|
|
@@ -0,0 +1,87 @@
|
|
|
+package com.zd.gateway.filter;
|
|
|
+
|
|
|
+import cn.hutool.core.util.StrUtil;
|
|
|
+import cn.hutool.json.JSONUtil;
|
|
|
+import com.zd.model.domain.ResultData;
|
|
|
+import org.springframework.stereotype.Component;
|
|
|
+import org.springframework.util.AntPathMatcher;
|
|
|
+import org.springframework.util.CollectionUtils;
|
|
|
+import org.springframework.util.PathMatcher;
|
|
|
+
|
|
|
+import javax.annotation.Resource;
|
|
|
+import javax.servlet.*;
|
|
|
+import javax.servlet.annotation.WebFilter;
|
|
|
+import javax.servlet.http.HttpServletRequest;
|
|
|
+import javax.servlet.http.HttpServletResponse;
|
|
|
+import java.io.IOException;
|
|
|
+import java.io.PrintWriter;
|
|
|
+import java.nio.charset.StandardCharsets;
|
|
|
+import java.util.List;
|
|
|
+
|
|
|
+/**
|
|
|
+ * @author Hey, rog
|
|
|
+ * @version V1.0
|
|
|
+ * @since 2023/1/11 15:12
|
|
|
+ */
|
|
|
+@Component
|
|
|
+@WebFilter(filterName = "refererFilter", urlPatterns = "/")
|
|
|
+public class RefererFilter implements Filter {
|
|
|
+
|
|
|
+ @Resource
|
|
|
+ private RefererProperty refererProperty;
|
|
|
+
|
|
|
+ private static PathMatcher pathMatcher = new AntPathMatcher();
|
|
|
+
|
|
|
+ @Override
|
|
|
+ public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)
|
|
|
+ throws IOException, ServletException {
|
|
|
+ HttpServletRequest request = (HttpServletRequest) servletRequest;
|
|
|
+ HttpServletResponse response = (HttpServletResponse) servletResponse;
|
|
|
+
|
|
|
+ // 检测地址是否在白名单,若在直接放过
|
|
|
+ if (isBlank(request)) {
|
|
|
+ filterChain.doFilter(servletRequest, servletResponse);
|
|
|
+ return;
|
|
|
+ }
|
|
|
+
|
|
|
+ // 启用了Refer检测且不存在配置站点直接拦截
|
|
|
+ if (refererProperty.getEnabled() && !existsReferer(request)) {
|
|
|
+ response.setCharacterEncoding(StandardCharsets.UTF_8.name());
|
|
|
+ response.setContentType("application/json;charset=UTF-8");
|
|
|
+ try (PrintWriter writer = response.getWriter()) {
|
|
|
+ writer.write(JSONUtil.toJsonStr(ResultData.fail("非法访问")));
|
|
|
+ }
|
|
|
+ return;
|
|
|
+ }
|
|
|
+ filterChain.doFilter(request, response);
|
|
|
+ }
|
|
|
+
|
|
|
+ /**
|
|
|
+ * 是否存在支持跨站点配置地址,存在true、不存在false
|
|
|
+ */
|
|
|
+ private boolean existsReferer(HttpServletRequest request) {
|
|
|
+ String referer = request.getHeader("Referer");
|
|
|
+ if (StrUtil.isBlank(referer)) {
|
|
|
+ return false;
|
|
|
+ }
|
|
|
+ List<String> allows = this.refererProperty.getExcludes();
|
|
|
+ if (!CollectionUtils.isEmpty(allows)) {
|
|
|
+ return allows.stream().anyMatch(url -> referer.contains(url));
|
|
|
+ }
|
|
|
+ return false;
|
|
|
+ }
|
|
|
+
|
|
|
+ /**
|
|
|
+ * 是否存在白名单
|
|
|
+ */
|
|
|
+ private boolean isBlank(HttpServletRequest request) {
|
|
|
+ String path = request.getServletPath();
|
|
|
+ List<String> excludes = refererProperty.getIncludes();
|
|
|
+ for (String exclude : excludes) {
|
|
|
+ if (pathMatcher.match(exclude, path)) {
|
|
|
+ return true;
|
|
|
+ }
|
|
|
+ }
|
|
|
+ return false;
|
|
|
+ }
|
|
|
+}
|
hanzhiwei