Pre Merge pull request !421 from AhYi/master

- 在 SysUser 实体类中为手机号码字段添加 @Sensitive 注解
- 新增 @NoSensitive 注解和相关切面、拦截器，用于 “关闭” 数据脱敏
- 在用户信息相关接口中添加 @NoSensitive 注解，以 “关闭” 数据脱敏
- 新增 WebMvcConfig 配置类，注册 NoSensitiveInterceptor 拦截器

pom.xml

@@ -35,7 +35,7 @@
         <springdoc.version>1.6.9</springdoc.version>
         <transmittable-thread-local.version>2.14.4</transmittable-thread-local.version>
         <!-- override dependency version -->
-        <tomcat.version>9.0.106</tomcat.version>
+        <tomcat.version>9.0.108</tomcat.version>
         <logback.version>1.2.13</logback.version>
         <spring-framework.version>5.3.39</spring-framework.version>
     </properties>

ruoyi-api/ruoyi-api-system/pom.xml

@@ -22,7 +22,12 @@
             <groupId>com.ruoyi</groupId>
             <artifactId>ruoyi-common-core</artifactId>
         </dependency>
-        
+
+        <!-- RuoYi Common Sensitive -->
+        <dependency>
+            <groupId>com.ruoyi</groupId>
+            <artifactId>ruoyi-common-sensitive</artifactId>
+        </dependency>
     </dependencies>
 
 </project>

ruoyi-api/ruoyi-api-system/src/main/java/com/ruoyi/system/api/RemoteLogService.java

@@ -1,5 +1,6 @@
 package com.ruoyi.system.api;
 
+import com.ruoyi.common.core.annotation.NoSensitive;
 import org.springframework.cloud.openfeign.FeignClient;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
@@ -16,6 +17,7 @@ import com.ruoyi.system.api.factory.RemoteLogFallbackFactory;
  * 
  * @author ruoyi
  */
+@NoSensitive
 @FeignClient(contextId = "remoteLogService", value = ServiceNameConstants.SYSTEM_SERVICE, fallbackFactory = RemoteLogFallbackFactory.class)
 public interface RemoteLogService
 {

ruoyi-api/ruoyi-api-system/src/main/java/com/ruoyi/system/api/RemoteUserService.java

@@ -1,5 +1,6 @@
 package com.ruoyi.system.api;
 
+import com.ruoyi.common.core.annotation.NoSensitive;
 import org.springframework.cloud.openfeign.FeignClient;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
@@ -19,6 +20,7 @@ import com.ruoyi.system.api.model.LoginUser;
  * 
  * @author ruoyi
  */
+@NoSensitive
 @FeignClient(contextId = "remoteUserService", value = ServiceNameConstants.SYSTEM_SERVICE, fallbackFactory = RemoteUserFallbackFactory.class)
 public interface RemoteUserService
 {

ruoyi-api/ruoyi-api-system/src/main/java/com/ruoyi/system/api/domain/SysUser.java

@@ -3,6 +3,10 @@ package com.ruoyi.system.api.domain;
 import java.util.Date;
 import java.util.List;
 import javax.validation.constraints.*;
+
+import com.ruoyi.common.core.annotation.NoSensitive;
+import com.ruoyi.common.sensitive.annotation.Sensitive;
+import com.ruoyi.common.sensitive.enums.DesensitizedType;
 import org.apache.commons.lang3.builder.ToStringBuilder;
 import org.apache.commons.lang3.builder.ToStringStyle;
 import com.ruoyi.common.core.annotation.Excel;
@@ -44,6 +48,7 @@ public class SysUser extends BaseEntity
 
     /** 手机号码 */
     @Excel(name = "手机号码", cellType = ColumnType.TEXT)
+    @Sensitive(desensitizedType = DesensitizedType.PHONE)
     private String phonenumber;
 
     /** 用户性别 */

ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/annotation/NoSensitive.java

@@ -0,0 +1,15 @@
+package com.ruoyi.common.core.annotation;
+
+import java.lang.annotation.*;
+
+/**
+ * @Description “关闭” 数据脱敏
+ * @Author AhYi
+ * @Date 2025-07-07 10:23
+ */
+
+@Target({ElementType.TYPE, ElementType.METHOD})
+@Retention(RetentionPolicy.RUNTIME)
+@Documented
+public @interface NoSensitive {
+}

ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/aspect/NoSensitiveAspect.java

@@ -0,0 +1,29 @@
+package com.ruoyi.common.core.aspect;
+
+import com.ruoyi.common.core.annotation.NoSensitive;
+import com.ruoyi.common.core.context.SensitiveContextHolder;
+import org.aspectj.lang.ProceedingJoinPoint;
+import org.aspectj.lang.annotation.Around;
+import org.aspectj.lang.annotation.Aspect;
+import org.springframework.stereotype.Component;
+
+/**
+ * @Description @NoSensitive 注解切面，主要用户对方法的注解
+ * @Author AhYi
+ * @Date 2025-07-07 10:31
+ */
+
+@Aspect
+@Component
+public class NoSensitiveAspect {
+
+    @Around("@annotation(noSensitive)")
+    public Object around(ProceedingJoinPoint joinPoint, NoSensitive noSensitive) throws Throwable {
+        try {
+            SensitiveContextHolder.enterNoSensitiveScope();
+            return joinPoint.proceed();
+        } finally {
+            SensitiveContextHolder.exitNoSensitiveScope();
+        }
+    }
+}

ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/constant/Constants.java

@@ -120,7 +120,7 @@ public class Constants
     /**
      * 自动识别json对象白名单配置（仅允许解析的包名，范围越小越安全）
      */
-    public static final String[] JSON_WHITELIST_STR = { "org.springframework", "com.ruoyi" };
+    public static final String[] JSON_WHITELIST_STR = { "com.ruoyi" };
 
     /**
      * 定时任务白名单配置（仅允许访问的包名，如其他需要可以自行添加）

ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/context/SensitiveContextHolder.java

@@ -0,0 +1,36 @@
+package com.ruoyi.common.core.context;
+
+/**
+ * @Description Sensitive 数据脱敏上下文管理，存储当前线程是否需要脱敏
+ * @Author AhYi
+ * @Date 2025-07-07 10:27
+ */
+
+
+public class SensitiveContextHolder {
+    private static final ThreadLocal<Integer> COUNTER = new ThreadLocal<>();
+
+    public static void enterNoSensitiveScope() {
+        Integer count = COUNTER.get();
+        if (count == null) {
+            count = 0;
+        }
+        COUNTER.set(count + 1);
+    }
+
+    public static void exitNoSensitiveScope() {
+        Integer count = COUNTER.get();
+        if (count != null) {
+            if (count <= 1) {
+                COUNTER.remove();
+            } else {
+                COUNTER.set(count - 1);
+            }
+        }
+    }
+
+    public static boolean isNoSensitiveScope() {
+        Integer count = COUNTER.get();
+        return count != null && count > 0;
+    }
+}

ruoyi-common/ruoyi-common-security/src/main/java/com/ruoyi/common/security/interceptor/NoSensitiveInterceptor.java

@@ -0,0 +1,43 @@
+package com.ruoyi.common.security.interceptor;
+
+import com.ruoyi.common.core.annotation.NoSensitive;
+import com.ruoyi.common.core.context.SensitiveContextHolder;
+import org.springframework.web.method.HandlerMethod;
+import org.springframework.web.servlet.HandlerInterceptor;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+/**
+ * @Description @NoSensitive 注解的请求拦截器，主要用于对请求的注解，在请求的整个生命周期内有效
+ * @Author AhYi
+ * @Date 2025-07-07 10:35
+ */
+
+public class NoSensitiveInterceptor implements HandlerInterceptor {
+    private static final String SENSITIVE_INTERCEPTOR_APPLIED = "SENSITIVE_INTERCEPTOR_APPLIED";
+
+    @Override
+    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
+        if (handler instanceof HandlerMethod) {
+            HandlerMethod handlerMethod = (HandlerMethod) handler;
+            NoSensitive noSensitive = handlerMethod.getMethodAnnotation(NoSensitive.class);
+            if (noSensitive == null) {
+                noSensitive = handlerMethod.getBeanType().getAnnotation(NoSensitive.class);
+            }
+            if (noSensitive != null) {
+                SensitiveContextHolder.enterNoSensitiveScope();
+                request.setAttribute(SENSITIVE_INTERCEPTOR_APPLIED, Boolean.TRUE);
+            }
+        }
+        return true;
+    }
+
+    @Override
+    public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
+        Object applied = request.getAttribute(SENSITIVE_INTERCEPTOR_APPLIED);
+        if (applied != null && (Boolean) applied) {
+            SensitiveContextHolder.exitNoSensitiveScope();
+        }
+    }
+}

ruoyi-common/ruoyi-common-sensitive/src/main/java/com/ruoyi/common/sensitive/config/SensitiveJsonSerializer.java

