From 6aed3167b31d6780901f5b67ea853a58fef2e3c3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E7=BD=97=E6=88=90?= <2847920761@qq.com>
Date: Wed, 23 Jul 2025 11:33:06 +0800
Subject: [PATCH] =?UTF-8?q?=E5=8A=A0=E5=AF=86=E9=97=AE=E9=A2=98?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../src/main/resources/application.yml        |  6 +++
 .../config/ApiDecryptAutoConfiguration.java   |  5 +-
 .../common/encrypt/filter/CryptoFilter.java   | 49 ++++++++++++++++---
 .../properties/ApiDecryptProperties.java      |  9 ++++
 4 files changed, 60 insertions(+), 9 deletions(-)

diff --git a/xinnengyuan/ruoyi-admin/src/main/resources/application.yml b/xinnengyuan/ruoyi-admin/src/main/resources/application.yml
index 558f54b1..39e059d1 100644
--- a/xinnengyuan/ruoyi-admin/src/main/resources/application.yml
+++ b/xinnengyuan/ruoyi-admin/src/main/resources/application.yml
@@ -186,6 +186,12 @@ api-decrypt:
   # 请求解密私钥 非对称算法的公私钥 如：SM2，RSA 使用者请自行更换
   # 对应前端加密公钥 MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKoR8mX0rGKLqzcWmOzbfj64K8ZIgOdHnzkXSOVOZbFu/TJhZ7rFAN+eaGkl3C4buccQd/EjEsj9ir7ijT7h96MCAwEAAQ==
   privateKey: MIIBVAIBADANBgkqhkiG9w0BAQEFAASCAT4wggE6AgEAAkEAqhHyZfSsYourNxaY7Nt+PrgrxkiA50efORdI5U5lsW79MmFnusUA355oaSXcLhu5xxB38SMSyP2KvuKNPuH3owIDAQABAkAfoiLyL+Z4lf4Myxk6xUDgLaWGximj20CUf+5BKKnlrK+Ed8gAkM0HqoTt2UZwA5E2MzS4EI2gjfQhz5X28uqxAiEA3wNFxfrCZlSZHb0gn2zDpWowcSxQAgiCstxGUoOqlW8CIQDDOerGKH5OmCJ4Z21v+F25WaHYPxCFMvwxpcw99EcvDQIgIdhDTIqD2jfYjPTY8Jj3EDGPbH2HHuffvflECt3Ek60CIQCFRlCkHpi7hthhYhovyloRYsM+IS9h/0BzlEAuO0ktMQIgSPT3aFAgJYwKpqRYKlLDVcflZFCKY7u3UP8iWi1Qw0Y=
+  # cory 放行部分接口
+  excluded-paths:
+    - /doc.html    # 放行Swagger文档
+    - /swagger-ui/**     # 放行Swagger文档
+    - /v3/api-docs/**    # 放行OpenAPI文档
+    - /actuator/**       # 放行监控接口
 
 springdoc:
   api-docs:
diff --git a/xinnengyuan/ruoyi-common/ruoyi-common-encrypt/src/main/java/org/dromara/common/encrypt/config/ApiDecryptAutoConfiguration.java b/xinnengyuan/ruoyi-common/ruoyi-common-encrypt/src/main/java/org/dromara/common/encrypt/config/ApiDecryptAutoConfiguration.java
index 098f6bc8..4f6ac1f7 100644
--- a/xinnengyuan/ruoyi-common/ruoyi-common-encrypt/src/main/java/org/dromara/common/encrypt/config/ApiDecryptAutoConfiguration.java
+++ b/xinnengyuan/ruoyi-common/ruoyi-common-encrypt/src/main/java/org/dromara/common/encrypt/config/ApiDecryptAutoConfiguration.java
@@ -8,6 +8,7 @@ import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.boot.context.properties.EnableConfigurationProperties;
 import org.springframework.boot.web.servlet.FilterRegistrationBean;
 import org.springframework.context.annotation.Bean;
+import org.springframework.util.PathMatcher;
 
 /**
  * api 解密自动配置
@@ -20,10 +21,10 @@ import org.springframework.context.annotation.Bean;
 public class ApiDecryptAutoConfiguration {
 
