update 优化api,gateway,auth代码结构

2025-09-04 19:38:02 +00:00 · 2024-01-19 16:57:17 +08:00
parent bf95012138
commit ef83f06f2b
35 changed files with 320 additions and 29 deletions
--- a/ruoyi-gateway/src/main/java/org/dromara/gateway/config/properties/IgnoreWhiteProperties.java
+++ b/ruoyi-gateway/src/main/java/org/dromara/gateway/config/properties/IgnoreWhiteProperties.java
@@ -21,6 +21,7 @@ import java.util.List;
@RefreshScope
@ConfigurationProperties(prefix = "security.ignore")
 public class IgnoreWhiteProperties {
+
    /**
     * 放行白名单配置，网关不校验此处的白名单
     */
--- a/ruoyi-gateway/src/main/java/org/dromara/gateway/config/properties/XssProperties.java
+++ b/ruoyi-gateway/src/main/java/org/dromara/gateway/config/properties/XssProperties.java
@@ -18,6 +18,7 @@ import java.util.List;
@RefreshScope
@ConfigurationProperties(prefix = "security.xss")
 public class XssProperties {
+
    /**
     * Xss开关
     */
--- a/ruoyi-gateway/src/main/java/org/dromara/gateway/filter/GlobalCorsFilter.java
+++ b/ruoyi-gateway/src/main/java/org/dromara/gateway/filter/GlobalCorsFilter.java
@@ -25,15 +25,39 @@ public class GlobalCorsFilter implements WebFilter, Ordered {
    /**
     * 这里为支持的请求头，如果有自定义的header字段请自己添加
     */
-    private static final String ALLOWED_HEADERS = "X-Requested-With, Content-Language, Content-Type, Authorization, clientid, credential, X-XSRF-TOKEN, isToken, token, Admin-Token, App-Token";
+    private static final String ALLOWED_HEADERS = "X-Requested-With, Content-Language, Content-Type, Authorization, clientId, credential, X-XSRF-TOKEN, isToken, token, Admin-Token, App-Token";
+
+    /**
+     * 允许的请求方法
+     */
    private static final String ALLOWED_METHODS = "GET,POST,PUT,DELETE,OPTIONS,HEAD";
+
+    /**
+     * 允许的请求来源，使用 * 表示允许任何来源
+     */
    private static final String ALLOWED_ORIGIN = "*";
+
+    /**
+     * 允许前端访问的响应头，使用 * 表示允许任何响应头
+     */
    private static final String ALLOWED_EXPOSE = "*";
+
+    /**
+     * 预检请求的缓存时间，单位为秒（此处设置为 5 小时）
+     */
    private static final String MAX_AGE = "18000L";

+    /**
+     * 实现跨域配置的 Web 过滤器
+     *
+     * @param exchange ServerWebExchange 对象，表示一次 Web 交换
+     * @param chain    WebFilterChain 对象，表示一组 Web 过滤器链
+     * @return Mono<Void> 表示异步的过滤器链处理结果
+     */
    @Override
    public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
        ServerHttpRequest request = exchange.getRequest();
+        // 判断请求是否为跨域请求
        if (CorsUtils.isCorsRequest(request)) {
            ServerHttpResponse response = exchange.getResponse();
            HttpHeaders headers = response.getHeaders();
@@ -43,6 +67,7 @@ public class GlobalCorsFilter implements WebFilter, Ordered {
            headers.add("Access-Control-Expose-Headers", ALLOWED_EXPOSE);
            headers.add("Access-Control-Max-Age", MAX_AGE);
            headers.add("Access-Control-Allow-Credentials", "true");
+            // 处理预检请求的 OPTIONS 方法，直接返回成功状态码
            if (request.getMethod() == HttpMethod.OPTIONS) {
                response.setStatusCode(HttpStatus.OK);
                return Mono.empty();
--- a/ruoyi-gateway/src/main/java/org/dromara/gateway/filter/GlobalLogFilter.java
+++ b/ruoyi-gateway/src/main/java/org/dromara/gateway/filter/GlobalLogFilter.java
@@ -48,6 +48,7 @@ public class GlobalLogFilter implements GlobalFilter, Ordered {
        if (WebFluxUtils.isJsonRequest(exchange)) {
            if (apiDecryptProperties.getEnabled()
                && ObjectUtil.isNotNull(request.getHeaders().getFirst(apiDecryptProperties.getHeaderFlag()))) {
+                //加密开启并且请求标识不能为空
                log.info("[PLUS]开始请求 => URL[{}],参数类型[encrypt]", url);
            } else {
                String jsonParam = WebFluxUtils.resolveBodyFromCacheRequest(exchange);