add 增加 springboot actuator 账号密码认证 杜绝内外网信息泄漏问题

ruoyi-gateway/src/main/java/org/dromara/gateway/filter/AuthFilter.java

@@ -1,12 +1,14 @@
 package org.dromara.gateway.filter;
 
 import cn.dev33.satoken.exception.NotLoginException;
+import cn.dev33.satoken.httpauth.basic.SaHttpBasicUtil;
 import cn.dev33.satoken.reactor.context.SaReactorSyncHolder;
 import cn.dev33.satoken.reactor.filter.SaReactorFilter;
 import cn.dev33.satoken.router.SaRouter;
 import cn.dev33.satoken.stp.StpUtil;
 import cn.dev33.satoken.util.SaResult;
 import org.dromara.common.core.constant.HttpStatus;
+import org.dromara.common.core.utils.SpringUtils;
 import org.dromara.common.core.utils.StringUtils;
 import org.dromara.common.satoken.utils.LoginHelper;
 import org.dromara.gateway.config.properties.IgnoreWhiteProperties;
@@ -30,7 +32,7 @@ public class AuthFilter {
         return new SaReactorFilter()
             // 拦截地址
             .addInclude("/**")
-            .addExclude("/favicon.ico", "/actuator/**")
+            .addExclude("/favicon.ico", "/actuator", "/actuator/**")
             // 鉴权方法：每次访问进入
             .setAuth(obj -> {
                 // 登录校验 -- 拦截所有路由
@@ -65,4 +67,20 @@ public class AuthFilter {
                 return SaResult.error("认证失败，无法访问系统资源").setCode(HttpStatus.UNAUTHORIZED);
             });
     }
+
+    /**
+     * 对 actuator 健康检查接口 做账号密码鉴权
+     */
+    @Bean
+    public SaReactorFilter actuatorFilter() {
+        String username = SpringUtils.getProperty("spring.cloud.nacos.discovery.metadata.username");
+        String password = SpringUtils.getProperty("spring.cloud.nacos.discovery.metadata.userpassword");
+        return new SaReactorFilter()
+            .addInclude("/actuator", "/actuator/**")
+            .setAuth(obj -> {
+                SaHttpBasicUtil.check(username + ":" + password);
+            })
+            .setError(e -> SaResult.error(e.getMessage()).setCode(HttpStatus.UNAUTHORIZED));
+    }
+
 }