Merge branch 'master-jdk17' of https://gitee.com/zhijiantianya/ruoyi-vue-pro into feature/iot

yudao-framework/yudao-common/src/main/java/cn/iocoder/yudao/framework/common/enums/WebFilterOrderEnum.java

@@ -15,6 +15,8 @@ public interface WebFilterOrderEnum {
 
     int REQUEST_BODY_CACHE_FILTER = Integer.MIN_VALUE + 500;
 
+    int API_ENCRYPT_FILTER = REQUEST_BODY_CACHE_FILTER + 1;
+
     // OrderedRequestContextFilter 默认为 -105，用于国际化上下文等等
 
     int TENANT_CONTEXT_FILTER = - 104; // 需要保证在 ApiAccessLogFilter 前面

yudao-framework/yudao-common/src/main/java/cn/iocoder/yudao/framework/common/pojo/CommonResult.java

@@ -25,16 +25,16 @@ public class CommonResult<T> implements Serializable {
      * @see ErrorCode#getCode()
      */
     private Integer code;
-    /**
-     * 返回数据
-     */
-    private T data;
     /**
      * 错误提示，用户可阅读
      *
      * @see ErrorCode#getMsg() ()
      */
     private String msg;
+    /**
+     * 返回数据
+     */
+    private T data;
 
     /**
      * 将传入的 result 对象，转换成另外一个泛型结果的对象

yudao-framework/yudao-common/src/main/java/cn/iocoder/yudao/framework/common/pojo/PageResult.java

@@ -11,12 +11,12 @@ import java.util.List;
 @Data
 public final class PageResult<T> implements Serializable {
 
-    @Schema(description = "数据", requiredMode = Schema.RequiredMode.REQUIRED)
-    private List<T> list;
-
     @Schema(description = "总量", requiredMode = Schema.RequiredMode.REQUIRED)
     private Long total;
 
+    @Schema(description = "数据", requiredMode = Schema.RequiredMode.REQUIRED)
+    private List<T> list;
+
     public PageResult() {
     }
 

yudao-framework/yudao-spring-boot-starter-web/pom.xml

@@ -53,7 +53,13 @@
             <scope>provided</scope> <!-- 设置为 provided，主要是 GlobalExceptionHandler 使用 -->
         </dependency>
 
-        <!-- xss -->
+        <!-- 工具类相关 -->
+        <dependency>
+            <groupId>com.google.guava</groupId>
+            <artifactId>guava</artifactId>
+            <scope>provided</scope> <!-- 设置为 provided，只有工具类需要使用到 -->
+        </dependency>
+
         <dependency>
             <groupId>org.jsoup</groupId>
             <artifactId>jsoup</artifactId>

yudao-framework/yudao-spring-boot-starter-web/src/main/java/cn/iocoder/yudao/framework/encrypt/config/ApiEncryptProperties.java

