feat: 新增 CORS 跨域策略处理函数，提供不同架构下统一的跨域处理方案

sa-token-starter/sa-token-reactor-spring-boot-starter/src/main/java/cn/dev33/satoken/reactor/filter/SaTokenCorsFilterForReactor.java

@@ -0,0 +1,60 @@
+/*
+ * Copyright 2020-2099 sa-token.cc
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package cn.dev33.satoken.reactor.filter;
+
+import cn.dev33.satoken.context.SaHolder;
+import cn.dev33.satoken.context.model.SaTokenContextModelBox;
+import cn.dev33.satoken.exception.BackResultException;
+import cn.dev33.satoken.exception.StopMatchException;
+import cn.dev33.satoken.reactor.context.SaReactorSyncHolder;
+import cn.dev33.satoken.reactor.util.SaReactorOperateUtil;
+import cn.dev33.satoken.strategy.SaStrategy;
+import cn.dev33.satoken.util.SaTokenConsts;
+import org.springframework.core.annotation.Order;
+import org.springframework.web.server.ServerWebExchange;
+import org.springframework.web.server.WebFilter;
+import org.springframework.web.server.WebFilterChain;
+import reactor.core.publisher.Mono;
+
+/**
+ * CORS 跨域策略过滤器 (基于 Reactor)
+ *
+ * @author click33
+ * @since 1.42.0
+ */
+@Order(SaTokenConsts.CORS_FILTER_ORDER)
+public class SaTokenCorsFilterForReactor implements WebFilter {
+
+	@Override
+	public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
+
+		try {
+			SaReactorSyncHolder.setContext(exchange);
+			SaTokenContextModelBox box = SaHolder.getContext().getModelBox();
+			SaStrategy.instance.corsHandle.execute(box.getRequest(), box.getResponse(), box.getStorage());
+		}
+		catch (StopMatchException ignored) {}
+		catch (BackResultException e) {
+			return SaReactorOperateUtil.writeResult(exchange, e.getMessage());
+		}
+		finally {
+			SaReactorSyncHolder.clearContext();
+		}
+
+		return chain.filter(exchange);
+	}
+
+}

sa-token-starter/sa-token-reactor-spring-boot-starter/src/main/java/cn/dev33/satoken/reactor/spring/SaTokenContextRegister.java

@@ -17,6 +17,7 @@ package cn.dev33.satoken.reactor.spring;
 
 import cn.dev33.satoken.reactor.filter.SaFirewallCheckFilterForReactor;
 import cn.dev33.satoken.reactor.filter.SaTokenContextFilterForReactor;
+import cn.dev33.satoken.reactor.filter.SaTokenCorsFilterForReactor;
 import cn.dev33.satoken.spring.pathmatch.SaPathPatternParserUtil;
 import cn.dev33.satoken.strategy.SaStrategy;
 import org.springframework.context.annotation.Bean;
@@ -46,6 +47,16 @@ public class SaTokenContextRegister {
 		return new SaTokenContextFilterForReactor();
 	}
 
+	/**
+	 * CORS 跨域策略过滤器
+	 *
+	 * @return /
+	 */
+	@Bean
+	public SaTokenCorsFilterForReactor saTokenCorsFilterForReactor() {
+		return new SaTokenCorsFilterForReactor();
+	}
+
 	/**
 	 * 防火墙过滤器
 	 *

sa-token-starter/sa-token-reactor-spring-boot3-starter/src/main/java/cn/dev33/satoken/reactor/filter/SaTokenCorsFilterForReactor.java

@@ -0,0 +1,60 @@
+/*
+ * Copyright 2020-2099 sa-token.cc
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package cn.dev33.satoken.reactor.filter;
+
+import cn.dev33.satoken.context.SaHolder;
+import cn.dev33.satoken.context.model.SaTokenContextModelBox;
+import cn.dev33.satoken.exception.BackResultException;
+import cn.dev33.satoken.exception.StopMatchException;
+import cn.dev33.satoken.reactor.context.SaReactorSyncHolder;
+import cn.dev33.satoken.reactor.util.SaReactorOperateUtil;
+import cn.dev33.satoken.strategy.SaStrategy;
+import cn.dev33.satoken.util.SaTokenConsts;
+import org.springframework.core.annotation.Order;
+import org.springframework.web.server.ServerWebExchange;
+import org.springframework.web.server.WebFilter;
+import org.springframework.web.server.WebFilterChain;
+import reactor.core.publisher.Mono;
+
+/**
+ * CORS 跨域策略过滤器 (基于 Reactor)
+ *
+ * @author click33
+ * @since 1.42.0
+ */
+@Order(SaTokenConsts.CORS_FILTER_ORDER)
+public class SaTokenCorsFilterForReactor implements WebFilter {
+
+	@Override
+	public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
+
+		try {
+			SaReactorSyncHolder.setContext(exchange);
+			SaTokenContextModelBox box = SaHolder.getContext().getModelBox();
+			SaStrategy.instance.corsHandle.execute(box.getRequest(), box.getResponse(), box.getStorage());
+		}
+		catch (StopMatchException ignored) {}
+		catch (BackResultException e) {
+			return SaReactorOperateUtil.writeResult(exchange, e.getMessage());
+		}
+		finally {
+			SaReactorSyncHolder.clearContext();
+		}
+
+		return chain.filter(exchange);
+	}
+
+}

