当前位置: 首页 > news >正文

uni-app和springboot完成前端后端对称加密解密流程

news 2025/8/12 2:20:00

概述

  • 使用对称加密的方式实现。
  • 前端基于crypto-js。
  • uni-app框架中是在uni.request的基础上,在拦截器中处理的。
  • springboot在Filter中完成解密工作。

uni-app

  1. 项目中引入crypto-js。
npm install crypto-js
  1. 加密方法
const SECRET_KEY = CryptoJS.enc.Utf8.parse("1234123412341234");function encrypt (msg) {const dataHex = CryptoJS.enc.Utf8.parse(msg);const encrypted = CryptoJS.AES.encrypt(dataHex, SECRET_KEY, {mode: CryptoJS.mode.ECB,padding: CryptoJS.pad.Pkcs7});return encrypted.ciphertext.toString(CryptoJS.enc.Base64);
}
  1. 解密方法
function decrypt(msg) {const encryptedHexStr = CryptoJS.enc.Hex.parse(msg);const str = CryptoJS.enc.Base64.stringify(encryptedHexStr);const decrypt = CryptoJS.AES.decrypt(str, SECRET_KEY, {mode: CryptoJS.mode.ECB,padding: CryptoJS.pad.Pkcs7});return decrypt.toString(CryptoJS.enc.Utf8);
}
  1. request拦截器
uni.addInterceptor('request', {invoke(args) {let plaintext = JSON.stringify(args.data);plaintext = encodeURIComponent(plaintext);const textArray = [];while(plaintext.length > 15) {textArray.push(plaintext.substring(0, 16));plaintext = plaintext.substring(16);}textArray.push(plaintext);const encryptParamArray = [];textArray.forEach(item => {encryptParamArray.push(btoa(encrypt(item)));})args.data = {"encryptParams": encryptParamArray};},success(args) {}, fail(err) {}, complete(res) {}
});

备注

  • 使用encodeURIComponent方法是为了处理 字符“+”,这个对应java解密的时候存在问题。
  • 该模式默认解密长度出限制在16个字符中,所以需要将待加密的信息分解成单个字符长度小于16的字符组成数组。