@@ -0,0 +1,70 @@
+package cn.iocoder.yudao.framework.encrypt.config;
+
+import jakarta.validation.constraints.NotEmpty;
+import jakarta.validation.constraints.NotNull;
+import lombok.Data;
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.validation.annotation.Validated;
+
+/**
+ * HTTP API 加解密配置
+ *
+ * @author 芋道源码
+ */
+@ConfigurationProperties(prefix = "yudao.api-encrypt")
+@Validated
+@Data
+public class ApiEncryptProperties {
+
+    /**
+     * 是否开启
+     */
+    @NotNull(message = "是否开启不能为空")
+    private Boolean enable;
+
+    /**
+     * 请求头（响应头）名称
+     *
+     * 1. 如果该请求头非空，则表示请求参数已被「前端」加密，「后端」需要解密
+     * 2. 如果该响应头非空，则表示响应结果已被「后端」加密，「前端」需要解密
+     */
+    @NotEmpty(message = "请求头（响应头）名称不能为空")
+    private String header = "X-Api-Encrypt";
+
+    /**
+     * 对称加密算法，用于请求/响应的加解密
+     *
+     * 目前支持
+     * 【对称加密】：
+     *      1. {@link cn.hutool.crypto.symmetric.SymmetricAlgorithm#AES}
+     *      2. {@link cn.hutool.crypto.symmetric.SM4#ALGORITHM_NAME} （需要自己二次开发，成本低）
+     * 【非对称加密】
+     *      1. {@link cn.hutool.crypto.asymmetric.AsymmetricAlgorithm#RSA}
+     *      2. {@link cn.hutool.crypto.asymmetric.SM2} （需要自己二次开发，成本低）
+     *
+     * @see <a href="https://help.aliyun.com/zh/ssl-certificate/what-are-a-public-key-and-a-private-key">什么是公钥和私钥？</a>
+     */
+    @NotEmpty(message = "对称加密算法不能为空")
+    private String algorithm;
+
+    /**
+     * 请求的解密密钥
+     *
+     * 注意：
+     * 1. 如果是【对称加密】时，它「后端」对应的是“密钥”。对应的，「前端」也对应的也是“密钥”。
+     * 2. 如果是【非对称加密】时，它「后端」对应的是“私钥”。对应的，「前端」对应的是“公钥”。（重要！！！）
+     */
+    @NotEmpty(message = "请求的解密密钥不能为空")
+    private String requestKey;
+
+    /**
+     * 响应的加密密钥
+     *
+     * 注意：
+     * 1. 如果是【对称加密】时，它「后端」对应的是“密钥”。对应的，「前端」也对应的也是“密钥”。
+     * 2. 如果是【非对称加密】时，它「后端」对应的是“公钥”。对应的，「前端」对应的是“私钥”。（重要！！！）
+     */
+    @NotEmpty(message = "响应的加密密钥不能为空")
+    private String responseKey;
+
+}

yudao-framework/yudao-spring-boot-starter-web/src/main/java/cn/iocoder/yudao/framework/encrypt/config/YudaoApiEncryptAutoConfiguration.java

@@ -0,0 +1,34 @@
+package cn.iocoder.yudao.framework.encrypt.config;
+
+import cn.iocoder.yudao.framework.common.enums.WebFilterOrderEnum;
+import cn.iocoder.yudao.framework.encrypt.core.filter.ApiEncryptFilter;
+import cn.iocoder.yudao.framework.web.config.WebProperties;
+import cn.iocoder.yudao.framework.web.core.handler.GlobalExceptionHandler;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.boot.autoconfigure.AutoConfiguration;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
+import org.springframework.boot.context.properties.EnableConfigurationProperties;
+import org.springframework.boot.web.servlet.FilterRegistrationBean;
+import org.springframework.context.annotation.Bean;
+import org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping;
+
+import static cn.iocoder.yudao.framework.web.config.YudaoWebAutoConfiguration.createFilterBean;
+
+@AutoConfiguration
+@Slf4j
+@EnableConfigurationProperties(ApiEncryptProperties.class)
+@ConditionalOnProperty(prefix = "yudao.api-encrypt", name = "enable", havingValue = "true")
+public class YudaoApiEncryptAutoConfiguration {
+
+    @Bean
+    public FilterRegistrationBean<ApiEncryptFilter> apiEncryptFilter(WebProperties webProperties,
+                                                                     ApiEncryptProperties apiEncryptProperties,
+                                                                     RequestMappingHandlerMapping requestMappingHandlerMapping,
+                                                                     GlobalExceptionHandler globalExceptionHandler) {
+        ApiEncryptFilter filter = new ApiEncryptFilter(webProperties, apiEncryptProperties,
+                requestMappingHandlerMapping, globalExceptionHandler);
+        return createFilterBean(filter, WebFilterOrderEnum.API_ENCRYPT_FILTER);
+
+    }
+
+}

yudao-framework/yudao-spring-boot-starter-web/src/main/java/cn/iocoder/yudao/framework/encrypt/core/annotation/ApiEncrypt.java