sa-token-starter/sa-token-reactor-spring-boot3-starter/src/main/java/cn/dev33/satoken/reactor/spring/SaTokenContextRegister.java

@@ -17,6 +17,7 @@ package cn.dev33.satoken.reactor.spring;
 
 import cn.dev33.satoken.reactor.filter.SaFirewallCheckFilterForReactor;
 import cn.dev33.satoken.reactor.filter.SaTokenContextFilterForReactor;
+import cn.dev33.satoken.reactor.filter.SaTokenCorsFilterForReactor;
 import cn.dev33.satoken.spring.pathmatch.SaPathPatternParserUtil;
 import cn.dev33.satoken.strategy.SaStrategy;
 import org.springframework.context.annotation.Bean;
@@ -46,6 +47,16 @@ public class SaTokenContextRegister {
 		return new SaTokenContextFilterForReactor();
 	}
 
+	/**
+	 * CORS 跨域策略过滤器
+	 *
+	 * @return /
+	 */
+	@Bean
+	public SaTokenCorsFilterForReactor saTokenCorsFilterForReactor() {
+		return new SaTokenCorsFilterForReactor();
+	}
+
 	/**
 	 * 防火墙过滤器
 	 *

sa-token-starter/sa-token-solon-plugin/src/main/java/cn/dev33/satoken/solon/SaBeanInject.java

@@ -22,6 +22,7 @@ import cn.dev33.satoken.apikey.loader.SaApiKeyDataLoader;
 import cn.dev33.satoken.config.SaTokenConfig;
 import cn.dev33.satoken.context.SaTokenContext;
 import cn.dev33.satoken.dao.SaTokenDao;
+import cn.dev33.satoken.fun.strategy.SaCorsHandleFunction;
 import cn.dev33.satoken.httpauth.basic.SaHttpBasicTemplate;
 import cn.dev33.satoken.httpauth.basic.SaHttpBasicUtil;
 import cn.dev33.satoken.httpauth.digest.SaHttpDigestTemplate;
@@ -41,6 +42,7 @@ import cn.dev33.satoken.stp.StpLogic;
 import cn.dev33.satoken.stp.StpUtil;
 import cn.dev33.satoken.strategy.SaAnnotationStrategy;
 import cn.dev33.satoken.strategy.SaFirewallStrategy;
+import cn.dev33.satoken.strategy.SaStrategy;
 import cn.dev33.satoken.strategy.hooks.SaFirewallCheckHook;
 import cn.dev33.satoken.temp.SaTempTemplate;
 import org.noear.solon.annotation.Bean;
@@ -275,6 +277,17 @@ public class SaBeanInject {
 		}
 	}
 
+	/**
+	 * 注入CORS 策略处理函数
+	 *
+	 * @param corsHandle /
+	 */
+	@Condition(onBean = SaCorsHandleFunction.class)
+	@Bean
+	public void setCorsHandle(SaCorsHandleFunction corsHandle) {
+		SaStrategy.instance.corsHandle = corsHandle;
+	}
+
 	/**
 	 * 注入自定义插件集合
 	 *

sa-token-starter/sa-token-solon-plugin/src/main/java/cn/dev33/satoken/solon/SaBeanRegister.java

@@ -18,6 +18,7 @@ package cn.dev33.satoken.solon;
 import cn.dev33.satoken.config.SaTokenConfig;
 import cn.dev33.satoken.solon.integration.SaFirewallCheckFilterForSolon;
 import cn.dev33.satoken.solon.integration.SaTokenContextFilterForSolon;
+import cn.dev33.satoken.solon.integration.SaTokenCorsFilterForSolon;
 import cn.dev33.satoken.strategy.SaStrategy;
 import cn.dev33.satoken.util.SaTokenConsts;
 import org.noear.solon.annotation.Bean;
@@ -66,6 +67,16 @@ public class SaBeanRegister {
 		return new SaTokenContextFilterForSolon();
 	}
 
