添加redis白名单；图片检测代码调整；

5 years ago · f7db2c43c0
8 changed files with 156 additions and 116 deletions
--- a/epmet-openapi/epmet-openapi-scan/src/main/java/com/epmet/openapi/scan/ScanApplication.java
+++ b/epmet-openapi/epmet-openapi-scan/src/main/java/com/epmet/openapi/scan/ScanApplication.java
@ -10,6 +10,7 @@ package com.epmet.openapi.scan;

 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.context.annotation.ComponentScan;

 /**
 * 管理后台
@ -19,6 +20,7 @@ import org.springframework.boot.autoconfigure.SpringBootApplication;
 */

@SpringBootApplication
+@ComponentScan(basePackages = "com.epmet")
 public class ScanApplication {

    public static void main(String[] args) {
--- a/epmet-openapi/epmet-openapi-scan/src/main/java/com/epmet/openapi/scan/common/redis/RedisKeys.java
+++ b/epmet-openapi/epmet-openapi-scan/src/main/java/com/epmet/openapi/scan/common/redis/RedisKeys.java
@ -0,0 +1,29 @@
+/**
+ * Copyright (c) 2018 人人开源 All rights reserved.
+ * <p>
+ * https://www.renren.io
+ * <p>
+ * 版权所有，侵权必究！
+ */
+
+package com.epmet.openapi.scan.common.redis;
+
+/**
+ * @author Mark sunlightcs@gmail.com
+ * @since 1.0.0
+ */
+public class RedisKeys {
+
+	/**
+	 * 党群e事通redis前缀
+	 */
+	private static String rootPrefix = "epmet:";
+
+	/**
+	 * desc:白名单Key
+	 * @return
+	 */
+	public static String getWhiteList () {
+		return rootPrefix.concat("openapi:scan:whitelist");
+	}
+}
--- a/epmet-openapi/epmet-openapi-scan/src/main/java/com/epmet/openapi/scan/config/ModuleConfigImpl.java
+++ b/epmet-openapi/epmet-openapi-scan/src/main/java/com/epmet/openapi/scan/config/ModuleConfigImpl.java
@ -0,0 +1,26 @@
+/**
+ * Copyright (c) 2018 人人开源 All rights reserved.
+ *
+ * https://www.renren.io
+ *
+ * 版权所有，侵权必究！
+ */
+
+package com.epmet.openapi.scan.config;
+
+import com.epmet.commons.tools.config.ModuleConfig;
+import org.springframework.stereotype.Service;
+
+/**
+ * 模块配置信息
+ *
+ * @author Mark sunlightcs@gmail.com
+ * @since 1.0.0
+ */
+@Service
+public class ModuleConfigImpl implements ModuleConfig {
+    @Override
+    public String getName() {
+        return "epmetscan";
+    }
+}
--- a/epmet-openapi/epmet-openapi-scan/src/main/java/com/epmet/openapi/scan/config/WebAppConfig.java
+++ b/epmet-openapi/epmet-openapi-scan/src/main/java/com/epmet/openapi/scan/config/WebAppConfig.java
@ -0,0 +1,31 @@
+package com.epmet.openapi.scan.config;
+
+import com.epmet.openapi.scan.interceptor.ScanApiAuthInterceptor;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+
+/**
+ * @author jianjun liu
+ * @email liujianjun@yunzongnet.com
+ * @date 2020-06-08 14:30
+ **/
+
+	@Configuration
+	public class WebAppConfig implements  WebMvcConfigurer{
+	@Autowired
+	private ScanApiAuthInterceptor scanApiAuthInterceptor;
+
+		// 多个拦截器组成一个拦截器链
+		// addPathPatterns 用于添加拦截规则
+		// excludePathPatterns 用户排除拦截
+
+		@Override
+		public void addInterceptors(InterceptorRegistry registry) {
+			registry.addInterceptor(scanApiAuthInterceptor)//添加拦截器
+					.addPathPatterns("/**") //拦截所有请求
+					.excludePathPatterns("/UserCon/**");//对应的不拦截的请求
+		}
+	}
+
--- a/epmet-openapi/epmet-openapi-scan/src/main/java/com/epmet/openapi/scan/controller/BackDoorController.java
+++ b/epmet-openapi/epmet-openapi-scan/src/main/java/com/epmet/openapi/scan/controller/BackDoorController.java
@ -16,7 +16,7 @@ import java.util.Map;
 **/
@RestController
@RequestMapping("test")
-public class TestController {
+public class BackDoorController {
 	@Value("${aliyun.green.accessKeyId}")
 	private String accessKeyId;