@@ -0,0 +1,23 @@
+package cn.iocoder.yudao.framework.encrypt.core.annotation;
+
+import java.lang.annotation.*;
+
+/**
+ * HTTP API 加解密注解
+ */
+@Documented
+@Target({ElementType.TYPE, ElementType.METHOD})
+@Retention(RetentionPolicy.RUNTIME)
+public @interface ApiEncrypt {
+
+    /**
+     * 是否对请求参数进行解密，默认 true
+     */
+    boolean request() default true;
+
+    /**
+     * 是否对响应结果进行加密，默认 true
+     */
+    boolean response() default true;
+
+}

yudao-framework/yudao-spring-boot-starter-web/src/main/java/cn/iocoder/yudao/framework/encrypt/core/filter/ApiDecryptRequestWrapper.java

@@ -0,0 +1,86 @@
+package cn.iocoder.yudao.framework.encrypt.core.filter;
+
+import cn.hutool.core.io.IoUtil;
+import cn.hutool.core.util.StrUtil;
+import cn.hutool.crypto.asymmetric.AsymmetricDecryptor;
+import cn.hutool.crypto.asymmetric.KeyType;
+import cn.hutool.crypto.symmetric.SymmetricDecryptor;
+import jakarta.servlet.ReadListener;
+import jakarta.servlet.ServletInputStream;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequestWrapper;
+
+import java.io.BufferedReader;
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.InputStreamReader;
+
+/**
+ * 解密请求 {@link HttpServletRequestWrapper} 实现类
+ *
+ * @author 芋道源码
+ */
+public class ApiDecryptRequestWrapper extends HttpServletRequestWrapper {
+
+    private final byte[] body;
+
+    public ApiDecryptRequestWrapper(HttpServletRequest request,
+                                    SymmetricDecryptor symmetricDecryptor,
+                                    AsymmetricDecryptor asymmetricDecryptor) throws IOException {
+        super(request);
+        // 读取 body，允许 HEX、BASE64 传输
+        String requestBody = StrUtil.utf8Str(
+                IoUtil.readBytes(request.getInputStream(), false));
+
+        // 解密 body
+        body = symmetricDecryptor != null ? symmetricDecryptor.decrypt(requestBody)
+                : asymmetricDecryptor.decrypt(requestBody, KeyType.PrivateKey);
+    }
+
+    @Override
+    public BufferedReader getReader() {
+        return new BufferedReader(new InputStreamReader(this.getInputStream()));
+    }
+
+    @Override
+    public int getContentLength() {
+        return body.length;
+    }
+
+    @Override
+    public long getContentLengthLong() {
+        return body.length;
+    }
+
+    @Override
+    public ServletInputStream getInputStream() {
+        ByteArrayInputStream stream = new ByteArrayInputStream(body);
+        return new ServletInputStream() {
+
+            @Override
+            public int read() {
+                return stream.read();
+            }
+
+            @Override
+            public int available() {
+                return body.length;
+            }
+
+            @Override
+            public boolean isFinished() {
+                return false;
+            }
+
+            @Override
+            public boolean isReady() {
+                return false;
+            }
+
+            @Override
+            public void setReadListener(ReadListener readListener) {
+            }
+
+        };
+    }
+}

yudao-framework/yudao-spring-boot-starter-web/src/main/java/cn/iocoder/yudao/framework/encrypt/core/filter/ApiEncryptFilter.java

