mirror of
https://codeup.aliyun.com/64f7d6b8ce01efaafef1e678/coal/coal.git
synced 2026-01-25 07:46:40 +08:00
添加请求令牌校验
This commit is contained in:
@@ -40,6 +40,8 @@ public class Constants {
|
||||
public static final String CACHE_RESOURCE_BY_URL_2 = "resourceByUrl2";
|
||||
public static final String CACHE_IS_ANONYMOUS_BY_RESOURCE_ID = "isAnonymousByResourceId";
|
||||
public static final String CACHE_ORG_ADMIN_HAS_PERMISSION = "orgAdminHasPermission";
|
||||
public static final String SYSCONFIG_ENABLE_REQUEST_SUBMIT_TOKEN = "enable_request_submit_token";
|
||||
public static final String HTTP_HEADER_SUBMIT_TOKEN = "X-Submit-Token";
|
||||
public static String SYSCONFIG_ENABLE_CAPTCHA = "enable_captcha";
|
||||
public static String SYSCONFIG_ENABLE_REQUEST_SIGN = "enable_request_sign";
|
||||
public static String SYSCONFIG_SESSION_TIMEOUT = "session_timeout";
|
||||
|
||||
@@ -0,0 +1,90 @@
|
||||
package cn.lihongjie.coal.filter;
|
||||
|
||||
import cn.lihongjie.coal.common.Constants;
|
||||
import cn.lihongjie.coal.common.RequestUtils;
|
||||
import cn.lihongjie.coal.exception.BizException;
|
||||
import cn.lihongjie.coal.ip.IpQueryService;
|
||||
import cn.lihongjie.coal.loginUser.service.LoginUserService;
|
||||
import cn.lihongjie.coal.resource.dto.ResourceDto;
|
||||
import cn.lihongjie.coal.submitToken.service.SubmitTokenService;
|
||||
import cn.lihongjie.coal.sysconfig.service.SysConfigService;
|
||||
import cn.lihongjie.coal.syslog.service.SysLogService;
|
||||
|
||||
import com.fasterxml.jackson.databind.ObjectMapper;
|
||||
|
||||
import jakarta.servlet.FilterChain;
|
||||
import jakarta.servlet.ServletException;
|
||||
import jakarta.servlet.http.HttpServletRequest;
|
||||
import jakarta.servlet.http.HttpServletResponse;
|
||||
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
|
||||
import org.apache.commons.lang3.BooleanUtils;
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.core.annotation.Order;
|
||||
import org.springframework.data.redis.core.RedisTemplate;
|
||||
import org.springframework.stereotype.Component;
|
||||
import org.springframework.web.filter.OncePerRequestFilter;
|
||||
|
||||
import java.io.IOException;
|
||||
|
||||
/** 请求令牌校验 */
|
||||
@Component
|
||||
@Order(20)
|
||||
@Slf4j
|
||||
public class SubmitTokenFilter extends OncePerRequestFilter {
|
||||
@Autowired ObjectMapper objectMapper;
|
||||
@Autowired SysConfigService sysConfigService;
|
||||
|
||||
@Autowired SysLogService sysLogService;
|
||||
@Autowired IpQueryService ipQueryService;
|
||||
@Autowired LoginUserService loginUserService;
|
||||
|
||||
@Autowired RedisTemplate<String, String> redisTemplate;
|
||||
|
||||
@Autowired SubmitTokenService submitTokenService;
|
||||
|
||||
private static String getFieldFromHeaderOrQs(HttpServletRequest request, String name) {
|
||||
return StringUtils.defaultIfEmpty(request.getHeader(name), request.getParameter(name));
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void doFilterInternal(
|
||||
HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
|
||||
throws ServletException, IOException {
|
||||
|
||||
if (!sysConfigService.isEnable(Constants.SYSCONFIG_ENABLE_REQUEST_SUBMIT_TOKEN)) {
|
||||
doFilter(request, response, filterChain);
|
||||
return;
|
||||
}
|
||||
|
||||
if (request.getAttribute(Constants.HTTP_ATTR_RESOURCE) != null) {
|
||||
if (BooleanUtils.isFalse(
|
||||
