XW-AIOT/aiot-platform-cloud
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1197363ac6ea5d7f1554360bbc89eceecb4fabbb
aiot-platform-cloud/.qoder/repowiki/zh/content/安全设计/安全设计.md

509 lines
34 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# 安全设计
<cite>
**本文引用的文件**
- [安全设计.md](file://docs/technical-overview/10-安全设计.md)
- [ViewshSecurityAutoConfiguration.java](file://viewsh-framework/viewsh-spring-boot-starter-security/src/main/java/com/viewsh/framework/security/config/ViewshSecurityAutoConfiguration.java)
- [ViewshTenantAutoConfiguration.java](file://viewsh-framework/viewsh-spring-boot-starter-biz-tenant/src/main/java/com/viewsh/framework/tenant/config/ViewshTenantAutoConfiguration.java)
- [ViewshDataPermissionAutoConfiguration.java](file://viewsh-framework/viewsh-spring-boot-starter-biz-data-permission/src/main/java/com/viewsh/framework/datapermission/config/ViewshDataPermissionAutoConfiguration.java)
- [ApiEncryptProperties.java](file://viewsh-framework/viewsh-spring-boot-starter-web/src/main/java/com/viewsh/framework/encrypt/config/ApiEncryptProperties.java)
- [RateLimiter.java](file://viewsh-framework/viewsh-spring-boot-starter-protection/src/main/java/com/viewsh/framework/ratelimiter/core/annotation/RateLimiter.java)
- [ViewshRateLimiterConfiguration.java](file://viewsh-framework/viewsh-spring-boot-starter-protection/src/main/java/com/viewsh/framework/ratelimiter/config/ViewshRateLimiterConfiguration.java)
- [RateLimiterAspect.java](file://viewsh-framework/viewsh-spring-boot-starter-protection/src/main/java/com/viewsh/framework/ratelimiter/core/aop/RateLimiterAspect.java)
- [RateLimiterRedisDAO.java](file://viewsh-framework/viewsh-spring-boot-starter-protection/src/main/java/com/viewsh/framework/ratelimiter/core/redis/RateLimiterRedisDAO.java)
- [IotAuthTypeEnum.java](file://viewsh-module-iot/viewsh-module-iot-core/src/main/java/com/viewsh/module/iot/core/enums/IotAuthTypeEnum.java)
- [IotDeviceService.java](file://viewsh-module-iot/viewsh-module-iot-server/src/main/java/com/viewsh/module/iot/service/device/IotDeviceService.java)
- [IotDeviceServiceImpl.java](file://viewsh-module-iot/viewsh-module-iot-server/src/main/java/com/viewsh/module/iot/service/device/IotDeviceServiceImpl.java)
- [IotDeviceAuthInfoRespVO.java](file://viewsh-module-iot/viewsh-module-iot-server/src/main/java/com/viewsh/module/iot/controller/admin/device/vo/device/IotDeviceAuthInfoRespVO.java)
- [CleanOrderAuditEvent.java](file://viewsh-module-iot/viewsh-module-iot-core/src/main/java/com/viewsh/module/iot/core/integration/event/clean/CleanOrderAuditEvent.java)
- [CleanOrderAuditEventHandler.java](file://viewsh-module-ops/viewsh-module-environment-biz/src/main/java/com/viewsh/module/ops/environment/integration/consumer/CleanOrderAuditEventHandler.java)
- [ruoyi-vue-pro.sql](file://sql/sqlserver/ruoyi-vue-pro.sql)
</cite>
## 目录
1. [引言](#引言)
2. [项目结构](#项目结构)
3. [核心组件](#核心组件)
4. [架构总览](#架构总览)
5. [详细组件分析](#详细组件分析)
6. [依赖关系分析](#依赖关系分析)
7. [性能考量](#性能考量)
8. [故障排查指南](#故障排查指南)
9. [结论](#结论)
10. [附录](#附录)
## 引言
本文件面向AIOT平台云项目系统化阐述安全设计与实现覆盖身份认证、权限控制、数据保护、网络防护、设备安全、安全审计与合规等方面。内容以仓库现有实现为依据结合组件交互与流程图帮助开发者与运维人员快速理解与落地安全策略。
## 项目结构
围绕安全主题的关键模块与文件分布如下:
- 安全基础与框架
- 安全自动装配与过滤器Spring Security 扩展、认证入口、密码编码器、Token过滤器
- 多租户安全租户上下文过滤、租户安全过滤、租户忽略URL解析
- 数据权限MyBatis Plus 数据权限拦截器与规则工厂
- API保护与加密
- API加解密配置对称/非对称算法、请求/响应密钥)
- 限流注解与切面、Redisson限流DAO
- 设备侧安全
- 设备认证类型枚举(一机一密、一型一密、动态注册、免鉴权)
- 设备认证服务与实现、设备认证信息响应VO
- 安全审计
- 清洁工单审计事件与事件处理器发布业务日志、扩展字段、TTS联动
- 登录日志表结构(含链路追踪、用户类型、结果等字段)
```mermaid
