| | |
|---|
| | | package com.terra.gateway.filter; |
|---|
| | | |
|---|
| | | import java.nio.charset.StandardCharsets; |
|---|
| | | import org.springframework.beans.factory.annotation.Autowired; |
|---|
| | | import javax.annotation.Resource; |
|---|
| | | |
|---|
| | | import com.terra.gateway.utils.StringUtils; |
|---|
| | | import com.terra.gateway.utils.html.EscapeUtil; |
|---|
| | | import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty; |
|---|
| | | import org.springframework.cloud.gateway.filter.GatewayFilterChain; |
|---|
| | | import org.springframework.cloud.gateway.filter.GlobalFilter; |
|---|
| | |
|---|
| | | public class XssFilter implements GlobalFilter, Ordered |
|---|
| | | { |
|---|
| | | // 跨站脚本的 xss 配置,nacos自行添加 |
|---|
| | | @Autowired |
|---|
| | | @Resource |
|---|
| | | private XssProperties xss; |
|---|
| | | |
|---|
| | | @Override |
|---|
| | |
|---|
| | | } |
|---|
| | | // excludeUrls 不过滤 |
|---|
| | | String url = request.getURI().getPath(); |
|---|
| | | // if (StringUtils.matches(url, xss.getExcludeUrls())) |
|---|
| | | // { |
|---|
| | | // return chain.filter(exchange); |
|---|
| | | // } |
|---|
| | | if (StringUtils.matches(url, xss.getExcludeUrls())) |
|---|
| | | { |
|---|
| | | return chain.filter(exchange); |
|---|
| | | } |
|---|
| | | ServerHttpRequestDecorator httpRequestDecorator = requestDecorator(exchange); |
|---|
| | | return chain.filter(exchange.mutate().request(httpRequestDecorator).build()); |
|---|
| | | |
|---|
| | |
|---|
| | | DataBufferUtils.release(join); |
|---|
| | | String bodyStr = new String(content, StandardCharsets.UTF_8); |
|---|
| | | // 防xss攻击过滤 |
|---|
| | | //bodyStr = EscapeUtil.clean(bodyStr); |
|---|
| | | bodyStr = EscapeUtil.clean(bodyStr); |
|---|
| | | // 转成字节 |
|---|
| | | byte[] bytes = bodyStr.getBytes(StandardCharsets.UTF_8); |
|---|
| | | NettyDataBufferFactory nettyDataBufferFactory = new NettyDataBufferFactory(ByteBufAllocator.DEFAULT); |
|---|
| | |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * 是否是Json请求 |
|---|
| | | * |
|---|
| | | * |
|---|
| | | * @param exchange HTTP请求 |
|---|
| | | */ |
|---|
| | | public boolean isJsonRequest(ServerWebExchange exchange) |
|---|
| | | { |
|---|
| | | String header = exchange.getRequest().getHeaders().getFirst(HttpHeaders.CONTENT_TYPE); |
|---|
| | | //return StringUtils.startsWithIgnoreCase(header, MediaType.APPLICATION_JSON_VALUE); |
|---|
| | | return true; |
|---|
| | | return StringUtils.startsWithIgnoreCase(header, MediaType.APPLICATION_JSON_VALUE); |
|---|
| | | } |
|---|
| | | |
|---|
| | | @Override |
|---|
