From a8d461e5521e25fc46d8ed310435ee3f60fba18c Mon Sep 17 00:00:00 2001
From: lihongjie0209 <lihongjie0209@gmail.com>
Date: Sun, 10 Mar 2024 10:31:44 +0800
Subject: [PATCH] =?UTF-8?q?=E6=B7=BB=E5=8A=A0=E8=AF=B7=E6=B1=82=E4=BB=A4?=
 =?UTF-8?q?=E7=89=8C=E6=A0=A1=E9=AA=8C?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../cn/lihongjie/coal/common/Constants.java   |  2 +
 .../coal/filter/SubmitTokenFilter.java        | 90 +++++++++++++++++++
 .../coal/resource/dto/ResourceDto.java        |  4 +-
 .../repository/ResourceRepository.java        |  2 +-
 .../sysconfig/service/SysConfigService.java   | 29 ++----
 5 files changed, 103 insertions(+), 24 deletions(-)
 create mode 100644 src/main/java/cn/lihongjie/coal/filter/SubmitTokenFilter.java

diff --git a/src/main/java/cn/lihongjie/coal/common/Constants.java b/src/main/java/cn/lihongjie/coal/common/Constants.java
index 8b9d2b8c..2c372dc1 100644
--- a/src/main/java/cn/lihongjie/coal/common/Constants.java
+++ b/src/main/java/cn/lihongjie/coal/common/Constants.java
@@ -40,6 +40,8 @@ public class Constants {
     public static final String CACHE_RESOURCE_BY_URL_2 = "resourceByUrl2";
     public static final String CACHE_IS_ANONYMOUS_BY_RESOURCE_ID = "isAnonymousByResourceId";
     public static final String CACHE_ORG_ADMIN_HAS_PERMISSION = "orgAdminHasPermission";
+    public static final String SYSCONFIG_ENABLE_REQUEST_SUBMIT_TOKEN = "enable_request_submit_token";
+    public static final String HTTP_HEADER_SUBMIT_TOKEN = "X-Submit-Token";
     public static String SYSCONFIG_ENABLE_CAPTCHA = "enable_captcha";
     public static String SYSCONFIG_ENABLE_REQUEST_SIGN = "enable_request_sign";
     public static String SYSCONFIG_SESSION_TIMEOUT = "session_timeout";
diff --git a/src/main/java/cn/lihongjie/coal/filter/SubmitTokenFilter.java b/src/main/java/cn/lihongjie/coal/filter/SubmitTokenFilter.java
new file mode 100644
index 00000000..4239b4c0
--- /dev/null
+++ b/src/main/java/cn/lihongjie/coal/filter/SubmitTokenFilter.java
@@ -0,0 +1,90 @@
+package cn.lihongjie.coal.filter;
+
+import cn.lihongjie.coal.common.Constants;
+import cn.lihongjie.coal.common.RequestUtils;
+import cn.lihongjie.coal.exception.BizException;
+import cn.lihongjie.coal.ip.IpQueryService;
+import cn.lihongjie.coal.loginUser.service.LoginUserService;
+import cn.lihongjie.coal.resource.dto.ResourceDto;
+import cn.lihongjie.coal.submitToken.service.SubmitTokenService;
+import cn.lihongjie.coal.sysconfig.service.SysConfigService;
+import cn.lihongjie.coal.syslog.service.SysLogService;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+
+import lombok.extern.slf4j.Slf4j;
+
+import org.apache.commons.lang3.BooleanUtils;
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.core.annotation.Order;
+import org.springframework.data.redis.core.RedisTemplate;
+import org.springframework.stereotype.Component;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+import java.io.IOException;
+
+/** 请求令牌校验 */
+@Component
+@Order(20)
+@Slf4j
+public class SubmitTokenFilter extends OncePerRequestFilter {
+    @Autowired ObjectMapper objectMapper;
+    @Autowired SysConfigService sysConfigService;
+
+    @Autowired SysLogService sysLogService;
+    @Autowired IpQueryService ipQueryService;
+    @Autowired LoginUserService loginUserService;
+
+    @Autowired RedisTemplate<String, String> redisTemplate;
+
+    @Autowired SubmitTokenService submitTokenService;
+
+    private static String getFieldFromHeaderOrQs(HttpServletRequest request, String name) {
+        return StringUtils.defaultIfEmpty(request.getHeader(name), request.getParameter(name));
+    }
+
+    @Override
+    protected void doFilterInternal(
+            HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
+            throws ServletException, IOException {
+
+        if (!sysConfigService.isEnable(Constants.SYSCONFIG_ENABLE_REQUEST_SUBMIT_TOKEN)) {
+            doFilter(request, response, filterChain);
+            return;
+        }
+
+        if (request.getAttribute(Constants.HTTP_ATTR_RESOURCE) != null) {
+            if (BooleanUtils.isFalse(
+                    ((ResourceDto) request.getAttribute(Constants.HTTP_ATTR_RESOURCE))
+                            .getSubmitToken())) {
+                doFilter(request, response, filterChain);
+                return;
+            }
+        }
+
+        try {
+
+            submitTokenService.acquireToken(
+                    getFieldFromHeaderOrQs(request, Constants.HTTP_HEADER_SUBMIT_TOKEN));
+        } catch (BizException e) {
+            RequestUtils.writeResponse(e, response);
+            return;
+        }
+
+        doFilter(request, response, filterChain);
+
+        try {
+
+            submitTokenService.releaseToken(
+                    getFieldFromHeaderOrQs(request, Constants.HTTP_HEADER_SUBMIT_TOKEN));
+        } catch (BizException e) {
+            RequestUtils.writeResponse(e, response);
+        }
+    }
+}
diff --git a/src/main/java/cn/lihongjie/coal/resource/dto/ResourceDto.java b/src/main/java/cn/lihongjie/coal/resource/dto/ResourceDto.java
index 07724cc1..a64b4086 100644
--- a/src/main/java/cn/lihongjie/coal/resource/dto/ResourceDto.java
+++ b/src/main/java/cn/lihongjie/coal/resource/dto/ResourceDto.java
@@ -41,11 +41,12 @@ public class ResourceDto extends CommonDto {
     private Boolean signCheck;
 
