OpenGitLink
/
snow
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

新增脱敏

This commit is contained in:
jinqiming 2021-11-12 09:10:44 +08:00
parent 666cabdc9f
commit 4cae415b9b
7 changed files with 361 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
README.md
View File

@ -163,7 +163,7 @@ V1.6 2021-05-17
- 6.0 重构消息中心模块,支持站内信
- 7.0 重修复分配系统角色时会自动删除流程角色
V1.8 2021-11-11
V1.8 2021-11-14
- 1.0 新增系统任务模块
- 系统创建任务后,可同步到钉钉待办任务
- 2.0 解耦系统与钉钉的强依赖,新增是否同步配置
@ -171,7 +171,9 @@ V1.8 2021-11-11
- 系统管理钉钉外部联系人
- 4.0 完善系统用户和钉钉用户同步机制
- 5.0 新增流程待办,流程完结,系统任务站内信消息通知
- 6.0 重构部分代码
- 6.0 新增手机号,姓名,身份证,秘钥等重要隐私信息脱敏
- 7.0 重构部分代码
## 未来规划

43
snow-common/src/main/java/com/snow/common/annotation/Sensitive.java Normal file
View File

@ -0,0 +1,43 @@
package com.snow.common.annotation;
import com.fasterxml.jackson.annotation.JacksonAnnotationsInside;
import com.fasterxml.jackson.databind.annotation.JsonSerialize;
import com.snow.common.config.SensitiveSerialize;
import com.snow.common.enums.SensitiveTypeEnum;
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
/**
* @author qimingjin
* @Title:
* @Description: 对象脱敏注解类
* @date 2021/11/11 15:19
*/
@Retention(RetentionPolicy.RUNTIME)
@Target(ElementType.FIELD)
@JacksonAnnotationsInside
@JsonSerialize(using = SensitiveSerialize.class)
public @interface Sensitive {
/**
* 脱敏数据类型, 非Customer时, 将忽略 refixNoMaskLen suffixNoMaskLen maskStr
*/
SensitiveTypeEnum type() default SensitiveTypeEnum.CUSTOMER;
/**
* 前置不需要打码的长度
*/
int prefixNoMaskLen() default 0;
/**
* 后置不需要打码的长度
*/
int suffixNoMaskLen() default 0;
/**
* 用什么打码
*/
String maskStr() default "*";
}

94
snow-common/src/main/java/com/snow/common/config/SensitiveSerialize.java Normal file
View File

@ -0,0 +1,94 @@
package com.snow.common.config;
import com.fasterxml.jackson.core.JsonGenerator;
import com.fasterxml.jackson.databind.BeanProperty;
import com.fasterxml.jackson.databind.JsonMappingException;
import com.fasterxml.jackson.databind.JsonSerializer;
import com.fasterxml.jackson.databind.SerializerProvider;
import com.fasterxml.jackson.databind.ser.ContextualSerializer;
import com.snow.common.annotation.Sensitive;
import com.snow.common.enums.SensitiveTypeEnum;
import com.snow.common.utils.DesensitizedUtils;
import lombok.AllArgsConstructor;
import lombok.NoArgsConstructor;
import java.io.IOException;
import java.util.Objects;
/**
* @author qimingjin
* @Title:
* @Description:
* @date 2021/11/11 15:16
*/
@NoArgsConstructor
@AllArgsConstructor
public class SensitiveSerialize extends JsonSerializer<String> implements ContextualSerializer {
private SensitiveTypeEnum type;
private Integer prefixNoMaskLen;
private Integer suffixNoMaskLen;
private String maskStr;
@Override
public void serialize(final String origin, final JsonGenerator jsonGenerator,
final SerializerProvider serializerProvider) throws IOException {
switch (type) {
case CHINESE_NAME:
jsonGenerator.writeString(DesensitizedUtils.chineseName(origin));
break;
case ID_CARD:
jsonGenerator.writeString(DesensitizedUtils.idCardNum(origin));
break;
case FIXED_PHONE:
jsonGenerator.writeString(DesensitizedUtils.fixedPhone(origin));
break;
case MOBILE_PHONE:
jsonGenerator.writeString(DesensitizedUtils.mobilePhone(origin));
break;
case ADDRESS:
jsonGenerator.writeString(DesensitizedUtils.address(origin));
break;
case EMAIL:
jsonGenerator.writeString(DesensitizedUtils.email(origin));
break;
case BANK_CARD:
jsonGenerator.writeString(DesensitizedUtils.bankCard(origin));
break;
case PASSWORD:
jsonGenerator.writeString(DesensitizedUtils.password(origin));
break;
case KEY:
jsonGenerator.writeString(DesensitizedUtils.key(origin));
break;
case CUSTOMER:
jsonGenerator.writeString(DesensitizedUtils.desValue(origin, prefixNoMaskLen, suffixNoMaskLen, maskStr));
break;
default:
throw new IllegalArgumentException("unKnow sensitive type enum " + type);
}
}
@Override
public JsonSerializer<?> createContextual(final SerializerProvider serializerProvider,
final BeanProperty beanProperty) throws JsonMappingException {
if (beanProperty != null) {
if (Objects.equals(beanProperty.getType().getRawClass(), String.class)) {
Sensitive sensitive = beanProperty.getAnnotation(Sensitive.class);
if (sensitive == null) {
sensitive = beanProperty.getContextAnnotation(Sensitive.class);
}
if (sensitive != null) {
return new SensitiveSerialize(sensitive.type(), sensitive.prefixNoMaskLen(),
sensitive.suffixNoMaskLen(), sensitive.maskStr());
}
}
return serializerProvider.findValueSerializer(beanProperty.getType(), beanProperty);
}
return serializerProvider.findNullValueSerializer(null);
}
}

