feat: 新增 SaFirewallCheckHookForHeader、SaFirewallCheckHookForParameter 防火墙校验 hook

sa-token-core/src/main/java/cn/dev33/satoken/strategy/SaFirewallStrategy.java

@@ -42,12 +42,14 @@ public final class SaFirewallStrategy {
 	public List<SaFirewallCheckHook> checkHooks = new ArrayList<>();
 
 	private SaFirewallStrategy() {
-		checkHooks.add(SaFirewallCheckHookForWhiteList.instance);
+		checkHooks.add(SaFirewallCheckHookForWhitePath.instance);
-		checkHooks.add(SaFirewallCheckHookForBlackList.instance);
+		checkHooks.add(SaFirewallCheckHookForBlackPath.instance);
-		checkHooks.add(SaFirewallCheckHookForDangerCharacter.instance);
+		checkHooks.add(SaFirewallCheckHookForPathDangerCharacter.instance);
 		checkHooks.add(SaFirewallCheckHookForDirectoryTraversal.instance);
 		checkHooks.add(SaFirewallCheckHookForHost.instance);
 		checkHooks.add(SaFirewallCheckHookForHttpMethod.instance);
+		checkHooks.add(SaFirewallCheckHookForHeader.instance);
+		checkHooks.add(SaFirewallCheckHookForParameter.instance);
 	}
 
 	// 注册一个防火墙校验 hook

sa-token-core/src/main/java/cn/dev33/satoken/strategy/hooks/SaFirewallCheckHookForBlackPath.java

@@ -25,12 +25,12 @@ import cn.dev33.satoken.exception.RequestPathInvalidException;
  * @author click33
  * @since 1.41.0
  */
-public class SaFirewallCheckHookForBlackList implements SaFirewallCheckHook {
+public class SaFirewallCheckHookForBlackPath implements SaFirewallCheckHook {
 
     /**
      * 默认实例
      */
-    public static SaFirewallCheckHookForBlackList instance = new SaFirewallCheckHookForBlackList();
+    public static SaFirewallCheckHookForBlackPath instance = new SaFirewallCheckHookForBlackPath();
 
     /**
      * 请求 path 黑名单

sa-token-core/src/main/java/cn/dev33/satoken/strategy/hooks/SaFirewallCheckHookForHeader.java

@@ -0,0 +1,72 @@
+/*
+ * Copyright 2020-2099 sa-token.cc
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package cn.dev33.satoken.strategy.hooks;
+
+import cn.dev33.satoken.context.model.SaRequest;
+import cn.dev33.satoken.context.model.SaResponse;
+import cn.dev33.satoken.exception.FirewallCheckException;
+
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+
+/**
+ * 防火墙策略校验钩子函数：请求头检测
+ *
+ * @author click33
+ * @since 1.41.0
+ */
+public class SaFirewallCheckHookForHeader implements SaFirewallCheckHook {
+
+    /**
+     * 默认实例
+     */
+    public static SaFirewallCheckHookForHeader instance = new SaFirewallCheckHookForHeader();
+
+    /**
+     * 不允许的请求头列表
+     */
+    public List<String> notAllowHeaderNames = new ArrayList<>();
+
+    public SaFirewallCheckHookForHeader() {
+    }
+
+    /**
+     * 配置
+     * @param notAllowHeaderNames 不允许的请求头列表 (先清空原来的，再添加上新的)
+     */
+    public void resetConfig(String... notAllowHeaderNames) {
+        this.notAllowHeaderNames.clear();
+        this.notAllowHeaderNames.addAll(Arrays.asList(notAllowHeaderNames));
+    }
+
+    /**
+     * 执行的方法
+     *
+     * @param req 请求对象
+     * @param res 响应对象
+     * @param extArg 预留扩展参数
+     */
+    @Override
+    public void execute(SaRequest req, SaResponse res, Object extArg) {
+        for (String headerName : notAllowHeaderNames) {
+            if(req.getHeader(headerName) != null) {
+                throw new FirewallCheckException("非法请求头：" + headerName);
+            }
+        }
+    }
+
+}

sa-token-core/src/main/java/cn/dev33/satoken/strategy/hooks/SaFirewallCheckHookForParameter.java

@@ -0,0 +1,72 @@
+/*
+ * Copyright 2020-2099 sa-token.cc
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package cn.dev33.satoken.strategy.hooks;
+
+import cn.dev33.satoken.context.model.SaRequest;
+import cn.dev33.satoken.context.model.SaResponse;
+import cn.dev33.satoken.exception.FirewallCheckException;
+
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+
+/**
+ * 防火墙策略校验钩子函数：请求参数检测
+ *
+ * @author click33
+ * @since 1.41.0
+ */
+public class SaFirewallCheckHookForParameter implements SaFirewallCheckHook {
+
+    /**
+     * 默认实例
+     */
+    public static SaFirewallCheckHookForParameter instance = new SaFirewallCheckHookForParameter();
+
+    /**
+     * 不允许的请求参数列表
+     */
+    public List<String> notAllowParameterNames = new ArrayList<>();
+
+    public SaFirewallCheckHookForParameter() {
+    }
+
+    /**
+     * 配置
+     * @param notAllowParameterNames 不允许的请求参数列表 (先清空原来的，再添加上新的)
+     */
+    public void resetConfig(String... notAllowParameterNames) {
+        this.notAllowParameterNames.clear();
+        this.notAllowParameterNames.addAll(Arrays.asList(notAllowParameterNames));
+    }
+
+    /**
+     * 执行的方法
+     *
+     * @param req 请求对象
+     * @param res 响应对象
+     * @param extArg 预留扩展参数
+     */
+    @Override
+    public void execute(SaRequest req, SaResponse res, Object extArg) {
+        for (String parameterName : notAllowParameterNames) {
+            if(req.getParam(parameterName) != null) {
+                throw new FirewallCheckException("非法请求参数：" + parameterName);
+            }
+        }
+    }
+
+}

sa-token-core/src/main/java/cn/dev33/satoken/strategy/hooks/SaFirewallCheckHookForPathDangerCharacter.java

@@ -25,12 +25,12 @@ import cn.dev33.satoken.exception.RequestPathInvalidException;
  * @author click33
  * @since 1.41.0
  */
-public class SaFirewallCheckHookForDangerCharacter implements SaFirewallCheckHook {
+public class SaFirewallCheckHookForPathDangerCharacter implements SaFirewallCheckHook {
 
     /**
      * 默认实例
      */
-    public static SaFirewallCheckHookForDangerCharacter instance = new SaFirewallCheckHookForDangerCharacter();
+    public static SaFirewallCheckHookForPathDangerCharacter instance = new SaFirewallCheckHookForPathDangerCharacter();
 
     /**
      * 请求 path 不允许出现的危险字符

sa-token-core/src/main/java/cn/dev33/satoken/strategy/hooks/SaFirewallCheckHookForWhitePath.java

@@ -25,12 +25,12 @@ import cn.dev33.satoken.exception.StopMatchException;
  * @author click33
  * @since 1.41.0
  */
-public class SaFirewallCheckHookForWhiteList implements SaFirewallCheckHook {
+public class SaFirewallCheckHookForWhitePath implements SaFirewallCheckHook {
 
     /**
      * 默认实例
      */
-    public static SaFirewallCheckHookForWhiteList instance = new SaFirewallCheckHookForWhiteList();
+    public static SaFirewallCheckHookForWhitePath instance = new SaFirewallCheckHookForWhitePath();
 
     /**
      * 请求 path 白名单