@@ -0,0 +1,152 @@
+package cn.iocoder.yudao.framework.encrypt.core.filter;
+
+import cn.hutool.core.util.StrUtil;
+import cn.hutool.crypto.SecureUtil;
+import cn.hutool.crypto.asymmetric.AsymmetricDecryptor;
+import cn.hutool.crypto.asymmetric.AsymmetricEncryptor;
+import cn.hutool.crypto.symmetric.SymmetricDecryptor;
+import cn.hutool.crypto.symmetric.SymmetricEncryptor;
+import cn.iocoder.yudao.framework.common.pojo.CommonResult;
+import cn.iocoder.yudao.framework.common.util.object.ObjectUtils;
+import cn.iocoder.yudao.framework.common.util.servlet.ServletUtils;
+import cn.iocoder.yudao.framework.encrypt.config.ApiEncryptProperties;
+import cn.iocoder.yudao.framework.encrypt.core.annotation.ApiEncrypt;
+import cn.iocoder.yudao.framework.web.config.WebProperties;
+import cn.iocoder.yudao.framework.web.core.filter.ApiRequestFilter;
+import cn.iocoder.yudao.framework.web.core.handler.GlobalExceptionHandler;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.http.HttpMethod;
+import org.springframework.web.method.HandlerMethod;
+import org.springframework.web.servlet.HandlerExecutionChain;
+import org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping;
+
+import java.io.IOException;
+
+import static cn.iocoder.yudao.framework.common.exception.util.ServiceExceptionUtil.invalidParamException;
+
+/**
+ * API 加密过滤器，处理 {@link ApiEncrypt} 注解。
+ *
+ * 1. 解密请求参数
+ * 2. 加密响应结果
+ *
+ * 疑问：为什么不使用 SpringMVC 的 RequestBodyAdvice 或 ResponseBodyAdvice 机制呢？
+ * 回答：考虑到项目中会记录访问日志、异常日志，以及 HTTP API 签名等场景，最好是全局级、且提前做解析！！！
+ *
+ * @author 芋道源码
+ */
+@Slf4j
+public class ApiEncryptFilter extends ApiRequestFilter {
+
+    private final ApiEncryptProperties apiEncryptProperties;
+
+    private final RequestMappingHandlerMapping requestMappingHandlerMapping;
+
+    private final GlobalExceptionHandler globalExceptionHandler;
+
+    private final SymmetricDecryptor requestSymmetricDecryptor;
+    private final AsymmetricDecryptor requestAsymmetricDecryptor;
+
+    private final SymmetricEncryptor responseSymmetricEncryptor;
+    private final AsymmetricEncryptor responseAsymmetricEncryptor;
+
+    public ApiEncryptFilter(WebProperties webProperties,
+                            ApiEncryptProperties apiEncryptProperties,
+                            RequestMappingHandlerMapping requestMappingHandlerMapping,
+                            GlobalExceptionHandler globalExceptionHandler) {
+        super(webProperties);
+        this.apiEncryptProperties = apiEncryptProperties;
+        this.requestMappingHandlerMapping = requestMappingHandlerMapping;
+        this.globalExceptionHandler = globalExceptionHandler;
+        if (StrUtil.equalsIgnoreCase(apiEncryptProperties.getAlgorithm(), "AES")) {
+            this.requestSymmetricDecryptor = SecureUtil.aes(StrUtil.utf8Bytes(apiEncryptProperties.getRequestKey()));
+            this.requestAsymmetricDecryptor = null;
+            this.responseSymmetricEncryptor = SecureUtil.aes(StrUtil.utf8Bytes(apiEncryptProperties.getResponseKey()));
+            this.responseAsymmetricEncryptor = null;
+        } else if (StrUtil.equalsIgnoreCase(apiEncryptProperties.getAlgorithm(), "RSA")) {
+            this.requestSymmetricDecryptor = null;
+            this.requestAsymmetricDecryptor = SecureUtil.rsa(apiEncryptProperties.getRequestKey(), null);