((ResourceDto) request.getAttribute(Constants.HTTP_ATTR_RESOURCE))
|
||||
.getSubmitToken())) {
|
||||
doFilter(request, response, filterChain);
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
try {
|
||||
|
||||
submitTokenService.acquireToken(
|
||||
getFieldFromHeaderOrQs(request, Constants.HTTP_HEADER_SUBMIT_TOKEN));
|
||||
} catch (BizException e) {
|
||||
RequestUtils.writeResponse(e, response);
|
||||
return;
|
||||
}
|
||||
|
||||
doFilter(request, response, filterChain);
|
||||
|
||||
try {
|
||||
|
||||
submitTokenService.releaseToken(
|
||||
getFieldFromHeaderOrQs(request, Constants.HTTP_HEADER_SUBMIT_TOKEN));
|
||||
} catch (BizException e) {
|
||||
RequestUtils.writeResponse(e, response);
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -41,11 +41,12 @@ public class ResourceDto extends CommonDto {
|
||||
private Boolean signCheck;
|
||||
|
||||
private Boolean rateLimit;
|
||||
private Boolean submitToken;
|
||||
|
||||
public ResourceDto() {
|
||||
}
|
||||
|
||||
public ResourceDto(String id, String code, String name, String type, Boolean anonymous, Boolean orgAdmin, Boolean sysAdmin, Boolean signCheck, Boolean rateLimit) {
|
||||
public ResourceDto(String id, String code, String name, String type, Boolean anonymous, Boolean orgAdmin, Boolean sysAdmin, Boolean signCheck, Boolean rateLimit, Boolean submitToken) {
|
||||
|
||||
this.setId(id);
|
||||
this.setCode(code);
|
||||
@@ -58,6 +59,7 @@ public class ResourceDto extends CommonDto {
|
||||
|
||||
this.signCheck = signCheck;
|
||||
this.rateLimit = rateLimit;
|
||||
this.submitToken = submitToken;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -17,6 +17,6 @@ public interface ResourceRepository extends BaseRepository<ResourceEntity> {
|
||||
|
||||
ResourceEntity findByUrlAndType(String url, String type);
|
||||
|
||||
@Query("select new cn.lihongjie.coal.resource.dto.ResourceDto(r.id, r.code, r.name, r.type, r.anonymous, r.orgAdmin, r.sysAdmin, r.signCheck, r.rateLimit) from ResourceEntity r where r.code = ?1 and r.type = ?2 ")
|
||||
@Query("select new cn.lihongjie.coal.resource.dto.ResourceDto(r.id, r.code, r.name, r.type, r.anonymous, r.orgAdmin, r.sysAdmin, r.signCheck, r.rateLimit, r.submitToken) from ResourceEntity r where r.code = ?1 and r.type = ?2 ")
|
||||
ResourceDto findByCodeAndType(String code, String type);
|
||||
}
|
||||
|
||||
@@ -88,7 +88,6 @@ public class SysConfigService extends BaseService<SysConfigEntity, SysConfigRepo
|
||||
1L,
|
||||
Integer.MAX_VALUE);
|
||||
|
||||
|
||||
addNumberConfig(
|
||||
all,
|
||||
Constants.SYSCONFIG_SESSION_GLOBAL_RATE_LIMIT_PER_MIN,
|
||||
@@ -97,7 +96,6 @@ public class SysConfigService extends BaseService<SysConfigEntity, SysConfigRepo
|
||||
1L,
|
||||
Integer.MAX_VALUE);
|
||||
|
||||
|
||||
addNumberConfig(
|
||||
all,
|
||||
Constants.SYSCONFIG_USER_GLOBAL_RATE_LIMIT_PER_MIN,
|
||||
@@ -106,7 +104,6 @@ public class SysConfigService extends BaseService<SysConfigEntity, SysConfigRepo
|
||||
1L,
|
||||
Integer.MAX_VALUE);
|
||||
|
||||
|
||||
addNumberConfig(
|
||||
all,
|
||||
Constants.SYSCONFIG_ANONYMOUS_GLOBAL_RATE_LIMIT_PER_MIN,
|
||||
@@ -115,9 +112,6 @@ public class SysConfigService extends BaseService<SysConfigEntity, SysConfigRepo
|
||||
1L,
|
||||
Integer.MAX_VALUE);
|
||||
|
||||
|
||||
|
||||
|
||||
addNumberConfig(
|
||||
all,
|
||||
Constants.SYSCONFIG_SESSION_GLOBAL_RATE_LIMIT_PER_HOUR,
|
