From e4e3a09c4766571f9c3e8827bda479541815b86f Mon Sep 17 00:00:00 2001
From: wzy-warehouse <18135009705@163.com>
Date: Mon, 18 May 2026 10:16:26 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E6=94=B9=E5=8A=A0=E8=A7=A3=E5=AF=86?=
 =?UTF-8?q?=E9=80=BB=E8=BE=91=EF=BC=8C=E5=85=81=E8=AE=B8=E4=BD=BF=E7=94=A8?=
 =?UTF-8?q?=E9=80=9A=E9=85=8D=E7=AC=A6=E8=BF=9B=E8=A1=8C=E8=BF=87=E6=BB=A4?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../com/gis/xian/filter/DecryptFilter.java    | 10 ++---
 .../com/gis/xian/utils/PathMatcherUtils.java  | 38 +++++++++++++++++++
 .../xian/wrapper/EncryptResponseAdvice.java   | 22 +++++------
 3 files changed, 50 insertions(+), 20 deletions(-)
 create mode 100644 src/main/java/com/gis/xian/utils/PathMatcherUtils.java

diff --git a/src/main/java/com/gis/xian/filter/DecryptFilter.java b/src/main/java/com/gis/xian/filter/DecryptFilter.java
index e4e08fd..653b331 100644
--- a/src/main/java/com/gis/xian/filter/DecryptFilter.java
+++ b/src/main/java/com/gis/xian/filter/DecryptFilter.java
@@ -3,6 +3,7 @@ package com.gis.xian.filter;
 import com.alibaba.fastjson2.JSON;
 import com.alibaba.fastjson2.TypeReference;
 import com.gis.xian.config.CryptoProperties;
+import com.gis.xian.utils.PathMatcherUtils;
 import com.gis.xian.utils.safety.SM2Utils;
 import com.gis.xian.utils.safety.SM4Utils;
 import com.gis.xian.wrapper.Sm4KeyHolder;
@@ -85,15 +86,10 @@ public class DecryptFilter implements Filter {
     }
 
     /**
-     * 检查是否为无需解密的路径
+     * 检查是否为无需解密的路径（支持通配符匹配）
      */
     private boolean isNoDecryptPath(String requestUri) {
-        for (String path : cryptoProperties.getNoDecryptPaths()) {
-            if (requestUri.contains(path)) {
-                return true;
-            }
-        }
-        return false;
+        return PathMatcherUtils.matches(requestUri, cryptoProperties.getNoDecryptPaths());
     }
 
     /**
diff --git a/src/main/java/com/gis/xian/utils/PathMatcherUtils.java b/src/main/java/com/gis/xian/utils/PathMatcherUtils.java
new file mode 100644
index 0000000..167abee
--- /dev/null
+++ b/src/main/java/com/gis/xian/utils/PathMatcherUtils.java
@@ -0,0 +1,38 @@
+package com.gis.xian.utils;
+
+import org.springframework.util.AntPathMatcher;
+import org.springframework.util.PathMatcher;
+
+import java.util.List;
+
+/**
+ * 路径匹配工具类
+ * 支持 Ant 风格通配符：
+ * - ? 匹配一个字符
+ * - * 匹配零个或多个字符（不包括路径分隔符）
+ * - ** 匹配零个或多个目录
+ */
+public class PathMatcherUtils {
+    
+    private static final PathMatcher pathMatcher = new AntPathMatcher();
+    
+    /**
+     * 检查请求路径是否匹配给定的模式列表
+     * 
+     * @param requestUri 请求URI
+     * @param patterns 通配符模式列表
+     * @return 如果匹配返回true，否则返回false
+     */
+    public static boolean matches(String requestUri, List<String> patterns) {
+        if (patterns == null || patterns.isEmpty()) {
+            return false;
+        }
+        
+        for (String pattern : patterns) {
+            if (pathMatcher.match(pattern, requestUri)) {
+                return true;
+            }
+        }
+        return false;
+    }
+}
diff --git a/src/main/java/com/gis/xian/wrapper/EncryptResponseAdvice.java b/src/main/java/com/gis/xian/wrapper/EncryptResponseAdvice.java
index 8cc1bdc..f0e29c5 100644
--- a/src/main/java/com/gis/xian/wrapper/EncryptResponseAdvice.java
+++ b/src/main/java/com/gis/xian/wrapper/EncryptResponseAdvice.java
@@ -2,6 +2,7 @@ package com.gis.xian.wrapper;
 
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.gis.xian.config.CryptoProperties;
+import com.gis.xian.utils.PathMatcherUtils;
 import com.gis.xian.utils.safety.SM4Utils;
 import jakarta.annotation.Resource;
 import org.springframework.core.MethodParameter;
@@ -29,7 +30,7 @@ public class EncryptResponseAdvice implements ResponseBodyAdvice<Object> {
     private CryptoProperties cryptoProperties;
 
     /**
-     * 判断是否需要加密：排除特定路径，其余全部加密
+     * 判断是否需要加密：排除特定路径，其余全部加密（支持通配符匹配）
      */
     @Override
     public boolean supports(MethodParameter returnType, Class<? extends HttpMessageConverter<?>> converterType) {
@@ -41,19 +42,12 @@ public class EncryptResponseAdvice implements ResponseBodyAdvice<Object> {
         HttpServletRequest request = attributes.getRequest();
         String requestUri = request.getRequestURI();
 
-        // 检查是否为无需加密的路径
-        for (String path : cryptoProperties.getNoEncryptPaths()) {
-            if (requestUri.contains(path)) {
-                return false; // 排除路径，不加密
-            }
-        }
-
-        // 其余路径均需要加密
-        return true;
+        // 检查是否为无需加密的路径（支持通配符）
+        return !PathMatcherUtils.matches(requestUri, cryptoProperties.getNoEncryptPaths());
     }
 
     /**
-     * 响应体加密逻辑（保持不变）
+     * 响应体加密逻辑
      */
     @Override
     public Object beforeBodyWrite(Object body, MethodParameter returnType, MediaType selectedContentType,
@@ -61,15 +55,17 @@ public class EncryptResponseAdvice implements ResponseBodyAdvice<Object> {
                                   ServerHttpRequest request, ServerHttpResponse response) {
         try {
             String sm4Key = Sm4KeyHolder.getSm4Key();
+            // 如果SM4密钥不存在，直接返回原始数据（不加密）
             if (sm4Key == null || sm4Key.length() != 32) {
-                throw new RuntimeException("SM4密钥不存在或格式错误，无法加密响应");
+                return body;
             }
 
             String plaintext = objectMapper.writeValueAsString(body);
             String encryptedText = SM4Utils.encrypt(sm4Key, plaintext);
             return encryptedText;
         } catch (Exception e) {
-            throw new RuntimeException("响应数据加密失败: " + e.getMessage(), e);
+            // 加密失败时返回原始数据，避免影响业务
+            return body;
         } finally {
             Sm4KeyHolder.clear(); // 清除线程本地存储，避免内存泄漏
         }