cmhi
/
dispose
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

OCT 

REM:
1. 非前端接口增加白名单检测功能
2. 重名名白名单配置项名称
This commit is contained in:
HuangXin 2020-09-02 09:05:31 +08:00
parent 81d95978c9
commit 8ef120caa0
5 changed files with 18 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
config/application-dispose.properties
View File

@ -26,7 +26,7 @@ crypto.aes-key=hkoUV5ZWh0q1jSxMnpjovVn19Qg99HY6DD40
crypto.des-key=P3mq9iSIvQcvfyfdWR8sAnfAadO crypto.des-key=P3mq9iSIvQcvfyfdWR8sAnfAadO
#信任主机配置 #信任主机配置
trust.auth-check=true trust.auth-white-list-check=true
trust.auth-host-token=165B2AA40395fA27278E59eEd4DD5EA490DA175344DE2673A5B17D3760E12F0 trust.auth-host-token=165B2AA40395fA27278E59eEd4DD5EA490DA175344DE2673A5B17D3760E12F0
trust.auth-hosts=127.0.0.12,::1 trust.auth-hosts=127.0.0.12,::1

2
src/main/java/com/dispose/common/AuthConfigValue.java
View File

@ -42,5 +42,5 @@ public class AuthConfigValue {
/** /**
* The constant AUTH_CHECK. * The constant AUTH_CHECK.
*/ */
public static volatile boolean AUTH_CHECK = true; public static volatile boolean AUTH_WHITE_LIST_CHECK = true;
} }

5
src/main/java/com/dispose/config/TrustHostConfig.java
View File

@ -30,7 +30,7 @@ public class TrustHostConfig implements WebMvcConfigurer {
/** /**
* The Auth check. * The Auth check.
*/ */
private Boolean authCheck; private Boolean authWhiteListCheck;
/** /**
* The Auth host token. * The Auth host token.
@ -47,8 +47,7 @@ public class TrustHostConfig implements WebMvcConfigurer {
*/ */
@PostConstruct @PostConstruct
private void initGlobalValue() { private void initGlobalValue() {
AuthConfigValue.AUTH_WHITE_LIST_CHECK = Optional.ofNullable(authWhiteListCheck).orElse(true);
AuthConfigValue.AUTH_CHECK = Optional.ofNullable(authCheck).orElse(true);
for (String s : Optional.ofNullable(authHostToken).orElse(new String[]{""})) { for (String s : Optional.ofNullable(authHostToken).orElse(new String[]{""})) {
AuthConfigValue.TRUST_INFO_CACHE.put(s, System.currentTimeMillis()); AuthConfigValue.TRUST_INFO_CACHE.put(s, System.currentTimeMillis());

12
src/main/java/com/dispose/interceptor/TokenInterceptor.java
View File

@ -3,6 +3,7 @@ package com.dispose.interceptor;
import com.dispose.common.AuthConfigValue; import com.dispose.common.AuthConfigValue;
import com.dispose.common.ConstValue; import com.dispose.common.ConstValue;
import com.dispose.common.ErrorCode; import com.dispose.common.ErrorCode;
import com.dispose.common.Helper;
import com.dispose.pojo.dto.protocol.base.ProtocolRespDTO; import com.dispose.pojo.dto.protocol.base.ProtocolRespDTO;
import com.dispose.service.UserAccountService; import com.dispose.service.UserAccountService;
import com.fasterxml.jackson.databind.ObjectMapper; import com.fasterxml.jackson.databind.ObjectMapper;
@ -49,6 +50,17 @@ public class TokenInterceptor implements HandlerInterceptor {
if (token != null && token.length() > 0) { if (token != null && token.length() > 0) {
token = token.replaceFirst(ConstValue.STRING_HTTP_AUTH_HEAD, ""); token = token.replaceFirst(ConstValue.STRING_HTTP_AUTH_HEAD, "");
String ipAddr = Helper.ipAddressNormalize(request.getRemoteAddr());
// 检测是否在白名单内
if (AuthConfigValue.AUTH_WHITE_LIST_CHECK &&
AuthConfigValue.TRUST_INFO_CACHE.containsKey(ipAddr) &&
AuthConfigValue.TRUST_INFO_CACHE.containsKey(token)) {
log.debug("White list access: {} --> {}", ipAddr, token);
return true;
}
ErrorCode err = userAccountService.authTokenCheck(token); ErrorCode err = userAccountService.authTokenCheck(token);
// 判断token是否合法 // 判断token是否合法
if (err != ErrorCode.ERR_OK) { if (err != ErrorCode.ERR_OK) {

4
src/main/java/com/dispose/interceptor/TrustHostInterceptor.java
View File

@ -35,8 +35,8 @@ public class TrustHostInterceptor implements HandlerInterceptor {
ErrorCode err; ErrorCode err;
// 是否启动授权白名单功能 // 是否启动授权白名单功能
if (!AuthConfigValue.AUTH_CHECK) { if (!AuthConfigValue.AUTH_WHITE_LIST_CHECK) {
return true; return false;
} }
// 获取访问接口的客户端IP // 获取访问接口的客户端IP