graph TB
subgraph "安全基础"
SEC["安全自动装配<br/>ViewshSecurityAutoConfiguration"]
TEN["多租户自动装配<br/>ViewshTenantAutoConfiguration"]
DP["数据权限自动装配<br/>ViewshDataPermissionAutoConfiguration"]
end
subgraph "API保护与加密"
ENC["API加解密配置<br/>ApiEncryptProperties"]
RL_ANN["限流注解<br/>RateLimiter"]
RL_CFG["限流配置<br/>ViewshRateLimiterConfiguration"]
RL_AOP["限流切面<br/>RateLimiterAspect"]
RL_DAO["限流DAO<br/>RateLimiterRedisDAO"]
end
subgraph "设备安全"
AUTH_ENUM["认证类型枚举<br/>IotAuthTypeEnum"]
AUTH_SVC["设备认证服务接口<br/>IotDeviceService"]
AUTH_IMPL["设备认证实现<br/>IotDeviceServiceImpl"]
AUTH_VO["认证信息响应VO<br/>IotDeviceAuthInfoRespVO"]
end
subgraph "安全审计"
EVT["审计事件模型<br/>CleanOrderAuditEvent"]
EH["审计事件处理器<br/>CleanOrderAuditEventHandler"]
LOGIN_LOG["登录日志表结构<br/>ruoyi-vue-pro.sql"]
end
SEC --> RL_CFG
SEC --> ENC
SEC --> EVT
TEN --> SEC
DP --> SEC
RL_CFG --> RL_AOP
RL_AOP --> RL_DAO
AUTH_IMPL --> AUTH_ENUM
AUTH_IMPL --> AUTH_SVC
EH --> EVT
EH --> AUTH_IMPL
LOGIN_LOG --> SEC
```
**图表来源**
- [ViewshSecurityAutoConfiguration.java](file://viewsh-framework/viewsh-spring-boot-starter-security/src/main/java/com/viewsh/framework/security/config/ViewshSecurityAutoConfiguration.java#L1-L95)
- [ViewshTenantAutoConfiguration.java](file://viewsh-framework/viewsh-spring-boot-starter-biz-tenant/src/main/java/com/viewsh/framework/tenant/config/ViewshTenantAutoConfiguration.java#L1-L223)
- [ViewshDataPermissionAutoConfiguration.java](file://viewsh-framework/viewsh-spring-boot-starter-biz-data-permission/src/main/java/com/viewsh/framework/datapermission/config/ViewshDataPermissionAutoConfiguration.java#L1-L47)
- [ApiEncryptProperties.java](file://viewsh-framework/viewsh-spring-boot-starter-web/src/main/java/com/viewsh/framework/encrypt/config/ApiEncryptProperties.java#L1-L70)
- [RateLimiter.java](file://viewsh-framework/viewsh-spring-boot-starter-protection/src/main/java/com/viewsh/framework/ratelimiter/core/annotation/RateLimiter.java#L1-L62)
- [ViewshRateLimiterConfiguration.java](file://viewsh-framework/viewsh-spring-boot-starter-protection/src/main/java/com/viewsh/framework/ratelimiter/config/ViewshRateLimiterConfiguration.java#L1-L55)
- [RateLimiterAspect.java](file://viewsh-framework/viewsh-spring-boot-starter-protection/src/main/java/com/viewsh/framework/ratelimiter/core/aop/RateLimiterAspect.java#L1-L36)
- [RateLimiterRedisDAO.java](file://viewsh-framework/viewsh-spring-boot-starter-protection/src/main/java/com/viewsh/framework/ratelimiter/core/redis/RateLimiterRedisDAO.java#L43-L66)
- [IotAuthTypeEnum.java](file://viewsh-module-iot/viewsh-module-iot-core/src/main/java/com/viewsh/module/iot/core/enums/IotAuthTypeEnum.java#L1-L58)
- [IotDeviceService.java](file://viewsh-module-iot/viewsh-module-iot-server/src/main/java/com/viewsh/module/iot/service/device/IotDeviceService.java#L246-L287)
- [IotDeviceServiceImpl.java](file://viewsh-module-iot/viewsh-module-iot-server/src/main/java/com/viewsh/module/iot/service/device/IotDeviceServiceImpl.java#L614-L648)
- [IotDeviceAuthInfoRespVO.java](file://viewsh-module-iot/viewsh-module-iot-server/src/main/java/com/viewsh/module/iot/controller/admin/device/vo/device/IotDeviceAuthInfoRespVO.java#L1-L23)
- [CleanOrderAuditEvent.java](file://viewsh-module-iot/viewsh-module-iot-core/src/main/java/com/viewsh/module/iot/core/integration/event/clean/CleanOrderAuditEvent.java#L54-L98)
- [CleanOrderAuditEventHandler.java](file://viewsh-module-ops/viewsh-module-environment-biz/src/main/java/com/viewsh/module/ops/environment/integration/consumer/CleanOrderAuditEventHandler.java#L106-L217)
