仅对需要的 HTTP 方法应用解密中间件

zlzforever · zlzforever · commit 28ff489bfa4b · 2025-12-31T14:01:09.000+08:00
diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml
@@ -17,6 +17,6 @@ jobs:
       - name: Login docker regsitry
         run: docker login -u zlzforever -p  ${{ secrets.DOCKER_USER_PASSWORD }}
       - name: Build the Docker image
-        run: docker build . --file Dockerfile --tag zlzforever/security-token-service:20251224.6
+        run: docker build . --file Dockerfile --tag zlzforever/security-token-service:20251224.7
       - name: Publish the Docker image
-        run: docker push zlzforever/security-token-service:20251224.6
+        run: docker push zlzforever/security-token-service:20251224.7
diff --git a/src/SecurityTokenService/Middlewares/DecryptRequestMiddleware.cs b/src/SecurityTokenService/Middlewares/DecryptRequestMiddleware.cs
@@ -17,8 +17,17 @@ public class DecryptRequestMiddleware(RequestDelegate next)
     private static readonly bool ForceEncryptedBody =
         bool.Parse(Environment.GetEnvironmentVariable("STS_FORCE_ENCRYPTED_BODY") ?? "false");
 
+    private static readonly string[] HttpMethods = ["POST", "PUT", "PATCH"];
+
     public async Task InvokeAsync(HttpContext context, ILogger<DecryptRequestMiddleware> logger)
     {
+        // 仅 POST/PUT/PATCH 需要解密
+        if (HttpMethods.All(x => !x.Equals(context.Request.Method, StringComparison.InvariantCultureIgnoreCase)))
+        {
+            await next(context);
+            return;
+        }
+
         var encryptVersion = context.Request.Headers[VersionHeader].ElementAtOrDefault(0);
         var encryptKey = context.Request.Headers[KeyHeader].ElementAtOrDefault(0);
 
