|
|
@@ -7,7 +7,6 @@ import com.jiayue.ssi.constant.SecretKeyConstants;
|
|
|
import com.jiayue.ssi.factory.LoginFactory;
|
|
|
import com.jiayue.ssi.servlet.ParameterRequestWrapper;
|
|
|
import com.jiayue.ssi.util.IPUtils;
|
|
|
-import com.jiayue.ssi.util.JwtTokenUtil;
|
|
|
import com.jiayue.ssi.util.ResponseInfo;
|
|
|
import com.jiayue.ssi.util.SM2CryptUtils;
|
|
|
import lombok.RequiredArgsConstructor;
|
|
|
@@ -15,6 +14,7 @@ import lombok.extern.slf4j.Slf4j;
|
|
|
import org.apache.commons.lang3.StringUtils;
|
|
|
import org.springframework.core.annotation.Order;
|
|
|
import org.springframework.web.filter.OncePerRequestFilter;
|
|
|
+
|
|
|
import javax.servlet.FilterChain;
|
|
|
import javax.servlet.http.HttpServletRequest;
|
|
|
import javax.servlet.http.HttpServletResponse;
|
|
|
@@ -41,7 +41,7 @@ public class VerifySmFilter extends OncePerRequestFilter {
|
|
|
ParameterRequestWrapper initWrapper = new ParameterRequestWrapper(request);
|
|
|
// 不是登录操作
|
|
|
if (!("POST".equalsIgnoreCase(request.getMethod())
|
|
|
- && defaultFilterProcessUrl.equals(request.getServletPath())) && !("/getVerifyCode".equals(request.getServletPath()))
|
|
|
+ && defaultFilterProcessUrl.equals(request.getServletPath())) && !("/getVerifyCode".equals(request.getServletPath()))
|
|
|
&& !("/sysParameterController/getUseSendMail".equals(request.getServletPath())) && !("/getMailCode".equals(request.getServletPath()))) {
|
|
|
// 验证token
|
|
|
String tokenStr = request.getHeader("Authorization");
|
|
|
@@ -51,7 +51,7 @@ public class VerifySmFilter extends OncePerRequestFilter {
|
|
|
String tokenSign = request.getHeader("JySign");
|
|
|
// 验证签名
|
|
|
boolean verifySign =
|
|
|
- SM2CryptUtils.verifySign(SecretKeyConstants.CLIENT_PUBLIC_KEY, decryptTokenStr, tokenSign);
|
|
|
+ SM2CryptUtils.verifySign(SecretKeyConstants.CLIENT_PUBLIC_KEY, decryptTokenStr, tokenSign);
|
|
|
if (!verifySign) {
|
|
|
// 验签失败
|
|
|
ResponseInfo.doResponse(response, "token验签失败,不能访问系统!", 401);
|
|
|
@@ -71,7 +71,7 @@ public class VerifySmFilter extends OncePerRequestFilter {
|
|
|
}
|
|
|
// 解密后的参数字符串
|
|
|
String decryptStr = "";
|
|
|
- if ("POST".equalsIgnoreCase(request.getMethod())||"PUT".equalsIgnoreCase(request.getMethod())||"DELETE".equalsIgnoreCase(request.getMethod())) {
|
|
|
+ if ("POST".equalsIgnoreCase(request.getMethod()) || "PUT".equalsIgnoreCase(request.getMethod()) || "DELETE".equalsIgnoreCase(request.getMethod())) {
|
|
|
byte[] bytes = null;
|
|
|
try {
|
|
|
bytes = initWrapper.getBodyContent(request).getBytes(StandardCharsets.UTF_8);
|
|
|
@@ -83,10 +83,9 @@ public class VerifySmFilter extends OncePerRequestFilter {
|
|
|
JSONObject jsonObject;
|
|
|
try {
|
|
|
jsonObject = JSONUtil.parseObj(json);
|
|
|
- }
|
|
|
- catch (Exception e){
|
|
|
+ } catch (Exception e) {
|
|
|
// System.out.println("出错字符=====>"+json);
|
|
|
- throw e;
|
|
|
+ throw e;
|
|
|
}
|
|
|
// 验证加密的参数文本
|
|
|
String data_sm2 = jsonObject.getStr("secretData");
|
|
|
@@ -95,7 +94,7 @@ public class VerifySmFilter extends OncePerRequestFilter {
|
|
|
decryptStr = SM2CryptUtils.decrypt(data_sm2, SecretKeyConstants.SERVER_PRIVATE_KEY);
|
|
|
} catch (Exception e) {
|
|
|
// 参数验签失败
|
|
|
- if (defaultFilterProcessUrl.equals(request.getServletPath())){
|
|
|
+ if (defaultFilterProcessUrl.equals(request.getServletPath())) {
|
|
|
// 记录用户退出日志
|
|
|
LoginFactory.recordLogininfor("未知", Constants.LOGIN_FAIL, "参数解密失败");
|
|
|
}
|
|
|
@@ -107,9 +106,9 @@ public class VerifySmFilter extends OncePerRequestFilter {
