refactor: 重构防火墙模块，增加 hooks 机制

2025-10-07 23:24:24 +08:00 · 2025-02-27 05:55:55 +08:00
parent a5d8e071a7
commit db5e70db6a
15 changed files with 350 additions and 109 deletions
--- a/sa-token-starter/sa-token-reactor-spring-boot-starter/src/main/java/cn/dev33/satoken/reactor/filter/SaPathCheckFilterForReactor.java
+++ b/sa-token-starter/sa-token-reactor-spring-boot-starter/src/main/java/cn/dev33/satoken/reactor/filter/SaPathCheckFilterForReactor.java
@@ -38,13 +38,13 @@ public class SaPathCheckFilterForReactor implements WebFilter {

 		// 校验本次请求 path 是否合法
 		try {
-			SaFirewallStrategy.instance.checkRequestPath.run(exchange.getRequest().getPath().toString(), exchange, null);
+			SaFirewallStrategy.instance.check.run(exchange.getRequest().getPath().toString(), exchange, null);
 		} catch (RequestPathInvalidException e) {
-			if(SaFirewallStrategy.instance.requestPathInvalidHandle == null) {
+			if(SaFirewallStrategy.instance.checkFailHandle == null) {
 				exchange.getResponse().getHeaders().set(SaTokenConsts.CONTENT_TYPE_KEY, SaTokenConsts.CONTENT_TYPE_TEXT_PLAIN);
 				return exchange.getResponse().writeWith(Mono.just(exchange.getResponse().bufferFactory().wrap(e.getMessage().getBytes())));
 			} else {
-				SaFirewallStrategy.instance.requestPathInvalidHandle.run(e, exchange, null);
+				SaFirewallStrategy.instance.checkFailHandle.run(e, exchange, null);
 			}
 			return Mono.empty();
 		}
--- a/sa-token-starter/sa-token-reactor-spring-boot3-starter/src/main/java/cn/dev33/satoken/reactor/filter/SaPathCheckFilterForReactor.java
+++ b/sa-token-starter/sa-token-reactor-spring-boot3-starter/src/main/java/cn/dev33/satoken/reactor/filter/SaPathCheckFilterForReactor.java
@@ -38,13 +38,13 @@ public class SaPathCheckFilterForReactor implements WebFilter {

 		// 校验本次请求 path 是否合法
 		try {
-			SaFirewallStrategy.instance.checkRequestPath.run(exchange.getRequest().getPath().toString(), exchange, null);
+			SaFirewallStrategy.instance.check.run(exchange.getRequest().getPath().toString(), exchange, null);
 		} catch (RequestPathInvalidException e) {
-			if(SaFirewallStrategy.instance.requestPathInvalidHandle == null) {
+			if(SaFirewallStrategy.instance.checkFailHandle == null) {
 				exchange.getResponse().getHeaders().set(SaTokenConsts.CONTENT_TYPE_KEY, SaTokenConsts.CONTENT_TYPE_TEXT_PLAIN);
 				return exchange.getResponse().writeWith(Mono.just(exchange.getResponse().bufferFactory().wrap(e.getMessage().getBytes())));
 			} else {
-				SaFirewallStrategy.instance.requestPathInvalidHandle.run(e, exchange, null);
+				SaFirewallStrategy.instance.checkFailHandle.run(e, exchange, null);
 			}
 			return Mono.empty();
 		}
--- a/sa-token-starter/sa-token-spring-boot-starter/src/main/java/cn/dev33/satoken/filter/SaFirewallCheckFilterForServlet.java
+++ b/sa-token-starter/sa-token-spring-boot-starter/src/main/java/cn/dev33/satoken/filter/SaFirewallCheckFilterForServlet.java
@@ -15,43 +15,56 @@
 */
 package cn.dev33.satoken.filter;

-import cn.dev33.satoken.exception.RequestPathInvalidException;
+import cn.dev33.satoken.exception.FirewallCheckException;
+import cn.dev33.satoken.exception.StopMatchException;
+import cn.dev33.satoken.servlet.model.SaRequestForServlet;
+import cn.dev33.satoken.servlet.model.SaResponseForServlet;
 import cn.dev33.satoken.strategy.SaFirewallStrategy;
 import cn.dev33.satoken.util.SaTokenConsts;
 import org.springframework.core.annotation.Order;

 import javax.servlet.*;
 import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;

