From 0d4d306a377ae7f750ee63940ab4769388c21a10 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=BC=A0=E6=9E=97?= <1049020282@qq.com> Date: Tue, 12 Nov 2024 13:05:31 +0800 Subject: [PATCH] =?UTF-8?q?gateway=20swagger=E6=9D=83=E9=99=90=E9=97=AE?= =?UTF-8?q?=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../seqdata/gateway/GatewayConfiguration.java | 7 +++ .../filter/authc/SwaggerGlobalFilter.java | 54 +++++++++++++++++++ 2 files changed, 61 insertions(+) create mode 100644 seqdata-cloud-gateway/src/main/java/cn/seqdata/gateway/filter/authc/SwaggerGlobalFilter.java diff --git a/seqdata-cloud-gateway/src/main/java/cn/seqdata/gateway/GatewayConfiguration.java b/seqdata-cloud-gateway/src/main/java/cn/seqdata/gateway/GatewayConfiguration.java index 6f2aaa7..fd2c226 100644 --- a/seqdata-cloud-gateway/src/main/java/cn/seqdata/gateway/GatewayConfiguration.java +++ b/seqdata-cloud-gateway/src/main/java/cn/seqdata/gateway/GatewayConfiguration.java @@ -16,6 +16,7 @@ import org.springframework.security.oauth2.provider.token.ResourceServerTokenSer import cn.seqdata.gateway.filter.authc.AllowlistPredicate; import cn.seqdata.gateway.filter.authc.IgnoringProperties; import cn.seqdata.gateway.filter.authc.PathMatcherGlobalFilter; +import cn.seqdata.gateway.filter.authc.SwaggerGlobalFilter; import cn.seqdata.gateway.filter.captcha.CaptchaGlobalFilter; import cn.seqdata.gateway.filter.captcha.CaptchaProperties; import cn.seqdata.gateway.filter.logging.LogRecorder; @@ -74,6 +75,12 @@ public class GatewayConfiguration { return new PathMatcherGlobalFilter(allowlistPredicate, tokenServices, permissionEvaluator); } + @Bean + @ConditionalOnProperty(value = "swagger.enabled", havingValue = "false") + public SwaggerGlobalFilter swaggerGlobalFilter() { + return new SwaggerGlobalFilter(); + } + /** * 对前端签名进行验证 */ diff --git a/seqdata-cloud-gateway/src/main/java/cn/seqdata/gateway/filter/authc/SwaggerGlobalFilter.java b/seqdata-cloud-gateway/src/main/java/cn/seqdata/gateway/filter/authc/SwaggerGlobalFilter.java new file mode 100644 index 0000000..b966bea --- /dev/null +++ b/seqdata-cloud-gateway/src/main/java/cn/seqdata/gateway/filter/authc/SwaggerGlobalFilter.java @@ -0,0 +1,54 @@ +package cn.seqdata.gateway.filter.authc; + +import lombok.AllArgsConstructor; + +import org.springframework.cloud.gateway.filter.GatewayFilterChain; +import org.springframework.cloud.gateway.filter.GlobalFilter; +import org.springframework.core.Ordered; +import org.springframework.http.HttpStatus; +import org.springframework.http.server.RequestPath; +import org.springframework.http.server.reactive.ServerHttpRequest; +import org.springframework.util.AntPathMatcher; +import org.springframework.util.PathMatcher; +import org.springframework.web.server.ResponseStatusException; +import org.springframework.web.server.ServerWebExchange; +import reactor.core.publisher.Mono; + +@AllArgsConstructor +public class SwaggerGlobalFilter implements GlobalFilter, Ordered { + protected static final PathMatcher pathMatcher = new AntPathMatcher(); + private static final String[] swaggerList = { + "/swagger-ui.html", "/*/swagger-ui.html", + "/swagger-resources/**", "/*/swagger-resources/**", + "/v2/api-docs/**", "/*/v2/api-docs/**", + "/webjars/**", "/*/webjars/**" + }; + + @Override + public Mono filter(ServerWebExchange exchange, GatewayFilterChain chain) { + ServerHttpRequest request = exchange.getRequest(); + if(test(request)) { + throw new ResponseStatusException(HttpStatus.FORBIDDEN, "URL FORBIDDEN"); + } + return chain.filter(exchange); + } + + public boolean test(ServerHttpRequest request) { + RequestPath requestPath = request.getPath(); + String path = requestPath.value(); + + //是否禁止访问 + for(String pattern : swaggerList) { + if(pathMatcher.match(pattern, path)) { + return true; + } + } + + return false; + } + + @Override + public int getOrder() { + return -100; + } +} -- Gitee