From f7db2c43c00c0e26a84e1e2501fd85ea525d33d8 Mon Sep 17 00:00:00 2001 From: jianjun Date: Mon, 8 Jun 2020 18:37:41 +0800 Subject: [PATCH] =?UTF-8?q?=E6=B7=BB=E5=8A=A0redis=E7=99=BD=E5=90=8D?= =?UTF-8?q?=E5=8D=95=EF=BC=9B=E5=9B=BE=E7=89=87=E6=A3=80=E6=B5=8B=E4=BB=A3?= =?UTF-8?q?=E7=A0=81=E8=B0=83=E6=95=B4=EF=BC=9B?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../epmet/openapi/scan/ScanApplication.java | 2 + .../openapi/scan/common/redis/RedisKeys.java | 29 +++++ .../openapi/scan/config/ModuleConfigImpl.java | 26 ++++ .../openapi/scan/config/WebAppConfig.java | 31 +++++ ...ontroller.java => BackDoorController.java} | 2 +- .../interceptor/ScanApiAuthInterceptor.java | 60 ++++++++++ .../scan/interceptor/ScanApiInterceptor.java | 113 ------------------ .../scan/service/impl/ScanServiceImpl.java | 9 +- 8 files changed, 156 insertions(+), 116 deletions(-) create mode 100644 epmet-openapi/epmet-openapi-scan/src/main/java/com/epmet/openapi/scan/common/redis/RedisKeys.java create mode 100644 epmet-openapi/epmet-openapi-scan/src/main/java/com/epmet/openapi/scan/config/ModuleConfigImpl.java create mode 100644 epmet-openapi/epmet-openapi-scan/src/main/java/com/epmet/openapi/scan/config/WebAppConfig.java rename epmet-openapi/epmet-openapi-scan/src/main/java/com/epmet/openapi/scan/controller/{TestController.java => BackDoorController.java} (96%) create mode 100644 epmet-openapi/epmet-openapi-scan/src/main/java/com/epmet/openapi/scan/interceptor/ScanApiAuthInterceptor.java delete mode 100644 epmet-openapi/epmet-openapi-scan/src/main/java/com/epmet/openapi/scan/interceptor/ScanApiInterceptor.java diff --git a/epmet-openapi/epmet-openapi-scan/src/main/java/com/epmet/openapi/scan/ScanApplication.java b/epmet-openapi/epmet-openapi-scan/src/main/java/com/epmet/openapi/scan/ScanApplication.java index b87a8dc231..38f55211d2 100644 --- a/epmet-openapi/epmet-openapi-scan/src/main/java/com/epmet/openapi/scan/ScanApplication.java +++ b/epmet-openapi/epmet-openapi-scan/src/main/java/com/epmet/openapi/scan/ScanApplication.java @@ -10,6 +10,7 @@ package com.epmet.openapi.scan; import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; +import org.springframework.context.annotation.ComponentScan; /** * 管理后台 @@ -19,6 +20,7 @@ import org.springframework.boot.autoconfigure.SpringBootApplication; */ @SpringBootApplication +@ComponentScan(basePackages = "com.epmet") public class ScanApplication { public static void main(String[] args) { diff --git a/epmet-openapi/epmet-openapi-scan/src/main/java/com/epmet/openapi/scan/common/redis/RedisKeys.java b/epmet-openapi/epmet-openapi-scan/src/main/java/com/epmet/openapi/scan/common/redis/RedisKeys.java new file mode 100644 index 0000000000..3904011b00 --- /dev/null +++ b/epmet-openapi/epmet-openapi-scan/src/main/java/com/epmet/openapi/scan/common/redis/RedisKeys.java @@ -0,0 +1,29 @@ +/** + * Copyright (c) 2018 人人开源 All rights reserved. + *

+ * https://www.renren.io + *

+ * 版权所有,侵权必究! + */ + +package com.epmet.openapi.scan.common.redis; + +/** + * @author Mark sunlightcs@gmail.com + * @since 1.0.0 + */ +public class RedisKeys { + + /** + * 党群e事通redis前缀 + */ + private static String rootPrefix = "epmet:"; + + /** + * desc:白名单Key + * @return + */ + public static String getWhiteList () { + return rootPrefix.concat("openapi:scan:whitelist"); + } +} diff --git a/epmet-openapi/epmet-openapi-scan/src/main/java/com/epmet/openapi/scan/config/ModuleConfigImpl.java b/epmet-openapi/epmet-openapi-scan/src/main/java/com/epmet/openapi/scan/config/ModuleConfigImpl.java new file mode 100644 index 