提交配置校验

21ba4f75 · 赵啸非 · 47724160 · 21ba4f75 · 21ba4f75 · 21ba4f75
Commit 21ba4f75 authored Oct 10, 2024 by 赵啸非
6 changed files
--- a/base-manager/src/main/java/com/mortals/xhx/common/key/RedisKey.java
+++ b/base-manager/src/main/java/com/mortals/xhx/common/key/RedisKey.java
@@ -38,4 +38,10 @@ public class RedisKey {
     */
    public static final Long KEY_SEARCH_TIMEOUTT_CACHE = 3600L;
+    /**
+     * referers
+     */
+    public static final String KEY_REFERERS_CACHE = "referers:";
 }
--- a/portal-manager/pom.xml
+++ b/portal-manager/pom.xml
@@ -25,6 +25,7 @@
 		<profiles.publish.path>/home/publish</profiles.publish.path>
 		<profiles.filepath>/mortals/app/data</profiles.filepath>
 		<profiles.req.json.check>false</profiles.req.json.check>
+		<profiles.trustedReferer></profiles.trustedReferer>
 		<package.environment>build</package.environment>
 		<skipUi>true</skipUi>
 	</properties>
@@ -44,6 +45,7 @@
 			<properties>
 				<profiles.active>test</profiles.active>
 				<profiles.nacos.server-addr>192.168.0.252:8848</profiles.nacos.server-addr>
+				<profiles.trustedReferer>192.168.0.98,localhost</profiles.trustedReferer>
 				<profiles.req.json.check>true</profiles.req.json.check>
 			</properties>
 		</profile>

--- a/portal-manager/src/main/java/com/mortals/xhx/base/framework/interceptor/AuthUserInterceptor.java
+++ b/portal-manager/src/main/java/com/mortals/xhx/base/framework/interceptor/AuthUserInterceptor.java
 package com.mortals.xhx.base.framework.interceptor;
+import cn.hutool.core.util.StrUtil;
+import cn.hutool.core.util.URLUtil;
+import cn.hutool.http.HttpStatus;
 import com.alibaba.druid.support.http.ResourceServlet;
 import com.alibaba.fastjson.JSONObject;
 import com.mortals.framework.annotation.UnAuth;
@@ -18,6 +21,7 @@ import com.mortals.xhx.module.user.service.UserService;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.ParameterResolutionDelegate;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Component;
 import org.springframework.util.ObjectUtils;
 import org.springframework.web.method.HandlerMethod;
@@ -26,6 +30,9 @@ import org.springframework.web.servlet.resource.ResourceHttpRequestHandler;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.lang.reflect.Method;
+import java.net.URI;
+import java.net.URL;
+import java.util.List;
 import java.util.Set;
 /**
@@ -47,6 +54,8 @@ public class AuthUserInterceptor extends BaseInterceptor {
    private ResourceService resourceService;
    @Autowired
    private UserService userService;
+    @Value("${trustedReferer:''}")
+    private String trustedReferer;
    @Override
    public int getOrder() {
@@ -56,6 +65,37 @@ public class AuthUserInterceptor extends BaseInterceptor {
    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
            throws Exception {
+        String referer = request.getHeader("Referer");
+        if (!ObjectUtils.isEmpty(referer)) {
+            //校验host即可
+            URI host = URLUtil.getHost(new URL(referer));
+            referer =  host.getHost();
+            List<String> trustReferers = StrUtil.split(trustedReferer, ",");
+            if (!ObjectUtils.isEmpty(trustReferers)) {
+                if (!trustReferers.contains(referer)) {
+                    response.setStatus(HttpStatus.HTTP_BAD_REQUEST);
+                    return false;
+                }
+            }
+        }
+        //校验Origin
+        referer = request.getHeader("Origin");
+        if (!ObjectUtils.isEmpty(referer)) {
+            //校验host即可
+            URI host = URLUtil.getHost(new URL(referer));
+            referer =  host.getHost();
+            List<String> trustReferers = StrUtil.split(trustedReferer, ",");
+            if (!ObjectUtils.isEmpty(trustReferers)) {
+                if (!trustReferers.contains(referer)) {
+                    response.setStatus(HttpStatus.HTTP_BAD_REQUEST);
+                    return false;
+                }
+            }
+        }
+//Origin
        JSONObject ret = new JSONObject();
        try {
            if (handler instanceof HandlerMethod) {

--- a/portal-manager/src/main/java/com/mortals/xhx/common/key/RedisKey.java
+++ b/portal-manager/src/main/java/com/mortals/xhx/common/key/RedisKey.java
@@ -15,4 +15,10 @@ public class RedisKey {
    public static final String KEY_BURY_POINT_CACHE = "bury:point";
+    /**
+     * referers
+     */
+    public static final String KEY_REFERERS_CACHE = "referers:";
 }
--- a/portal-manager/src/main/java/com/mortals/xhx/daemon/applicationservice/DemoStartedService.java
+++ b/portal-manager/src/main/java/com/mortals/xhx/daemon/applicationservice/DemoStartedService.java
@@ -3,11 +3,13 @@ package com.mortals.xhx.daemon.applicationservice;
 import cn.hutool.core.lang.Validator;
 import cn.hutool.core.net.NetUtil;
 import com.mortals.framework.service.ICacheService;
+import com.mortals.xhx.common.key.RedisKey;
 import com.mortals.xhx.common.utils.CipherUtil;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.stereotype.Component;
@@ -35,13 +37,17 @@ import java.util.List;
 @Slf4j
 public class DemoStartedService implements IApplicationStartedService {
-    private static Log logger = LogFactory.getLog(DemoStartedService.class);
+    @Value("${trustedReferer:''}")
+    private String trustedReferer;
    @Autowired
    private ICacheService cacheService;
    @Override
    public void start() {
+        if(!ObjectUtils.isEmpty(trustedReferer)){
+            cacheService.set(RedisKey.KEY_REFERERS_CACHE,trustedReferer);
+        }
        //获取网卡并封装信息
        Collection<NetworkInterface> networkInterfaces = NetUtil.getNetworkInterfaces();
@@ -58,18 +64,15 @@ public class DemoStartedService implements IApplicationStartedService {
                StringBuilder sb = new StringBuilder();
                sb.append("mac=").append(macAddress).append("|ip=").append(ip);
                CipherUtil.macAndIp.add(sb.toString());
            }
        }
-        logger.info("开始服务..[配置已加载完成，并且所有框架都已经初始化]");
+        log.info("开始服务..[配置已加载完成，并且所有框架都已经初始化]");
    }
    @Override
    public void stop() {
-        logger.info("停止服务..");
+        log.info("停止服务..");
    }
    @Override

--- a/portal-manager/src/main/resources/bootstrap.yml
+++ b/portal-manager/src/main/resources/bootstrap.yml
@@ -42,6 +42,7 @@ application:
    unloginUrl: /refresh,/error,/login/login,/login/index,/login/logout,/securitycode/createCode,/file/common/*,/test*,/padsign/*,/terminal/*,/resource/list,/api/asset/*,/api/*,/flow/*,/uploads/*,/project/file/*,/file/*,/doc.html
    uncheckUrl: /refresh,/error,/login/login,/login/index,/login/logout,/securitycode/createCode,/file/common/*,/test*,/padsign/*,/terminal/*,/resource/list,/api/asset/*,/api/*,/flow/*,/uploads/*,/project/file/*,/file/*,/doc.html
 jsonCheck: @profiles.req.json.check@
+trustedReferer : @profiles.trustedReferer@
 #sys:
 #  license:
 #    key: /home/license/license.key