- [ruoyi-vue-pro.sql](file://sql/sqlserver/ruoyi-vue-pro.sql#L3671-L3729)
**章节来源**
- [安全设计.md](file://docs/technical-overview/10-安全设计.md#L1-L81)
- [ViewshSecurityAutoConfiguration.java](file://viewsh-framework/viewsh-spring-boot-starter-security/src/main/java/com/viewsh/framework/security/config/ViewshSecurityAutoConfiguration.java#L1-L95)
- [ViewshTenantAutoConfiguration.java](file://viewsh-framework/viewsh-spring-boot-starter-biz-tenant/src/main/java/com/viewsh/framework/tenant/config/ViewshTenantAutoConfiguration.java#L1-L223)
- [ViewshDataPermissionAutoConfiguration.java](file://viewsh-framework/viewsh-spring-boot-starter-biz-data-permission/src/main/java/com/viewsh/framework/datapermission/config/ViewshDataPermissionAutoConfiguration.java#L1-L47)
- [ApiEncryptProperties.java](file://viewsh-framework/viewsh-spring-boot-starter-web/src/main/java/com/viewsh/framework/encrypt/config/ApiEncryptProperties.java#L1-L70)
- [RateLimiter.java](file://viewsh-framework/viewsh-spring-boot-starter-protection/src/main/java/com/viewsh/framework/ratelimiter/core/annotation/RateLimiter.java#L1-L62)
- [ViewshRateLimiterConfiguration.java](file://viewsh-framework/viewsh-spring-boot-starter-protection/src/main/java/com/viewsh/framework/ratelimiter/config/ViewshRateLimiterConfiguration.java#L1-L55)
- [RateLimiterAspect.java](file://viewsh-framework/viewsh-spring-boot-starter-protection/src/main/java/com/viewsh/framework/ratelimiter/core/aop/RateLimiterAspect.java#L1-L36)
- [RateLimiterRedisDAO.java](file://viewsh-framework/viewsh-spring-boot-starter-protection/src/main/java/com/viewsh/framework/ratelimiter/core/redis/RateLimiterRedisDAO.java#L43-L66)
- [IotAuthTypeEnum.java](file://viewsh-module-iot/viewsh-module-iot-core/src/main/java/com/viewsh/module/iot/core/enums/IotAuthTypeEnum.java#L1-L58)
- [IotDeviceService.java](file://viewsh-module-iot/viewsh-module-iot-server/src/main/java/com/viewsh/module/iot/service/device/IotDeviceService.java#L246-L287)
- [IotDeviceServiceImpl.java](file://viewsh-module-iot/viewsh-module-iot-server/src/main/java/com/viewsh/module/iot/service/device/IotDeviceServiceImpl.java#L614-L648)
- [IotDeviceAuthInfoRespVO.java](file://viewsh-module-iot/viewsh-module-iot-server/src/main/java/com/viewsh/module/iot/controller/admin/device/vo/device/IotDeviceAuthInfoRespVO.java#L1-L23)
- [CleanOrderAuditEvent.java](file://viewsh-module-iot/viewsh-module-iot-core/src/main/java/com/viewsh/module/iot/core/integration/event/clean/CleanOrderAuditEvent.java#L54-L98)
- [CleanOrderAuditEventHandler.java](file://viewsh-module-ops/viewsh-module-environment-biz/src/main/java/com/viewsh/module/ops/environment/integration/consumer/CleanOrderAuditEventHandler.java#L106-L217)
- [ruoyi-vue-pro.sql](file://sql/sqlserver/ruoyi-vue-pro.sql#L3671-L3729)
## 核心组件
- 身份认证与OAuth2资源服务器
- 采用标准OAuth2 Resource Server架构登录生成JWT网关校验Authorization头并解析JWT支持Redis白名单踢下线。
- 多端认证:管理端用户名/密码+图形验证码;移动端手机号/验证码+微信一键登录;设备端一机一密/一型一密/动态注册/免鉴权。
- 权限控制RBAC与数据权限
- RBAC基于Spring Security的动态权限控制注解式鉴权服务启动时扫描Controller注解并上报权限标识。
- 数据权限MyBatis Plus拦截器支持全部数据、本部门及以下、本部门、仅本人、自定义部门等策略。
- 多租户权限隔离
- 通过租户上下文过滤、租户安全过滤、租户忽略URL解析、租户数据库拦截器等实现跨模块的租户隔离。
- API安全防护
- API加解密对称/非对称算法配置,请求/响应密钥分离,前后端约定一致。
- 限流基于Redisson的分布式限流支持全局、用户、IP、节点、表达式等Key解析器。
- 防重放与接口签名关键接口携带Timestamp/Nonce服务端校验时间窗与Nonce缓存第三方开放API采用MD5(AppSecret)签名。
- 数据安全
- 敏感字段脱敏:注解驱动,序列化时自动掩码。
- 密码存储BCrypt哈希+随机Salt。
- 日志审计:操作日志与异常监控。
- 设备安全
- 设备认证类型:一机一密、一型一密、动态注册、免鉴权。
- 设备认证服务:校验设备名、产品密钥、目标密钥,支持动态注册场景。
- 设备认证信息客户端ID、用户名、密码等。
- 安全审计