|
|
|
try {
|
|
|
// 验证签名
|
|
|
boolean verifySign =
|
|
|
- SM2CryptUtils.verifySign(SecretKeyConstants.CLIENT_PUBLIC_KEY, decryptStr, paramSign);
|
|
|
+ SM2CryptUtils.verifySign(SecretKeyConstants.CLIENT_PUBLIC_KEY, decryptStr, paramSign);
|
|
|
if (!verifySign) {
|
|
|
- if (defaultFilterProcessUrl.equals(request.getServletPath())){
|
|
|
+ if (defaultFilterProcessUrl.equals(request.getServletPath())) {
|
|
|
// 记录用户退出日志
|
|
|
LoginFactory.recordLogininfor("未知", Constants.LOGIN_FAIL, "参数验签失败");
|
|
|
}
|
|
|
@@ -119,7 +118,7 @@ public class VerifySmFilter extends OncePerRequestFilter {
|
|
|
}
|
|
|
} catch (Exception e) {
|
|
|
// 验签失败
|
|
|
- if (defaultFilterProcessUrl.equals(request.getServletPath())){
|
|
|
+ if (defaultFilterProcessUrl.equals(request.getServletPath())) {
|
|
|
// 记录用户退出日志
|
|
|
LoginFactory.recordLogininfor("未知", Constants.LOGIN_FAIL, "参数验签失败");
|
|
|
}
|
|
|
@@ -129,9 +128,8 @@ public class VerifySmFilter extends OncePerRequestFilter {
|
|
|
if (!"".equals(decryptStr)) {
|
|
|
try {
|
|
|
stringToMap = JSONUtil.parseObj(decryptStr);
|
|
|
- }
|
|
|
- catch (Exception e){
|
|
|
- if (defaultFilterProcessUrl.equals(request.getServletPath())){
|
|
|
+ } catch (Exception e) {
|
|
|
+ if (defaultFilterProcessUrl.equals(request.getServletPath())) {
|
|
|
// 记录用户退出日志
|
|
|
LoginFactory.recordLogininfor("未知", Constants.LOGIN_FAIL, "参数转换json失败");
|
|
|
}
|
|
|
@@ -147,13 +145,13 @@ public class VerifySmFilter extends OncePerRequestFilter {
|
|
|
Map<String, String> tempMap = new HashMap(16);
|
|
|
// 对加密串解密验签
|
|
|
try {
|
|
|
- String[] tempStr = get_sm2Str.replaceAll("&","&").split("&");
|
|
|
+ String[] tempStr = get_sm2Str.replaceAll("&", "&").split("&");
|
|
|
for (int i = 0; i < tempStr.length; i++) {
|
|
|
String[] fieldStr = tempStr[i].split("=");
|
|
|
tempMap.put(fieldStr[0], fieldStr[1]);
|
|
|
}
|
|
|
decryptStr =
|
|
|
- SM2CryptUtils.decrypt(tempMap.get("secretData"), SecretKeyConstants.SERVER_PRIVATE_KEY);
|
|
|
+ SM2CryptUtils.decrypt(tempMap.get("secretData"), SecretKeyConstants.SERVER_PRIVATE_KEY);
|
|
|
} catch (Exception e) {
|
|
|
// 参数验签失败
|
|
|
ResponseInfo.doResponse(response, "参数解密失败,不能访问系统!", 401);
|
|
|
@@ -164,7 +162,7 @@ public class VerifySmFilter extends OncePerRequestFilter {
|
|
|
// 验证签名
|
|
|
try {
|
|
|
boolean verifySign =
|
|
|
- SM2CryptUtils.verifySign(SecretKeyConstants.CLIENT_PUBLIC_KEY, decryptStr, paramSign);
|
|
|
+ SM2CryptUtils.verifySign(SecretKeyConstants.CLIENT_PUBLIC_KEY, decryptStr, paramSign);
|
|
|
if (!verifySign) {
|
|
|
// 验签失败
|
|
|
ResponseInfo.doResponse(response, "参数验签失败,不能访问系统!", 401);
|
|
|
@@ -180,10 +178,18 @@ public class VerifySmFilter extends OncePerRequestFilter {
|
|
|
}
|
|
|
}
|
|
|
}
|
|
|
+ //对参数里的字符进行合理化校验
|
|
|
+ String regex = "^[\\u4e00-\\u9fa5a-zA-Z0-9!@#$%^&*()_+|<>,.?/:;\\[\\]{}\\-\\s]*$";
|
|
|
+ for (String key : stringToMap.keySet()) {
|
|
|
+ if (!stringToMap.get(key).toString().matches(regex)) {
|
|
|
+ ResponseInfo.doResponse(response, "参数验证失败,包含特殊字符 " + stringToMap.get(key), 405);
|
|
|
+ return;
|
|
|
+ }
|
|
|
+ }
|
|
|
ParameterRequestWrapper pr = new ParameterRequestWrapper(initWrapper, stringToMap, decryptStr);
|
|
|
filterChain.doFilter(pr, response);
|
|
|
} catch (Exception e) {
|
|
|
- log.error(IPUtils.getIpAddr(request)+"访问系统失败",e);
|
|
|
+ log.error(IPUtils.getIpAddr(request) + "访问系统失败", e);
|
|
|
ResponseInfo.doResponse(response, "访问失败,联系管理员!", 401);
|
|
|
return;
|
|
|
}
|