--- a/epmet-openapi/epmet-openapi-scan/src/main/java/com/epmet/openapi/scan/interceptor/ScanApiAuthInterceptor.java
+++ b/epmet-openapi/epmet-openapi-scan/src/main/java/com/epmet/openapi/scan/interceptor/ScanApiAuthInterceptor.java
@ -0,0 +1,60 @@
+package com.epmet.openapi.scan.interceptor;
+
+import com.alibaba.fastjson.JSON;
+import com.epmet.commons.tools.exception.EpmetErrorCode;
+import com.epmet.commons.tools.utils.IpUtils;
+import com.epmet.commons.tools.utils.Result;
+import com.epmet.openapi.scan.common.redis.RedisKeys;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.data.redis.core.RedisTemplate;
+import org.springframework.data.redis.core.SetOperations;
+import org.springframework.stereotype.Component;
+import org.springframework.web.servlet.HandlerInterceptor;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.io.PrintWriter;
+
+/**
+ * @author jianjun liu
+ * @date 2020-06-05 16:36
+ **/
+@Component
+public class ScanApiAuthInterceptor implements HandlerInterceptor {
+	private static final Logger log = LoggerFactory.getLogger(ScanApiAuthInterceptor.class);
+	@Autowired
+	private RedisTemplate redisTemplate;
+
+	@Override
+	public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
+		String ip = IpUtils.getIpAddr(request);
+		SetOperations setOperations = redisTemplate.opsForSet();
+		if (!setOperations.isMember(RedisKeys.getWhiteList(), ip)) {
+			log.warn("preHandle ip:{} is not in whitelist", ip);
+			String result = JSON.toJSONString(new Result<>().error(EpmetErrorCode.ERR401.getCode(), EpmetErrorCode.ERR401.getMsg()));
+			responseJson(response, result);
+			return false;
+		}
+		return true;
+	}
+
+	private void responseJson(HttpServletResponse response, String json) throws Exception {
+		PrintWriter writer = null;
+		response.setCharacterEncoding("UTF-8");
+		response.setContentType("text/json; charset=utf-8");
+		try {
+			writer = response.getWriter();
+			writer.print(json);
+		} catch (IOException e) {
+			log.error(e.toString());
+		} finally {
+			if (writer != null) {
+				writer.close();
+			}
+		}
+	}
+
+}
--- a/epmet-openapi/epmet-openapi-scan/src/main/java/com/epmet/openapi/scan/interceptor/ScanApiInterceptor.java
+++ b/epmet-openapi/epmet-openapi-scan/src/main/java/com/epmet/openapi/scan/interceptor/ScanApiInterceptor.java
@ -1,113 +0,0 @@
-package com.epmet.openapi.scan.interceptor;
-
-import com.epmet.openapi.scan.common.exception.AuthException;
-import com.google.gson.Gson;
-import com.google.gson.GsonBuilder;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.web.servlet.HandlerInterceptor;
-import org.springframework.web.servlet.ModelAndView;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
-import java.io.PrintWriter;
-import java.util.Calendar;
-import java.util.Date;
-import java.util.HashMap;
-import java.util.Map;
-
-/**
- * @author jianjun liu
- * @email liujianjun@yunzongnet.com
- * @date 2020-06-05 16:36
- **/
-public class ScanApiInterceptor implements HandlerInterceptor {
-	private static final Logger log = LoggerFactory.getLogger(ScanApiInterceptor.class);
-
-	@Override
-	public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
-			throws Exception {
-		Gson gson = new GsonBuilder().serializeNulls().enableComplexMapKeySerialization().setDateFormat("yyyy-MM-dd HH:mm:ss").create();
-		Map parameterMap = request.getParameterMap();
-		String requestUrl = request.getServletPath();
-		log.info(" 请求地址为: " + requestUrl + " 请求参数为: " + gson.toJson(parameterMap));
-
-		try {
-			String timestamp = "";
-			String appkey = "";
-			String sign = "";
-			if (parameterMap.containsKey("timestamp")) {
-				timestamp = parameterMap.get("timestamp").toString();
-				//验证时间戳
-				Long timestampL = new Long(timestamp);
-				Calendar timestampCalendar = Calendar.getInstance();
-				timestampCalendar.setTimeInMillis(timestampL * 1000L);
