OCT

REM:
1. 非前端接口增加白名单检测功能
2. 重名名白名单配置项名称

config/application-dispose.properties

@@ -26,7 +26,7 @@ crypto.aes-key=hkoUV5ZWh0q1jSxMnpjovVn19Qg99HY6DD40
 crypto.des-key=P3mq9iSIvQcvfyfdWR8sAnfAadO
 
 #信任主机配置
-trust.auth-check=true
+trust.auth-white-list-check=true
 trust.auth-host-token=165B2AA40395fA27278E59eEd4DD5EA490DA175344DE2673A5B17D3760E12F0
 trust.auth-hosts=127.0.0.12,::1
 

src/main/java/com/dispose/common/AuthConfigValue.java

@@ -42,5 +42,5 @@ public class AuthConfigValue {
     /**
      * The constant AUTH_CHECK.
      */
-    public static volatile boolean AUTH_CHECK = true;
+    public static volatile boolean AUTH_WHITE_LIST_CHECK = true;
 }

src/main/java/com/dispose/config/TrustHostConfig.java

@@ -30,7 +30,7 @@ public class TrustHostConfig implements WebMvcConfigurer {
     /**
      * The Auth check.
      */
-    private Boolean authCheck;
+    private Boolean authWhiteListCheck;
 
     /**
      * The Auth host token.
@@ -47,8 +47,7 @@ public class TrustHostConfig implements WebMvcConfigurer {
      */
     @PostConstruct
     private void initGlobalValue() {
-
-        AuthConfigValue.AUTH_CHECK = Optional.ofNullable(authCheck).orElse(true);
+        AuthConfigValue.AUTH_WHITE_LIST_CHECK = Optional.ofNullable(authWhiteListCheck).orElse(true);
 
         for (String s : Optional.ofNullable(authHostToken).orElse(new String[]{""})) {
             AuthConfigValue.TRUST_INFO_CACHE.put(s, System.currentTimeMillis());

src/main/java/com/dispose/interceptor/TokenInterceptor.java

@@ -3,6 +3,7 @@ package com.dispose.interceptor;
 import com.dispose.common.AuthConfigValue;
 import com.dispose.common.ConstValue;
 import com.dispose.common.ErrorCode;
+import com.dispose.common.Helper;
 import com.dispose.pojo.dto.protocol.base.ProtocolRespDTO;
 import com.dispose.service.UserAccountService;
 import com.fasterxml.jackson.databind.ObjectMapper;
@@ -49,6 +50,17 @@ public class TokenInterceptor implements HandlerInterceptor {
 
         if (token != null && token.length() > 0) {
             token = token.replaceFirst(ConstValue.STRING_HTTP_AUTH_HEAD, "");
+
+            String ipAddr = Helper.ipAddressNormalize(request.getRemoteAddr());
+
+            // 检测是否在白名单内
+            if (AuthConfigValue.AUTH_WHITE_LIST_CHECK &&
+                AuthConfigValue.TRUST_INFO_CACHE.containsKey(ipAddr) &&
+                AuthConfigValue.TRUST_INFO_CACHE.containsKey(token)) {
+                log.debug("White list access: {} --> {}", ipAddr, token);
+                return true;
+            }
+
             ErrorCode err = userAccountService.authTokenCheck(token);
             // 判断token是否合法
             if (err != ErrorCode.ERR_OK) {

src/main/java/com/dispose/interceptor/TrustHostInterceptor.java

@@ -35,8 +35,8 @@ public class TrustHostInterceptor implements HandlerInterceptor {
         ErrorCode err;
 
         // 是否启动授权白名单功能
-        if (!AuthConfigValue.AUTH_CHECK) {
-            return true;
+        if (!AuthConfigValue.AUTH_WHITE_LIST_CHECK) {
+            return false;
         }
 
         // 获取访问接口的客户端IP