[task-4070]信息科要求整改接口

ibps-basic-root/modules/basic-response/src/main/java/com/lc/ibps/cloud/util/AESUtil.java

@@ -15,6 +15,10 @@ import java.util.Base64;
 public class AESUtil {
     private static final String KEY = "dmngJmmO+9GMw+tu";
     private static final String IV = "sanXyqhk8+U7LPP4";
+
+    private static final String USERKEY = "49PBou+TREIOzSHj";
+    private static final String USERIV = "5lDsNRe&UduJ97uS";
+
     public static String decrypt(String encryptedText)
             throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, InvalidKeyException,
             IllegalBlockSizeException, BadPaddingException {
@@ -29,4 +33,20 @@ public class AESUtil {
         byte[] decryptedBytes = cipher.doFinal(encryptedData);
         return new String(decryptedBytes, StandardCharsets.UTF_8).trim(); // 去除末尾空格
     }
+
+    public static String decryptUser(String encryptedText)
+            throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, InvalidKeyException,
+            IllegalBlockSizeException, BadPaddingException {
+        byte[] encryptedData = Base64.getDecoder().decode(encryptedText);
+
+        SecretKeySpec secretKeySpec = new SecretKeySpec(USERKEY.getBytes(StandardCharsets.UTF_8), "AES");
+        IvParameterSpec ivParameterSpec = new IvParameterSpec(USERIV.getBytes(StandardCharsets.UTF_8));
+
+        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); // 使用CBC模式和PKCS5Padding填充
+        cipher.init(Cipher.DECRYPT_MODE, secretKeySpec, ivParameterSpec);
+
+        byte[] decryptedBytes = cipher.doFinal(encryptedData);
+        return new String(decryptedBytes, StandardCharsets.UTF_8).trim(); // 去除末尾空格
+    }
+
 }

ibps-oauth-root/modules/oauth-server2-default/src/main/java/com/lc/ibps/cloud/oauth/server/provider/UserProvider.java

@@ -7,6 +7,7 @@ import java.util.stream.Collectors;
 
 import com.lc.ibps.api.org.constant.PartyRelType;
 import com.lc.ibps.cloud.oauth.server.util.IpUtil;
+import com.lc.ibps.cloud.util.AESUtil;
 import com.lc.ibps.org.auth.persistence.entity.LoginLogPo;
 import com.lc.ibps.org.auth.persistence.entity.LoginLogTbl;
 import org.apache.http.Consts;
@@ -130,6 +131,7 @@ public class UserProvider extends BaseProvider implements IUserService {
 			captcha(requestId, username, captcha);
 			
 			// 用户登录
+			loginVo.setPassword(AESUtil.decryptUser(loginVo.getPassword()));
 			PartyUserPo user = login0(loginVo);
 			String statistic = getStatistic(user);
 			result.addVariable("statistic", statistic);

ibps-provider-root/modules/provider-business/src/main/java/com/lc/ibps/config/JsonUtilConfig.java

@@ -58,17 +58,4 @@ public class JsonUtilConfig {
              return map;
     }
 
-    public static String decrypt(String encryptedText) throws Exception {
-        byte[] encryptedData = Base64.getDecoder().decode(encryptedText);
-
-        SecretKeySpec secretKeySpec = new SecretKeySpec(KEY.getBytes(StandardCharsets.UTF_8), "AES");
-        IvParameterSpec ivParameterSpec = new IvParameterSpec(IV.getBytes(StandardCharsets.UTF_8));
-
-        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); // 使用CBC模式和PKCS5Padding填充
-        cipher.init(Cipher.DECRYPT_MODE, secretKeySpec, ivParameterSpec);
-
-        byte[] decryptedBytes = cipher.doFinal(encryptedData);
-        return new String(decryptedBytes, StandardCharsets.UTF_8).trim(); // 去除末尾空格
-    }
-
 }

ibps-provider-root/modules/provider-business/src/main/java/com/lc/ibps/sysdata/controller/UpdateDataTableController.java

