完成一部分 xss 的功能，准备先午睡~~~

2025-11-04 04:08:43 +08:00 · 2021-02-21 13:11:27 +08:00
parent 183bb5855a
commit 8605cc35c9
13 changed files with 2069 additions and 329 deletions
--- a/ruoyi-common/src/main/java/com/ruoyi/common/config/ResourcesConfig.java
+++ b/ruoyi-common/src/main/java/com/ruoyi/common/config/ResourcesConfig.java
@@ -1,35 +0,0 @@
-package com.ruoyi.framework.config;
-
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;
-import org.springframework.web.cors.CorsConfiguration;
-import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
-import org.springframework.web.filter.CorsFilter;
-import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
-import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
-import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
-import com.ruoyi.common.config.RuoYiConfig;
-import com.ruoyi.common.constant.Constants;
-import com.ruoyi.framework.interceptor.RepeatSubmitInterceptor;
-
-/**
- * 通用配置
- *
- * @author ruoyi
- */
-@Configuration
-public class ResourcesConfig implements WebMvcConfigurer {
-
-    @Autowired
-    private RepeatSubmitInterceptor repeatSubmitInterceptor;
-
-    /**
-     * 自定义拦截规则
-     */
-    @Override
-    public void addInterceptors(InterceptorRegistry registry) {
-        registry.addInterceptor(repeatSubmitInterceptor).addPathPatterns("/**");
-    }
-
-}
--- a/ruoyi-common/src/main/java/com/ruoyi/common/config/ServerConfig.java
+++ b/ruoyi-common/src/main/java/com/ruoyi/common/config/ServerConfig.java
@@ -1,30 +0,0 @@
-package com.ruoyi.framework.config;
-
-import javax.servlet.http.HttpServletRequest;
-
-import org.springframework.stereotype.Component;
-import com.ruoyi.common.utils.ServletUtils;
-
-/**
- * 服务相关配置
- *
- * @author ruoyi
- */
-@Component
-public class ServerConfig {
-    /**
-     * 获取完整的请求路径，包括：域名，端口，上下文访问路径
-     *
-     * @return 服务地址
-     */
-    public String getUrl() {
-        HttpServletRequest request = ServletUtils.getRequest();
-        return getDomain(request);
-    }
-
-    public static String getDomain(HttpServletRequest request) {
-        StringBuffer url = request.getRequestURL();
-        String contextPath = request.getServletContext().getContextPath();
-        return url.delete(url.length() - request.getRequestURI().length(), url.length()).append(contextPath).toString();
-    }
-}
--- a/ruoyi-common/src/main/java/com/ruoyi/common/filter/XssHttpServletRequestWrapper.java
+++ b/ruoyi-common/src/main/java/com/ruoyi/common/filter/XssHttpServletRequestWrapper.java
@@ -1,104 +0,0 @@
-package com.ruoyi.common.filter;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import javax.servlet.ReadListener;
-import javax.servlet.ServletInputStream;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletRequestWrapper;
-import org.apache.commons.io.IOUtils;
-import org.springframework.http.HttpHeaders;
-import org.springframework.http.MediaType;
-import com.ruoyi.common.utils.StringUtils;
-import com.ruoyi.common.utils.html.EscapeUtil;
-
-/**
- * XSS过滤处理
- * 
- * @author ruoyi
- */
-public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper
-{
-    /**
-     * @param request
-     */
-    public XssHttpServletRequestWrapper(HttpServletRequest request)
-    {
-        super(request);
-    }
-
-    @Override
-    public String[] getParameterValues(String name)
-    {
-        String[] values = super.getParameterValues(name);
-        if (values != null)
-        {
-            int length = values.length;
-            String[] escapseValues = new String[length];
-            for (int i = 0; i < length; i++)
-            {
-                // 防xss攻击和过滤前后空格
-                escapseValues[i] = EscapeUtil.clean(values[i]).trim();
-            }
-            return escapseValues;
-        }
-        return super.getParameterValues(name);
-    }
-
-    @Override
-    public ServletInputStream getInputStream() throws IOException
-    {
-        // 非json类型，直接返回
-        if (!isJsonRequest())
-        {
-            return super.getInputStream();
-        }
-
-        // 为空，直接返回
-        String json = IOUtils.toString(super.getInputStream(), "utf-8");
-        if (StringUtils.isEmpty(json))
-        {
-            return super.getInputStream();
-        }
-
-        // xss过滤
-        json = EscapeUtil.clean(json).trim();
-        final ByteArrayInputStream bis = new ByteArrayInputStream(json.getBytes("utf-8"));
-        return new ServletInputStream()
-        {
-            @Override
-            public boolean isFinished()
-            {
-                return true;
-            }
-
-            @Override
-            public boolean isReady()
-            {
-                return true;
-            }
-
-            @Override
-            public void setReadListener(ReadListener readListener)
-            {
-            }
-
-            @Override
-            public int read() throws IOException
-            {
-                return bis.read();
-            }
-        };
-    }
-
-    /**
-     * 是否是Json请求
-     * 
-     * @param request
-     */
-    public boolean isJsonRequest()
-    {
-        String header = super.getHeader(HttpHeaders.CONTENT_TYPE);
-        return MediaType.APPLICATION_JSON_VALUE.equalsIgnoreCase(header);
-    }
-}