0

我正在使用 ABP 版本 3.8.2。我启用了ABP 审计日志,它工作正常。

有没有办法用不同的值替换或掩盖审计日志值,以隐藏密码、信用卡详细信息等敏感信息?也许通过扩展 ABP 的Audited属性。

请建议。

4

1 回答 1

1

是的,您可以替换或屏蔽审计值以隐藏敏感信息。

  1. 实施MaskableAuditSerializer

    public class MaskableAuditSerializer : IAuditSerializer, ITransientDependency
{
    private readonly IAuditingConfiguration _configuration;

    public MaskableJsonNetAuditSerializer(IAuditingConfiguration configuration)
    {
        _configuration = configuration;
    }

    public string Serialize(object obj)
    {
        var options = new JsonSerializerSettings
        {
            ContractResolver = new MaskableAuditingContractResolver(_configuration.IgnoredTypes)
        };

        return JsonConvert.SerializeObject(obj, options);
    }
}

  2. MaskableAuditingContractResolver通过继承实现AuditingContractResolver

    public class MaskableAuditingContractResolver : AuditingContractResolver
{
    public MaskableAuditingContractResolver(List<Type> ignoredTypes)
        : base(ignoredTypes)
    {
    }

    protected override JsonProperty CreateProperty(MemberInfo member, MemberSerialization memberSerialization)
    {
        var property = base.CreateProperty(member, memberSerialization);

        if (member.IsDefined(typeof(MaskedAuditedAttribute)))
        {
            property.ValueProvider = new MaskedValueProvider();
        }

        return property;
    }
}

  3. 实施MaskedValueProvider

    public class MaskedValueProvider : IValueProvider
{
    public object GetValue(object target)
    {
        return "***";
    }

    public void SetValue(object target, object value)
    {
        throw new NotImplementedException();
    }
}

  4. MaskedAuditedAttribute通过继承实现AuditedAttribute

    public class MaskedAuditedAttribute : AuditedAttribute
{
}

用法

public class LoginViewModel
{
    [MaskedAudited]
    public string Password { get; set; }

    // ...
}
于 2018-10-28T02:40:02.867 回答