2 năm trước cách đây · c3a06b4389
--- a/ibps-provider-root/modules/provider-business/src/main/java/com/lc/ibps/config/JcjdConfig.java
+++ b/ibps-provider-root/modules/provider-business/src/main/java/com/lc/ibps/config/JcjdConfig.java
@@ -7,6 +7,8 @@ package com.lc.ibps.config;
 
				 
			
 
				 public class JcjdConfig {
			
 
				 
			
 
				+    public static final String ENCIPHER_KEY="4qjmkW2f2OWWaT24cuqrkZGhwa6i5WypKsxnukI2Mqn+C4X+qMPn4ex0V8czvFvFrQn87YhVg0ch2kdVcORLDQ=="; //接口加密key
			
 
				+
			
 
				     public static final String WT_STATE="待环境检测"; //委托
			
 
				 
			
 
				     public static final String ENTRUST="entrust"; //委托
			
--- a/ibps-provider-root/modules/provider-business/src/main/java/com/lc/ibps/sysdata/controller/UpdateDataTableController.java
+++ b/ibps-provider-root/modules/provider-business/src/main/java/com/lc/ibps/sysdata/controller/UpdateDataTableController.java
@@ -60,11 +60,11 @@ public class UpdateDataTableController {
 
				     @ApiOperation("直接运行查询sql")
			
 
				     @ApiImplicitParams({@ApiImplicitParam("传入加密的sql字符串")})
			
 
				     @PostMapping("/encipher")
			
 
				-    APIResult<Void> encipher(@RequestBody String data) {
			
 
				+    APIResult<Void> encipher(@RequestBody String data)throws Exception {
			
 
				         APIResult<Void> apiResult = new APIResult<>();
			
 
				         //sql解密后在进行查询
			
 
				         //data
			
 
				-
			
 
				+        APIResult<Void> encipher = updateDataTableService.encipher(data);
			
 
				         Map mapData = JSONObject.parseObject(data); /*转换成map*/
			
 
				         String sql = (String) mapData.get("sql");
			
 
				         if (null != sql && !"".equals(sql) && "select".equals(sql.substring(0, 6))) {
			
--- a/ibps-provider-root/modules/provider-business/src/main/java/com/lc/ibps/sysdata/services/UpdateDataTableService.java
+++ b/ibps-provider-root/modules/provider-business/src/main/java/com/lc/ibps/sysdata/services/UpdateDataTableService.java
@@ -80,4 +80,6 @@ public interface UpdateDataTableService {
 
				     //批量删除接口 不带where条件
			
 
				     Integer batchDeleteNoWhere(String tableName);
			
 
				 
			
 
				+    APIResult<Void> encipher(String data) throws Exception;
			
 
				+
			
 
				 }
			
--- a/ibps-provider-root/modules/provider-business/src/main/java/com/lc/ibps/sysdata/services/impl/UpdateDataTableImpl.java
+++ b/ibps-provider-root/modules/provider-business/src/main/java/com/lc/ibps/sysdata/services/impl/UpdateDataTableImpl.java
@@ -10,6 +10,7 @@ import com.lc.ibps.cloud.entity.APIPageList;
 
				 import com.lc.ibps.cloud.entity.APIPageResult;
			
 
				 import com.lc.ibps.cloud.entity.APIResult;
			
 
				 import com.lc.ibps.cloud.provider.GenericProvider;
			
 
				+import com.lc.ibps.config.JcjdConfig;
			
 
				 import com.lc.ibps.config.JsonUtilConfig;
			
 
				 import com.lc.ibps.config.SerialConfig;
			
 
				 import com.lc.ibps.sysdata.dao.UpdateDataTableDao;
			
@@ -25,6 +26,9 @@ import org.springframework.util.DigestUtils;
 
				 import org.springframework.web.bind.annotation.RequestBody;
			
 
				 
			
 
				 import javax.annotation.Resource;
			
 
				+import javax.crypto.Cipher;
			
 
				+import javax.crypto.spec.SecretKeySpec;
			
 
				+import java.nio.charset.StandardCharsets;
			
 
				 import java.util.*;
			
 
				 
			
 
				 import static com.lc.ibps.api.base.constants.StateEnum.ERROR;
			
@@ -417,4 +421,42 @@ public class UpdateDataTableImpl extends GenericProvider implements UpdateDataTa
 
				         return i;
			
 
				     }
			
 
				 
			
 
				+    @Override
			
 
				+    public APIResult<Void> encipher(String data) throws Exception {
			
 
				+        APIResult<Void> apiResult = new APIResult<>();
			
 
				+        //sql解密后在进行查询
			
 
				+        // 前端传递的加密数据为 data，密钥为 key
			
 
				+        //String encryptedData = "encrypted-data-from-frontend";
			
 
				+       // String key = "4qjmkW2f2OWWaT24cuqrkZGhwa6i5WypKsxnukI2Mqn+C4X+qMPn4ex0V8czvFvFrQn87YhVg0ch2kdVcORLDQ==";
			
 
				+        // 将密钥转换为 SecretKeySpec
			
 
				+        byte[] keyBytes = JcjdConfig.ENCIPHER_KEY.getBytes(StandardCharsets.UTF_8);
			
 
				+        SecretKeySpec secretKey = new SecretKeySpec(keyBytes, "AES");
			
 
				+
			
 
				+        // 创建 AES 解密器
			
 
				+        try{
			
 
				+            Cipher cipher = Cipher.getInstance("AES");
			
 
				+            cipher.init(Cipher.DECRYPT_MODE, secretKey);
			
 
				+            // Base64 解码并解密数据
			
 
				+            byte[] encryptedBytes = Base64.getDecoder().decode(data);
			
 
				+            byte[] decryptedBytes = cipher.doFinal(encryptedBytes);
			
 
				+            //解密后的数据
			
 
				+            String decryptedData = new String(decryptedBytes, StandardCharsets.UTF_8);
			
 
				+            //转map
			
 
				+            Map mapData = JSONObject.parseObject(decryptedData); /*转换成map*/
			
 
				+            String sql = (String) mapData.get("sql");
			
 
				+            if (null != sql && !"".equals(sql) && "select".equals(sql.substring(0, 6))) {
			
 
				+                apiResult.addVariable("data", updateDataTableDao.inputSqlSelectData(sql));
			
 
				+                apiResult.setState(StateEnum.SUCCESS.getCode());
			
 
				+                return apiResult;
			
 
				+            }
			
 
				+            apiResult.setState(StateEnum.ERROR.getCode());
			
 
				+            apiResult.setMessage("参数错误！ 必须为select!!!");
			
 
				+            return apiResult;
			
 
				+        }catch (Exception e){
			
 
				+            apiResult.setMessage(JcjdConfig.ERROR_MASSAGE);
			
 
				+            apiResult.setState(JcjdConfig.error);
			
 
				+            throw new Exception(JcjdConfig.EXCEPTION);
			
 
				+           // return apiResult;
			
 
				+        }
			
 
				+    }
			
 
				 }