0000000000..68532b7819 --- /dev/null +++ b/epmet-openapi/epmet-openapi-scan/src/main/java/com/epmet/openapi/scan/config/ModuleConfigImpl.java @@ -0,0 +1,26 @@ +/** + * Copyright (c) 2018 人人开源 All rights reserved. + * + * https://www.renren.io + * + * 版权所有,侵权必究! + */ + +package com.epmet.openapi.scan.config; + +import com.epmet.commons.tools.config.ModuleConfig; +import org.springframework.stereotype.Service; + +/** + * 模块配置信息 + * + * @author Mark sunlightcs@gmail.com + * @since 1.0.0 + */ +@Service +public class ModuleConfigImpl implements ModuleConfig { + @Override + public String getName() { + return "epmetscan"; + } +} diff --git a/epmet-openapi/epmet-openapi-scan/src/main/java/com/epmet/openapi/scan/config/WebAppConfig.java b/epmet-openapi/epmet-openapi-scan/src/main/java/com/epmet/openapi/scan/config/WebAppConfig.java new file mode 100644 index 0000000000..8b331effc6 --- /dev/null +++ b/epmet-openapi/epmet-openapi-scan/src/main/java/com/epmet/openapi/scan/config/WebAppConfig.java @@ -0,0 +1,31 @@ +package com.epmet.openapi.scan.config; + +import com.epmet.openapi.scan.interceptor.ScanApiAuthInterceptor; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.annotation.Configuration; +import org.springframework.web.servlet.config.annotation.InterceptorRegistry; +import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; + +/** + * @author jianjun liu + * @email liujianjun@yunzongnet.com + * @date 2020-06-08 14:30 + **/ + + @Configuration + public class WebAppConfig implements WebMvcConfigurer{ + @Autowired + private ScanApiAuthInterceptor scanApiAuthInterceptor; + + // 多个拦截器组成一个拦截器链 + // addPathPatterns 用于添加拦截规则 + // excludePathPatterns 用户排除拦截 + + @Override + public void addInterceptors(InterceptorRegistry registry) { + registry.addInterceptor(scanApiAuthInterceptor)//添加拦截器 + .addPathPatterns("/**") //拦截所有请求 + .excludePathPatterns("/UserCon/**");//对应的不拦截的请求 + } + } + diff --git a/epmet-openapi/epmet-openapi-scan/src/main/java/com/epmet/openapi/scan/controller/TestController.java b/epmet-openapi/epmet-openapi-scan/src/main/java/com/epmet/openapi/scan/controller/BackDoorController.java similarity index 96% rename from epmet-openapi/epmet-openapi-scan/src/main/java/com/epmet/openapi/scan/controller/TestController.java rename to epmet-openapi/epmet-openapi-scan/src/main/java/com/epmet/openapi/scan/controller/BackDoorController.java index e903a8d0e7..db1807ca3c 100644 --- a/epmet-openapi/epmet-openapi-scan/src/main/java/com/epmet/openapi/scan/controller/TestController.java +++ b/epmet-openapi/epmet-openapi-scan/src/main/java/com/epmet/openapi/scan/controller/BackDoorController.java @@ -16,7 +16,7 @@ import java.util.Map; **/ @RestController @RequestMapping("test") -public class TestController { +public class BackDoorController { @Value("${aliyun.green.accessKeyId}") private String accessKeyId; diff --git a/epmet-openapi/epmet-openapi-scan/src/main/java/com/epmet/openapi/scan/interceptor/ScanApiAuthInterceptor.java b/epmet-openapi/epmet-openapi-scan/src/main/java/com/epmet/openapi/scan/interceptor/ScanApiAuthInterceptor.java new file mode 100644 index 0000000000..6ce851a45e --- /dev/null +++ b/epmet-openapi/epmet-openapi-scan/src/main/java/com/epmet/openapi/scan/interceptor/ScanApiAuthInterceptor.java @@ -0,0 +1,60 @@ +package com.epmet.openapi.scan.interceptor; + +import com.alibaba.fastjson.JSON; +import com.epmet.commons.tools.exception.EpmetErrorCode; +import com.epmet.commons.tools.utils.IpUtils; +import com.epmet.commons.tools.utils.Result; +import