@@ -10,6 +10,7 @@ import com.fasterxml.jackson.databind.SerializerProvider;
 import com.fasterxml.jackson.databind.ser.ContextualSerializer;
 import com.ruoyi.common.core.constant.UserConstants;
 import com.ruoyi.common.core.context.SecurityContextHolder;
+import com.ruoyi.common.core.context.SensitiveContextHolder;
 import com.ruoyi.common.sensitive.annotation.Sensitive;
 import com.ruoyi.common.sensitive.enums.DesensitizedType;
 
@@ -25,7 +26,7 @@ public class SensitiveJsonSerializer extends JsonSerializer<String> implements C
     @Override
     public void serialize(String value, JsonGenerator gen, SerializerProvider serializers) throws IOException
     {
-        if (desensitization())
+        if (desensitization() && !SensitiveContextHolder.isNoSensitiveScope())
         {
             gen.writeString(desensitizedType.desensitizer().apply(value));
         }

ruoyi-modules/ruoyi-system/pom.xml

@@ -71,6 +71,11 @@
             <artifactId>ruoyi-common-swagger</artifactId>
         </dependency>
 
+        <!-- RuoYi Common Sensitive -->
+        <dependency>
+            <groupId>com.ruoyi</groupId>
+            <artifactId>ruoyi-common-sensitive</artifactId>
+        </dependency>
     </dependencies>
 
     <build>

ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/WebMvcConfig.java

@@ -0,0 +1,23 @@
+package com.ruoyi.system;
+
+import com.ruoyi.common.security.interceptor.NoSensitiveInterceptor;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+
+/**
+ * @Description WebMvcConfig
+ * @Author AhYi
+ * @Date 2025-07-07 10:46
+ */
+
+@Configuration
+public class WebMvcConfig implements WebMvcConfigurer {
+
+    @Override
+    public void addInterceptors(InterceptorRegistry registry) {
+        registry.addInterceptor(new NoSensitiveInterceptor())
+                .addPathPatterns("/**")
+                .order(-1);
+    }
+}

ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/SysProfileController.java

@@ -2,6 +2,8 @@ package com.ruoyi.system.controller;
 
 import java.util.Arrays;
 import java.util.Map;
+
+import com.ruoyi.common.core.annotation.NoSensitive;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PostMapping;
@@ -49,6 +51,7 @@ public class SysProfileController extends BaseController
     /**
      * 个人信息
      */
+    @NoSensitive
     @GetMapping
     public AjaxResult profile()
     {

ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/SysUserController.java

@@ -6,6 +6,8 @@ import java.util.List;
 import java.util.Set;
 import java.util.stream.Collectors;
 import javax.servlet.http.HttpServletResponse;
+
+import com.ruoyi.common.core.annotation.NoSensitive;
 import org.apache.commons.lang3.ArrayUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.validation.annotation.Validated;
@@ -117,6 +119,7 @@ public class SysUserController extends BaseController
     /**
      * 获取当前用户信息
      */
+    @NoSensitive
     @InnerAuth
     @GetMapping("/info/{username}")
     public R<LoginUser> info(@PathVariable("username") String username)
@@ -171,6 +174,7 @@ public class SysUserController extends BaseController
      * 
      * @return 用户信息
      */
+    @NoSensitive
     @GetMapping("getInfo")
     public AjaxResult getInfo()
     {
@@ -221,6 +225,7 @@ public class SysUserController extends BaseController
     /**
      * 根据用户编号获取详细信息
      */
+    @NoSensitive
     @RequiresPermissions("system:user:query")
     @GetMapping(value = { "/", "/{userId}" })
     public AjaxResult getInfo(@PathVariable(value = "userId", required = false) Long userId)