Springboot

  1. DecryptFilter,解密拦截器
import cn.hutool.json.JSONUtil;
import org.apache.commons.codec.binary.Base64;
import org.springframework.http.HttpMethod;import javax.crypto.Cipher;
import javax.crypto.spec.SecretKeySpec;
import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.URLDecoder;
import java.nio.charset.StandardCharsets;@WebFilter(urlPatterns = "/*") // 过滤所有请求
public class DecryptFilter implements Filter {private String word;public DecryptFilter(String word) {this.word = word;}@Overridepublic void init(FilterConfig filterConfig) throws ServletException {}@Overridepublic void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {HttpServletRequest httpRequest = (HttpServletRequest) servletRequest;if (HttpMethod.OPTIONS.matches(httpRequest.getMethod())) {filterChain.doFilter(httpRequest, servletResponse);return;}String encryptedData = "";if (httpRequest.getHeader("Content-Type").contains("x-www-form-urlencoded")) {// 获取请求参数或请求体中的加密数据encryptedData = httpRequest.getParameter("encryptParams");} else if (httpRequest.getHeader("Content-Type").contains("json")) {StringBuilder stringBuilder = new StringBuilder();try (InputStream inputStream = httpRequest.getInputStream();BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(inputStream, StandardCharsets.UTF_8))) {String line;while ((line = bufferedReader.readLine()) != null) {stringBuilder.append(line);}}encryptedData = JSONUtil.parseObj(stringBuilder.toString()).get("encryptParams").toString();encryptedData = encryptedData.replaceAll("[\\[\\]\"]", "");}String[] ciphertextArray = encryptedData.split(",");// 解密操作,例如使用AES解密String decryptedData = "";try {decryptedData = decrypt(ciphertextArray);} catch (Exception e) {throw new RuntimeException("解密失败!", e);}// 重构ServletRequest,将解密后的数据设置到新的ServletRequest中ServletRequest modifiedRequest = new BodyRewritingRequestWrapper(httpRequest, decryptedData);// 继续执行过滤器链filterChain.doFilter(modifiedRequest, servletResponse);}@Overridepublic void destroy() {}private String decrypt(String[] encryptedTextArray) throws Exception {StringBuilder paramsJson = new StringBuilder("");// 创建解密器Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding");byte[] keyBytes = word.getBytes(StandardCharsets.UTF_8);SecretKeySpec keySpec = new SecretKeySpec(keyBytes, "AES");cipher.init(Cipher.DECRYPT_MODE, keySpec);for (String ciphertext : encryptedTextArray) {byte[] decode = java.util.Base64.getDecoder().decode(ciphertext);byte[] encryptedBytes = Base64.decodeBase64(decode);byte[] decryptedBytes = cipher.doFinal(encryptedBytes);paramsJson.append(new String(decryptedBytes, StandardCharsets.UTF_8));}return URLDecoder.decode(paramsJson.toString(), "UTF-8");}
}
  1. BodyRewritingRequestWrapper,重写的ServletRequest对相关
import cn.hutool.json.JSONObject;
import cn.hutool.json.JSONUtil;import javax.servlet.ReadListener;
import javax.servlet.ServletInputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.util.HashMap;
import java.util.Map;public class BodyRewritingRequestWrapper extends HttpServletRequestWrapper {private String body;private JSONObject map;public BodyRewritingRequestWrapper(HttpServletRequest request, String body) {super(request);this.body = body;this.map = JSONUtil.parseObj(body);}@Overridepublic String getParameter(String name) {if (map.containsKey(name)) {return map.get(name).toString();}return super.getParameter(name);}@Overridepublic Map<String, String[]> getParameterMap() {Map<String, String[]> originalParameters = super.getParameterMap();Map<String, String[]> rewriteMap = new HashMap<>(originalParameters);map.forEach((key, value) -> rewriteMap.put(key, new String[]{value.toString()}));return rewriteMap;}@Overridepublic ServletInputStream getInputStream() throws IOException {final ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(body.getBytes());return new ServletInputStream() {public int read() throws IOException {return byteArrayInputStream.read();}@Overridepublic boolean isFinished() {return false;}@Overridepublic boolean isReady() {return true;}@Overridepublic void setReadListener(ReadListener readListener) {}};}@Overridepublic BufferedReader getReader() throws IOException {return new BufferedReader(new InputStreamReader(this.getInputStream()));}
}
  1. 注册拦截器
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import org.springframework.web.filter.CorsFilter;@Configuration
public class WebConfig {@Value("${decrypt.word}")private String word;@Beanpublic FilterRegistrationBean<DecryptFilter> myFilterRegistration() {FilterRegistrationBean<DecryptFilter> registration = new FilterRegistrationBean<>();registration.setFilter(new DecryptFilter(word));registration.addUrlPatterns("/*");registration.setName("decryptFilter");registration.setOrder(1);  // 设置过滤器的顺序,根据实际需求设置return registration;}
}
http://www.lryc.cn/news/124048.html

相关文章:

  • 【Unity造轮子】制作一个简单的2d抓勾效果(类似蜘蛛侠的技能)
  • Unity 人物连招(三段连击)
  • 关于WSL以及docker连接adb的坑
  • python安装第三方包时报错:...\lib\site-packages\pip\_vendor\urllib3\response.py...
  • 腾讯云从业者认证考试考点——云存储产品
  • 猿辅导Motiff与IXDC达成战略合作,将在UI设计领域推动AI革新更多可能性
  • 条件操作符(三目操作符)
  • (五)Unity开发Vision Pro——FAQ
  • GitOps 与 DevOps:了解关键差异,为企业做出最佳选择
  • Java实现Word文档转PDF,PDF转Word,PDF转Excel,PDF转换工具
  • Docker部署ES服务,全量同步的时候内存爆炸,ES自动关闭,CPU100%
  • Python——添加照片边框
  • 《高性能MySQL》——查询性能优化(笔记)
  • 【Linux操作系统】编译过程中遇到的问题-为什么加-c?执行文件提示无法执行二进制文件?main函数参数argc和*argv[]的作用和理解?
  • 【数据结构与算法——TypeScript】图结构(Graph)
  • C语言字符串拷贝函数详解及示例代码
  • IntelliJ IDEA热部署:JRebel插件的安装与使用
  • iTOP-3568开发板使用OpenCV处理图像-颜色转换
  • Python技巧----解压序列/可迭代对象赋值给多个变量
  • 16.3.2 【Linux】程序的管理
  • Linux命令200例:date用于显示和设置系统的日期和时间
  • excel入门
  • 单模光纤模场强度分布以及高斯近似的MATLAB仿真
  • Springboot 在 redis 中使用 BloomFilter 布隆过滤器机制
  • 什么是管理的本质?
  • 02:STM32--EXTI外部中断
  • CLickhouse核心特性
  • 如何运用小程序技术闭环运营链路?
  • 使用chatGPT-4 畅聊量子物理学(二)
  • 读《Flask Web开发实战》(狼书)笔记 | 第1、2章