refactor: 重构相关 starter 包的防火墙过滤器代价

2025-06-28 13:34:18 +08:00 · 2025-02-27 06:15:54 +08:00 · 2025-02-27 06:15:54 +08:00 · 59823fd3cd
commit 59823fd3cd
parent db5e70db6a
9 changed files with 82 additions and 47 deletions
--- a/sa-token-core/src/main/java/cn/dev33/satoken/util/SaTokenConsts.java
+++ b/sa-token-core/src/main/java/cn/dev33/satoken/util/SaTokenConsts.java
@ -187,9 +187,9 @@ public class SaTokenConsts {
 	public static final int ASSEMBLY_ORDER = -100;
 	/**
-	 * 请求 path 校验过滤器的注册顺序
+	 * 防火墙校验过滤器的注册顺序
 	 */
-	public static final int PATH_CHECK_FILTER_ORDER = -1000;
+	public static final int FIREWALL_CHECK_FILTER_ORDER = -1000;
 	/**
 	 * Content-Type  key
--- a/sa-token-starter/sa-token-reactor-spring-boot-starter/src/main/java/cn/dev33/satoken/reactor/filter/SaFirewallCheckFilterForReactor.java
+++ b/sa-token-starter/sa-token-reactor-spring-boot-starter/src/main/java/cn/dev33/satoken/reactor/filter/SaFirewallCheckFilterForReactor.java
@ -15,7 +15,10 @@
 */
 package cn.dev33.satoken.reactor.filter;
-import cn.dev33.satoken.exception.RequestPathInvalidException;
+import cn.dev33.satoken.exception.FirewallCheckException;
 import cn.dev33.satoken.exception.StopMatchException;
 import cn.dev33.satoken.reactor.model.SaRequestForReactor;
 import cn.dev33.satoken.reactor.model.SaResponseForReactor;
 import cn.dev33.satoken.strategy.SaFirewallStrategy;
 import cn.dev33.satoken.util.SaTokenConsts;
 import org.springframework.core.annotation.Order;
@ -25,29 +28,37 @@ import org.springframework.web.server.WebFilterChain;
 import reactor.core.publisher.Mono;
 /**
- * 校验请求 path 是否合法
+ * 防火墙校验过滤器 (Reactor版)
 *
 * @author click33
 * @since 1.37.0
 */
-@Order(SaTokenConsts.PATH_CHECK_FILTER_ORDER)
+@Order(SaTokenConsts.FIREWALL_CHECK_FILTER_ORDER)
-public class SaPathCheckFilterForReactor implements WebFilter {
+public class SaFirewallCheckFilterForReactor implements WebFilter {
 	@Override
 	public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
-		// 校验本次请求 path 是否合法
+		SaRequestForReactor saRequest = new SaRequestForReactor(exchange.getRequest());
 		SaResponseForReactor saResponse = new SaResponseForReactor(exchange.getResponse());
 		try {
-			SaFirewallStrategy.instance.check.run(exchange.getRequest().getPath().toString(), exchange, null);
+			SaFirewallStrategy.instance.check.execute(saRequest, saResponse, exchange);
-		} catch (RequestPathInvalidException e) {
+		}
 		catch (StopMatchException e) {
 			// 如果是 StopMatchException 异常，代表通过了防火墙验证，进入 Controller
 		}
 		catch (FirewallCheckException e) {
 			// FirewallCheckException 异常则交由异常处理策略处理
 			if(SaFirewallStrategy.instance.checkFailHandle == null) {
 				exchange.getResponse().getHeaders().set(SaTokenConsts.CONTENT_TYPE_KEY, SaTokenConsts.CONTENT_TYPE_TEXT_PLAIN);
 				return exchange.getResponse().writeWith(Mono.just(exchange.getResponse().bufferFactory().wrap(e.getMessage().getBytes())));
 			} else {
-				SaFirewallStrategy.instance.checkFailHandle.run(e, exchange, null);
+				SaFirewallStrategy.instance.checkFailHandle.run(e, saRequest, saResponse, null);