- 审计事件模型设备Key、区域ID、事件级别、审计数据、消息、事件时间、租户ID等。
- 事件处理器根据审计类型确定日志类型与成功状态发布业务日志必要时联动IoT模块下发TTS。
- 登录日志表结构包含链路追踪、用户类型、结果、IP、UA等字段。
**章节来源**
- [安全设计.md](file://docs/technical-overview/10-安全设计.md#L5-L81)
- [ViewshSecurityAutoConfiguration.java](file://viewsh-framework/viewsh-spring-boot-starter-security/src/main/java/com/viewsh/framework/security/config/ViewshSecurityAutoConfiguration.java#L1-L95)
- [ViewshTenantAutoConfiguration.java](file://viewsh-framework/viewsh-spring-boot-starter-biz-tenant/src/main/java/com/viewsh/framework/tenant/config/ViewshTenantAutoConfiguration.java#L1-L223)
- [ViewshDataPermissionAutoConfiguration.java](file://viewsh-framework/viewsh-spring-boot-starter-biz-data-permission/src/main/java/com/viewsh/framework/datapermission/config/ViewshDataPermissionAutoConfiguration.java#L1-L47)
- [ApiEncryptProperties.java](file://viewsh-framework/viewsh-spring-boot-starter-web/src/main/java/com/viewsh/framework/encrypt/config/ApiEncryptProperties.java#L1-L70)
- [RateLimiter.java](file://viewsh-framework/viewsh-spring-boot-starter-protection/src/main/java/com/viewsh/framework/ratelimiter/core/annotation/RateLimiter.java#L1-L62)
- [ViewshRateLimiterConfiguration.java](file://viewsh-framework/viewsh-spring-boot-starter-protection/src/main/java/com/viewsh/framework/ratelimiter/config/ViewshRateLimiterConfiguration.java#L1-L55)
- [RateLimiterAspect.java](file://viewsh-framework/viewsh-spring-boot-starter-protection/src/main/java/com/viewsh/framework/ratelimiter/core/aop/RateLimiterAspect.java#L1-L36)
- [RateLimiterRedisDAO.java](file://viewsh-framework/viewsh-spring-boot-starter-protection/src/main/java/com/viewsh/framework/ratelimiter/core/redis/RateLimiterRedisDAO.java#L43-L66)
- [IotAuthTypeEnum.java](file://viewsh-module-iot/viewsh-module-iot-core/src/main/java/com/viewsh/module/iot/core/enums/IotAuthTypeEnum.java#L1-L58)
- [IotDeviceService.java](file://viewsh-module-iot/viewsh-module-iot-server/src/main/java/com/viewsh/module/iot/service/device/IotDeviceService.java#L246-L287)
- [IotDeviceServiceImpl.java](file://viewsh-module-iot/viewsh-module-iot-server/src/main/java/com/viewsh/module/iot/service/device/IotDeviceServiceImpl.java#L614-L648)
- [IotDeviceAuthInfoRespVO.java](file://viewsh-module-iot/viewsh-module-iot-server/src/main/java/com/viewsh/module/iot/controller/admin/device/vo/device/IotDeviceAuthInfoRespVO.java#L1-L23)
- [CleanOrderAuditEvent.java](file://viewsh-module-iot/viewsh-module-iot-core/src/main/java/com/viewsh/module/iot/core/integration/event/clean/CleanOrderAuditEvent.java#L54-L98)
- [CleanOrderAuditEventHandler.java](file://viewsh-module-ops/viewsh-module-environment-biz/src/main/java/com/viewsh/module/ops/environment/integration/consumer/CleanOrderAuditEventHandler.java#L106-L217)
- [ruoyi-vue-pro.sql](file://sql/sqlserver/ruoyi-vue-pro.sql#L3671-L3729)
## 架构总览
下图展示认证、授权、数据权限、多租户与API保护的整体交互关系
```mermaid
graph TB
GW["网关层"]
SEC["安全自动装配<br/>SecurityAutoConfiguration"]
TOK["Token认证过滤器"]
TEN["多租户自动装配<br/>TenantAutoConfiguration"]
DP["数据权限自动装配<br/>DataPermissionAutoConfiguration"]
ENC["API加解密配置<br/>ApiEncryptProperties"]
RL["限流配置/切面/DAO"]
GW --> SEC
SEC --> TOK
SEC --> TEN
SEC --> DP
SEC --> ENC
SEC --> RL
```
**图表来源**
- [ViewshSecurityAutoConfiguration.java](file://viewsh-framework/viewsh-spring-boot-starter-security/src/main/java/com/viewsh/framework/security/config/ViewshSecurityAutoConfiguration.java#L1-L95)
- [ViewshTenantAutoConfiguration.java](file://viewsh-framework/viewsh-spring-boot-starter-biz-tenant/src/main/java/com/viewsh/framework/tenant/config/ViewshTenantAutoConfiguration.java#L1-L223)