@@ -4,28 +4,22 @@ import cn.hutool.core.util.ObjectUtil;
 import com.alibaba.fastjson.JSON;
 import com.alibaba.fastjson.JSONArray;
 import com.alibaba.fastjson.JSONObject;
-//import com.aliyun.teaopenapi.models.Config;
 import com.aliyuncs.DefaultAcsClient;
 import com.aliyuncs.IAcsClient;
 import com.aliyuncs.dysmsapi.model.v20170525.SendSmsRequest;
 import com.aliyuncs.dysmsapi.model.v20170525.SendSmsResponse;
-import com.aliyuncs.exceptions.ClientException;
 import com.aliyuncs.profile.DefaultProfile;
 import com.lc.ibps.api.base.constants.StateEnum;
 import com.lc.ibps.base.framework.id.UniqueIdUtil;
-import com.lc.ibps.cloud.entity.APIPageList;
-import com.lc.ibps.cloud.entity.APIRequest;
 import com.lc.ibps.cloud.entity.APIResult;
+import com.lc.ibps.cloud.util.AESUtil;
 import com.lc.ibps.components.querybuilder.utils.StringUtils;
 import com.lc.ibps.config.JcjdConfig;
-import com.lc.ibps.config.JsonUtilConfig;
-import com.lc.ibps.sysdata.entity.Material;
 import com.lc.ibps.sysdata.entity.Smsconfig;
 import com.lc.ibps.sysdata.entity.ZhuguantixingEntity;
 import com.lc.ibps.sysdata.services.HwSendSmsService;
 import com.lc.ibps.sysdata.services.UpdateDataTableService;
 import com.lc.ibps.sysdata.services.ZhuguantixingService;
-import com.lc.ibps.sysdata.services.impl.HwsmsImpl;
 import com.lc.ibps.vo.MessageData;
 import com.lc.ibps.vo.MessageVo;
 import io.swagger.annotations.Api;
@@ -33,16 +27,10 @@ import io.swagger.annotations.ApiImplicitParam;
 import io.swagger.annotations.ApiImplicitParams;
 import io.swagger.annotations.ApiOperation;
 import lombok.extern.slf4j.Slf4j;
-import org.hibernate.validator.constraints.NotBlank;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.*;
-
-import javax.json.JsonArray;
 import java.util.*;
 
-import static com.lc.ibps.config.JsonUtilConfig.decrypt;
-import static org.activiti.engine.impl.util.CollectionUtil.map;
-
 /**
  * @title: liaoby @date 2020/10/210:43
  */
@@ -106,7 +94,7 @@ public class UpdateDataTableController {
         Map map = JSONObject.parseObject(data);
         String ciphertext = (String)map.get("ciphertext");
         try{
-            String decrypt = decrypt(ciphertext);
+            String decrypt = AESUtil.decrypt(ciphertext);
             JSONObject sqlMap = JSONObject.parseObject(decrypt);
 
         tableName = sqlMap.getString("tableName");
@@ -192,7 +180,7 @@ public class UpdateDataTableController {
         Map paramCond = null;
         List<Map<String, String>> paramWhere = null; /*条件 ： 值*/
         try {
-            String decrypt = decrypt(ciphertext);
+            String decrypt = AESUtil.decrypt(ciphertext);
             Map jsonMap = JSONObject.parseObject(decrypt);
             tableName = (String) jsonMap.get("tableName");
             paramCond = (Map) jsonMap.get("paramCond");
@@ -233,7 +221,7 @@ public class UpdateDataTableController {
         String tableName = null;
         List<Map<String,String>> updList = new ArrayList<>();
         try {
-            String decrypt = decrypt(ciphertext);
+            String decrypt = AESUtil.decrypt(ciphertext);
             Map jsonMap = JSONObject.parseObject(decrypt);
             tableName = (String) jsonMap.get("tableName");
             updList = (List<Map<String, String>>) jsonMap.get("updList");
@@ -422,7 +410,7 @@ public class UpdateDataTableController {
         String type = null; /*类型*/
         List<LinkedHashMap> paramWhere = null; /*条件 ： 值*/
         try {
-            String decrypt = decrypt(sql);
+            String decrypt = AESUtil.decrypt(sql);
             JSONObject map = JSONObject.parseObject(decrypt);/*转换成map*/
             tableName =(String) map.get("tableName");/*获取表名*/
             type = StringUtils.isEmpty(map.getString("type")) ? null:map.getString("type");/*获取类型*/

ibps-provider-root/modules/provider-business/src/main/java/com/lc/ibps/sysdata/services/impl/UpdateDataTableImpl.java

@@ -18,6 +18,7 @@ import com.lc.ibps.cloud.entity.APIPageList;
 import com.lc.ibps.cloud.entity.APIPageResult;
 import com.lc.ibps.cloud.entity.APIResult;
 import com.lc.ibps.cloud.provider.GenericProvider;
+import com.lc.ibps.cloud.util.AESUtil;
 import com.lc.ibps.config.JcjdConfig;
 import com.lc.ibps.config.JsonUtilConfig;
 import com.lc.ibps.config.SerialConfig;
@@ -39,7 +40,6 @@ import java.util.*;
 
 import static com.lc.ibps.api.base.constants.StateEnum.ERROR;
 import static com.lc.ibps.api.base.constants.StateEnum.SUCCESS;
-import static com.lc.ibps.config.JsonUtilConfig.decrypt;
 
