本文主要是介绍.Net5 框架搭建(六):使用自定义中间件对数据进行加密解密,希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!
前言
因为项目需要,要求数据交互不能是明文,所以我们的项目的设计是这样子的,前端加密请求数据=》后端解密请求数据。一开始用着也没啥问题,直到我这边有个接口居然报请求数据太大,我就奇怪,这才多少量,也达不到post请求最大值。直到我发现,原来某个后端同事居然让前端把入参都放在header里面。。。。(别问我为什么入参会放在请求header,有些项目就是这么的匪夷所思!!!!)
话不多说,直接开始我们的整改环节。
什么是中间件
中间件是一种装配到应用管道以处理请求和响应的软件。
ASP.NET Core 请求管道包含一系列请求委托,依次调用。 下图演示了这一概念。 沿黑色箭头执行。
更多详情可以看看官网说明《中间件》
编写自定义中间件
大致步骤:
前端将加密过的数据放在body=》接收request=》解密请求内容,将内容写入新的Request Stream=>等待其他中间件执行完毕=》加密响应内容,将内容写入新的Response Stream=》结束,返回数据给前端
为了简单演示,这里我用到的加密解密用的是AES,生产环境不推荐使用。还有这里我只是对关键信息进行了加密解密处理,并不是对全部请求数据,响应数据进行处理,看个人实际应用场景。
HttpContextMiddleware.cs
/// <summary>/// 请求上下文中间件/// </summary>public class HttpContextMiddleware{private readonly RequestDelegate _next;private readonly ILogger<HttpContextMiddleware> _logger;private readonly string noEncryptAction = "[/api/Login/GetToken];";//不参与解密的接口private readonly string aeskey = "OiISGKCzs0dlRlHl";//aes密钥public HttpContextMiddleware(RequestDelegate requestDelegate, ILogger<HttpContextMiddleware> logger){_next = requestDelegate;_logger = logger;}public async Task Invoke(HttpContext context){// 替换原本的 Response.Body 流在 _next(context) 执行下一个中间件后,需要读取数据,原本的流不可读 canReader = falsevar originalResponseStream = context.Response.Body;using var replaceResponseStream = new MemoryStream();context.Response.Body = replaceResponseStream;var path = "[" + context.Request.Path + "]";if (context.Request.Method.Equals(Microsoft.AspNetCore.Http.HttpMethods.Post, StringComparison.CurrentCultureIgnoreCase) && !noEncryptAction.Contains(path)){// 过滤请求await FilterRequest(context, originalResponseStream);}await _next(context);if (context.Response.StatusCode != StatusCodes.Status200OK)return;// 过滤响应await FilterResponse(context, originalResponseStream, replaceResponseStream);}/// <summary>/// 过滤请求/// </summary>/// <param name="context"></param>/// <returns></returns>private async Task<HttpContext> FilterRequest(HttpContext context, Stream originalResponseStream){try{var requestData = string.Empty;//将请求 Body Stream读取并解密using (var reader = new StreamReader(context.Request.Body)){requestData = await reader.ReadToEndAsync();var dict = JsonConvert.DeserializeObject<Dictionary<string, object>>(requestData);if (dict != null & dict.ContainsKey("data")){requestData = dict["data"].ToString();}requestData = AESHelper.AesDecrypt(requestData, aeskey);//解密json数据if (string.IsNullOrEmpty(requestData)){await originalResponseStream.WriteAsync(Encoding.Default.GetBytes(JsonConvert.SerializeObject(new DXResult { code = DXCode.BadRequest, msg = "解密数据异常" })));}}var requestStringContent = new StringContent(requestData);context.Request.Body = await requestStringContent.ReadAsStreamAsync();}catch (Exception ex){// 将返回的 Response 流 Copy 到原始流await originalResponseStream.WriteAsync(Encoding.Default.GetBytes(JsonConvert.SerializeObject(new DXResult { code = DXCode.BadRequest, msg = "请求数据异常" })));context.Response.Body = originalResponseStream;_logger.LogError("参数解密异常:{@ex}", ex);//await context.Response.WriteAsJsonAsync<DXResult>(new DXResult { code = DXCode.BadRequest, msg = "请求数据异常" });}return context;}/// <summary>/// 过滤响应/// </summary>/// <param name="context"></param>/// <param name="originalResponseStream"></param>/// <param name="replaceResponseStream"></param>/// <returns></returns>private async Task FilterResponse(HttpContext context, Stream originalResponseStream, MemoryStream replaceResponseStream){try{var responseData = string.Empty;using (var reader = new StreamReader(replaceResponseStream)){context.Response.Body.Seek(0, SeekOrigin.Begin);responseData = await reader.ReadToEndAsync();//对data里面的数据进行加密var dict = JsonConvert.DeserializeObject<Dictionary<string, object>>(responseData);if (dict != null & dict.ContainsKey("data")){var data = dict["data"];var aeskey = "OiISGKCzs0dlRlHl";if (data != null){var newData = AESHelper.AesEncrypt(JsonConvert.SerializeObject(data), aeskey);dict.Remove("data");dict.Add("data", newData);}responseData = JsonConvert.SerializeObject(dict);}}// 将返回的 Response 流 Copy 到原始流await originalResponseStream.WriteAsync(Encoding.Default.GetBytes(responseData.ToString()));context.Response.Body = originalResponseStream;}catch (Exception ex){_logger.LogError("参数加密异常:{@ex}", ex);await context.Response.WriteAsJsonAsync<DXResult>(new DXResult { code = DXCode.BadRequest, msg = "响应数据异常" });}}}
中间件帮助类
MiddlewareExtensions.cs
/// <summary>
/// 中间件扩展帮助类
/// </summary>
public static class MiddlewareExtensions
{/// <summary>/// 请求上下文中间件/// </summary>/// <param name="app"></param>/// <returns></returns>public static IApplicationBuilder UseHttpContextMildd(this IApplicationBuilder app){return app.UseMiddleware<HttpContextMiddleware>();}
}
最后将我们写好的自定义中间件注册进来管道,这里需要注意中间件的顺序
/// 此方法由运行时调用。使用此方法配置HTTP请求管道。
/// </summary>
/// 中间件的注册顺序严格按照官方配置推荐依次顺序,更多请看https://docs.microsoft.com/zh-cn/aspnet/core/fundamentals/middleware/?view=aspnetcore-5.0
/// ExceptionHandler=>HSTS=>HttpsRedirection=>Static Files=>CORS=>Authentication=>Authorization=>自定义中间组件=》Endpoint
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{if (env.IsDevelopment()){app.UseDeveloperExceptionPage();app.UseSwagger();app.UseSwaggerUI(c => c.SwaggerEndpoint("/swagger/v1/swagger.json", "CuoDing.Core v1"));}app.UseResponseCompression();app.UseHttpsRedirection();app.UseRouting();app.UseAuthentication();app.UseAuthorization();if (Appsettings.app(new string[] { "IsEncrypt" }).ObjToBool()){//请求上下文中间件app.UseHttpContextMildd();}app.UseEndpoints(endpoints =>{endpoints.MapControllers();});
}
测试效果
存在问题(已修复)
假如遇到返回响应的数据量较大,会报一个异常错误
Response Content-Length mismatch: too many bytes written (2048 of 1943).
解决方案:修改Content-Length大小
// 将返回的 Response 流 Copy 到原始流
var dataByte = Encoding.Default.GetBytes(responseData.ToString());
context.Response.ContentType = "application/json";
context.Response.Headers.Remove("Content-Length");
context.Response.Headers.Add("Content-Length", new[] { dataByte.Length.ToString() });
await originalResponseStream.WriteAsync(dataByte,0, dataByte.Length);
context.Response.Body = originalResponseStream;
完整代码已上传码云:https://gitee.com/shao-jiayong/cuo-ding
这篇关于.Net5 框架搭建(六):使用自定义中间件对数据进行加密解密的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!