fix: can't comment sporadically

HackyleShawe · HackyleShawe · commit 412439eade85 · 2023-11-03T15:51:27.000+08:00
数据库ID进行加密与Base64后，特殊字符(+,/,=)不符合HTML标签id属性值的规范
diff --git a/blog-consumer/src/main/java/com/hackyle/blog/consumer/controller/ArticleController.java b/blog-consumer/src/main/java/com/hackyle/blog/consumer/controller/ArticleController.java
@@ -104,7 +104,7 @@ public ModelAndView articleDetail(ModelAndView modelAndView, HttpServletRequest
         modelAndView.addObject("articleVo", articleVo);
         modelAndView.addObject("metaVo", metaVo);
 
-        List<CommentVo> commentVos = commentService.fetchListByHierarchy(IDUtils.decryptByAES(articleVo.getId()));
+        List<CommentVo> commentVos = commentService.fetchListByHierarchy(IDUtils.decrypt(articleVo.getId()));
         modelAndView.addObject("commentVos", commentVos);
 
         ArticleVo articleVoLog = BeanCopyUtils.copy(articleVo, ArticleVo.class);
@@ -147,7 +147,7 @@ public ModelAndView articleDetail(ModelAndView modelAndView, HttpServletRequest
         metaVo.setKeywords(articleVo.getTags());
         modelAndView.addObject("metaVo", metaVo);
 
-        List<CommentVo> commentVos = commentService.fetchListByHierarchy(IDUtils.decryptByAES(articleVo.getId()));
+        List<CommentVo> commentVos = commentService.fetchListByHierarchy(IDUtils.decrypt(articleVo.getId()));
         modelAndView.addObject("commentVos", commentVos);
 
         ArticleVo articleVoLog = BeanCopyUtils.copy(articleVo, ArticleVo.class);
diff --git a/blog-consumer/src/main/java/com/hackyle/blog/consumer/service/impl/ArticleServiceImpl.java b/blog-consumer/src/main/java/com/hackyle/blog/consumer/service/impl/ArticleServiceImpl.java
@@ -137,7 +137,7 @@ public ArticleVo articleDetail(String uri) {
 
         ArticleVo articleVo = BeanCopyUtils.copy(articleEntity, ArticleVo.class);
         //加密ID
-        articleVo.setId(IDUtils.encryptByAES(articleEntity.getId()));
+        articleVo.setId(IDUtils.encrypt(articleEntity.getId()));
 
         Long articleId = articleEntity.getId();
         List<Long> articleIds = new ArrayList<>();
diff --git a/blog-consumer/src/main/java/com/hackyle/blog/consumer/service/impl/CommentServiceImpl.java b/blog-consumer/src/main/java/com/hackyle/blog/consumer/service/impl/CommentServiceImpl.java
@@ -43,14 +43,14 @@ public class CommentServiceImpl extends ServiceImpl<CommentMapper, CommentEntity
     @Override
     public ApiResponse<String> add(CommentAddDto addDto) {
         CommentEntity commentEntity = BeanCopyUtils.copy(addDto, CommentEntity.class);
-        commentEntity.setTargetId(IDUtils.decryptByAES(addDto.getTargetId()));
+        commentEntity.setTargetId(IDUtils.decrypt(addDto.getTargetId()));
         commentEntity.setId(IDUtils.timestampID());
 
         if(StringUtils.isNotBlank(addDto.getParentId())) {
-            commentEntity.setParentId(IDUtils.decryptByAES(addDto.getParentId()));
+            commentEntity.setParentId(IDUtils.decrypt(addDto.getParentId()));
 
             String replyWhoId = addDto.getReplyWhoId();
-            CommentEntity commentReplyWho = commentMapper.selectById(IDUtils.decryptByAES(replyWhoId));
+            CommentEntity commentReplyWho = commentMapper.selectById(IDUtils.decrypt(replyWhoId));
             commentEntity.setReplyWho(commentReplyWho.getName());
         }
 
@@ -83,7 +83,7 @@ public List<CommentVo> fetchListByHierarchy(long targetId) {
         List<CommentVo> resultComments = new ArrayList<>(parentComments.size());
         for (CommentEntity parentComment : parentComments) {
             CommentVo commentVo = BeanCopyUtils.copy(parentComment, CommentVo.class);
-            commentVo.setId(IDUtils.encryptByAES(parentComment.getId()));
+            commentVo.setId(IDUtils.encrypt(parentComment.getId()));
 
