package com.ruoyi.gateway.filter;
|
|
import com.alibaba.fastjson.JSONObject;
|
import com.ruoyi.common.core.constant.HttpStatus;
|
import com.ruoyi.common.core.constant.TokenConstants;
|
import com.ruoyi.common.core.utils.ServletUtils;
|
import com.ruoyi.common.core.utils.StringUtils;
|
import com.ruoyi.common.core.utils.html.EscapeUtil;
|
import com.ruoyi.gateway.config.properties.IgnoreWhiteProperties;
|
import com.ruoyi.gateway.config.properties.XssProperties;
|
import io.netty.buffer.ByteBufAllocator;
|
import org.apache.commons.codec.binary.Base64;
|
import org.slf4j.Logger;
|
import org.slf4j.LoggerFactory;
|
import org.springframework.beans.factory.annotation.Autowired;
|
import org.springframework.beans.factory.annotation.Value;
|
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
|
import org.springframework.cloud.gateway.filter.GatewayFilterChain;
|
import org.springframework.cloud.gateway.filter.GlobalFilter;
|
import org.springframework.core.Ordered;
|
import org.springframework.core.io.buffer.*;
|
import org.springframework.http.HttpHeaders;
|
import org.springframework.http.HttpMethod;
|
import org.springframework.http.MediaType;
|
import org.springframework.http.server.reactive.ServerHttpRequest;
|
import org.springframework.http.server.reactive.ServerHttpRequestDecorator;
|
import org.springframework.stereotype.Component;
|
import org.springframework.web.server.ServerWebExchange;
|
import reactor.core.publisher.Flux;
|
import reactor.core.publisher.Mono;
|
|
import java.nio.charset.StandardCharsets;
|
import java.util.ArrayList;
|
import java.util.Collections;
|
import java.util.Comparator;
|
import java.util.List;
|
import java.util.concurrent.atomic.AtomicReference;
|
|
/**
|
* 跨站脚本过滤器
|
*
|
* @author ruoyi
|
*/
|
@Component
|
public class RequestParamGlobalFilter implements GlobalFilter, Ordered {
|
|
@Autowired
|
private IgnoreWhiteProperties ignoreWhite;
|
|
|
@Override
|
public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) {
|
ServerHttpRequest request = exchange.getRequest();
|
ServerHttpRequest.Builder mutate = request.mutate();
|
HttpMethod method = request.getMethod();
|
if(method != HttpMethod.POST){
|
return chain.filter(exchange.mutate().request(mutate.build()).build());
|
}
|
// 跳过不需要验证的路径
|
String url = request.getURI().getPath();
|
if (StringUtils.matches(url, ignoreWhite.getWhites())) {
|
return chain.filter(exchange);
|
}
|
ServerHttpRequestDecorator httpRequestDecorator = requestDecorator(exchange);
|
return chain.filter(exchange.mutate().request(httpRequestDecorator).build());
|
}
|
|
|
private ServerHttpRequestDecorator requestDecorator(ServerWebExchange exchange) {
|
ServerHttpRequestDecorator serverHttpRequestDecorator = new ServerHttpRequestDecorator(exchange.getRequest()) {
|
@Override
|
public Flux<DataBuffer> getBody() {
|
Flux<DataBuffer> body = super.getBody();
|
return body.buffer().map(dataBuffers -> {
|
DataBufferFactory dataBufferFactory = new DefaultDataBufferFactory();
|
DataBuffer join = dataBufferFactory.join(dataBuffers);
|
byte[] content = new byte[join.readableByteCount()];
|
join.read(content);
|
DataBufferUtils.release(join);
|
String bodyStr = new String(content, StandardCharsets.UTF_8);
|
// 转成字节
|
byte[] bytes = bodyStr.getBytes();
|
NettyDataBufferFactory nettyDataBufferFactory = new NettyDataBufferFactory(ByteBufAllocator.DEFAULT);
|
DataBuffer buffer = nettyDataBufferFactory.allocateBuffer(bytes.length);
|
buffer.write(bytes);
|
return buffer;
|
});
|
}
|
|
@Override
|
public HttpHeaders getHeaders() {
|
HttpHeaders httpHeaders = new HttpHeaders();
|
httpHeaders.putAll(super.getHeaders());
|
// 由于修改了请求体的body,导致content-length长度不确定,因此需要删除原先的content-length
|
httpHeaders.remove(HttpHeaders.CONTENT_LENGTH);
|
httpHeaders.set(HttpHeaders.TRANSFER_ENCODING, "chunked");
|
return httpHeaders;
|
}
|
|
};
|
return serverHttpRequestDecorator;
|
}
|
|
|
@Override
|
public int getOrder() {
|
return HIGHEST_PRECEDENCE;
|
}
|
}
|