+	/**
+	 * CORS 跨域策略过滤器
+	 *
+	 * @return /
+	 */
+	@Bean(index = SaTokenConsts.CORS_FILTER_ORDER)
+	public Filter saTokenCorsFilterForSolon() {
+		return new SaTokenCorsFilterForSolon();
+	}
+
 	/**
 	 * 防火墙过滤器
 	 *

sa-token-starter/sa-token-solon-plugin/src/main/java/cn/dev33/satoken/solon/integration/SaTokenCorsFilterForSolon.java

@@ -0,0 +1,52 @@
+/*
+ * Copyright 2020-2099 sa-token.cc
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package cn.dev33.satoken.solon.integration;
+
+import cn.dev33.satoken.context.SaHolder;
+import cn.dev33.satoken.context.model.SaTokenContextModelBox;
+import cn.dev33.satoken.exception.BackResultException;
+import cn.dev33.satoken.exception.StopMatchException;
+import cn.dev33.satoken.solon.util.SaSolonOperateUtil;
+import cn.dev33.satoken.strategy.SaStrategy;
+import org.noear.solon.core.handle.Context;
+import org.noear.solon.core.handle.Filter;
+import org.noear.solon.core.handle.FilterChain;
+
+/**
+ * CORS 跨域策略过滤器 (基于 Solon)
+ *
+ * @author click33
+ * @since 1.42.0
+ */
+public class SaTokenCorsFilterForSolon implements Filter {
+
+	@Override
+	public void doFilter(Context ctx, FilterChain chain) throws Throwable {
+		
+		try {
+			SaTokenContextModelBox box = SaHolder.getContext().getModelBox();
+			SaStrategy.instance.corsHandle.execute(box.getRequest(), box.getResponse(), box.getStorage());
+		}
+		catch (StopMatchException ignored) {}
+		catch (BackResultException e) {
+			SaSolonOperateUtil.writeResult(ctx, e.getMessage());
+			return;
+		}
+
+		chain.doFilter(ctx);
+	}
+
+}

sa-token-starter/sa-token-spring-boot-autoconfig/src/main/java/cn/dev33/satoken/spring/SaBeanInject.java

@@ -22,6 +22,7 @@ import cn.dev33.satoken.apikey.loader.SaApiKeyDataLoader;
 import cn.dev33.satoken.config.SaTokenConfig;
 import cn.dev33.satoken.context.SaTokenContext;
 import cn.dev33.satoken.dao.SaTokenDao;
+import cn.dev33.satoken.fun.strategy.SaCorsHandleFunction;
 import cn.dev33.satoken.httpauth.basic.SaHttpBasicTemplate;
 import cn.dev33.satoken.httpauth.basic.SaHttpBasicUtil;
 import cn.dev33.satoken.httpauth.digest.SaHttpDigestTemplate;
@@ -42,6 +43,7 @@ import cn.dev33.satoken.stp.StpLogic;
 import cn.dev33.satoken.stp.StpUtil;
 import cn.dev33.satoken.strategy.SaAnnotationStrategy;
 import cn.dev33.satoken.strategy.SaFirewallStrategy;
+import cn.dev33.satoken.strategy.SaStrategy;
 import cn.dev33.satoken.strategy.hooks.SaFirewallCheckHook;
 import cn.dev33.satoken.temp.SaTempTemplate;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -268,6 +270,16 @@ public class SaBeanInject {
 		}
 	}
 
+	/**
+	 * 注入CORS 策略处理函数
+	 *
+	 * @param corsHandle /
+	 */
+	@Autowired(required = false)
+	public void setCorsHandle(SaCorsHandleFunction corsHandle) {
+		SaStrategy.instance.corsHandle = corsHandle;
+	}
+
 	/**
 	 * 注入自定义插件集合
 	 *

sa-token-starter/sa-token-spring-boot-starter/src/main/java/cn/dev33/satoken/filter/SaTokenCorsFilterForServlet.java

@@ -0,0 +1,55 @@
+/*
+ * Copyright 2020-2099 sa-token.cc
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package cn.dev33.satoken.filter;
+
+import cn.dev33.satoken.context.SaHolder;
+import cn.dev33.satoken.context.model.SaTokenContextModelBox;
+import cn.dev33.satoken.exception.BackResultException;
+import cn.dev33.satoken.exception.StopMatchException;
+import cn.dev33.satoken.servlet.util.SaServletOperateUtil;
+import cn.dev33.satoken.strategy.SaStrategy;
+import cn.dev33.satoken.util.SaTokenConsts;
+import org.springframework.core.annotation.Order;
+
+import javax.servlet.*;
+import java.io.IOException;
+
+/**
+ * CORS 跨域策略过滤器 (基于 Servlet)
+ *
+ * @author click33
+ * @since 1.42.0
+ */
+@Order(SaTokenConsts.CORS_FILTER_ORDER)
+public class SaTokenCorsFilterForServlet implements Filter {
+
+	@Override
+	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
+		
+		try {
+			SaTokenContextModelBox box = SaHolder.getContext().getModelBox();
+			SaStrategy.instance.corsHandle.execute(box.getRequest(), box.getResponse(), box.getStorage());
+		}
+		catch (StopMatchException ignored) {}
+		catch (BackResultException e) {
+			SaServletOperateUtil.writeResult(response, e.getMessage());
+			return;
+		}
+
+		chain.doFilter(request, response);
+	}
+
+}