- [ViewshDataPermissionAutoConfiguration.java](file://viewsh-framework/viewsh-spring-boot-starter-biz-data-permission/src/main/java/com/viewsh/framework/datapermission/config/ViewshDataPermissionAutoConfiguration.java#L1-L47)
- [ApiEncryptProperties.java](file://viewsh-framework/viewsh-spring-boot-starter-web/src/main/java/com/viewsh/framework/encrypt/config/ApiEncryptProperties.java#L1-L70)
- [ViewshRateLimiterConfiguration.java](file://viewsh-framework/viewsh-spring-boot-starter-protection/src/main/java/com/viewsh/framework/ratelimiter/config/ViewshRateLimiterConfiguration.java#L1-L55)
## 详细组件分析
### 认证授权机制JWT、OAuth2、多租户
- OAuth2资源服务器
- 登录生成JWT包含uid、tenant_id、scopes网关校验Authorization头并解析JWT支持Redis白名单踢下线。
- 多端认证
- 管理端:用户名/密码+图形验证码
- 移动端:手机号/验证码+微信一键登录
- 设备端:一机一密、一型一密、动态注册、免鉴权
- 多租户权限控制
- 租户上下文过滤、租户安全过滤、租户数据库拦截器、租户忽略URL解析、租户缓存管理器等协同工作确保跨模块的租户隔离。
```mermaid
sequenceDiagram
participant C as "客户端"
participant G as "网关"
participant S as "安全自动装配"
participant T as "Token过滤器"
participant R as "Redis白名单"
C->>G : "携带Authorization : Bearer {token}"
G->>S : "进入安全过滤链"
S->>T : "校验JWT签名"
T-->>S : "签名有效/无效"
alt "签名有效"
S->>R : "检查token是否在白名单"
R-->>S : "在/不在"
alt "在白名单"
S-->>G : "放行"
G-->>C : "透传用户信息到下游"
else "不在白名单"
S-->>G : "拒绝"
G-->>C : "401 Unauthorized"
end
else "签名无效"
S-->>G : "拒绝"
G-->>C : "401 Unauthorized"
end
```
**图表来源**
- [安全设计.md](file://docs/technical-overview/10-安全设计.md#L9-L18)
- [ViewshSecurityAutoConfiguration.java](file://viewsh-framework/viewsh-spring-boot-starter-security/src/main/java/com/viewsh/framework/security/config/ViewshSecurityAutoConfiguration.java#L70-L74)
**章节来源**
- [安全设计.md](file://docs/technical-overview/10-安全设计.md#L5-L26)
- [ViewshSecurityAutoConfiguration.java](file://viewsh-framework/viewsh-spring-boot-starter-security/src/main/java/com/viewsh/framework/security/config/ViewshSecurityAutoConfiguration.java#L1-L95)
- [ViewshTenantAutoConfiguration.java](file://viewsh-framework/viewsh-spring-boot-starter-biz-tenant/src/main/java/com/viewsh/framework/tenant/config/ViewshTenantAutoConfiguration.java#L1-L223)
### 权限控制策略RBAC与数据权限
- RBAC
- 用户->角色->菜单/按钮权限标识注解式鉴权服务启动时扫描Controller注解并上报权限标识。
- 数据权限
- MyBatis Plus拦截器支持全部数据、本部门及以下、本部门、仅本人、自定义部门等策略。
```mermaid
flowchart TD
Start(["请求进入"]) --> RBAC["注解鉴权<br/>@PreAuthorize"]
RBAC --> RBAC_OK{"RBAC通过?"}
RBAC_OK --> |否| Deny["返回403"]
RBAC_OK --> |是| DP["数据权限拦截器"]
DP --> DP_OK{"数据权限通过?"}
DP_OK --> |否| Deny
DP_OK --> |是| Allow["放行执行业务"]
Deny --> End(["结束"])
Allow --> End
```
**图表来源**
- [安全设计.md](file://docs/technical-overview/10-安全设计.md#L29-L51)
- [ViewshDataPermissionAutoConfiguration.java](file://viewsh-framework/viewsh-spring-boot-starter-biz-data-permission/src/main/java/com/viewsh/framework/datapermission/config/ViewshDataPermissionAutoConfiguration.java#L24-L44)
**章节来源**
- [安全设计.md](file://docs/technical-overview/10-安全设计.md#L29-L51)
- [ViewshDataPermissionAutoConfiguration.java](file://viewsh-framework/viewsh-spring-boot-starter-biz-data-permission/src/main/java/com/viewsh/framework/datapermission/config/ViewshDataPermissionAutoConfiguration.java#L1-L47)
### API安全防护请求验证、限流、防攻击
- 限流
- 注解@RateLimiter声明限流策略切面统一拦截Redisson实现分布式限流支持多种Key解析器全局、用户、IP、节点、表达式
- 防重放与接口签名
- 关键接口携带Timestamp与Nonce服务端校验时间窗与Nonce缓存第三方开放API采用MD5(AppSecret)签名。
```mermaid
sequenceDiagram
participant C as "客户端"
participant S as "控制器方法"
participant A as "限流切面"
participant D as "限流DAO(Redisson)"
participant E as "异常处理"
C->>S : "发起请求"
S->>A : "进入@RateLimiter切面"
