lsm/sa-token
1
0
Fork 0
mirror of https://gitee.com/dromara/sa-token.git synced 2025-10-21 19:17:25 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

feat: 新增 SaFirewallStrategy 防火墙策略:请求 path 黑名单校验、非法字符校验、白名单放行

Browse Source
This commit is contained in:
click33
2024-12-08 11:17:42 +08:00
parent 11492df031
commit 6f1094c361
7 changed files with 149 additions and 60 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
sa-token-starter/sa-token-reactor-spring-boot3-starter/src/main/java/cn/dev33/satoken/reactor/filter/SaPathCheckFilterForReactor.java
View File

@@ -16,7 +16,7 @@
package cn.dev33.satoken.reactor.filter;
import cn.dev33.satoken.exception.RequestPathInvalidException;
import cn.dev33.satoken.strategy.SaStrategy;
import cn.dev33.satoken.strategy.SaFirewallStrategy;
import cn.dev33.satoken.util.SaTokenConsts;
import org.springframework.core.annotation.Order;
import org.springframework.web.server.ServerWebExchange;
@@ -38,13 +38,13 @@ public class SaPathCheckFilterForReactor implements WebFilter {
// 校验本次请求 path 是否合法
try {
SaStrategy.instance.checkRequestPath.run(exchange.getRequest().getPath().toString(), exchange, null);
SaFirewallStrategy.instance.checkRequestPath.run(exchange.getRequest().getPath().toString(), exchange, null);
} catch (RequestPathInvalidException e) {
if(SaStrategy.instance.requestPathInvalidHandle == null) {
if(SaFirewallStrategy.instance.requestPathInvalidHandle == null) {
exchange.getResponse().getHeaders().set(SaTokenConsts.CONTENT_TYPE_KEY, SaTokenConsts.CONTENT_TYPE_TEXT_PLAIN);
return exchange.getResponse().writeWith(Mono.just(exchange.getResponse().bufferFactory().wrap(e.getMessage().getBytes())));
} else {
SaStrategy.instance.requestPathInvalidHandle.run(e, exchange, null);
SaFirewallStrategy.instance.requestPathInvalidHandle.run(e, exchange, null);
}
return Mono.empty();
}