     private Boolean rateLimit;
+    private Boolean submitToken;
 
     public ResourceDto() {
     }
 
-    public ResourceDto(String id, String code, String name, String type, Boolean anonymous, Boolean orgAdmin, Boolean sysAdmin, Boolean signCheck, Boolean rateLimit) {
+    public ResourceDto(String id, String code, String name, String type, Boolean anonymous, Boolean orgAdmin, Boolean sysAdmin, Boolean signCheck, Boolean rateLimit, Boolean submitToken) {
 
         this.setId(id);
         this.setCode(code);
@@ -58,6 +59,7 @@ public class ResourceDto extends CommonDto {
 
         this.signCheck = signCheck;
         this.rateLimit = rateLimit;
+        this.submitToken = submitToken;
     }
 
 }
diff --git a/src/main/java/cn/lihongjie/coal/resource/repository/ResourceRepository.java b/src/main/java/cn/lihongjie/coal/resource/repository/ResourceRepository.java
index 1ad24566..a32e6697 100644
--- a/src/main/java/cn/lihongjie/coal/resource/repository/ResourceRepository.java
+++ b/src/main/java/cn/lihongjie/coal/resource/repository/ResourceRepository.java
@@ -17,6 +17,6 @@ public interface ResourceRepository extends BaseRepository<ResourceEntity> {
 
     ResourceEntity findByUrlAndType(String url, String type);
 
-    @Query("select new cn.lihongjie.coal.resource.dto.ResourceDto(r.id, r.code, r.name, r.type, r.anonymous, r.orgAdmin, r.sysAdmin, r.signCheck, r.rateLimit) from ResourceEntity r where r.code = ?1 and r.type = ?2 ")
+    @Query("select new cn.lihongjie.coal.resource.dto.ResourceDto(r.id, r.code, r.name, r.type, r.anonymous, r.orgAdmin, r.sysAdmin, r.signCheck, r.rateLimit, r.submitToken) from ResourceEntity r where r.code = ?1 and r.type = ?2 ")
     ResourceDto findByCodeAndType(String code, String type);
 }
diff --git a/src/main/java/cn/lihongjie/coal/sysconfig/service/SysConfigService.java b/src/main/java/cn/lihongjie/coal/sysconfig/service/SysConfigService.java
index 39d5fd62..719b14ee 100644
--- a/src/main/java/cn/lihongjie/coal/sysconfig/service/SysConfigService.java
+++ b/src/main/java/cn/lihongjie/coal/sysconfig/service/SysConfigService.java
@@ -88,7 +88,6 @@ public class SysConfigService extends BaseService<SysConfigEntity, SysConfigRepo
                 1L,
                 Integer.MAX_VALUE);
 
-
         addNumberConfig(
                 all,
                 Constants.SYSCONFIG_SESSION_GLOBAL_RATE_LIMIT_PER_MIN,
@@ -97,7 +96,6 @@ public class SysConfigService extends BaseService<SysConfigEntity, SysConfigRepo
                 1L,
                 Integer.MAX_VALUE);
 
-
         addNumberConfig(
                 all,
                 Constants.SYSCONFIG_USER_GLOBAL_RATE_LIMIT_PER_MIN,
@@ -106,7 +104,6 @@ public class SysConfigService extends BaseService<SysConfigEntity, SysConfigRepo
                 1L,
                 Integer.MAX_VALUE);
 