+            this.responseSymmetricEncryptor = null;
+            this.responseAsymmetricEncryptor = SecureUtil.rsa(null, apiEncryptProperties.getResponseKey());
+        } else {
+            // 补充说明：如果要支持 SM2、SM4 等算法，可在此处增加对应实例的创建，并添加相应的 Maven 依赖即可。
+            throw new IllegalArgumentException("不支持的加密算法：" + apiEncryptProperties.getAlgorithm());
+        }
+    }
+
+    @Override
+    @SuppressWarnings("NullableProblems")
+    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
+            throws ServletException, IOException {
+        // 获取 @ApiEncrypt 注解
+        ApiEncrypt apiEncrypt = getApiEncrypt(request);
+        boolean requestEnable = apiEncrypt != null && apiEncrypt.request();
+        boolean responseEnable = apiEncrypt != null && apiEncrypt.response();
+        String encryptHeader = request.getHeader(apiEncryptProperties.getHeader());
+        if (!requestEnable && !responseEnable && StrUtil.isBlank(encryptHeader))  {
+            chain.doFilter(request, response);
+            return;
+        }
+
+        // 1. 解密请求
+        if (ObjectUtils.equalsAny(HttpMethod.valueOf(request.getMethod()),
+                HttpMethod.POST, HttpMethod.PUT, HttpMethod.DELETE)) {
+            try {
+                if (StrUtil.isNotBlank(encryptHeader)) {
+                    request = new ApiDecryptRequestWrapper(request,
+                            requestSymmetricDecryptor, requestAsymmetricDecryptor);
+                } else if (requestEnable) {
+                    throw invalidParamException("请求未包含加密标头，请检查是否正确配置了加密标头");
+                }
+            } catch (Exception ex) {
+                CommonResult<?> result = globalExceptionHandler.allExceptionHandler(request, ex);
+                ServletUtils.writeJSON(response, result);
+                return;
+            }
+        }
+
+        // 2. 执行过滤器链
+        if (responseEnable) {
+            // 特殊：仅包装，最后执行。目的：Response 内容可以被重复读取！！！
+            response = new ApiEncryptResponseWrapper(response);
+        }
+        chain.doFilter(request, response);
+
+        // 3. 加密响应（真正执行）
+        if (responseEnable) {
+            ((ApiEncryptResponseWrapper) response).encrypt(apiEncryptProperties,
+                    responseSymmetricEncryptor, responseAsymmetricEncryptor);
+        }
+    }
+
+    /**
+     * 获取 @ApiEncrypt 注解
+     *
+     * @param request 请求
+     */
+    private ApiEncrypt getApiEncrypt(HttpServletRequest request) {
+        try {
+            HandlerExecutionChain mappingHandler = requestMappingHandlerMapping.getHandler(request);
+            if (mappingHandler == null) {
+                return null;
+            }
+            Object handler = mappingHandler.getHandler();
+            if (handler instanceof HandlerMethod handlerMethod) {
+                ApiEncrypt annotation = handlerMethod.getMethodAnnotation(ApiEncrypt.class);
+                if (annotation == null) {
+                    annotation = handlerMethod.getBeanType().getAnnotation(ApiEncrypt.class);
+                }
+                return annotation;
+            }
+        } catch (Exception e) {
+            log.error("[getApiEncrypt][url({}/{}) 获取 @ApiEncrypt 注解失败]",
+                    request.getRequestURI(), request.getMethod(), e);
+        }
+        return null;
+    }
+
+}