A->>D : "计算Key并检查/更新限流状态"
alt "超过阈值"
A->>E : "抛出限流异常"
E-->>C : "返回限流错误"
else "未超限"
A-->>S : "放行"
S-->>C : "正常响应"
end
```
**图表来源**
- [RateLimiter.java](file://viewsh-framework/viewsh-spring-boot-starter-protection/src/main/java/com/viewsh/framework/ratelimiter/core/annotation/RateLimiter.java#L1-L62)
- [RateLimiterAspect.java](file://viewsh-framework/viewsh-spring-boot-starter-protection/src/main/java/com/viewsh/framework/ratelimiter/core/aop/RateLimiterAspect.java#L1-L36)
- [ViewshRateLimiterConfiguration.java](file://viewsh-framework/viewsh-spring-boot-starter-protection/src/main/java/com/viewsh/framework/ratelimiter/config/ViewshRateLimiterConfiguration.java#L14-L55)
- [RateLimiterRedisDAO.java](file://viewsh-framework/viewsh-spring-boot-starter-protection/src/main/java/com/viewsh/framework/ratelimiter/core/redis/RateLimiterRedisDAO.java#L43-L66)
**章节来源**
- [安全设计.md](file://docs/technical-overview/10-安全设计.md#L69-L81)
- [RateLimiter.java](file://viewsh-framework/viewsh-spring-boot-starter-protection/src/main/java/com/viewsh/framework/ratelimiter/core/annotation/RateLimiter.java#L1-L62)
- [ViewshRateLimiterConfiguration.java](file://viewsh-framework/viewsh-spring-boot-starter-protection/src/main/java/com/viewsh/framework/ratelimiter/config/ViewshRateLimiterConfiguration.java#L1-L55)
- [RateLimiterAspect.java](file://viewsh-framework/viewsh-spring-boot-starter-protection/src/main/java/com/viewsh/framework/ratelimiter/core/aop/RateLimiterAspect.java#L1-L36)
- [RateLimiterRedisDAO.java](file://viewsh-framework/viewsh-spring-boot-starter-protection/src/main/java/com/viewsh/framework/ratelimiter/core/redis/RateLimiterRedisDAO.java#L43-L66)
### 数据加密方案(传输加密、存储加密、密钥管理)
- 传输加密
- API加解密配置支持对称/非对称算法,请求头约定用于区分前后端密钥用途,请求/响应密钥可分别配置。
- 存储加密
- 密码存储采用BCryptSpring Security默认每个用户随机Salt抵御彩虹表攻击。
- 密钥管理
- 建议对称密钥AES/SM4与非对称密钥RSA/SM2按需配置密钥轮换与最小权限原则密钥存储于安全密管或环境变量。
```mermaid
flowchart TD
Req["请求到达"] --> CheckHeader["检查加密请求头"]
CheckHeader --> EncType{"对称/非对称?"}
EncType --> |对称| SymKey["使用对称密钥解密"]
EncType --> |非对称| AsymKey["使用私钥解密"]
SymKey --> Parse["解析参数"]
AsymKey --> Parse
Parse --> Resp["响应加密"]
Resp --> EncType2{"对称/非对称?"}
EncType2 --> |对称| SymResp["使用对称密钥加密"]
EncType2 --> |非对称| AsymResp["使用公钥加密"]
SymResp --> Send["发送响应"]
AsymResp --> Send
```
**图表来源**
- [ApiEncryptProperties.java](file://viewsh-framework/viewsh-spring-boot-starter-web/src/main/java/com/viewsh/framework/encrypt/config/ApiEncryptProperties.java#L1-L70)
- [安全设计.md](file://docs/technical-overview/10-安全设计.md#L59-L61)
**章节来源**
- [ApiEncryptProperties.java](file://viewsh-framework/viewsh-spring-boot-starter-web/src/main/java/com/viewsh/framework/encrypt/config/ApiEncryptProperties.java#L1-L70)
- [安全设计.md](file://docs/technical-overview/10-安全设计.md#L53-L61)
### 设备安全(认证、通信加密、固件安全)
- 设备认证类型
- 一机一密DeviceSecret、一型一密ProductSecret、动态注册、免鉴权。
- 设备认证流程
- 校验设备名、产品密钥、目标密钥;支持动态注册场景下的策略选择。
- 设备认证信息
- 客户端ID、用户名、密码等便于设备侧接入与运维。
- 固件安全
- OTA固件管理建议在固件下载与升级链路中引入完整性校验与签名验证当前仓库未提供签名实现建议补充
```mermaid
classDiagram
class IotAuthTypeEnum {
+SECRET
+PRODUCT_SECRET
+DYNAMIC
+NONE
}
class IotDeviceService {
+authDevice(authReqDTO) boolean
+validateDeviceListExists(ids) List
+getDeviceList(ids) List
+updateDeviceFirmware(deviceId, firmwareId) void
}
class IotDeviceServiceImpl {
+authDevice(authReqDTO) boolean
}
class IotDeviceAuthInfoRespVO {
+clientId
+username
+password
}
IotDeviceServiceImpl ..|> IotDeviceService
IotDeviceServiceImpl --> IotAuthTypeEnum : "使用认证类型"
IotDeviceServiceImpl --> IotDeviceAuthInfoRespVO : "返回认证信息"
```