ruoyi-ui/src/components/RightToolbar/index.vue

@@ -7,7 +7,7 @@
       <el-tooltip class="item" effect="dark" content="刷新" placement="top">
         <el-button size="mini" circle icon="el-icon-refresh" @click="refresh()" />
       </el-tooltip>
-      <el-tooltip class="item" effect="dark" content="显隐列" placement="top" v-if="columns">
+      <el-tooltip class="item" effect="dark" content="显隐列" placement="top" v-if="Object.keys(columns).length > 0">
         <el-button size="mini" circle icon="el-icon-menu" @click="showColumn()" v-if="showColumnsType == 'transfer'"/>
         <el-dropdown trigger="click" :hide-on-click="false" style="padding-left: 12px" v-if="showColumnsType == 'checkbox'">
           <el-button size="mini" circle icon="el-icon-menu" />
@@ -17,9 +17,9 @@
               <el-checkbox :indeterminate="isIndeterminate" v-model="isChecked" @change="toggleCheckAll"> 列展示 </el-checkbox>
             </el-dropdown-item>
             <div class="check-line"></div>
-            <template v-for="item in columns">
-              <el-dropdown-item :key="item.key">
-                <el-checkbox v-model="item.visible" @change="checkboxChange($event, item.label)" :label="item.label" />
+            <template v-for="(item, key) in columns">
+              <el-dropdown-item :key="key">
+                <el-checkbox v-model="item.visible" @change="checkboxChange($event, key)" :label="item.label" />
               </el-dropdown-item>
             </template>
           </el-dropdown-menu>
@@ -30,12 +30,13 @@
       <el-transfer
         :titles="['显示', '隐藏']"
         v-model="value"
-        :data="columns"
+        :data="transferData"
         @change="dataChange"
       ></el-transfer>
     </el-dialog>
   </div>
 </template>
+
 <script>
 export default {
   name: "RightToolbar",
@@ -55,9 +56,10 @@ export default {
       type: Boolean,
       default: true
     },
-    /* 显隐列信息 */
+    /* 显隐列信息（数组格式、对象格式） */
     columns: {
-      type: Array
+      type: [Array, Object],
+      default: () => ({})
     },
     /* 是否显示检索图标 */
     search: {
@@ -85,21 +87,36 @@ export default {
     },
     isChecked: {
       get() {
-        return this.columns.every((col) => col.visible)
+        return Array.isArray(this.columns) ? this.columns.every((col) => col.visible) : Object.values(this.columns).every((col) => col.visible)
       },
       set() {}
     },
     isIndeterminate() {
-      return this.columns.some((col) => col.visible) && !this.isChecked
+      return Array.isArray(this.columns) ? this.columns.some((col) => col.visible) && !this.isChecked : Object.values(this.columns).some((col) => col.visible) && !this.isChecked
+    },
+    transferData() {
+      if (Array.isArray(this.columns)) {
+        return this.columns.map((item, index) => ({ key: index, label: item.label }))
+      } else {
+        return Object.keys(this.columns).map((key, index) => ({ key: index, label: this.columns[key].label }))
+      }
     }
   },
   created() {
     if (this.showColumnsType == 'transfer') {
-      // 显隐列初始默认隐藏列
-      for (let item in this.columns) {
-        if (this.columns[item].visible === false) {
-          this.value.push(parseInt(item))
+      // transfer穿梭显隐列初始默认隐藏列
+      if (Array.isArray(this.columns)) {
+        for (let item in this.columns) {
+          if (this.columns[item].visible === false) {
+            this.value.push(parseInt(item))
+          }
         }
+      } else {
+        Object.keys(this.columns).forEach((key, index) => {
+          if (this.columns[key].visible === false) {
+            this.value.push(index)
+          }
+        })
       }
     }
   },
@@ -114,9 +131,15 @@ export default {
     },
     // 右侧列表元素变化
     dataChange(data) {
-      for (let item in this.columns) {
-        const key = this.columns[item].key
-        this.columns[item].visible = !data.includes(key)
+      if (Array.isArray(this.columns)) {
+        for (let item in this.columns) {
+          const key = this.columns[item].key
+          this.columns[item].visible = !data.includes(key)
+        }
+      } else {
+        Object.keys(this.columns).forEach((key, index) => {
+          this.columns[key].visible = !data.includes(index)
+        })
       }
     },
     // 打开显隐列dialog
@@ -124,17 +147,26 @@ export default {
       this.open = true
     },
     // 单勾选
-    checkboxChange(event, label) {
-      this.columns.filter(item => item.label == label)[0].visible = event
+    checkboxChange(event, key) {
+      if (Array.isArray(this.columns)) {
+        this.columns.filter(item => item.key == key)[0].visible = event
+      } else {
+        this.columns[key].visible = event
+      }
     },
     // 切换全选/反选
     toggleCheckAll() {
       const newValue = !this.isChecked
-      this.columns.forEach((col) => (col.visible = newValue))
+      if (Array.isArray(this.columns)) {
+        this.columns.forEach((col) => (col.visible = newValue))
+      } else {
+        Object.values(this.columns).forEach((col) => (col.visible = newValue))
+      }
     }
   },
 }
 </script>
+
 <style lang="scss" scoped>
 ::v-deep .el-transfer__button {
   border-radius: 50%;