 				return Mono.empty();
 			}
 			return Mono.empty();
 		}
 		// 更多异常则不处理，交由 Web 框架处理
 		// 向下执行
 		return chain.filter(exchange);
--- a/sa-token-starter/sa-token-reactor-spring-boot-starter/src/main/java/cn/dev33/satoken/reactor/spring/SaTokenContextRegister.java
+++ b/sa-token-starter/sa-token-reactor-spring-boot-starter/src/main/java/cn/dev33/satoken/reactor/spring/SaTokenContextRegister.java
@ -15,7 +15,7 @@
 */
 package cn.dev33.satoken.reactor.spring;
-import cn.dev33.satoken.reactor.filter.SaPathCheckFilterForReactor;
+import cn.dev33.satoken.reactor.filter.SaFirewallCheckFilterForReactor;
 import org.springframework.context.annotation.Bean;
 import cn.dev33.satoken.context.SaTokenContext;
@ -44,8 +44,8 @@ public class SaTokenContextRegister {
 	 * @return /
 	 */
 	@Bean
-	public SaPathCheckFilterForReactor saPathCheckFilterForReactor() {
+	public SaFirewallCheckFilterForReactor saFirewallCheckFilterForReactor() {
-		return new SaPathCheckFilterForReactor();
+		return new SaFirewallCheckFilterForReactor();
 	}
 }
--- a/sa-token-starter/sa-token-reactor-spring-boot3-starter/src/main/java/cn/dev33/satoken/reactor/filter/SaFirewallCheckFilterForReactor.java
+++ b/sa-token-starter/sa-token-reactor-spring-boot3-starter/src/main/java/cn/dev33/satoken/reactor/filter/SaFirewallCheckFilterForReactor.java
@ -15,7 +15,10 @@
 */
 package cn.dev33.satoken.reactor.filter;
-import cn.dev33.satoken.exception.RequestPathInvalidException;
+import cn.dev33.satoken.exception.FirewallCheckException;
 import cn.dev33.satoken.exception.StopMatchException;
 import cn.dev33.satoken.reactor.model.SaRequestForReactor;
 import cn.dev33.satoken.reactor.model.SaResponseForReactor;
 import cn.dev33.satoken.strategy.SaFirewallStrategy;
 import cn.dev33.satoken.util.SaTokenConsts;
 import org.springframework.core.annotation.Order;
@ -25,29 +28,37 @@ import org.springframework.web.server.WebFilterChain;
 import reactor.core.publisher.Mono;
 /**
- * 校验请求 path 是否合法
+ * 防火墙校验过滤器 (Reactor版)
 *
 * @author click33
 * @since 1.37.0
 */
-@Order(SaTokenConsts.PATH_CHECK_FILTER_ORDER)
+@Order(SaTokenConsts.FIREWALL_CHECK_FILTER_ORDER)
-public class SaPathCheckFilterForReactor implements WebFilter {
+public class SaFirewallCheckFilterForReactor implements WebFilter {
 	@Override
 	public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
-		// 校验本次请求 path 是否合法
+		SaRequestForReactor saRequest = new SaRequestForReactor(exchange.getRequest());
 		SaResponseForReactor saResponse = new SaResponseForReactor(exchange.getResponse());
 		try {
-			SaFirewallStrategy.instance.check.run(exchange.getRequest().getPath().toString(), exchange, null);
+			SaFirewallStrategy.instance.check.execute(saRequest, saResponse, exchange);
-		} catch (RequestPathInvalidException e) {
+		}
 		catch (StopMatchException e) {
 			// 如果是 StopMatchException 异常，代表通过了防火墙验证，进入 Controller
 		}
 		catch (FirewallCheckException e) {
 			// FirewallCheckException 异常则交由异常处理策略处理
 			if(SaFirewallStrategy.instance.checkFailHandle == null) {
