @ gmail.com)
+ * @version v4.0
+ * @Description:
+ * @since 2021/9/10 16:46
+ */
+public class SensitiveJsonSerializer extends JsonSerializer<String>
+        implements ContextualSerializer, ApplicationContextAware {
+    private SensitiveStrategy strategy;
+
+    //系统配置
+    private SystemSettingProperties systemSettingProperties;
+
+    @Override
+    public void serialize(String value, JsonGenerator gen, SerializerProvider serializers) throws IOException {
+        // 字段序列化处理
+        gen.writeString(strategy.desensitizer().apply(value));
+    }
+
+    @Override
+    public JsonSerializer<?> createContextual(SerializerProvider prov, BeanProperty property) throws JsonMappingException {
+
+        // 判定是否 需要脱敏处理
+        if (desensitization()) {
+            //获取敏感枚举
+            Sensitive annotation = property.getAnnotation(Sensitive.class);
+            //如果有敏感注解，则加入脱敏规则
+            if (Objects.nonNull(annotation) && Objects.equals(String.class, property.getType().getRawClass())) {
+                this.strategy = annotation.strategy();
+                return this;
+            }
+        }
+        return prov.findValueSerializer(property.getType(), property);
+
+    }
+
+    @Override
+    public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
+        systemSettingProperties = applicationContext.getBean(SystemSettingProperties.class);
+    }
+
+    /**
+     * 是否需要脱敏处理
+     *
+     * @return
+     */
+    private boolean desensitization() {
+
+        //当前用户
+        AuthUser authUser = UserContext.getCurrentUser();
+        //默认脱敏
+        if (authUser == null) {
+            return true;
+        }
+
+        //如果是店铺
+        if (authUser.getRole().equals(UserEnums.STORE)) {
+            //店铺需要进行脱敏，则脱敏处理
+            if (systemSettingProperties.getSensitiveLevel() == 2) {
+                return true;
+            }
+            //默认不需要
+            return false;
+        }
+
+
+        //如果是店铺
+        if (authUser.getRole().equals(UserEnums.MANAGER)) {
+            //店铺需要进行脱敏，则脱敏处理
+            if (systemSettingProperties.getSensitiveLevel() >= 1) {
+                return true;
+            }
+            //默认不需要
+            return false;
+        }
+
+        return false;
+    }
+}
diff --git a/...on/security/filter/SensitiveStrategy.java → ...ty/sensitive/enums/SensitiveStrategy.java b/...on/security/filter/SensitiveStrategy.java → ...ty/sensitive/enums/SensitiveStrategy.java
@@ -1,13 +1,16 @@
-package cn.lili.common.security.filter;
+package cn.lili.common.security.sensitive.enums;
 
 import java.util.function.Function;
 
 /**
+ * 敏感策略枚举
+ *
  * @author liushuai(liushuai711 @ gmail.com)
- * @version v4.1
+ * @version v4.0
  * @Description:
- * @since 2021/9/8 3:03 下午
+ * @since 2021/9/10 16:46
  */
+
 public enum SensitiveStrategy {
     /**
      * Username sensitive strategy.

diff --git a/framework/src/main/java/cn/lili/modules/member/entity/dos/Member.java b/framework/src/main/java/cn/lili/modules/member/entity/dos/Member.java
@@ -1,6 +1,8 @@
 package cn.lili.modules.member.entity.dos;
 
 import cn.lili.common.enums.ClientTypeEnum;
+import cn.lili.common.security.sensitive.Sensitive;
+import cn.lili.common.security.sensitive.enums.SensitiveStrategy;
 import cn.lili.mybatis.BaseEntity;
 import com.baomidou.mybatisplus.annotation.TableName;
 import com.fasterxml.jackson.annotation.JsonFormat;
@@ -54,6 +56,7 @@ public class Member extends BaseEntity {
 
     @NotEmpty(message = "手机号码不能为空")
     @ApiModelProperty(value = "手机号码", required = true)
+    @Sensitive(strategy = SensitiveStrategy.PHONE)
     private String mobile;
 
     @Min(message = "必须为数字", value = 0)

diff --git a/framework/src/main/java/cn/lili/modules/member/entity/dos/MemberAddress.java b/framework/src/main/java/cn/lili/modules/member/entity/dos/MemberAddress.java
@@ -1,5 +1,7 @@
 package cn.lili.modules.member.entity.dos;
 
+import cn.lili.common.security.sensitive.Sensitive;
+import cn.lili.common.security.sensitive.enums.SensitiveStrategy;
 import cn.lili.common.validation.Phone;
 import cn.lili.mybatis.BaseEntity;
 import com.baomidou.mybatisplus.annotation.TableName;
@@ -32,6 +34,7 @@ public class MemberAddress extends BaseEntity {
 
     @Phone
     @ApiModelProperty(value = "手机号码")
+    @Sensitive(strategy = SensitiveStrategy.PHONE)
     private String mobile;
 
     @NotBlank(message = "地址不能为空")

diff --git a/framework/src/main/java/cn/lili/modules/order/order/entity/dos/Order.java b/framework/src/main/java/cn/lili/modules/order/order/entity/dos/Order.java
@@ -4,6 +4,8 @@
 import cn.hutool.json.JSONUtil;
 import cn.lili.common.enums.ClientTypeEnum;
 import cn.lili.common.enums.PromotionTypeEnum;
+import cn.lili.common.security.sensitive.Sensitive;
+import cn.lili.common.security.sensitive.enums.SensitiveStrategy;
 import cn.lili.common.utils.BeanUtil;
 import cn.lili.modules.goods.entity.enums.GoodsTypeEnum;
 import cn.lili.modules.order.cart.entity.dto.TradeDTO;
@@ -89,6 +91,7 @@ public class Order extends BaseEntity {
     private String consigneeName;
 
     @ApiModelProperty(value = "收件人手机")
+    @Sensitive(strategy = SensitiveStrategy.PHONE)
     private String consigneeMobile;
 
     /**

diff --git a/manager-api/src/main/java/cn/lili/controller/member/MemberManagerController.java b/manager-api/src/main/java/cn/lili/controller/member/MemberManagerController.java
@@ -3,7 +3,6 @@
 import cn.lili.common.enums.ResultUtil;
 import cn.lili.common.vo.PageVO;
 import cn.lili.common.vo.ResultMessage;
-import cn.lili.modules.system.aspect.annotation.DemoSite;
 import cn.lili.modules.member.entity.dos.Member;
 import cn.lili.modules.member.entity.dto.ManagerMemberEditDTO;
 import cn.lili.modules.member.entity.dto.MemberAddDTO;