sa-token-starter/sa-token-spring-boot-starter/src/main/java/cn/dev33/satoken/spring/SaTokenContextRegister.java

@@ -17,6 +17,7 @@ package cn.dev33.satoken.spring;
 
 import cn.dev33.satoken.filter.SaFirewallCheckFilterForServlet;
 import cn.dev33.satoken.filter.SaTokenContextFilterForServlet;
+import cn.dev33.satoken.filter.SaTokenCorsFilterForServlet;
 import cn.dev33.satoken.spring.pathmatch.SaPatternsRequestConditionHolder;
 import cn.dev33.satoken.strategy.SaStrategy;
 import org.springframework.context.annotation.Bean;
@@ -46,6 +47,16 @@ public class SaTokenContextRegister {
 		return new SaTokenContextFilterForServlet();
 	}
 
+	/**
+	 * CORS 跨域策略过滤器
+	 *
+	 * @return /
+	 */
+	@Bean
+	public SaTokenCorsFilterForServlet saTokenCorsFilterForServlet() {
+		return new SaTokenCorsFilterForServlet();
+	}
+
 	/**
 	 * 防火墙过滤器
 	 *

sa-token-starter/sa-token-spring-boot3-starter/src/main/java/cn/dev33/satoken/filter/SaTokenCorsFilterForJakartaServlet.java

@@ -0,0 +1,55 @@
+/*
+ * Copyright 2020-2099 sa-token.cc
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package cn.dev33.satoken.filter;
+
+import cn.dev33.satoken.context.SaHolder;
+import cn.dev33.satoken.context.model.SaTokenContextModelBox;
+import cn.dev33.satoken.exception.BackResultException;
+import cn.dev33.satoken.exception.StopMatchException;
+import cn.dev33.satoken.servlet.util.SaJakartaServletOperateUtil;
+import cn.dev33.satoken.strategy.SaStrategy;
+import cn.dev33.satoken.util.SaTokenConsts;
+import jakarta.servlet.*;
+import org.springframework.core.annotation.Order;
+
+import java.io.IOException;
+
+/**
+ * CORS 跨域策略过滤器 (基于 Jakarta-Servlet)
+ *
+ * @author click33
+ * @since 1.42.0
+ */
+@Order(SaTokenConsts.CORS_FILTER_ORDER)
+public class SaTokenCorsFilterForJakartaServlet implements Filter {
+
+	@Override
+	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
+		
+		try {
+			SaTokenContextModelBox box = SaHolder.getContext().getModelBox();
+			SaStrategy.instance.corsHandle.execute(box.getRequest(), box.getResponse(), box.getStorage());
+		}
+		catch (StopMatchException ignored) {}
+		catch (BackResultException e) {
+			SaJakartaServletOperateUtil.writeResult(response, e.getMessage());
+			return;
+		}
+
+		chain.doFilter(request, response);
+	}
+
+}

sa-token-starter/sa-token-spring-boot3-starter/src/main/java/cn/dev33/satoken/spring/SaTokenContextRegister.java

@@ -17,6 +17,7 @@ package cn.dev33.satoken.spring;
 
 import cn.dev33.satoken.filter.SaFirewallCheckFilterForJakartaServlet;
 import cn.dev33.satoken.filter.SaTokenContextFilterForJakartaServlet;
+import cn.dev33.satoken.filter.SaTokenCorsFilterForJakartaServlet;
 import cn.dev33.satoken.spring.pathmatch.SaPathPatternParserUtil;
 import cn.dev33.satoken.strategy.SaStrategy;
 import org.springframework.context.annotation.Bean;
@@ -46,6 +47,16 @@ public class SaTokenContextRegister {
 		return new SaTokenContextFilterForJakartaServlet();
 	}
 
+	/**
+	 * CORS 跨域策略过滤器
+	 *
+	 * @return /
+	 */
+	@Bean
+	public SaTokenCorsFilterForJakartaServlet saTokenCorsFilterForJakartaServlet() {
+		return new SaTokenCorsFilterForJakartaServlet();
+	}
+
 	/**
 	 * 防火墙过滤器
 	 *