 /**
- * 校验请求 path 是否合法
+ * 防火墙校验过滤器
 *
 * @author click33
 * @since 1.37.0
 */
@Order(SaTokenConsts.PATH_CHECK_FILTER_ORDER)
-public class SaPathCheckFilterForServlet implements Filter {
+public class SaFirewallCheckFilterForServlet implements Filter {

 	@Override
 	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {

-		// 校验本次请求 path 是否合法
+		HttpServletRequest req = (HttpServletRequest) request;
+		HttpServletResponse res = (HttpServletResponse) response;
+		SaRequestForServlet saRequest = new SaRequestForServlet(req);
+		SaResponseForServlet saResponse = new SaResponseForServlet(res);
+
 		try {
-			HttpServletRequest req = (HttpServletRequest) request;
-			SaFirewallStrategy.instance.checkRequestPath.run(req.getRequestURI(), request, response);
-		} catch (RequestPathInvalidException e) {
-			if(SaFirewallStrategy.instance.requestPathInvalidHandle == null) {
+			SaFirewallStrategy.instance.check.execute(saRequest, saResponse, null);
+		}
+		catch (StopMatchException e) {
+			// 如果是 StopMatchException 异常，代表通过了防火墙验证，进入 Controller
+		}
+		catch (FirewallCheckException e) {
+			// FirewallCheckException 异常则交由异常处理策略处理
+			if(SaFirewallStrategy.instance.checkFailHandle == null) {
 				response.setContentType("text/plain; charset=utf-8");
 				response.getWriter().print(e.getMessage());
 				response.getWriter().flush();
            } else {
-				SaFirewallStrategy.instance.requestPathInvalidHandle.run(e, request, response);
+				SaFirewallStrategy.instance.checkFailHandle.run(e, saRequest, saResponse, null);
            }
            return;
        }
+		// 更多异常则不处理，交由 Web 框架处理
 		
-		// 向下执行
+		// 向内执行
 		chain.doFilter(request, response);
 	}

--- a/sa-token-starter/sa-token-spring-boot-starter/src/main/java/cn/dev33/satoken/spring/SaTokenContextRegister.java
+++ b/sa-token-starter/sa-token-spring-boot-starter/src/main/java/cn/dev33/satoken/spring/SaTokenContextRegister.java
@@ -16,7 +16,7 @@
 package cn.dev33.satoken.spring;

 import cn.dev33.satoken.context.SaTokenContext;
-import cn.dev33.satoken.filter.SaPathCheckFilterForServlet;
+import cn.dev33.satoken.filter.SaFirewallCheckFilterForServlet;
 import org.springframework.context.annotation.Bean;

 /**
@@ -43,8 +43,8 @@ public class SaTokenContextRegister {
 	 * @return /
 	 */
 	@Bean
-	public SaPathCheckFilterForServlet saPathCheckFilterForServlet() {
-		return new SaPathCheckFilterForServlet();
+	public SaFirewallCheckFilterForServlet saPathCheckFilterForServlet() {
+		return new SaFirewallCheckFilterForServlet();
 	}

 }
--- a/sa-token-starter/sa-token-spring-boot3-starter/src/main/java/cn/dev33/satoken/filter/SaPathCheckFilterForJakartaServlet.java
+++ b/sa-token-starter/sa-token-spring-boot3-starter/src/main/java/cn/dev33/satoken/filter/SaPathCheckFilterForJakartaServlet.java
@@ -39,14 +39,14 @@ public class SaPathCheckFilterForJakartaServlet implements Filter {
 		// 校验本次请求 path 是否合法
 		try {
 			HttpServletRequest req = (HttpServletRequest) request;
-			SaFirewallStrategy.instance.checkRequestPath.run(req.getRequestURI(), request, response);
+			SaFirewallStrategy.instance.check.run(req.getRequestURI(), request, response);
 		} catch (RequestPathInvalidException e) {
-			if(SaFirewallStrategy.instance.requestPathInvalidHandle == null) {
+			if(SaFirewallStrategy.instance.checkFailHandle == null) {
 				response.setContentType("text/plain; charset=utf-8");
 				response.getWriter().print(e.getMessage());
 				response.getWriter().flush();
            } else {
-				SaFirewallStrategy.instance.requestPathInvalidHandle.run(e, request, response);
+				SaFirewallStrategy.instance.checkFailHandle.run(e, request, response);
            }
            return;
        }