 				exchange.getResponse().getHeaders().set(SaTokenConsts.CONTENT_TYPE_KEY, SaTokenConsts.CONTENT_TYPE_TEXT_PLAIN);
 				return exchange.getResponse().writeWith(Mono.just(exchange.getResponse().bufferFactory().wrap(e.getMessage().getBytes())));
 			} else {
-				SaFirewallStrategy.instance.checkFailHandle.run(e, exchange, null);
+				SaFirewallStrategy.instance.checkFailHandle.run(e, saRequest, saResponse, null);
 				return Mono.empty();
 			}
 			return Mono.empty();
 		}
 		// 更多异常则不处理，交由 Web 框架处理
 		// 向下执行
 		return chain.filter(exchange);
--- a/sa-token-starter/sa-token-reactor-spring-boot3-starter/src/main/java/cn/dev33/satoken/reactor/spring/SaTokenContextRegister.java
+++ b/sa-token-starter/sa-token-reactor-spring-boot3-starter/src/main/java/cn/dev33/satoken/reactor/spring/SaTokenContextRegister.java
@ -16,7 +16,7 @@
 package cn.dev33.satoken.reactor.spring;
 import cn.dev33.satoken.context.SaTokenContext;
-import cn.dev33.satoken.reactor.filter.SaPathCheckFilterForReactor;
+import cn.dev33.satoken.reactor.filter.SaFirewallCheckFilterForReactor;
 import org.springframework.context.annotation.Bean;
 /**
@ -43,8 +43,8 @@ public class SaTokenContextRegister {
 	 * @return /
 	 */
 	@Bean
-	public SaPathCheckFilterForReactor saPathCheckFilterForReactor() {
+	public SaFirewallCheckFilterForReactor saFirewallCheckFilterForReactor() {
-		return new SaPathCheckFilterForReactor();
+		return new SaFirewallCheckFilterForReactor();
 	}
 }
--- a/sa-token-starter/sa-token-spring-boot-starter/src/main/java/cn/dev33/satoken/filter/SaFirewallCheckFilterForServlet.java
+++ b/sa-token-starter/sa-token-spring-boot-starter/src/main/java/cn/dev33/satoken/filter/SaFirewallCheckFilterForServlet.java
@ -29,12 +29,12 @@ import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
 /**
- * 防火墙校验过滤器
+ * 防火墙校验过滤器 (基于 Servlet)
 *
 * @author click33
 * @since 1.37.0
 */
-@Order(SaTokenConsts.PATH_CHECK_FILTER_ORDER)
+@Order(SaTokenConsts.FIREWALL_CHECK_FILTER_ORDER)
 public class SaFirewallCheckFilterForServlet implements Filter {
 	@Override
--- a/sa-token-starter/sa-token-spring-boot-starter/src/main/java/cn/dev33/satoken/spring/SaTokenContextRegister.java
+++ b/sa-token-starter/sa-token-spring-boot-starter/src/main/java/cn/dev33/satoken/spring/SaTokenContextRegister.java
@ -43,7 +43,7 @@ public class SaTokenContextRegister {
 	 * @return /
 	 */
 	@Bean
-	public SaFirewallCheckFilterForServlet saPathCheckFilterForServlet() {
+	public SaFirewallCheckFilterForServlet saFirewallCheckFilterForServlet() {
 		return new SaFirewallCheckFilterForServlet();
 	}
--- a/sa-token-starter/sa-token-spring-boot3-starter/src/main/java/cn/dev33/satoken/filter/SaFirewallCheckFilterForJakartaServlet.java
+++ b/sa-token-starter/sa-token-spring-boot3-starter/src/main/java/cn/dev33/satoken/filter/SaFirewallCheckFilterForJakartaServlet.java
@ -15,43 +15,56 @@
 */
 package cn.dev33.satoken.filter;
-import cn.dev33.satoken.exception.RequestPathInvalidException;
+import cn.dev33.satoken.exception.FirewallCheckException;