ruoyi-ui/src/views/system/user/index.vue

@@ -58,17 +58,17 @@
 
             <el-table v-loading="loading" :data="userList" @selection-change="handleSelectionChange">
               <el-table-column type="selection" width="50" align="center" />
-              <el-table-column label="用户编号" align="center" key="userId" prop="userId" v-if="columns[0].visible" />
-              <el-table-column label="用户名称" align="center" key="userName" prop="userName" v-if="columns[1].visible" :show-overflow-tooltip="true" />
-              <el-table-column label="用户昵称" align="center" key="nickName" prop="nickName" v-if="columns[2].visible" :show-overflow-tooltip="true" />
-              <el-table-column label="部门" align="center" key="deptName" prop="dept.deptName" v-if="columns[3].visible" :show-overflow-tooltip="true" />
-              <el-table-column label="手机号码" align="center" key="phonenumber" prop="phonenumber" v-if="columns[4].visible" width="120" />
-              <el-table-column label="状态" align="center" key="status" v-if="columns[5].visible">
+              <el-table-column label="用户编号" align="center" key="userId" prop="userId" v-if="columns.userId.visible" />
+              <el-table-column label="用户名称" align="center" key="userName" prop="userName" v-if="columns.userName.visible" :show-overflow-tooltip="true" />
+              <el-table-column label="用户昵称" align="center" key="nickName" prop="nickName" v-if="columns.nickName.visible" :show-overflow-tooltip="true" />
+              <el-table-column label="部门" align="center" key="deptName" prop="dept.deptName" v-if="columns.deptName.visible" :show-overflow-tooltip="true" />
+              <el-table-column label="手机号码" align="center" key="phonenumber" prop="phonenumber" v-if="columns.phonenumber.visible" width="120" />
+              <el-table-column label="状态" align="center" key="status" v-if="columns.status.visible">
                 <template slot-scope="scope">
                   <el-switch v-model="scope.row.status" active-value="0" inactive-value="1" @change="handleStatusChange(scope.row)"></el-switch>
                 </template>
               </el-table-column>
-              <el-table-column label="创建时间" align="center" prop="createTime" v-if="columns[6].visible" width="160">
+              <el-table-column label="创建时间" align="center" prop="createTime" v-if="columns.createTime.visible" width="160">
                 <template slot-scope="scope">
                   <span>{{ parseTime(scope.row.createTime) }}</span>
                 </template>
@@ -277,15 +277,15 @@ export default {
         deptId: undefined
       },
       // 列信息
-      columns: [
-        { key: 0, label: `用户编号`, visible: true },
-        { key: 1, label: `用户名称`, visible: true },
-        { key: 2, label: `用户昵称`, visible: true },
-        { key: 3, label: `部门`, visible: true },
-        { key: 4, label: `手机号码`, visible: true },
-        { key: 5, label: `状态`, visible: true },
-        { key: 6, label: `创建时间`, visible: true }
-      ],
+      columns: {
+        userId: { label: '用户编号', visible: true },
+        userName: { label: '用户名称', visible: true },
+        nickName: { label: '用户昵称', visible: true },
+        deptName: { label: '部门', visible: true },
+        phonenumber: { label: '手机号码', visible: true },
+        status: { label: '状态', visible: true },
+        createTime: { label: '创建时间', visible: true }
+      },
       // 表单校验
       rules: {
         userName: [