com.epmet.openapi.scan.common.redis.RedisKeys; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.data.redis.core.RedisTemplate; +import org.springframework.data.redis.core.SetOperations; +import org.springframework.stereotype.Component; +import org.springframework.web.servlet.HandlerInterceptor; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; +import java.io.PrintWriter; + +/** + * @author jianjun liu + * @date 2020-06-05 16:36 + **/ +@Component +public class ScanApiAuthInterceptor implements HandlerInterceptor { + private static final Logger log = LoggerFactory.getLogger(ScanApiAuthInterceptor.class); + @Autowired + private RedisTemplate redisTemplate; + + @Override + public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { + String ip = IpUtils.getIpAddr(request); + SetOperations setOperations = redisTemplate.opsForSet(); + if (!setOperations.isMember(RedisKeys.getWhiteList(), ip)) { + log.warn("preHandle ip:{} is not in whitelist", ip); + String result = JSON.toJSONString(new Result<>().error(EpmetErrorCode.ERR401.getCode(), EpmetErrorCode.ERR401.getMsg())); + responseJson(response, result); + return false; + } + return true; + } + + private void responseJson(HttpServletResponse response, String json) throws Exception { + PrintWriter writer = null; + response.setCharacterEncoding("UTF-8"); + response.setContentType("text/json; charset=utf-8"); + try { + writer = response.getWriter(); + writer.print(json); + } catch (IOException e) { + log.error(e.toString()); + } finally { + if (writer != null) { + writer.close(); + } + } + } + +} diff --git a/epmet-openapi/epmet-openapi-scan/src/main/java/com/epmet/openapi/scan/interceptor/ScanApiInterceptor.java b/epmet-openapi/epmet-openapi-scan/src/main/java/com/epmet/openapi/scan/interceptor/ScanApiInterceptor.java deleted file mode 100644 index 91eb34a720..0000000000 --- a/epmet-openapi/epmet-openapi-scan/src/main/java/com/epmet/openapi/scan/interceptor/ScanApiInterceptor.java +++ /dev/null @@ -1,113 +0,0 @@ -package com.epmet.openapi.scan.interceptor; - -import com.epmet.openapi.scan.common.exception.AuthException; -import com.google.gson.Gson; -import com.google.gson.GsonBuilder; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.web.servlet.HandlerInterceptor; -import org.springframework.web.servlet.ModelAndView; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import java.io.IOException; -import java.io.PrintWriter; -import java.util.Calendar; -import java.util.Date; -import java.util.HashMap; -import java.util.Map; - -/** - * @author jianjun liu - * @email liujianjun@yunzongnet.com - * @date 2020-06-05 16:36 - **/ -public class ScanApiInterceptor implements HandlerInterceptor { - private static final Logger log = LoggerFactory.getLogger(ScanApiInterceptor.class); - - @Override - public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) - throws Exception { - Gson gson = new GsonBuilder().serializeNulls().enableComplexMapKeySerialization().setDateFormat("yyyy-MM-dd HH:mm:ss").create(); - Map parameterMap = request.getParameterMap(); - String requestUrl = request.getServletPath(); - log.info(" 请求地址为: " + requestUrl + " 请求参数为: " + gson.toJson(parameterMap)); - - try { - String timestamp = ""; - String appkey = ""; - String sign = ""; - if (parameterMap.containsKey("timestamp")) { - timestamp = parameterMap.get("timestamp").toString(); - //验证时间戳 - Long timestampL = new Long(timestamp); - Calendar timestampCalendar = Calendar.getInstance(); - timestampCalendar.setTimeInMillis(timestampL * 1000L); - //设置过期时间 - timestampCalendar.add(Calendar.MINUTE, 10); - Date timestampDate = timestampCalendar.getTime(); - Date