51
snow-common/src/main/java/com/snow/common/enums/SensitiveTypeEnum.java Normal file
View File

@ -0,0 +1,51 @@
package com.snow.common.enums;
/**
* @author qimingjin
* @Title:
* @Description:
* @date 2021/11/11 15:15
*/
public enum SensitiveTypeEnum {
/**
* 自定义
*/
CUSTOMER,
/**
* 用户名, *, *
*/
CHINESE_NAME,
/**
* 身份证号, 110110********1234
*/
ID_CARD,
/**
* 座机号, ****1234
*/
FIXED_PHONE,
/**
* 手机号, 176****1234
*/
MOBILE_PHONE,
/**
* 地址, 北京********
*/
ADDRESS,
/**
* 电子邮件, s*****o@xx.com
*/
EMAIL,
/**
* 银行卡, 622202************1234
*/
BANK_CARD,
/**
* 密码, 永远是 ******, 与长度无关
*/
PASSWORD,
/**
* 密钥, 永远是 ******, 与长度无关
*/
KEY
}

160
snow-common/src/main/java/com/snow/common/utils/DesensitizedUtils.java Normal file
View File

@ -0,0 +1,160 @@
package com.snow.common.utils;
import cn.hutool.core.util.StrUtil;
/**
* @author qimingjin
* @Title: 脱敏utils
* @Description:
* @date 2021/11/11 15:14
*/
public class DesensitizedUtils {
/**
* 对字符串进行脱敏操作
*
* @param origin 原始字符串
* @param prefixNoMaskLen 左侧需要保留几位明文字段
* @param suffixNoMaskLen 右侧需要保留几位明文字段
* @param maskStr 用于遮罩的字符串, '*'
* @return 脱敏后结果
*/
public static String desValue(String origin, int prefixNoMaskLen, int suffixNoMaskLen, String maskStr) {
if (origin == null) {
return null;
}
StringBuilder sb = new StringBuilder();
for (int i = 0, n = origin.length(); i < n; i++) {
if (i < prefixNoMaskLen) {
sb.append(origin.charAt(i));
continue;
}
if (i > (n - suffixNoMaskLen - 1)) {
sb.append(origin.charAt(i));
continue;
}
sb.append(maskStr);
}
return sb.toString();
}
/**
* 中文姓名只显示最后一个汉字其他隐藏为星号比如**
*
* @param fullName 姓名
* @return 结果
*/
public static String chineseName(String fullName) {
if (fullName == null) {
return null;
}
return desValue(fullName, 0, 1, "*");
}
/**
* 身份证号显示前六位, 四位其他隐藏共计18位或者15位比如340304*******1234
*
* @param id 身份证号码
* @return 结果
*/
public static String idCardNum(String id) {
return desValue(id, 6, 4, "*");
}
/**
* 固定电话后四位其他隐藏比如 ****1234
*
* @param num 固定电话
* @return 结果
*/
public static String fixedPhone(String num) {
return desValue(num, 0, 4, "*");
}
/**
* 手机号码前三位后四位其他隐藏比如135****6810
*
* @param num 手机号码
* @return 结果
*/
public static String mobilePhone(String num) {
return desValue(num, 3, 4, "*");
}
/**
* 地址只显示到地区不显示详细地址比如北京市海淀区****
*
* @param address 地址
* @return 结果
*/
public static String address(String address) {
return desValue(address, 6, 0, "*");
}
/**
* 电子邮箱 邮箱前缀仅显示第一个字母前缀其他隐藏用星号代替@及后面的地址显示比如d**@126.com
*
* @param email 电子邮箱
* @return 结果
*/
public static String email(String email) {
if (email == null) {
return null;
}
int index = StrUtil.indexOf(email, '@');
if (index <= 1) {
return email;
}
String preEmail = desValue(email.substring(0, index), 1, 0, "*");
return preEmail + email.substring(index);
}
/**
* 银行卡号前六位后四位其他用星号隐藏每位1个星号比如622260**********1234
*
* @param cardNum 银行卡号
* @return 结果
*/
public static String bankCard(String cardNum) {
return desValue(cardNum, 6, 4, "*");
}
/**
* 密码密码的全部字符都用*代替比如******
*
* @param password 密码
* @return 结果
*/
public static String password(String password) {
if (password == null) {
return null;
}
return "******";
}
/**
* 密钥密钥除了最后三位全部都用*代替比如***xdS 脱敏后长度为6如果明文长度不足三位则按实际长度显示剩余位置补*
*
* @param key 密钥
* @return 结果
*/
public static String key(String key) {
if (key == null) {
return null;
}
int viewLength = 6;
StringBuilder tmpKey = new StringBuilder(desValue(key, 0, 3, "*"));
if (tmpKey.length() > viewLength) {
return tmpKey.substring(tmpKey.length() - viewLength);
} else if (tmpKey.length() < viewLength) {
int buffLength = viewLength - tmpKey.length();
for (int i = 0; i < buffLength; i++) {
tmpKey.insert(0, "*");
}
return tmpKey.toString();
} else {
return tmpKey.toString();
}
}
}