 /**
  * @title: liaoby
@@ -514,7 +514,7 @@ public class UpdateDataTableImpl extends GenericProvider implements UpdateDataTa
         Map mapData = JSONObject.parseObject(data);
         String ciphertext =(String) mapData.get("ciphertext");
         try{
-            String decryptedText = decrypt(ciphertext);
+            String decryptedText = AESUtil.decrypt(ciphertext);
             //转map
             Map mapSql = JSONObject.parseObject(decryptedText); /*转换成map*/
             String sql = (String) mapSql.get("sql");

ibps-provider-root/modules/provider-business/src/main/java/com/lc/ibps/untils/LogAopUtil.java

@@ -5,6 +5,7 @@ import cn.hutool.json.JSONUtil;
 import com.fasterxml.jackson.databind.JsonNode;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.lc.ibps.base.web.context.ContextUtil;
+import com.lc.ibps.cloud.util.AESUtil;
 import com.lc.ibps.cloud.utils.RequestUtil;
 import org.aspectj.lang.ProceedingJoinPoint;
 
@@ -19,8 +20,6 @@ import java.util.Map;
 import java.util.stream.Collectors;
 import java.util.stream.Stream;
 
-import static com.lc.ibps.config.JsonUtilConfig.decrypt;
-
 /**
  * @author gaozl
  */
@@ -35,7 +34,7 @@ public class LogAopUtil {
                 JsonNode jsonNode = objectMapper.readTree(pointArg.toString());
                 if (jsonNode.has("ciphertext") && !jsonNode.get("ciphertext").isNull()) {
                     ciphertext = jsonNode.get("ciphertext").asText();
-                    pointArgs = new String[]{decrypt(ciphertext)};
+                    pointArgs = new String[]{AESUtil.decrypt(ciphertext)};
                 }
             } catch (Exception e) {}
         }

ibps-provider-root/modules/provider-platform-default/src/main/java/com/lc/ibps/org/provider/PartyEmployeeProvider.java

@@ -26,6 +26,7 @@ import com.lc.ibps.cloud.oauth.constants.RedisKey;
 import com.lc.ibps.cloud.provider.GenericProvider;
 import com.lc.ibps.cloud.redis.config.AppConfig;
 import com.lc.ibps.cloud.redis.utils.RedisUtil;
+import com.lc.ibps.cloud.util.AESUtil;
 import com.lc.ibps.cloud.utils.RequestUtil;
 import com.lc.ibps.common.vo.AddOrgManagerVo;
 import com.lc.ibps.common.vo.AddOrgUserVo;
@@ -972,6 +973,7 @@ public class PartyEmployeeProvider extends GenericProvider implements IPartyEmpl
 				PartyEmployeePo partyEmployeePo = partyEmployeeVo.getPartyEmployeePo();
 				PartyEmployee partyEmployee = partyEmployeeRepository.newInstance(partyEmployeePo);
 				PartyEmlpoyeeValidator.checkNullAndIllegal(partyEmployeePo);
+				partyEmployeeVo.getUser().setPassword(AESUtil.decryptUser(partyEmployeeVo.getUser().getPassword()));
 				partyEmployee.createByCascade(partyEmployeeVo);
 				result.setMessage(I18nUtil.getMessage("com.lc.ibps.org.provider.PartyEmployeeProvider.save.create"));
 				result.addVariable("id", partyEmployeePo.getId());

ibps-provider-root/modules/provider-platform-default/src/main/java/com/lc/ibps/org/provider/PartyUserProvider.java

@@ -201,6 +201,10 @@ public class PartyUserProvider extends GenericProvider implements IPartyUserServ
 				list = partyUserRepository.queryDialogUserByParam4Post(queryFilter, positionId, inclueChild);
 			}
 			APIPageList<PartyUserPo> pageList = getAPIPageList(list);
+			for (PartyUserPo user : list) {
+				user.setPassword(null);
+				user.setDataCheck(null);
+			}
 			result.setData(pageList);
 		} catch (Exception e) {
 			setExceptionResult(result, StateEnum.ERROR_EMPLOYEE.getCode(), I18nUtil.getMessage(StateEnum.ERROR_EMPLOYEE.getCode()+""), e);