代码修改

gateway/ag-basic/src/main/java/com/yihu/jw/gateway/config/MultipartConfig.java

@@ -1,5 +1,8 @@
package com.yihu.jw.gateway.config;
import com.yihu.jw.gateway.filter.CsrfFilter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.boot.web.servlet.MultipartConfigFactory;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
@@ -12,6 +15,10 @@ import java.io.*;
@Configuration
public class MultipartConfig {
    @Autowired
    CsrfFilter csrfFilter;
    @Bean
    MultipartConfigElement multipartConfigElement() {
        MultipartConfigFactory factory = new MultipartConfigFactory();
@@ -24,4 +31,14 @@ public class MultipartConfig {
        return factory.createMultipartConfig();
    }
    @Bean
    public FilterRegistrationBean testFilterRegistration4() {
        FilterRegistrationBean registration = new FilterRegistrationBean();
        registration.setFilter(csrfFilter);
        registration.addUrlPatterns("/*");
        registration.setName("CsrfFilter");
        registration.setOrder(3);
        return registration;
    }
}

gateway/ag-basic/src/main/java/com/yihu/jw/gateway/filter/CsrfFilter.java

@@ -0,0 +1,114 @@
package com.yihu.jw.gateway.filter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;
import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.net.MalformedURLException;
import java.util.ArrayList;
import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
/**
 * Created by yeshijie on 2022/3/15.
 */
@Component
public class CsrfFilter implements Filter {
    private Logger log = LoggerFactory.getLogger(CsrfFilter.class);
    /**
     * 过滤器配置对象
     */
    FilterConfig filterConfig = null;
    /**
     * 是否启用
     */
    @Value("${security.csrf.enable}")
    private boolean enable;
    /**
     * 忽略的URL
     */
    private List<String> excludes = new ArrayList<>();
    public void setExcludes(List<String> excludes) {
        this.excludes = excludes;
    }
    /**
     * 初始化
     */
    @Override
    public void init(FilterConfig filterConfig) throws ServletException {
        this.filterConfig = filterConfig;
    }
    /**
     * 拦截
     */
    @Override
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)
            throws IOException, ServletException {
        HttpServletRequest request = (HttpServletRequest) servletRequest;
        HttpServletResponse response = (HttpServletResponse) servletResponse;
        String referer = request.getHeader("Referer");
        String host = request.getServerName();
        // 不启用或者已忽略的URL不拦截
        if(!enable ||referer == null||referer.indexOf("http://ehr.yihu.com")==0
                ||referer.indexOf("https://zhyzh.gongshu.gov.cn")==0
                ||referer.indexOf("27.154.233.186")>0
                ||referer.indexOf(host)>0){
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        java.net.URL url = null;
        try {
            url = new java.net.URL(referer);
        } catch (MalformedURLException e) {
            // URL解析异常，也置为404
            response.setStatus(HttpServletResponse.SC_NOT_FOUND);
            return;
        }
        // 判断是否存在外链请求本站
        if (!host.equals(url.getHost())) {
            log.error("CSRF过滤器 => 服务器：{} => 当前域名：{}", host, referer);
            servletResponse.setContentType("text/html; charset=utf-8");
            servletResponse.getWriter().write("系统不支持当前域名的访问！");
        } else {
            filterChain.doFilter(servletRequest, servletResponse);
        }
    }
    /**
     * 销毁
     */
    @Override
    public void destroy() {
        this.filterConfig = null;
    }
    /**
     * 判断是否为忽略的URL
     *
     * @param url URL路径
     * @return true-忽略，false-过滤
     */
    private boolean isExcludeUrl(String url) {
        if (excludes == null || excludes.isEmpty()) {
            return false;
        }
        return excludes.stream().map(pattern -> Pattern.compile("^" + pattern)).map(p -> p.matcher(url))
                .anyMatch(Matcher::find);
    }
}

gateway/ag-basic/src/main/resources/application.yml

@@ -116,6 +116,11 @@ endpoints:
  heapdump:
    enabled: false
# 信息安全
security:
  csrf:
    enable: true
#---
#spring:
#  profiles: jwdev