package com.yihu.iot.aop; import com.alibaba.fastjson.JSON; import com.alibaba.fastjson.JSONObject; import com.google.common.collect.Lists; import com.yihu.iot.dao.gateway.GcTokenDao; import com.yihu.iot.service.platform.IotInterfaceLogService; import com.yihu.iot.service.useragent.UserAgent; import com.yihu.jw.entity.iot.gateway.GcToken; import org.apache.commons.lang.StringUtils; import org.aspectj.lang.ProceedingJoinPoint; import org.aspectj.lang.annotation.Around; import org.aspectj.lang.annotation.Aspect; import org.aspectj.lang.annotation.Pointcut; import org.aspectj.lang.reflect.MethodSignature; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; import org.springframework.web.context.request.RequestContextHolder; import org.springframework.web.context.request.ServletRequestAttributes; import org.springframework.web.multipart.MultipartFile; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.lang.reflect.Method; import java.util.Enumeration; import java.util.HashMap; import java.util.List; import java.util.Map; /** * 接口调用日志记录 * Created by yeshijie on 2020/06/09. */ @Aspect @Component public class IntefaceLogRequiredAOP { private Logger logger = LoggerFactory.getLogger(IntefaceLogRequiredAOP.class); @Autowired private UserAgent userAgent; @Autowired private IotInterfaceLogService iotInterfaceLogService; @Autowired private GcTokenDao gcTokenDaoDao; //Controller层切点路径 @Pointcut("execution(* com.yihu.iot..*.*(..))") public void controllerAspect() { } public IntefaceLogRequiredAOP() { //System.out.println("Observer---------------------------------------"); } @Around("controllerAspect() && @annotation(com.yihu.iot.aop.IntefaceLogRequired)") public Object addIntefaceLog(ProceedingJoinPoint point) throws Throwable { Object o = null; HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest(); HttpServletResponse response = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getResponse(); String error = ""; try { MethodSignature signature = (MethodSignature) point.getSignature(); Method method = signature.getMethod(); String params = getMethodParams(point); long start = System.currentTimeMillis(); Object result = point.proceed(); long end = System.currentTimeMillis(); String deleteSensitiveContent = deleteSensitiveContent(result); JSONObject responseJson = JSONObject.parseObject(deleteSensitiveContent); Integer state = responseJson.getInteger("status")==200?1:0; Map paramsMap = getMehtodParam(request); try { String appid = paramsMap.get("appId"); if(StringUtils.isEmpty(appid)){ //如果没有传appid,则从token中取 String accesstoken = request.getHeader("accesstoken"); GcToken gcToken = gcTokenDaoDao.findByToken(accesstoken); appid = gcToken.getAppid(); } iotInterfaceLogService.saveLog(appid,params,deleteSensitiveContent, request,state,method.getName()); }catch (Exception e){ e.printStackTrace(); } logger.info("结束请求方法:[{}] 参数:[{}] 返回结果[{}] 耗时:[{}]毫秒 ", method.getName(), params, deleteSensitiveContent, end - start); return result; }catch (Exception e){ e.printStackTrace(); //return o; } o = point.proceed(); return o; } private String getMethodName(ProceedingJoinPoint joinPoint) { String methodName = joinPoint.getSignature().toShortString(); String shortMethodNameSuffix = "(..)"; if (methodName.endsWith(shortMethodNameSuffix)) { methodName = methodName.substring(0, methodName.length() - shortMethodNameSuffix.length()); } return methodName; } private Map getMehtodParam(HttpServletRequest request){ Map params = new HashMap(); Enumeration e = request.getParameterNames(); while(e.hasMoreElements()){ String p = e.nextElement(); if("logData".equals(p)){ continue; } if("base64".equals(p)){ continue; } params.put(p, request.getParameter(p)); } return params; } private String getMethodParams(ProceedingJoinPoint joinPoint){ Object[] arguments = joinPoint.getArgs(); StringBuilder sb = new StringBuilder(); if(arguments ==null || arguments.length <= 0){ return sb.toString(); } for (Object arg : arguments) { //移除敏感内容 String paramStr; if (arg instanceof HttpServletResponse) { paramStr = HttpServletResponse.class.getSimpleName(); } else if (arg instanceof HttpServletRequest) { paramStr = HttpServletRequest.class.getSimpleName(); } else if (arg instanceof MultipartFile) { long size = ((MultipartFile) arg).getSize(); paramStr = MultipartFile.class.getSimpleName() + " size:" + size; } else { paramStr = deleteSensitiveContent(arg); } sb.append(paramStr).append(","); } return sb.deleteCharAt(sb.length() - 1).toString(); } /** * 删除参数中的敏感内容 * @param obj 参数对象 * @return 去除敏感内容后的参数对象 */ public static String deleteSensitiveContent(Object obj) { JSONObject jsonObject = new JSONObject(); if (obj == null || obj instanceof Exception) { return jsonObject.toJSONString(); } String param = JSON.toJSONString(obj); try { jsonObject = JSONObject.parseObject(param); }catch (Exception e) { return String.valueOf(obj); } List sensitiveFieldList = getSensitiveFieldList(); for (String sensitiveField : sensitiveFieldList) { if (jsonObject.containsKey(sensitiveField)) { jsonObject.put(sensitiveField, "******"); } } return jsonObject.toJSONString(); } /** * 敏感字段列表(当然这里你可以更改为可配置的) */ private static List getSensitiveFieldList() { List sensitiveFieldList = Lists.newArrayList(); sensitiveFieldList.add("pwd"); sensitiveFieldList.add("password"); return sensitiveFieldList; } }