manager/zyplayer-doc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

白名单使用正则匹配

Browse Source
This commit is contained in:
暮光:城中城
2019-02-01 18:37:55 +08:00
committed by zhanghongli
parent 620c7d02e8
commit 15cfa7e2d1
3 changed files with 25 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
zyplayer-doc-manage/src/main/resources/application.yml
View File

@@ -13,8 +13,8 @@ zyplayer:
doc:
swagger:
proxy-request:
# 内部访问时可以代理请求的域名,使用 ; 分割,必须设置,防止访问到内部地址资源
white-domain: http://127.0.0.1/;http://www.baidu.com/;http://swagger-bootstrap-ui.xiaominfo.com/
# 允许代理请求的域名,正则表达式,多个使用 ; 分割,必须设置,防止通过代理接口访问到内部资源,实在觉得没必要可设置为:.+
white-domain: \S+\.zyplayer\.com;127.0.1:8080;\S+\.xiaominfo\.com;
# zyplayer_doc_manage管理端的数据库配置
manage:
datasource:

13
zyplayer-doc-manage/src/test/java/com/zyplayer/doc/test/Test.java Normal file
View File

@@ -0,0 +1,13 @@
package com.zyplayer.doc.test;
public class Test {
public static void main(String[] args) {
String originRegex = "\\w+\\.zyplayer\\.com";
String origin = "http://doc.zyplayer.com/manage/";
origin = origin.replace("http://", "").replace("https://", "");
origin = origin.substring(0, origin.indexOf("/"));
System.out.println(origin.toLowerCase().matches(originRegex));
}
}

12
zyplayer-doc-swagger/src/main/java/com/zyplayer/doc/swagger/controller/MgHttpRequestController.java
View File

@@ -40,12 +40,20 @@ public class MgHttpRequestController {
if (whiteDomain == null || whiteDomain.isEmpty()) {
return DocResponseJson.warn("未设置代理请求白名单,不能代理请求");
}
long inWhiteList = whiteDomain.stream().filter(paramUrl::startsWith).count();
paramUrl = paramUrl.replace("http://", "").replace("https://", "");
String regexStr = paramUrl.substring(0, paramUrl.indexOf("/"));
long inWhiteList = whiteDomain.stream().filter(val -> regexStr.matches(val)).count();
if (inWhiteList <= 0) {
return DocResponseJson.warn("该域名不在白名单内,不能代理请求");
}
HttpRequest request = param.createRequest();
HttpResponse response = request.execute();
HttpResponse response;
try{
response = request.execute();
} catch (Exception e) {
e.printStackTrace();
return DocResponseJson.warn("请求失败,请检查域名是否正确");
}
HttpRequestVo httpRequestVo = new HttpRequestVo();
httpRequestVo.setData(response.body());
httpRequestVo.setStatus(response.getStatus());