**图表来源**
- [IotAuthTypeEnum.java](file://viewsh-module-iot/viewsh-module-iot-core/src/main/java/com/viewsh/module/iot/core/enums/IotAuthTypeEnum.java#L1-L58)
- [IotDeviceService.java](file://viewsh-module-iot/viewsh-module-iot-server/src/main/java/com/viewsh/module/iot/service/device/IotDeviceService.java#L246-L287)
- [IotDeviceServiceImpl.java](file://viewsh-module-iot/viewsh-module-iot-server/src/main/java/com/viewsh/module/iot/service/device/IotDeviceServiceImpl.java#L614-L648)
- [IotDeviceAuthInfoRespVO.java](file://viewsh-module-iot/viewsh-module-iot-server/src/main/java/com/viewsh/module/iot/controller/admin/device/vo/device/IotDeviceAuthInfoRespVO.java#L1-L23)
**章节来源**
- [IotAuthTypeEnum.java](file://viewsh-module-iot/viewsh-module-iot-core/src/main/java/com/viewsh/module/iot/core/enums/IotAuthTypeEnum.java#L1-L58)
- [IotDeviceService.java](file://viewsh-module-iot/viewsh-module-iot-server/src/main/java/com/viewsh/module/iot/service/device/IotDeviceService.java#L246-L287)
- [IotDeviceServiceImpl.java](file://viewsh-module-iot/viewsh-module-iot-server/src/main/java/com/viewsh/module/iot/service/device/IotDeviceServiceImpl.java#L614-L648)
- [IotDeviceAuthInfoRespVO.java](file://viewsh-module-iot/viewsh-module-iot-server/src/main/java/com/viewsh/module/iot/controller/admin/device/vo/device/IotDeviceAuthInfoRespVO.java#L1-L23)
### 安全审计(操作日志与事件监控)
- 审计事件模型
- 包含设备Key、区域ID、事件级别、审计数据、消息、事件时间、租户ID等字段。
- 事件处理器
- 根据审计类型确定日志类型与成功状态发布业务日志对特定事件如TTS_REQUEST联动IoT模块下发语音。
- 登录日志
- 表结构包含链路追踪、用户类型、结果、IP、UA等字段便于审计与溯源。
```mermaid
sequenceDiagram
participant M as "业务模块"
participant E as "审计事件"
participant H as "事件处理器"
participant P as "业务日志发布器"
participant I as "IoT模块"
M->>E : "构建审计事件"
E->>H : "投递事件"
H->>H : "确定日志类型/成功状态"
alt "成功"
H->>P : "publishSuccess(context)"
else "失败"
H->>P : "publishFailure(context, message)"
end
alt "TTS_REQUEST"
H->>I : "下发语音播报"
end
```
**图表来源**
- [CleanOrderAuditEvent.java](file://viewsh-module-iot/viewsh-module-iot-core/src/main/java/com/viewsh/module/iot/core/integration/event/clean/CleanOrderAuditEvent.java#L54-L98)
- [CleanOrderAuditEventHandler.java](file://viewsh-module-ops/viewsh-module-environment-biz/src/main/java/com/viewsh/module/ops/environment/integration/consumer/CleanOrderAuditEventHandler.java#L106-L217)
**章节来源**
- [CleanOrderAuditEvent.java](file://viewsh-module-iot/viewsh-module-iot-core/src/main/java/com/viewsh/module/iot/core/integration/event/clean/CleanOrderAuditEvent.java#L54-L98)
- [CleanOrderAuditEventHandler.java](file://viewsh-module-ops/viewsh-module-environment-biz/src/main/java/com/viewsh/module/ops/environment/integration/consumer/CleanOrderAuditEventHandler.java#L106-L217)
- [ruoyi-vue-pro.sql](file://sql/sqlserver/ruoyi-vue-pro.sql#L3671-L3729)
## 依赖关系分析
- 组件耦合
- 安全自动装配为其他安全组件提供基础设施认证入口、密码编码器、Token过滤器、上下文策略
- 多租户与数据权限均依赖MyBatis Plus拦截器形成“租户隔离 + 数据权限”的双重保障。
- API保护加解密、限流与Redisson、Spring AOP协作形成横切关注点。
- 外部依赖
- Redis/Redisson用于限流与白名单缓存。
- Spring Security用于认证与授权框架。
- MyBatis Plus用于数据权限拦截与租户行级隔离。
```mermaid
graph LR
SEC["SecurityAutoConfiguration"] --> TOK["TokenAuthenticationFilter"]
SEC --> ENC["ApiEncryptProperties"]
SEC --> RL["RateLimiter*"]
SEC --> TEN["TenantAutoConfiguration"]
SEC --> DP["DataPermissionAutoConfiguration"]
TEN --> DB["TenantDatabaseInterceptor"]
DP --> MP["MyBatisPlusInterceptor"]
RL --> RS["RedissonClient"]
```
**图表来源**
- [ViewshSecurityAutoConfiguration.java](file://viewsh-framework/viewsh-spring-boot-starter-security/src/main/java/com/viewsh/framework/security/config/ViewshSecurityAutoConfiguration.java#L1-L95)