yudao-framework/yudao-spring-boot-starter-web/src/main/java/cn/iocoder/yudao/framework/encrypt/core/filter/ApiEncryptResponseWrapper.java

@@ -0,0 +1,109 @@
+package cn.iocoder.yudao.framework.encrypt.core.filter;
+
+import cn.hutool.crypto.asymmetric.AsymmetricEncryptor;
+import cn.hutool.crypto.asymmetric.KeyType;
+import cn.hutool.crypto.symmetric.SymmetricEncryptor;
+import cn.iocoder.yudao.framework.encrypt.config.ApiEncryptProperties;
+import jakarta.servlet.ServletOutputStream;
+import jakarta.servlet.WriteListener;
+import jakarta.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletResponseWrapper;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.OutputStreamWriter;
+import java.io.PrintWriter;
+
+/**
+ * 加密响应 {@link HttpServletResponseWrapper} 实现类
+ *
+ * @author 芋道源码
+ */
+public class ApiEncryptResponseWrapper extends HttpServletResponseWrapper {
+
+    private final ByteArrayOutputStream byteArrayOutputStream;
+    private final ServletOutputStream servletOutputStream;
+    private final PrintWriter printWriter;
+
+    public ApiEncryptResponseWrapper(HttpServletResponse response) {
+        super(response);
+        this.byteArrayOutputStream = new ByteArrayOutputStream();
+        this.servletOutputStream = this.getOutputStream();
+        this.printWriter = new PrintWriter(new OutputStreamWriter(byteArrayOutputStream));
+    }
+
+    public void encrypt(ApiEncryptProperties properties,
+                        SymmetricEncryptor symmetricEncryptor,
+                        AsymmetricEncryptor asymmetricEncryptor) throws IOException {
+        // 1.1 清空 body
+        HttpServletResponse response = (HttpServletResponse) this.getResponse();
+        response.resetBuffer();
+        // 1.2 获取 body
+        this.flushBuffer();
+        byte[] body = byteArrayOutputStream.toByteArray();
+
+        // 2. 加密 body
+        String encryptedBody = symmetricEncryptor != null ? symmetricEncryptor.encryptBase64(body)
+                : asymmetricEncryptor.encryptBase64(body, KeyType.PublicKey);
+        response.getWriter().write(encryptedBody);
+
+        // 3. 添加加密 header 标识
+        this.addHeader(properties.getHeader(), "true");
+        // 特殊：特殊：https://juejin.cn/post/6867327674675625992
+        this.addHeader("Access-Control-Expose-Headers", properties.getHeader());
+    }
+
+    @Override
+    public PrintWriter getWriter() {
+        return printWriter;
+    }
+
+    @Override
+    public void flushBuffer() throws IOException {
+        if (servletOutputStream != null) {
+            servletOutputStream.flush();
+        }
+        if (printWriter != null) {
+            printWriter.flush();
+        }
+    }
+
+    @Override
+    public void reset() {
+        byteArrayOutputStream.reset();
+    }
+
+    @Override
+    public ServletOutputStream getOutputStream() {
+        return new ServletOutputStream() {
+
+            @Override
+            public boolean isReady() {
+                return false;
+            }
+
+            @Override
+            public void setWriteListener(WriteListener writeListener) {
+            }
+
+            @Override
+            public void write(int b) {
+                byteArrayOutputStream.write(b);
+            }
+
+            @Override
+            @SuppressWarnings("NullableProblems")
+            public void write(byte[] b) throws IOException {
+                byteArrayOutputStream.write(b);
+            }
+
+            @Override
+            @SuppressWarnings("NullableProblems")
+            public void write(byte[] b, int off, int len) {
+                byteArrayOutputStream.write(b, off, len);
+            }
+
+        };
+    }
+
+}

yudao-framework/yudao-spring-boot-starter-web/src/main/java/cn/iocoder/yudao/framework/encrypt/package-info.java

@@ -0,0 +1,4 @@
+/**
+ * HTTP API 加密组件：支持 Request 和 Response 的加密、解密
+ */
+package cn.iocoder.yudao.framework.encrypt;

yudao-framework/yudao-spring-boot-starter-web/src/main/java/cn/iocoder/yudao/framework/web/core/filter/CacheRequestBodyWrapper.java

@@ -1,14 +1,13 @@
 package cn.iocoder.yudao.framework.web.core.filter;
 
 import cn.iocoder.yudao.framework.common.util.servlet.ServletUtils;
-
 import jakarta.servlet.ReadListener;
 import jakarta.servlet.ServletInputStream;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletRequestWrapper;
+
 import java.io.BufferedReader;
 import java.io.ByteArrayInputStream;
-import java.io.IOException;
 import java.io.InputStreamReader;
 
 /**
@@ -29,12 +28,22 @@ public class CacheRequestBodyWrapper extends HttpServletRequestWrapper {
     }
 
     @Override
-    public BufferedReader getReader() throws IOException {
+    public BufferedReader getReader() {
         return new BufferedReader(new InputStreamReader(this.getInputStream()));
     }
 
     @Override
-    public ServletInputStream getInputStream() throws IOException {
+    public int getContentLength() {
+        return body.length;
+    }
+
+    @Override
+    public long getContentLengthLong() {
+        return body.length;
+    }
+
+    @Override
+    public ServletInputStream getInputStream() {
         final ByteArrayInputStream inputStream = new ByteArrayInputStream(body);
         // 返回 ServletInputStream
         return new ServletInputStream() {

yudao-framework/yudao-spring-boot-starter-web/src/main/java/cn/iocoder/yudao/framework/web/core/handler/GlobalExceptionHandler.java