 import cn.dev33.satoken.exception.StopMatchException;
 import cn.dev33.satoken.servlet.model.SaRequestForServlet;
 import cn.dev33.satoken.servlet.model.SaResponseForServlet;
 import cn.dev33.satoken.strategy.SaFirewallStrategy;
 import cn.dev33.satoken.util.SaTokenConsts;
 import jakarta.servlet.*;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
 import org.springframework.core.annotation.Order;
 import java.io.IOException;
 /**
- * 校验请求 path 是否合法
+ * 防火墙校验过滤器 (基于 Jakarta-Servlet)
 *
 * @author click33
 * @since 1.37.0
 */
-@Order(SaTokenConsts.PATH_CHECK_FILTER_ORDER)
+@Order(SaTokenConsts.FIREWALL_CHECK_FILTER_ORDER)
-public class SaPathCheckFilterForJakartaServlet implements Filter {
+public class SaFirewallCheckFilterForJakartaServlet implements Filter {
 	@Override
 	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
-		// 校验本次请求 path 是否合法
+		HttpServletRequest req = (HttpServletRequest) request;
 		HttpServletResponse res = (HttpServletResponse) response;
 		SaRequestForServlet saRequest = new SaRequestForServlet(req);
 		SaResponseForServlet saResponse = new SaResponseForServlet(res);
 		try {
-			HttpServletRequest req = (HttpServletRequest) request;
+			SaFirewallStrategy.instance.check.execute(saRequest, saResponse, null);
-			SaFirewallStrategy.instance.check.run(req.getRequestURI(), request, response);
+		}
-		} catch (RequestPathInvalidException e) {
+		catch (StopMatchException e) {
 			// 如果是 StopMatchException 异常，代表通过了防火墙验证，进入 Controller
 		}
 		catch (FirewallCheckException e) {
 			// FirewallCheckException 异常则交由异常处理策略处理
 			if(SaFirewallStrategy.instance.checkFailHandle == null) {
 				response.setContentType("text/plain; charset=utf-8");
 				response.getWriter().print(e.getMessage());
 				response.getWriter().flush();
-            } else {
+			} else {
-				SaFirewallStrategy.instance.checkFailHandle.run(e, request, response);
+				SaFirewallStrategy.instance.checkFailHandle.run(e, saRequest, saResponse, null);
-            }
+			}
-            return;
+			return;
-        }
+		}
 		// 更多异常则不处理，交由 Web 框架处理
-		// 向下执行
+		// 向内执行
 		chain.doFilter(request, response);
 	}
--- a/sa-token-starter/sa-token-spring-boot3-starter/src/main/java/cn/dev33/satoken/spring/SaTokenContextRegister.java
+++ b/sa-token-starter/sa-token-spring-boot3-starter/src/main/java/cn/dev33/satoken/spring/SaTokenContextRegister.java
@ -16,7 +16,7 @@
 package cn.dev33.satoken.spring;
 import cn.dev33.satoken.context.SaTokenContext;
-import cn.dev33.satoken.filter.SaPathCheckFilterForJakartaServlet;
+import cn.dev33.satoken.filter.SaFirewallCheckFilterForJakartaServlet;
 import org.springframework.context.annotation.Bean;
 /**
@ -43,8 +43,8 @@ public class SaTokenContextRegister {
 	 * @return /
 	 */
 	@Bean
-	public SaPathCheckFilterForJakartaServlet saPathCheckFilterForJakartaServlet() {
+	public SaFirewallCheckFilterForJakartaServlet saFirewallCheckFilterForJakartaServlet() {
-		return new SaPathCheckFilterForJakartaServlet();
+		return new SaFirewallCheckFilterForJakartaServlet();
 	}
 }