- [ViewshTenantAutoConfiguration.java](file://viewsh-framework/viewsh-spring-boot-starter-biz-tenant/src/main/java/com/viewsh/framework/tenant/config/ViewshTenantAutoConfiguration.java#L84-L93)
- [ViewshDataPermissionAutoConfiguration.java](file://viewsh-framework/viewsh-spring-boot-starter-biz-data-permission/src/main/java/com/viewsh/framework/datapermission/config/ViewshDataPermissionAutoConfiguration.java#L29-L39)
- [ViewshRateLimiterConfiguration.java](file://viewsh-framework/viewsh-spring-boot-starter-protection/src/main/java/com/viewsh/framework/ratelimiter/config/ViewshRateLimiterConfiguration.java#L14-L55)
**章节来源**
- [ViewshSecurityAutoConfiguration.java](file://viewsh-framework/viewsh-spring-boot-starter-security/src/main/java/com/viewsh/framework/security/config/ViewshSecurityAutoConfiguration.java#L1-L95)
- [ViewshTenantAutoConfiguration.java](file://viewsh-framework/viewsh-spring-boot-starter-biz-tenant/src/main/java/com/viewsh/framework/tenant/config/ViewshTenantAutoConfiguration.java#L1-L223)
- [ViewshDataPermissionAutoConfiguration.java](file://viewsh-framework/viewsh-spring-boot-starter-biz-data-permission/src/main/java/com/viewsh/framework/datapermission/config/ViewshDataPermissionAutoConfiguration.java#L1-L47)
- [ViewshRateLimiterConfiguration.java](file://viewsh-framework/viewsh-spring-boot-starter-protection/src/main/java/com/viewsh/framework/ratelimiter/config/ViewshRateLimiterConfiguration.java#L1-L55)
## 性能考量
- 限流策略
- 合理设置time与count避免过度限流影响用户体验优先使用用户/IP/节点等细粒度Key解析器降低误伤。
- 缓存与白名单
- Redis白名单与Nonce缓存需设置合理TTL避免内存膨胀定期清理过期键。
- 数据权限与租户拦截
- 将数据权限拦截器置于分页插件之前确保查询条件正确注入避免复杂规则导致SQL性能下降。
- 设备认证
- 对高频认证接口启用限流;密钥校验逻辑尽量走缓存与常量时间比较,减少时序差异。
[本节为通用指导,无需列出章节来源]
## 故障排查指南
- 认证失败
- 检查Authorization头格式与JWT签名有效性确认Redis白名单中是否存在该token。
- 权限不足
- 确认用户角色与权限标识是否正确上报;检查@PreAuthorize注解是否生效
- 数据越权
- 核对数据权限规则配置确认MyBatis Plus拦截器顺序与租户行级隔离是否启用。
- 限流触发
- 检查@RateLimiter注解配置与Key解析器查看Redisson限流状态与TTL。
- 设备认证失败
- 校验设备名、产品密钥、目标密钥;确认认证类型与动态注册策略。
- 审计日志缺失
- 检查事件处理器是否正确发布业务日志;核对审计事件字段与日志类型判定逻辑。
**章节来源**
- [安全设计.md](file://docs/technical-overview/10-安全设计.md#L9-L18)
- [ViewshSecurityAutoConfiguration.java](file://viewsh-framework/viewsh-spring-boot-starter-security/src/main/java/com/viewsh/framework/security/config/ViewshSecurityAutoConfiguration.java#L44-L74)
- [ViewshDataPermissionAutoConfiguration.java](file://viewsh-framework/viewsh-spring-boot-starter-biz-data-permission/src/main/java/com/viewsh/framework/datapermission/config/ViewshDataPermissionAutoConfiguration.java#L29-L39)
- [ViewshRateLimiterConfiguration.java](file://viewsh-framework/viewsh-spring-boot-starter-protection/src/main/java/com/viewsh/framework/ratelimiter/config/ViewshRateLimiterConfiguration.java#L14-L55)
- [IotDeviceServiceImpl.java](file://viewsh-module-iot/viewsh-module-iot-server/src/main/java/com/viewsh/module/iot/service/device/IotDeviceServiceImpl.java#L614-L648)
- [CleanOrderAuditEventHandler.java](file://viewsh-module-ops/viewsh-module-environment-biz/src/main/java/com/viewsh/module/ops/environment/integration/consumer/CleanOrderAuditEventHandler.java#L106-L217)
## 结论
本项目在安全设计上形成了“认证OAuth2/JWT+ 授权RBAC/数据权限/多租户)+ API保护限流/加解密/防重放)+ 设备安全(认证/通信/固件)+ 审计监控”的完整闭环。建议后续在以下方面持续完善强化设备固件签名与完整性校验、细化密钥轮换与密管集成、扩展API签名与证书绑定、完善安全事件响应流程与演练。
[本节为总结性内容,无需列出章节来源]
## 附录
- 合规性与安全标准
- 建议对照《网络安全法》《数据安全法》《个人信息保护法》及行业标准如等级保护2.0、商用密码应用评估)进行合规自评与整改。
- 安全事件响应流程(建议)
- 事件发现与分级 -> 应急处置与隔离 -> 影响评估与恢复 -> 根因分析与加固 -> 复盘与演练 -> 持续改进。
[本节为通用指导,无需列出章节来源]
Reference in New Issue View Git Blame Copy Permalink