lihongjie/coal
1
0
Fork 0
mirror of https://codeup.aliyun.com/64f7d6b8ce01efaafef1e678/coal/coal.git synced 2026-01-25 15:55:18 +08:00
Code Issues Packages Projects Releases Wiki Activity

添加随机数防止请求重放

Browse Source
This commit is contained in:
lihongjie0209
2023-11-29 22:08:01 +08:00
parent f86b1c1890
commit 0076a5adcc
2 changed files with 32 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/main/java/cn/lihongjie/coal/common/Constants.java
View File

@@ -12,10 +12,12 @@ public class Constants {
public static final String CACHE_RESOURCE_MENU_TREE = "resourceMenuTree"; public static final String CACHE_RESOURCE_MENU_TREE = "resourceMenuTree";
public static final String HTTP_HEADER_TOKEN = "X-Token"; public static final String HTTP_HEADER_TOKEN = "X-Token";
public static final String HTTP_HEADER_CLIENT_SIGN = "X-Client-Sign"; public static final String HTTP_HEADER_CLIENT_SIGN = "X-Client-Sign";
public static final String HTTP_HEADER_CLIENT_RANDOM = "X-Client-Random";
public static final String HTTP_HEADER_TS = "X-TS"; public static final String HTTP_HEADER_TS = "X-TS";
public static final String RATE_LIMIT_GLOBAL_SESSION_PREFIX = "global-session-rl-"; public static final String RATE_LIMIT_GLOBAL_SESSION_PREFIX = "global-session-rl-";
public static final String RATE_LIMIT_GLOBAL_USER_PREFIX = "global-user-rl-"; public static final String RATE_LIMIT_GLOBAL_USER_PREFIX = "global-user-rl-";
public static final String CACHE_ADDRESS_TYPE = "addressType"; public static final String CACHE_ADDRESS_TYPE = "addressType";
public static final String CACHE_CLIENT_RANDOM_PREFIX = "clientRandom::";
public static String SYSCONFIG_ENABLE_CAPTCHA = "enable_captcha"; public static String SYSCONFIG_ENABLE_CAPTCHA = "enable_captcha";
public static String SYSCONFIG_ENABLE_REQUEST_SIGN = "enable_request_sign"; public static String SYSCONFIG_ENABLE_REQUEST_SIGN = "enable_request_sign";
public static String SYSCONFIG_SESSION_TIMEOUT = "session_timeout"; public static String SYSCONFIG_SESSION_TIMEOUT = "session_timeout";

31
src/main/java/cn/lihongjie/coal/filter/SignFilter.java
View File

@@ -25,6 +25,7 @@ import org.apache.commons.lang3.ObjectUtils;
import org.apache.commons.lang3.StringUtils; import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.annotation.Order; import org.springframework.core.annotation.Order;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.stereotype.Component; import org.springframework.stereotype.Component;
import org.springframework.web.filter.OncePerRequestFilter; import org.springframework.web.filter.OncePerRequestFilter;
@@ -32,6 +33,7 @@ import java.io.IOException;
import java.nio.charset.StandardCharsets; import java.nio.charset.StandardCharsets;
import java.time.LocalDateTime; import java.time.LocalDateTime;
import java.util.*; import java.util.*;
import java.util.concurrent.TimeUnit;
import javax.crypto.Mac; import javax.crypto.Mac;
@@ -40,6 +42,7 @@ import javax.crypto.Mac;
@Order(10) @Order(10)
@Slf4j @Slf4j
public class SignFilter extends OncePerRequestFilter { public class SignFilter extends OncePerRequestFilter {
public static final int TIME_DIFF_MS = 1000 * 60 * 2;
@Autowired ObjectMapper objectMapper; @Autowired ObjectMapper objectMapper;
@Autowired SysConfigService sysConfigService; @Autowired SysConfigService sysConfigService;
@@ -47,6 +50,9 @@ public class SignFilter extends OncePerRequestFilter {
@Autowired IpQueryService ipQueryService; @Autowired IpQueryService ipQueryService;
@Autowired LoginUserService loginUserService; @Autowired LoginUserService loginUserService;
@Autowired
RedisTemplate<String, String> redisTemplate;
@Override @Override
protected void doFilterInternal( protected void doFilterInternal(
HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
@@ -80,6 +86,13 @@ public class SignFilter extends OncePerRequestFilter {
new BizException(Constants.HTTP_HEADER_TS + " 请求头缺失"), response); new BizException(Constants.HTTP_HEADER_TS + " 请求头缺失"), response);
return; return;
} }
String random = request.getHeader(Constants.HTTP_HEADER_CLIENT_RANDOM);
if (StringUtils.isEmpty(random)) {
RequestUtils.writeResponse(
new BizException(Constants.HTTP_HEADER_CLIENT_RANDOM + " 请求头缺失"), response);
return;
}
long tsi = 0; long tsi = 0;
try { try {
@@ -93,7 +106,7 @@ public class SignFilter extends OncePerRequestFilter {
long current = System.currentTimeMillis(); long current = System.currentTimeMillis();
if (Math.abs(tsi - current) > 1000 * 60 * 2) { if (Math.abs(tsi - current) > TIME_DIFF_MS) {
RequestUtils.writeResponse( RequestUtils.writeResponse(
new BizException( new BizException(
Constants.HTTP_HEADER_TS Constants.HTTP_HEADER_TS
@@ -111,6 +124,10 @@ public class SignFilter extends OncePerRequestFilter {
sb.append(StringUtils.defaultString("\n")); sb.append(StringUtils.defaultString("\n"));
sb.append(StringUtils.defaultString(random));
sb.append(StringUtils.defaultString("\n"));
String sha256Hex = DigestUtils.sha256Hex(request.getInputStream()).toUpperCase(); String sha256Hex = DigestUtils.sha256Hex(request.getInputStream()).toUpperCase();
sb.append(StringUtils.defaultString(sha256Hex)); sb.append(StringUtils.defaultString(sha256Hex));
@@ -132,6 +149,18 @@ public class SignFilter extends OncePerRequestFilter {
new BizException(Constants.HTTP_HEADER_CLIENT_SIGN + " 请求头签名错误"), response); new BizException(Constants.HTTP_HEADER_CLIENT_SIGN + " 请求头签名错误"), response);
return; return;
} }
String cr = redisTemplate.opsForValue().get(Constants.CACHE_CLIENT_RANDOM_PREFIX + random);
if (StringUtils.equals(cr, "1")){
sysLogService.saveSysLog(request, "签名模块", "重复请求", "");
RequestUtils.writeResponse(
new BizException("请求已过期, 请刷新页面重试"), response);
return;
}else {
redisTemplate.opsForValue().set(Constants.CACHE_CLIENT_RANDOM_PREFIX + random, "1", TIME_DIFF_MS, TimeUnit.MILLISECONDS);
}
} }
doFilter(request, response, filterChain); doFilter(request, response, filterChain);