feat: 新增 SaFirewallCheckHookForHost host 检测 hook

2025-10-21 02:57:23 +08:00 · 2025-02-27 09:50:12 +08:00
parent 80789607fd
commit e469b76681
13 changed files with 158 additions and 14 deletions
--- a/sa-token-core/src/main/java/cn/dev33/satoken/context/model/SaRequest.java
+++ b/sa-token-core/src/main/java/cn/dev33/satoken/context/model/SaRequest.java
@@ -21,7 +21,6 @@ import cn.dev33.satoken.router.SaHttpMethod;
 import cn.dev33.satoken.util.SaFoxUtil;

 import java.util.Collection;
-import java.util.List;
 import java.util.Map;

 /**
@@ -191,6 +190,12 @@ public interface SaRequest {
 		return getMethod().equals(method.name());
 	}

+	/**
+	 * 查询请求 host
+	 * @return /
+	 */
+	String getHost();
+
 	/**
 	 * 判断此请求是否为 Ajax 异步请求
 	 * @return /
--- a/sa-token-core/src/main/java/cn/dev33/satoken/strategy/SaFirewallStrategy.java
+++ b/sa-token-core/src/main/java/cn/dev33/satoken/strategy/SaFirewallStrategy.java
@@ -46,6 +46,7 @@ public final class SaFirewallStrategy {
 		checkHooks.add(SaFirewallCheckHookForBlackList.instance);
 		checkHooks.add(SaFirewallCheckHookForDangerCharacter.instance);
 		checkHooks.add(SaFirewallCheckHookForDirectoryTraversal.instance);
+		checkHooks.add(SaFirewallCheckHookForHost.instance);
 	}

 	// 注册一个防火墙校验 hook
--- a/sa-token-core/src/main/java/cn/dev33/satoken/strategy/hooks/SaFirewallCheckHookForHost.java
+++ b/sa-token-core/src/main/java/cn/dev33/satoken/strategy/hooks/SaFirewallCheckHookForHost.java
@@ -0,0 +1,77 @@
+/*
+ * Copyright 2020-2099 sa-token.cc
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package cn.dev33.satoken.strategy.hooks;
+
+import cn.dev33.satoken.context.model.SaRequest;
+import cn.dev33.satoken.context.model.SaResponse;
+import cn.dev33.satoken.exception.FirewallCheckException;
+import cn.dev33.satoken.strategy.SaStrategy;
+
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+
+/**
+ * 防火墙策略校验钩子函数：Host 检测
+ *
+ * @author click33
+ * @since 1.41.0
+ */
+public class SaFirewallCheckHookForHost implements SaFirewallCheckHook {
+
+    /**
+     * 默认实例
+     */
+    public static SaFirewallCheckHookForHost instance = new SaFirewallCheckHookForHost();
+
+    /**
+     * 是否校验 host
+     */
+    public Boolean isCheckHost = false;
+
+    /**
+     * 允许的 host 列表，允许通配符
+     */
+    public List<String> allowHosts = new ArrayList<>();
+
+    /**
+     * 配置
+     * @param isCheckHost 是否校验 host
+     * @param allowHosts 允许的 host 列表
+     */
+    public void config(Boolean isCheckHost, String... allowHosts) {
+        this.isCheckHost = isCheckHost;
+        this.allowHosts.addAll(Arrays.asList(allowHosts));
+    }
+
+    /**
+     * 执行的方法
+     *
+     * @param req 请求对象
+     * @param res 响应对象
+     * @param extArg 预留扩展参数
+     */
+    @Override
+    public void execute(SaRequest req, SaResponse res, Object extArg) {
+        if(isCheckHost) {
+            String host = req.getHost();
+            if( ! SaStrategy.instance.hasElement.apply(allowHosts, host) ) {
+                throw new FirewallCheckException("非法请求 host：" + host);
+            }
+        }
+    }
+
+}