nowDate = new Date(); - if (timestampDate.compareTo(nowDate) < 0) { - throw new AuthException(); - } - } else { - throw new AuthException(); - } - if (parameterMap.containsKey("appkey")) { - appkey = parameterMap.get("appkey").toString(); - } else { - throw new AuthException(); - } - if (parameterMap.containsKey("sign")) { - sign = parameterMap.get("sign").toString(); - } else { - throw new AuthException(); - } - - Map map2 = new HashMap(); - map2.putAll(parameterMap); - map2.remove("sign"); - /*String urls = MapUtil.getUrlParamsByMap(map2); - urls += "&appsecret=" + OakConfig.getApiAppSecret(); - String newSign = MD5Util.md5(urls); - //log.info("拼接urls参数为:" + urls + " 服务器端签名sign为:" + newSign); - if (!sign.equals(newSign)) { - throw new AuthException(); - return false; - }*/ - return true; - } catch (Exception e) { - log.error(e.toString()); - throw new AuthException(); - } - } - - @Override - public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, - ModelAndView modelAndView) throws Exception { - - } - - @Override - public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) - throws Exception { - - } - - private void responseJson(HttpServletResponse response, String json) throws Exception { - PrintWriter writer = null; - response.setCharacterEncoding("UTF-8"); - response.setContentType("text/json; charset=utf-8"); - try { - writer = response.getWriter(); - writer.print(json); - } catch (IOException e) { - log.error(e.toString()); - } finally { - if (writer != null) { - writer.close(); - } - } - } - -} diff --git a/epmet-openapi/epmet-openapi-scan/src/main/java/com/epmet/openapi/scan/service/impl/ScanServiceImpl.java b/epmet-openapi/epmet-openapi-scan/src/main/java/com/epmet/openapi/scan/service/impl/ScanServiceImpl.java index 9471f1935d..d125084273 100644 --- a/epmet-openapi/epmet-openapi-scan/src/main/java/com/epmet/openapi/scan/service/impl/ScanServiceImpl.java +++ b/epmet-openapi/epmet-openapi-scan/src/main/java/com/epmet/openapi/scan/service/impl/ScanServiceImpl.java @@ -187,7 +187,6 @@ public class ScanServiceImpl implements ScanService { List sceneResults = taskResult.getResults(); //是文本检测 目前就一种场景 for (BaseScanResult sceneResult : sceneResults) { - String scene = sceneResult.getScene(); String suggestion = sceneResult.getSuggestion(); if (SuggestionEnum.BLOCK.getCode().equals(suggestion)) { result.getFailDataIds().add(taskResult.getDataId()); @@ -196,6 +195,7 @@ public class ScanServiceImpl implements ScanService { } } } else { + result.getFailDataIds().add(taskResult.getDataId()); log.warn("executeSyncText task process fail:code:{},msg:{}", taskResult.getCode(), taskResult.getMsg()); throw new ExeCuteHttpException(" executeSyncTexttask process fail:code:" + taskResult.getCode() + ",msg:" + taskResult.getMsg()); } @@ -275,11 +275,16 @@ public class ScanServiceImpl implements ScanService { JSONArray taskResults = scrResponse.getJSONArray("data"); List scanTaskResults = taskResults.toJavaList(ScanTaskResult.class); for (ScanTaskResult taskResult : scanTaskResults) { + if(200 != taskResult.getCode()){ + if (!result.getFailDataIds().contains(taskResult.getDataId())) { + result.getFailDataIds().add(taskResult.getDataId()); + } + continue; + } //如果是多个场景 则为对个 BaseScanResult List sceneResults = taskResult.getResults(); //是文本检测 目前就一种场景 for (BaseScanResult sceneResult : sceneResults) { - String scene = sceneResult.getScene(); String suggestion = sceneResult.getSuggestion(); if (SuggestionEnum.BLOCK.getCode().equals(suggestion)) { if (result.getFailDataIds().contains(taskResult.getDataId())) {