     @Bean
-    public FilterRegistrationBean<CryptoFilter> cryptoFilterRegistration(ApiDecryptProperties properties) {
+    public FilterRegistrationBean<CryptoFilter> cryptoFilterRegistration(ApiDecryptProperties properties, PathMatcher pathMatcher) {
         FilterRegistrationBean<CryptoFilter> registration = new FilterRegistrationBean<>();
         registration.setDispatcherTypes(DispatcherType.REQUEST);
-        registration.setFilter(new CryptoFilter(properties));
+        registration.setFilter(new CryptoFilter(properties,pathMatcher));
         registration.addUrlPatterns("/*");
         registration.setName("cryptoFilter");
         registration.setOrder(FilterRegistrationBean.HIGHEST_PRECEDENCE);
diff --git a/xinnengyuan/ruoyi-common/ruoyi-common-encrypt/src/main/java/org/dromara/common/encrypt/filter/CryptoFilter.java b/xinnengyuan/ruoyi-common/ruoyi-common-encrypt/src/main/java/org/dromara/common/encrypt/filter/CryptoFilter.java
index ea77c8d4..5997a0de 100644
--- a/xinnengyuan/ruoyi-common/ruoyi-common-encrypt/src/main/java/org/dromara/common/encrypt/filter/CryptoFilter.java
+++ b/xinnengyuan/ruoyi-common/ruoyi-common-encrypt/src/main/java/org/dromara/common/encrypt/filter/CryptoFilter.java
@@ -11,12 +11,15 @@ import org.dromara.common.core.utils.StringUtils;
 import org.dromara.common.encrypt.annotation.ApiEncrypt;
 import org.dromara.common.encrypt.properties.ApiDecryptProperties;
 import org.springframework.http.HttpMethod;
+import org.springframework.util.CollectionUtils;
+import org.springframework.util.PathMatcher;
 import org.springframework.web.method.HandlerMethod;
 import org.springframework.web.servlet.HandlerExceptionResolver;
 import org.springframework.web.servlet.HandlerExecutionChain;
 import org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping;
 
 import java.io.IOException;
+import java.util.List;
 
 
 /**
@@ -26,23 +29,36 @@ import java.io.IOException;
  */
 public class CryptoFilter implements Filter {
     private final ApiDecryptProperties properties;
+    private final PathMatcher pathMatcher;
 
-    public CryptoFilter(ApiDecryptProperties properties) {
+    public CryptoFilter(ApiDecryptProperties properties, PathMatcher pathMatcher) {
         this.properties = properties;
+        this.pathMatcher = pathMatcher;
     }
 
     @Override
     public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
         HttpServletRequest servletRequest = (HttpServletRequest) request;
         HttpServletResponse servletResponse = (HttpServletResponse) response;
+
+        // 获取加密注解
+        //ApiEncrypt apiEncrypt = this.getApiEncryptAnnotation(servletRequest);
+        //boolean responseFlag = apiEncrypt != null && apiEncrypt.response();
+
+        //直接全局加密
         boolean responseFlag = true;
-        if ("OPTIONS".equalsIgnoreCase(servletRequest.getMethod())) {
-            // 是预检请求就直接返回不走响应加密
-            responseFlag = false;
+
+        // 检查请求是否被排除
+        if (isExcludedPath(servletRequest.getRequestURI())) {
+            chain.doFilter(request, response);
+            return;
         }
-//        // 获取加密注解
-//        ApiEncrypt apiEncrypt = this.getApiEncryptAnnotation(servletRequest);
-//        boolean responseFlag = apiEncrypt != null && apiEncrypt.response();
+        if ("OPTIONS".equalsIgnoreCase(servletRequest.getMethod())) {
+            chain.doFilter(request, response);
+            return;
+        }
+
+
 
         ServletRequest requestWrapper = null;
         ServletResponse responseWrapper = null;
@@ -88,6 +104,25 @@ public class CryptoFilter implements Filter {
         }
     }
 
+    private boolean isExcludedPath(String requestUri) {
+        // 从配置中获取放行的URL列表
+        List<String> excludedPaths = properties.getExcludedPaths();
+
+        if (CollectionUtils.isEmpty(excludedPaths)) {
+            return false;
+        }
+
+        // 检查请求URI是否匹配任何一个放行路径
+        for (String excludedPath : excludedPaths) {
+            // 支持简单的Ant风格路径匹配（如 /api/public/**）
+            if (pathMatcher.match(excludedPath, requestUri)) {
+                return true;
+            }
+        }
+
+        return false;
+    }
+
     /**
      * 获取 ApiEncrypt 注解
      */
diff --git a/xinnengyuan/ruoyi-common/ruoyi-common-encrypt/src/main/java/org/dromara/common/encrypt/properties/ApiDecryptProperties.java b/xinnengyuan/ruoyi-common/ruoyi-common-encrypt/src/main/java/org/dromara/common/encrypt/properties/ApiDecryptProperties.java
index 6aadb3e0..548a7a02 100644
--- a/xinnengyuan/ruoyi-common/ruoyi-common-encrypt/src/main/java/org/dromara/common/encrypt/properties/ApiDecryptProperties.java
+++ b/xinnengyuan/ruoyi-common/ruoyi-common-encrypt/src/main/java/org/dromara/common/encrypt/properties/ApiDecryptProperties.java
@@ -3,6 +3,9 @@ package org.dromara.common.encrypt.properties;
 import lombok.Data;
 import org.springframework.boot.context.properties.ConfigurationProperties;
 
+import java.util.ArrayList;
+import java.util.List;
+
 /**
  * api解密属性配置类
  * @author wdhcr
@@ -31,4 +34,10 @@ public class ApiDecryptProperties {
      */
     private String privateKey;
 
+    /**
+     * cory
+     * 需要放行的接口路径列表（支持Ant风格路径匹配）
+     */
+    private List<String> excludedPaths = new ArrayList<>();
+
 }