diff --git a/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/aspect/BaseRequestLogAspect.java b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/aspect/BaseRequestLogAspect.java index 3e7af3ced6..b8a38908a0 100644 --- a/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/aspect/BaseRequestLogAspect.java +++ b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/aspect/BaseRequestLogAspect.java @@ -12,7 +12,6 @@ import org.springframework.dao.DuplicateKeyException; import javax.servlet.http.HttpServletRequest; import java.time.Duration; import java.time.LocalDateTime; -import java.util.UUID; /** * 日志切面 diff --git a/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/utils/IpUtils.java b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/utils/IpUtils.java index b100daac7a..d051717d8d 100644 --- a/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/utils/IpUtils.java +++ b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/utils/IpUtils.java @@ -8,12 +8,17 @@ package com.epmet.commons.tools.utils; +import com.epmet.commons.tools.constant.StrConstant; import org.apache.commons.lang3.StringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import org.springframework.http.HttpHeaders; +import org.springframework.http.server.reactive.ServerHttpRequest; import javax.servlet.http.HttpServletRequest; import java.net.InetAddress; +import java.net.UnknownHostException; +import java.util.Optional; import java.util.regex.Pattern; /** @@ -24,43 +29,87 @@ import java.util.regex.Pattern; */ public class IpUtils { private static Logger logger = LoggerFactory.getLogger(IpUtils.class); - public static final String LOCALHOST = "127.0.0.1"; + private static final String LOCALHOST = "127.0.0.1"; - public static final String ANYHOST = "0.0.0.0"; + private static final String ANYHOST = "0.0.0.0"; + + private static final String IP_UNKNOWN = "unknown"; private static final Pattern IP_PATTERN = Pattern.compile("\\d{1,3}(\\.\\d{1,3}){3,5}$"); public static String getIpAddr(HttpServletRequest request) { + String ip = null; try { ip = request.getHeader("x-forwarded-for"); - logger.debug("x-forwarded-for:"+ip); - if (StringUtils.isEmpty(ip) || "unknown".equalsIgnoreCase(ip)) { + logger.debug("x-forwarded-for:" + ip); + if (StringUtils.isEmpty(ip) || IP_UNKNOWN.equalsIgnoreCase(ip)) { ip = request.getHeader("Proxy-Client-IP"); } - if (StringUtils.isEmpty(ip) || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { + if (StringUtils.isEmpty(ip) || ip.length() == 0 || IP_UNKNOWN.equalsIgnoreCase(ip)) { ip = request.getHeader("WL-Proxy-Client-IP"); } - if (StringUtils.isEmpty(ip) || "unknown".equalsIgnoreCase(ip)) { + if (StringUtils.isEmpty(ip) || IP_UNKNOWN.equalsIgnoreCase(ip)) { ip = request.getHeader("HTTP_CLIENT_IP"); } - if (StringUtils.isEmpty(ip) || "unknown".equalsIgnoreCase(ip)) { + if (StringUtils.isEmpty(ip) || IP_UNKNOWN.equalsIgnoreCase(ip)) { ip = request.getHeader("HTTP_X_FORWARDED_FOR"); } - if (StringUtils.isEmpty(ip) || "unknown".equalsIgnoreCase(ip)) { + if (StringUtils.isEmpty(ip) || IP_UNKNOWN.equalsIgnoreCase(ip)) { ip = request.getHeader("X-Real-IP"); } - if (StringUtils.isEmpty(ip) || "unknown".equalsIgnoreCase(ip)) { + if (StringUtils.isEmpty(ip) || IP_UNKNOWN.equalsIgnoreCase(ip)) { ip = request.getRemoteAddr(); } //对于通过多个代理的情况,第一个IP为客户端真实IP,多个IP按照','分割 if (ip != null) { //"***.***.***.