             List<CommentEntity> subComments = groupByParentIdMap.get(parentComment.getId());
             if(subComments != null && subComments.size() > 0) {
diff --git a/blog-consumer/src/main/java/com/hackyle/blog/consumer/util/AESUtils.java b/blog-consumer/src/main/java/com/hackyle/blog/consumer/util/AESUtils.java
@@ -26,7 +26,7 @@ public class AESUtils {
      * @param password 密码
      * @return 加密后的Base64
      */
-    public static String encrypt(String plaintext, String password) {
+    public static String encryptAndToBase64(String plaintext, String password) {
         byte[] passwordKeyBytes = passwordKey(password);
         byte[] plaintextBytes = plaintext.getBytes(StandardCharsets.UTF_8);
         byte[] encryptedBytes = doFinal(Cipher.ENCRYPT_MODE, plaintextBytes, passwordKeyBytes);
@@ -39,13 +39,39 @@ public static String encrypt(String plaintext, String password) {
      * @param password 密码
      * @return 解密后的字节数组
      */
-    public static String decrypt(String ciphertext, String password) {
+    public static String decryptAndToBase64(String ciphertext, String password) {
         byte[] ciphertextBytes = Base64.getDecoder().decode(ciphertext);
         byte[] passwordKeyBytes = passwordKey(password);
         byte[] decryptedBytes = doFinal(Cipher.DECRYPT_MODE, ciphertextBytes, passwordKeyBytes);
         return new String(decryptedBytes);
     }
 
+    /**
+     * 加密后转为Base64串
+     * @param plaintext 待加密的数据
+     * @param password 密码
+     * @return 加密后的Base64
+     */
+    public static String encryptAndToBase64URL(String plaintext, String password) {
+        byte[] passwordKeyBytes = passwordKey(password);
+        byte[] plaintextBytes = plaintext.getBytes(StandardCharsets.UTF_8);
+        byte[] encryptedBytes = doFinal(Cipher.ENCRYPT_MODE, plaintextBytes, passwordKeyBytes);
+        return Base64.getUrlEncoder().encodeToString(encryptedBytes);
+    }
+
+    /**
+     * 解密前解码Base64
+     * @param ciphertext 待解密的数据
+     * @param password 密码
+     * @return 解密后的字节数组
+     */
+    public static String decryptAndToBase64URL(String ciphertext, String password) {
+        byte[] ciphertextBytes = Base64.getUrlDecoder().decode(ciphertext);
+        byte[] passwordKeyBytes = passwordKey(password);
+        byte[] decryptedBytes = doFinal(Cipher.DECRYPT_MODE, ciphertextBytes, passwordKeyBytes);
+        return new String(decryptedBytes);
+    }
+
     /**
      * 根据password生成AES所需的128、192、256位的密码
      * @param password 密码
@@ -96,10 +122,10 @@ public static void main(String[] args) {
         String data = "1658814571488";
         String password = "kyle";
 
-        String encrypt = encrypt(data, password);
+        String encrypt = encryptAndToBase64(data, password);
         System.out.println(encrypt);
 
-        String decrypt = decrypt(encrypt, password);
+        String decrypt = decryptAndToBase64(encrypt, password);
         System.out.println(decrypt);
     }
 }
diff --git a/blog-consumer/src/main/java/com/hackyle/blog/consumer/util/IDUtils.java b/blog-consumer/src/main/java/com/hackyle/blog/consumer/util/IDUtils.java
@@ -9,9 +9,14 @@
 
 /**
  * ID混淆工具类
+ * 主要思路：将ID进行对称加密，再转换为Base64串
+ *
+ * Base64的定义：用 64 个可打印字符来表示二进制数据，小写字母 a-z、大写字母 A-Z、数字 0-9、符号"+"、"/"（当原始数据凑不够三个字节时，编码结果中会使用额外的符号'='，实际上是 65 个字符）。
+ *
  * 注意：
  *  混淆规则不应该轻易改动
- *  由于混淆后的ID可能会用作URL的一部分，需要替换Base64中的不符合URL规则的字符
+ *  由于混淆后的ID可能会用作URL的一部分，所以直接转换为URL类型的Base64串（或者替换掉常规Base64中的不符合URL规则的字符）
+ *  由于混淆后的ID可能作为HTML标签的ID属性值（只能包含字母、数字、下划线和连字符'-'），所以需要替换Base64中除了那三种的字符
  */
 public class IDUtils {
     private static final String DEFAULT_PW = "blog.hackyle.com:default.pw";
@@ -24,7 +29,7 @@ public static List<String> encrypt(List<Long> sourceIdList) {
         List<String> encryptedIdList = new ArrayList<>(sourceIdList.size());
 
         for (Long id : sourceIdList) {
-            encryptedIdList.add(encryptByAES(id));
+            encryptedIdList.add(encrypt(id));
         }
 
         return encryptedIdList;
@@ -34,7 +39,7 @@ public static List<Long> decrypt(List<String> sourceIdList) {
         List<Long> decryptIdList = new ArrayList<>(sourceIdList.size());
 
         for (String id : sourceIdList) {
-            decryptIdList.add(decryptByAES(id));
+            decryptIdList.add(decrypt(id));
         }
         return decryptIdList;
     }
@@ -74,7 +79,7 @@ public static void encrypt(Object sourceObj, String sourceField, Object targetOb
             sourceIdField.setAccessible(false);
 