-
         addNumberConfig(
                 all,
                 Constants.SYSCONFIG_ANONYMOUS_GLOBAL_RATE_LIMIT_PER_MIN,
@@ -115,9 +112,6 @@ public class SysConfigService extends BaseService<SysConfigEntity, SysConfigRepo
                 1L,
                 Integer.MAX_VALUE);
 
-
-
-
         addNumberConfig(
                 all,
                 Constants.SYSCONFIG_SESSION_GLOBAL_RATE_LIMIT_PER_HOUR,
@@ -126,7 +120,6 @@ public class SysConfigService extends BaseService<SysConfigEntity, SysConfigRepo
                 1L,
                 Integer.MAX_VALUE);
 
-
         addNumberConfig(
                 all,
                 Constants.SYSCONFIG_USER_GLOBAL_RATE_LIMIT_PER_HOUR,
@@ -135,7 +128,6 @@ public class SysConfigService extends BaseService<SysConfigEntity, SysConfigRepo
                 1L,
                 Integer.MAX_VALUE);
 
-
         addNumberConfig(
                 all,
                 Constants.SYSCONFIG_ANONYMOUS_GLOBAL_RATE_LIMIT_PER_HOUR,
@@ -144,8 +136,6 @@ public class SysConfigService extends BaseService<SysConfigEntity, SysConfigRepo
                 1L,
                 Integer.MAX_VALUE);
 
-
-
         addNumberConfig(
                 all,
                 Constants.SYSCONFIG_SESSION_GLOBAL_RATE_LIMIT_PER_DAY,
@@ -154,7 +144,6 @@ public class SysConfigService extends BaseService<SysConfigEntity, SysConfigRepo
                 1L,
                 Integer.MAX_VALUE);
 
-
         addNumberConfig(
                 all,
                 Constants.SYSCONFIG_USER_GLOBAL_RATE_LIMIT_PER_DAY,
@@ -163,7 +152,6 @@ public class SysConfigService extends BaseService<SysConfigEntity, SysConfigRepo
                 1L,
                 Integer.MAX_VALUE);
 
-
         addNumberConfig(
                 all,
                 Constants.SYSCONFIG_ANONYMOUS_GLOBAL_RATE_LIMIT_PER_DAY,
@@ -172,13 +160,12 @@ public class SysConfigService extends BaseService<SysConfigEntity, SysConfigRepo
                 1L,
                 Integer.MAX_VALUE);
 
-
         addDictConfig(all, Constants.SYSCONFIG_PASSWORD_DICT_DETECT, "密码字典检测", "1", "status.type");
         addNumberConfig(
                 all,
                 Constants.SYSCONFIG_PASSWORD_STRENGTH_MIN,
                 "密码强度最小值(0不校验)",
-                2+"",
+                2 + "",
                 0L,
                 Integer.MAX_VALUE);
 
@@ -186,8 +173,9 @@ public class SysConfigService extends BaseService<SysConfigEntity, SysConfigRepo
                 all,
                 Constants.SYSCONFIG_REQUEST_SIGN_IGNORE_URLS,
                 "接口签名忽略URL",
-                "**/*/downloadBatch,**/*/downloadFileLocal,**/*/downloadFile"
-                );
+                "**/*/downloadBatch,**/*/downloadFileLocal,**/*/downloadFile");
+
+        addDictConfig(all, Constants.SYSCONFIG_ENABLE_REQUEST_SUBMIT_TOKEN, "是否启用提交令牌", "1", "status.type");
     }
 
     private void addNumberConfig(
@@ -212,11 +200,7 @@ public class SysConfigService extends BaseService<SysConfigEntity, SysConfigRepo
     }
 
     private void addStringConfig(
-            Map<String, SysConfigEntity> all,
-            String code,
-            String name,
-            String value
-) {
+            Map<String, SysConfigEntity> all, String code, String name, String value) {
         if (!all.containsKey(code)) {
             SysConfigEntity entity = new SysConfigEntity();
             entity.setName(name);
@@ -250,6 +234,7 @@ public class SysConfigService extends BaseService<SysConfigEntity, SysConfigRepo
             repository.save(entity);
         }
     }
+
     @Autowired ApplicationContext applicationContext;
 
     @Cacheable(cacheNames = Constants.CACHE_SYSCONFIG, key = "#configKey")
@@ -257,7 +242,7 @@ public class SysConfigService extends BaseService<SysConfigEntity, SysConfigRepo
 
         SysConfigEntity config = this.repository.findByCode(configKey);
 
-        if (config == null){
+        if (config == null) {
             return null;
         }
         return config.getConfigVal();