diff --git a/blade-core-tool/src/main/java/org/springblade/core/tool/request/BladeRequestFilter.java b/blade-core-tool/src/main/java/org/springblade/core/tool/request/BladeRequestFilter.java index 8f73d69..8320dc6 100644 --- a/blade-core-tool/src/main/java/org/springblade/core/tool/request/BladeRequestFilter.java +++ b/blade-core-tool/src/main/java/org/springblade/core/tool/request/BladeRequestFilter.java @@ -16,11 +16,15 @@ package org.springblade.core.tool.request; import lombok.AllArgsConstructor; +import org.springblade.core.tool.utils.WebUtil; import org.springframework.util.AntPathMatcher; import jakarta.servlet.*; import jakarta.servlet.http.HttpServletRequest; +import org.springframework.util.PatternMatchUtils; + import java.io.IOException; +import java.util.List; /** * Request全局过滤 @@ -30,10 +34,32 @@ import java.io.IOException; @AllArgsConstructor public class BladeRequestFilter implements Filter { + /** + * 请求配置 + */ private final RequestProperties requestProperties; + /** + * xss配置 + */ private final XssProperties xssProperties; + /** + * 路径匹配 + */ private final AntPathMatcher antPathMatcher = new AntPathMatcher(); + /** + * 默认拦截路径 + */ + private final List defaultBlockUrl = List.of("/**/actuator/**", "/health/**"); + /** + * 默认白名单 + */ + private final List defaultWhiteList = List.of("127.0.0.1", "172.30.*.*", "192.168.*.*", "10.*.*.*", "0:0:0:0:0:0:0:1"); + /** + * 默认提示信息 + */ + private final static String DEFAULT_MESSAGE = "当前请求被拒绝,请联系管理员!"; + @Override public void init(FilterConfig config) { @@ -41,7 +67,18 @@ public class BladeRequestFilter implements Filter { @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { - String path = ((HttpServletRequest) request).getServletPath(); + // 获取请求 + HttpServletRequest httpRequest = (HttpServletRequest) request; + String path = httpRequest.getServletPath(); + // 判断 拦截请求 与 白名单 + if (requestProperties.getEnabled()) { + // 获取请求IP + String ip = WebUtil.getIP(httpRequest); + // 判断是否拦截请求 + if (isRequestBlock(path, ip)) { + throw new ServletException(DEFAULT_MESSAGE); + } + } // 跳过 Request 包装 if (!requestProperties.getEnabled() || isRequestSkip(path)) { chain.doFilter(request, response); @@ -58,6 +95,54 @@ public class BladeRequestFilter implements Filter { } } + /** + * 是否白名单 + * + * @param ip ip地址 + * @return boolean + */ + private boolean isWhiteList(String ip) { + List whiteList = requestProperties.getWhiteList(); + String[] defaultWhiteIps = defaultWhiteList.toArray(new String[0]); + String[] whiteIps = whiteList.toArray(new String[0]); + return PatternMatchUtils.simpleMatch(defaultWhiteIps, ip) || PatternMatchUtils.simpleMatch(whiteIps, ip); + } + + /** + * 是否黑名单 + * + * @param ip ip地址 + * @return boolean + */ + private boolean isBlackList(String ip) { + List blackList = requestProperties.getBlackList(); + String[] blackIps = blackList.toArray(new String[0]); + return PatternMatchUtils.simpleMatch(blackIps, ip); + } + + /** + * 是否禁用请求访问 + * + * @param path 请求路径 + * @return boolean + */ + private boolean isRequestBlock(String path) { + List blockUrl = requestProperties.getBlockUrl(); + return defaultBlockUrl.stream().anyMatch(pattern -> antPathMatcher.match(pattern, path)) || + blockUrl.stream().anyMatch(pattern -> antPathMatcher.match(pattern, path)); + } + + /** + * 是否拦截请求 + * + * @param path 请求路径 + * @param ip ip地址 + * @return boolean + */ + private boolean isRequestBlock(String path, String ip) { + return (isRequestBlock(path) && !isWhiteList(ip)) || isBlackList(ip); + } + private boolean isRequestSkip(String path) { return requestProperties.getSkipUrl().stream().anyMatch(pattern -> antPathMatcher.match(pattern, path)); } diff --git a/blade-core-tool/src/main/java/org/springblade/core/tool/request/RequestProperties.java b/blade-core-tool/src/main/java/org/springblade/core/tool/request/RequestProperties.java index 70a5bfd..926d7ac 100644 --- a/blade-core-tool/src/main/java/org/springblade/core/tool/request/RequestProperties.java +++ b/blade-core-tool/src/main/java/org/springblade/core/tool/request/RequestProperties.java @@ -40,4 +40,19 @@ public class RequestProperties { */ private List skipUrl = new ArrayList<>(); + /** + * 禁用url + */ + private List blockUrl = new ArrayList<>(); + + /** + * 白名单,支持通配符,例如:10.20.0.8*、10.20.0.* + */ + private List whiteList = new ArrayList<>(); + + /** + * 黑名单,支持通配符,例如:10.20.0.8*、10.20.0.* + */ + private List blackList = new ArrayList<>(); + }