-				//设置过期时间
-				timestampCalendar.add(Calendar.MINUTE, 10);
-				Date timestampDate = timestampCalendar.getTime();
-				Date nowDate = new Date();
-				if (timestampDate.compareTo(nowDate) < 0) {
-					throw new AuthException();
-				}
-			} else {
-				throw new AuthException();
-			}
-			if (parameterMap.containsKey("appkey")) {
-				appkey = parameterMap.get("appkey").toString();
-			} else {
-				throw new AuthException();
-			}
-			if (parameterMap.containsKey("sign")) {
-				sign = parameterMap.get("sign").toString();
-			} else {
-				throw new AuthException();
-			}
-
-			Map map2 = new HashMap();
-			map2.putAll(parameterMap);
-			map2.remove("sign");
-				/*String urls = MapUtil.getUrlParamsByMap(map2);
-				urls += "&appsecret=" + OakConfig.getApiAppSecret();
-				String newSign = MD5Util.md5(urls);
-				//log.info("拼接urls参数为：" + urls + " 服务器端签名sign为：" + newSign);
-				if (!sign.equals(newSign)) {
-					throw new AuthException();
-					return false;
-				}*/
-			return true;
-		} catch (Exception e) {
-			log.error(e.toString());
-			throw new AuthException();
-		}
-	}
-
-	@Override
-	public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler,
-	                       ModelAndView modelAndView) throws Exception {
-
-	}
-
-	@Override
-	public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex)
-			throws Exception {
-
-	}
-
-	private void responseJson(HttpServletResponse response, String json) throws Exception {
-		PrintWriter writer = null;
-		response.setCharacterEncoding("UTF-8");
-		response.setContentType("text/json; charset=utf-8");
-		try {
-			writer = response.getWriter();
-			writer.print(json);
-		} catch (IOException e) {
-			log.error(e.toString());
-		} finally {
-			if (writer != null) {
-				writer.close();
-			}
-		}
-	}
-
-}
--- a/epmet-openapi/epmet-openapi-scan/src/main/java/com/epmet/openapi/scan/service/impl/ScanServiceImpl.java
+++ b/epmet-openapi/epmet-openapi-scan/src/main/java/com/epmet/openapi/scan/service/impl/ScanServiceImpl.java
@ -187,7 +187,6 @@ public class ScanServiceImpl implements ScanService {
 							List<BaseScanResult> sceneResults = taskResult.getResults();
 							//是文本检测 目前就一种场景
 							for (BaseScanResult sceneResult : sceneResults) {
-								String scene = sceneResult.getScene();
 								String suggestion = sceneResult.getSuggestion();
 								if (SuggestionEnum.BLOCK.getCode().equals(suggestion)) {
 									result.getFailDataIds().add(taskResult.getDataId());
@ -196,6 +195,7 @@ public class ScanServiceImpl implements ScanService {
 								}
 							}
 						} else {
+							result.getFailDataIds().add(taskResult.getDataId());
 							log.warn("executeSyncText task process fail:code:{},msg:{}", taskResult.getCode(), taskResult.getMsg());
 							throw new ExeCuteHttpException(" executeSyncTexttask process fail:code:" + taskResult.getCode() + ",msg:" + taskResult.getMsg());
 						}
@ -275,11 +275,16 @@ public class ScanServiceImpl implements ScanService {
 					JSONArray taskResults = scrResponse.getJSONArray("data");
 					List<ScanTaskResult> scanTaskResults = taskResults.toJavaList(ScanTaskResult.class);
 					for (ScanTaskResult taskResult : scanTaskResults) {
+						if(200 != taskResult.getCode()){
+							if (!result.getFailDataIds().contains(taskResult.getDataId())) {
+								result.getFailDataIds().add(taskResult.getDataId());
+							}
+							continue;
+						}
 						//如果是多个场景 则为对个 BaseScanResult
 						List<BaseScanResult> sceneResults = taskResult.getResults();
 						//是文本检测 目前就一种场景
 						for (BaseScanResult sceneResult : sceneResults) {
-							String scene = sceneResult.getScene();
 							String suggestion = sceneResult.getSuggestion();
 							if (SuggestionEnum.BLOCK.getCode().equals(suggestion)) {
 								if (result.getFailDataIds().contains(taskResult.getDataId())) {