||||
@@ -126,7 +120,6 @@ public class SysConfigService extends BaseService<SysConfigEntity, SysConfigRepo
|
||||
1L,
|
||||
Integer.MAX_VALUE);
|
||||
|
||||
|
||||
addNumberConfig(
|
||||
all,
|
||||
Constants.SYSCONFIG_USER_GLOBAL_RATE_LIMIT_PER_HOUR,
|
||||
@@ -135,7 +128,6 @@ public class SysConfigService extends BaseService<SysConfigEntity, SysConfigRepo
|
||||
1L,
|
||||
Integer.MAX_VALUE);
|
||||
|
||||
|
||||
addNumberConfig(
|
||||
all,
|
||||
Constants.SYSCONFIG_ANONYMOUS_GLOBAL_RATE_LIMIT_PER_HOUR,
|
||||
@@ -144,8 +136,6 @@ public class SysConfigService extends BaseService<SysConfigEntity, SysConfigRepo
|
||||
1L,
|
||||
Integer.MAX_VALUE);
|
||||
|
||||
|
||||
|
||||
addNumberConfig(
|
||||
all,
|
||||
Constants.SYSCONFIG_SESSION_GLOBAL_RATE_LIMIT_PER_DAY,
|
||||
@@ -154,7 +144,6 @@ public class SysConfigService extends BaseService<SysConfigEntity, SysConfigRepo
|
||||
1L,
|
||||
Integer.MAX_VALUE);
|
||||
|
||||
|
||||
addNumberConfig(
|
||||
all,
|
||||
Constants.SYSCONFIG_USER_GLOBAL_RATE_LIMIT_PER_DAY,
|
||||
@@ -163,7 +152,6 @@ public class SysConfigService extends BaseService<SysConfigEntity, SysConfigRepo
|
||||
1L,
|
||||
Integer.MAX_VALUE);
|
||||
|
||||
|
||||
addNumberConfig(
|
||||
all,
|
||||
Constants.SYSCONFIG_ANONYMOUS_GLOBAL_RATE_LIMIT_PER_DAY,
|
||||
@@ -172,13 +160,12 @@ public class SysConfigService extends BaseService<SysConfigEntity, SysConfigRepo
|
||||
1L,
|
||||
Integer.MAX_VALUE);
|
||||
|
||||
|
||||
addDictConfig(all, Constants.SYSCONFIG_PASSWORD_DICT_DETECT, "密码字典检测", "1", "status.type");
|
||||
addNumberConfig(
|
||||
all,
|
||||
Constants.SYSCONFIG_PASSWORD_STRENGTH_MIN,
|
||||
"密码强度最小值(0不校验)",
|
||||
2+"",
|
||||
2 + "",
|
||||
0L,
|
||||
Integer.MAX_VALUE);
|
||||
|
||||
@@ -186,8 +173,9 @@ public class SysConfigService extends BaseService<SysConfigEntity, SysConfigRepo
|
||||
all,
|
||||
Constants.SYSCONFIG_REQUEST_SIGN_IGNORE_URLS,
|
||||
"接口签名忽略URL",
|
||||
"**/*/downloadBatch,**/*/downloadFileLocal,**/*/downloadFile"
|
||||
);
|
||||
"**/*/downloadBatch,**/*/downloadFileLocal,**/*/downloadFile");
|
||||
|
||||
addDictConfig(all, Constants.SYSCONFIG_ENABLE_REQUEST_SUBMIT_TOKEN, "是否启用提交令牌", "1", "status.type");
|
||||
}
|
||||
|
||||
private void addNumberConfig(
|
||||
@@ -212,11 +200,7 @@ public class SysConfigService extends BaseService<SysConfigEntity, SysConfigRepo
|
||||
}
|
||||
|
||||
private void addStringConfig(
|
||||
Map<String, SysConfigEntity> all,
|
||||
String code,
|
||||
String name,
|
||||
String value
|
||||
) {
|
||||
Map<String, SysConfigEntity> all, String code, String name, String value) {
|
||||
if (!all.containsKey(code)) {
|
||||
SysConfigEntity entity = new SysConfigEntity();
|
||||
entity.setName(name);
|
||||
@@ -250,6 +234,7 @@ public class SysConfigService extends BaseService<SysConfigEntity, SysConfigRepo
|
||||
repository.save(entity);
|
||||
}
|
||||
}
|
||||
|
||||
@Autowired ApplicationContext applicationContext;
|
||||
|
||||
@Cacheable(cacheNames = Constants.CACHE_SYSCONFIG, key = "#configKey")
|
||||
@@ -257,7 +242,7 @@ public class SysConfigService extends BaseService<SysConfigEntity, SysConfigRepo
|
||||
|
||||
SysConfigEntity config = this.repository.findByCode(configKey);
|
||||
|
||||
if (config == null){
|
||||
if (config == null) {
|
||||
return null;
|
||||
}
|
||||
return config.getConfigVal();
|
||||
|
||||
Reference in New Issue
Block a user