***".length() = 15 - if (ip.indexOf(",") > 0) { - ip = ip.substring(0, ip.indexOf(",")); + if (ip.indexOf(StrConstant.COMMA) > 0) { + ip = ip.split(StrConstant.COMMA)[0]; + ; + } + } + } catch (Exception e) { + logger.error("IpUtils getIpAddr ERROR ", e); + } + + return ip; + } + + public static String getClientIp(ServerHttpRequest request) { + String ip = null; + try { + HttpHeaders headers = request.getHeaders(); + String ipAddress = headers.getFirst("x-forwarded-for"); + if (ipAddress == null || ipAddress.length() == 0 || IP_UNKNOWN.equalsIgnoreCase(ipAddress)) { + ipAddress = headers.getFirst("Proxy-Client-IP"); + } + if (ipAddress == null || ipAddress.length() == 0 || IP_UNKNOWN.equalsIgnoreCase(ipAddress)) { + ipAddress = headers.getFirst("WL-Proxy-Client-IP"); + } + if (ipAddress == null || ipAddress.length() == 0 || IP_UNKNOWN.equalsIgnoreCase(ipAddress)) { + ipAddress = Optional.ofNullable(request.getRemoteAddress()) + .map(address -> address.getAddress().getHostAddress()) + .orElse(""); + if (LOCALHOST.equals(ipAddress)) { + // 根据网卡取本机配置的IP + try { + InetAddress inet = InetAddress.getLocalHost(); + ipAddress = inet.getHostAddress(); + } catch (UnknownHostException e) { + // ignore + } + } + } + + // 对于通过多个代理的情况,第一个IP为客户端真实IP,多个IP按照','分割 + if (ip != null) { //"***.***.***.***".length() = 15 + if (ip.indexOf(StrConstant.COMMA) > 0) { + ip = ip.substring(0, ip.indexOf(StrConstant.COMMA)); } } + return ipAddress; } catch (Exception e) { - logger.error("IpUtils ERROR ", e); + logger.error("IpUtils getIpAddr ERROR ", e); } return ip; diff --git a/epmet-gateway/src/main/java/com/epmet/auth/InternalAuthProcessor.java b/epmet-gateway/src/main/java/com/epmet/auth/InternalAuthProcessor.java index 6690bb2374..43895ce9af 100644 --- a/epmet-gateway/src/main/java/com/epmet/auth/InternalAuthProcessor.java +++ b/epmet-gateway/src/main/java/com/epmet/auth/InternalAuthProcessor.java @@ -8,7 +8,6 @@ import com.epmet.commons.tools.security.dto.BaseTokenDto; import com.epmet.commons.tools.security.dto.GovTokenDto; import com.epmet.commons.tools.security.dto.TokenDto; import com.epmet.commons.tools.utils.CpUserDetailRedis; -import com.epmet.commons.tools.utils.Result; import com.epmet.filter.CpProperty; import com.epmet.jwt.JwtTokenUtils; import io.jsonwebtoken.Claims; @@ -22,7 +21,6 @@ import org.springframework.http.server.reactive.ServerHttpRequest; import org.springframework.stereotype.Component; import org.springframework.util.AntPathMatcher; import org.springframework.web.server.ServerWebExchange; -import reactor.core.publisher.Mono; /** * 内部认证处理器 @@ -48,7 +46,6 @@ public class InternalAuthProcessor extends AuthProcessor { ServerHttpRequest request = exchange.getRequest(); String requestUri = request.getPath().pathWithinApplication().value(); - logger.info("CpAuthGatewayFilterFactory当前requestUri=[" + requestUri + "]CpAuthGatewayFilterFactory拦截成功"); String token = getTokenFromRequest(request); //BaseTokenDto baseTokenDto = StringUtils.isNotBlank(token) ? getBaseTokenDto(token, jwtTokenUtils) : null; BaseTokenDto baseTokenDto; diff --git a/epmet-gateway/src/main/java/com/epmet/filter/CpAuthGatewayFilterFactory.java b/epmet-gateway/src/main/java/com/epmet/filter/CpAuthGatewayFilterFactory.java index 9051c001d8..72139e59e1 100644 --- a/epmet-gateway/src/main/java/com/epmet/filter/CpAuthGatewayFilterFactory.java +++ b/epmet-gateway/src/main/java/com/epmet/filter/CpAuthGatewayFilterFactory.java @@ -5,9 +5,8 @@ import com.alibaba.fastjson.JSON; import com.epmet.auth.ExternalAuthProcessor; import com.epmet.auth.InternalAuthProcessor; import com.epmet.commons.tools.constant.AppClientConstant; -import com.epmet.commons.tools.constant.Constant; -import com.epmet.commons.tools.exception.EpmetErrorCode; import com.epmet.commons.tools.exception.RenException; +import com.epmet.commons.tools.utils.IpUtils; import com.epmet.commons.tools.utils.Result; import com.epmet.constant.AuthTypeConstant; import com.epmet.constant.TokenHeaderKeyConstant; @@ -23,7 +22,6 @@ import org.springframework.http.HttpStatus; import org.springframework.http.MediaType; import org.springframework.http.server.reactive.ServerHttpRequest; import org.springframework.stereotype.Component; -import org.springframework.util.AntPathMatcher; import org.springframework.web.server.ServerWebExchange; import reactor.core.publisher.Flux; import reactor.core.publisher.Mono; @@ -71,7 +69,9 @@ public class CpAuthGatewayFilterFactory extends AbstractGatewayFilterFactory