             //加密
-            String encryptedId = encryptByAES(Long.parseLong(id.toString()));
+            String encryptedId = encrypt(Long.parseLong(id.toString()));
 
             Method targetIdField = targetObj.getClass().getMethod(targetMethod, String.class);
             targetIdField.invoke(targetObj, encryptedId);
@@ -117,7 +122,7 @@ public static void decrypt(Object sourceObj, String sourceField, Object targetOb
             sourceIdField.setAccessible(false);
 
             //解密
-            long decryptedId = decryptByAES(id.toString());
+            long decryptedId = decrypt(id.toString());
 
             Method targetIdField = targetObj.getClass().getMethod("setId", Long.class);
             targetIdField.invoke(targetObj, decryptedId);
@@ -204,32 +209,46 @@ public static void batchDecrypt(List<?> sourceObjList, String sourceField, List<
     }
 
     /**
-     * 将ID对称加密加密
-     * Base64的定义：用 64 个可打印字符来表示二进制数据，小写字母 a-z、大写字母 A-Z、数字 0-9、符号"+"、"/"（再加上作为垫字的"="，实际上是 65 个字符）。
+     * ID混淆：AES加密，转换为Base64串，特殊字符处理
      */
-    public static String encryptByAES(long id) {
-        String encrypt = AESUtils.encrypt(String.valueOf(id), DEFAULT_PW);
+    public static String encrypt(long id) {
+        String encrypt = AESUtils.encryptAndToBase64(String.valueOf(id), DEFAULT_PW);
 
-        //由于返回的是Base64字符串，作为URL时可能存在冲突，所以再进行转换
+        //混淆后的ID可能作为HTML标签的ID属性值（只能包含字母、数字、下划线和连字符'-'），所以需要替换Base64中除了那三种的字符
         encrypt = encrypt.replaceAll("\\+", "-")
-                .replaceAll("/", ".")
-                .replaceAll("=","_");
+                .replaceAll("/", "_");
+        //替换Base64串后面可能存在的=。有几个=，就将其替换后，在尾巴后添加数字
+        int count = 0;
+        for (int i = encrypt.length()-1; i >= 0; i--) {
+            if('=' != encrypt.charAt(i)) { //=只可能出现在Base64串的最后面
+                encrypt = encrypt.substring(0, i+1); //移除Base64串最后面的=
+                break;
+            }
+            count++;
+        }
+        encrypt += count;
+
         return encrypt;
     }
 
     /**
-     * 将ID对称解密
+     * ID解混淆：特殊字符恢复处理，Base64转换，AES解密
      */
-    public static long decryptByAES(String encryptedId) {
+    public static long decrypt(String encryptedId) {
         if(StringUtils.isBlank(encryptedId)) {
             throw new RuntimeException("encryptedId为空");
         }
 
         encryptedId = encryptedId.replaceAll("-", "+")
-                .replaceAll("\\.", "/")
-                .replaceAll("_","=");
+                .replaceAll("_", "/");
+        char count = encryptedId.charAt(encryptedId.length()-1);
+        int cc = Integer.parseInt(count + "");
+        encryptedId = encryptedId.substring(0, encryptedId.length()-1);
+        for (int i = 0; i < cc; i++) {
+            encryptedId += "=";
+        }
 
-        String decryptedId = AESUtils.decrypt(encryptedId, DEFAULT_PW);
+        String decryptedId = AESUtils.decryptAndToBase64(encryptedId, DEFAULT_PW);
         return Long.parseLong(decryptedId);
     }
 
@@ -241,12 +260,12 @@ public static void main(String[] args) throws Exception {
     }
 
     private static void testAES() {
-        long id = timestampID();
+        long id = 169899L;
         System.out.println(id);
-        String encryptByAES = encryptByAES(id);
+        String encryptByAES = encrypt(id);
         System.out.println(encryptByAES);
 
-        long decryptByAES = decryptByAES(encryptByAES);
+        long decryptByAES = decrypt(encryptByAES);
         System.out.println(decryptByAES);
     }
 }