@@ -5,7 +5,6 @@ import cn.hutool.core.exceptions.ExceptionUtil;
 import cn.hutool.core.map.MapUtil;
 import cn.hutool.core.util.ObjUtil;
 import cn.hutool.core.util.StrUtil;
-import cn.hutool.extra.servlet.JakartaServletUtil;
 import cn.iocoder.yudao.framework.common.biz.infra.logger.ApiErrorLogCommonApi;
 import cn.iocoder.yudao.framework.common.biz.infra.logger.dto.ApiErrorLogCreateReqDTO;
 import cn.iocoder.yudao.framework.common.exception.ServiceException;
@@ -17,6 +16,7 @@ import cn.iocoder.yudao.framework.common.util.monitor.TracerUtils;
 import cn.iocoder.yudao.framework.common.util.servlet.ServletUtils;
 import cn.iocoder.yudao.framework.web.core.util.WebFrameworkUtils;
 import com.fasterxml.jackson.databind.exc.InvalidFormatException;
+import com.google.common.util.concurrent.UncheckedExecutionException;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.validation.ConstraintViolation;
 import jakarta.validation.ConstraintViolationException;
@@ -111,6 +111,9 @@ public class GlobalExceptionHandler {
         if (ex instanceof AccessDeniedException) {
             return accessDeniedExceptionHandler(request, (AccessDeniedException) ex);
         }
+        if (ex instanceof UncheckedExecutionException && ex.getCause() != ex) {
+            return allExceptionHandler(request, ex.getCause());
+        }
         return defaultExceptionHandler(request, ex);
     }
 
@@ -266,6 +269,16 @@ public class GlobalExceptionHandler {
         return CommonResult.error(FORBIDDEN);
     }
 
+    /**
+     * 处理 Guava UncheckedExecutionException
+     *
+     * 例如说，缓存加载报错，可见 <a href="https://t.zsxq.com/UszdH">https://t.zsxq.com/UszdH</a>
+     */
+    @ExceptionHandler(value = UncheckedExecutionException.class)
+    public CommonResult<?> uncheckedExecutionExceptionHandler(HttpServletRequest req, UncheckedExecutionException ex) {
+        return allExceptionHandler(req, ex.getCause());
+    }
+
     /**
      * 处理业务异常 ServiceException
      *
@@ -344,12 +357,12 @@ public class GlobalExceptionHandler {
         errorLog.setApplicationName(applicationName);
         errorLog.setRequestUrl(request.getRequestURI());
         Map<String, Object> requestParams = MapUtil.<String, Object>builder()
-                .put("query", JakartaServletUtil.getParamMap(request))
-                .put("body", JakartaServletUtil.getBody(request)).build();
+                .put("query", ServletUtils.getParamMap(request))
+                .put("body", ServletUtils.getBody(request)).build();
         errorLog.setRequestParams(JsonUtils.toJsonString(requestParams));
         errorLog.setRequestMethod(request.getMethod());
         errorLog.setUserAgent(ServletUtils.getUserAgent(request));
-        errorLog.setUserIp(JakartaServletUtil.getClientIP(request));
+        errorLog.setUserIp(ServletUtils.getClientIP(request));
         errorLog.setExceptionTime(LocalDateTime.now());
     }
 

yudao-framework/yudao-spring-boot-starter-web/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports

@@ -3,4 +3,5 @@ cn.iocoder.yudao.framework.jackson.config.YudaoJacksonAutoConfiguration
 cn.iocoder.yudao.framework.swagger.config.YudaoSwaggerAutoConfiguration
 cn.iocoder.yudao.framework.web.config.YudaoWebAutoConfiguration
 cn.iocoder.yudao.framework.xss.config.YudaoXssAutoConfiguration
-cn.iocoder.yudao.framework.banner.config.YudaoBannerAutoConfiguration
+cn.iocoder.yudao.framework.banner.config.YudaoBannerAutoConfiguration
+cn.iocoder.yudao.framework.encrypt.config.YudaoApiEncryptAutoConfiguration

yudao-framework/yudao-spring-boot-starter-web/src/test/java/cn/iocoder/yudao/framework/encrypt/ApiEncryptTest.java