4
snow-system/src/main/java/com/snow/system/domain/DingtalkCallBack.java
View File

@ -1,7 +1,9 @@
package com.snow.system.domain;
import com.snow.common.annotation.Excel;
import com.snow.common.annotation.Sensitive;
import com.snow.common.core.domain.BaseEntity;
import com.snow.common.enums.SensitiveTypeEnum;
import lombok.Data;
import org.apache.commons.lang3.builder.ToStringBuilder;
import org.apache.commons.lang3.builder.ToStringStyle;
@ -24,10 +26,12 @@ public class DingtalkCallBack extends BaseEntity
/** 加解密需要用到的tokenISV(服务提供商)推荐使用注册套件时填写的token普通企业可以随机填写 */
@Excel(name = "加解密需要用到的tokenISV(服务提供商)推荐使用注册套件时填写的token普通企业可以随机填写")
@Sensitive(type = SensitiveTypeEnum.KEY)
private String token;
/** 数据加密密钥。用于回调数据的加密长度固定为43个字符从a-z, A-Z, 0-9共62个字符中选取,您可以随机生成ISV(服务提供商)推荐使用注册套件时填写的EncodingAESKey */
@Excel(name = "数据加密密钥。用于回调数据的加密长度固定为43个字符从a-z, A-Z, 0-9共62个字符中选取,您可以随机生成ISV(服务提供商)推荐使用注册套件时填写的EncodingAESKey")
@Sensitive(type = SensitiveTypeEnum.KEY)
private String aesKey;
/** 接收事件回调的url必须是公网可以访问的url地址 */

5
snow-system/src/main/java/com/snow/system/domain/SysUser.java
View File

@ -3,6 +3,9 @@ package com.snow.system.domain;
import java.util.Date;
import java.util.List;
import javax.validation.constraints.*;
import com.snow.common.annotation.Sensitive;
import com.snow.common.enums.SensitiveTypeEnum;
import org.apache.commons.lang3.builder.ToStringBuilder;
import org.apache.commons.lang3.builder.ToStringStyle;
import com.snow.common.annotation.Excel;
@ -48,10 +51,12 @@ public class SysUser extends BaseEntity
/** 用户邮箱 */
@Excel(name = "用户邮箱")
@Sensitive(type=SensitiveTypeEnum.EMAIL)
private String email;
/** 手机号码 */
@Excel(name = "手机号码")
@Sensitive(type=SensitiveTypeEnum.MOBILE_PHONE)
private String phonenumber;
/** 用户性别 */