@@ -0,0 +1,86 @@
+package cn.iocoder.yudao.framework.encrypt;
+
+import cn.hutool.core.util.RandomUtil;
+import cn.hutool.core.util.StrUtil;
+import cn.hutool.crypto.SecureUtil;
+import cn.hutool.crypto.asymmetric.AsymmetricAlgorithm;
+import cn.hutool.crypto.asymmetric.KeyType;
+import cn.hutool.crypto.asymmetric.RSA;
+import cn.hutool.crypto.symmetric.SymmetricAlgorithm;
+import org.junit.jupiter.api.Test;
+
+import java.util.Objects;
+
+/**
+ * 各种 API 加解密的测试类：不是单测，而是方便大家生成密钥、加密、解密等操作。
+ *
+ * @author 芋道源码
+ */
+@SuppressWarnings("ConstantValue")
+public class ApiEncryptTest {
+
+    @Test
+    public void testGenerateAsymmetric() {
+        String asymmetricAlgorithm = AsymmetricAlgorithm.RSA.getValue();
+//        String asymmetricAlgorithm = "SM2";
+//        String asymmetricAlgorithm = SM4.ALGORITHM_NAME;
+//        String asymmetricAlgorithm = SymmetricAlgorithm.AES.getValue();
+        String requestClientKey = null;
+        String requestServerKey = null;
+        String responseClientKey = null;
+        String responseServerKey = null;
+        if (Objects.equals(asymmetricAlgorithm, AsymmetricAlgorithm.RSA.getValue())) {
+            // 请求的密钥
+            RSA requestRsa = SecureUtil.rsa();
+            requestClientKey = requestRsa.getPublicKeyBase64();
+            requestServerKey = requestRsa.getPrivateKeyBase64();
+            // 响应的密钥
+            RSA responseRsa = new RSA();
+            responseClientKey = responseRsa.getPrivateKeyBase64();
+            responseServerKey = responseRsa.getPublicKeyBase64();
+        } else if (Objects.equals(asymmetricAlgorithm, SymmetricAlgorithm.AES.getValue())) {
+            // AES 密钥可选 32、24、16 位
+            // 请求的密钥（前后端密钥一致）
+            requestClientKey = RandomUtil.randomNumbers(32);
+            requestServerKey = requestClientKey;
+            // 响应的密钥（前后端密钥一致）
+            responseClientKey = RandomUtil.randomNumbers(32);
+            responseServerKey = responseClientKey;
+        }
+
+        // 打印结果
+        System.out.println("requestClientKey = " + requestClientKey);
+        System.out.println("requestServerKey = " + requestServerKey);
+        System.out.println("responseClientKey = " + responseClientKey);
+        System.out.println("responseServerKey = " + responseServerKey);
+    }
+
+    @Test
+    public void testEncrypt_aes() {
+        String key = "52549111389893486934626385991395";
+        String body = "{\n" +
+                "  \"username\": \"admin\",\n" +
+                "  \"password\": \"admin123\",\n" +
+                "  \"uuid\": \"3acd87a09a4f48fb9118333780e94883\",\n" +
+                "  \"code\": \"1024\"\n" +
+                "}";
+        String encrypt = SecureUtil.aes(StrUtil.utf8Bytes(key))
+                .encryptBase64(body);
+        System.out.println("encrypt = " + encrypt);
+    }
+
+    @Test
+    public void testEncrypt_rsa() {
+        String key = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCls2rIpnGdYnLFgz1XU13GbNQ5DloyPpvW00FPGjqn5Z6JpK+kDtVlnkhwR87iRrE5Vf2WNqRX6vzbLSgveIQY8e8oqGCb829myjf1MuI+ZzN4ghf/7tEYhZJGPI9AbfxFqBUzm+kR3/HByAI22GLT96WM26QiMK8n3tIP/yiLswIDAQAB";
+        String body = "{\n" +
+                "  \"username\": \"admin\",\n" +
+                "  \"password\": \"admin123\",\n" +
+                "  \"uuid\": \"3acd87a09a4f48fb9118333780e94883\",\n" +
+                "  \"code\": \"1024\"\n" +
+                "}";
+        String encrypt = SecureUtil.rsa(null, key)
+                .encryptBase64(body, KeyType.PublicKey);
+        System.out.println("encrypt = " + encrypt);
+    }
+
+}