Merge branch '3.1.x'

# Conflicts: # mica-core/src/main/java/net/dreamlu/mica/core/validation/constraintvalidators/RangeInValidator.java
lets-mica · Mar 22, 2024 · 20ed22f · 20ed22f
2 parents 1f452d2 + 6bc0fd3
commit 20ed22f
Show file tree

Hide file tree

Showing 4 changed files with 66 additions and 8 deletions.
diff --git a/mica-xss/src/main/java/net/dreamlu/mica/xss/config/MicaXssConfiguration.java b/mica-xss/src/main/java/net/dreamlu/mica/xss/config/MicaXssConfiguration.java
@@ -30,6 +30,8 @@
 import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 
+import java.util.ArrayList;
+import java.util.Collections;
 import java.util.List;
 
 /**
@@ -76,14 +78,17 @@ public Jackson2ObjectMapperBuilderCustomizer xssJacksonCustomizer(MicaXssPropert
 
 	@Override
 	public void addInterceptors(InterceptorRegistry registry) {
-		List<String> patterns = xssProperties.getPathPatterns();
+		List<String> patterns = new ArrayList<>();
+		// 拦截路由和排除的路由
+		patterns.addAll(xssProperties.getPathPatterns());
+		patterns.addAll(xssProperties.getPathExcludePatterns());
 		if (patterns.isEmpty()) {
 			patterns.add("/**");
 		}
+		// 拦截所有
 		XssCleanInterceptor interceptor = new XssCleanInterceptor(xssProperties);
 		registry.addInterceptor(interceptor)
 			.addPathPatterns(patterns)
-			.excludePathPatterns(xssProperties.getPathExcludePatterns())
 			.order(Ordered.LOWEST_PRECEDENCE);
 	}
 

diff --git a/mica-xss/src/main/java/net/dreamlu/mica/xss/core/XssCleanInterceptor.java b/mica-xss/src/main/java/net/dreamlu/mica/xss/core/XssCleanInterceptor.java
@@ -21,16 +21,21 @@
 import lombok.RequiredArgsConstructor;
 import net.dreamlu.mica.core.utils.ClassUtil;
 import net.dreamlu.mica.xss.config.MicaXssProperties;
+import org.springframework.util.AntPathMatcher;
+import org.springframework.util.PathMatcher;
 import org.springframework.web.method.HandlerMethod;
 import org.springframework.web.servlet.AsyncHandlerInterceptor;
 
+import java.util.List;
+
 /**
  * xss 处理拦截器
  *
  * @author L.cm
  */
 @RequiredArgsConstructor
 public class XssCleanInterceptor implements AsyncHandlerInterceptor {
+	private final PathMatcher matcher = new AntPathMatcher();
 	private final MicaXssProperties xssProperties;
 
 	@Override
@@ -43,11 +48,20 @@ public boolean preHandle(HttpServletRequest request, HttpServletResponse respons
 		if (!xssProperties.isEnabled()) {
 			return true;
 		}
+		// 判断是否需要跳过
+		List<String> pathExcludePatterns = xssProperties.getPathExcludePatterns();
+		String requestURL = request.getRequestURL().toString();
+		boolean needExclude = pathExcludePatterns.stream()
+			.anyMatch(pattern -> matcher.match(pattern, requestURL));
+		if (needExclude) {
+			XssHolder.setIgnore(new XssIgnoreVo());
+			return true;
+		}
 		// 3. 处理 XssIgnore 注解
 		HandlerMethod handlerMethod = (HandlerMethod) handler;
 		XssCleanIgnore xssCleanIgnore = ClassUtil.getAnnotation(handlerMethod, XssCleanIgnore.class);
 		if (xssCleanIgnore != null) {
-			XssHolder.setIgnore(xssCleanIgnore);
+			XssHolder.setIgnore(new XssIgnoreVo(xssCleanIgnore.value()));
 		}
 		return true;
 	}

diff --git a/mica-xss/src/main/java/net/dreamlu/mica/xss/core/XssHolder.java b/mica-xss/src/main/java/net/dreamlu/mica/xss/core/XssHolder.java
@@ -28,7 +28,7 @@
  */
 @UtilityClass
 public class XssHolder {
-	private static final ThreadLocal<XssCleanIgnore> TL = new ThreadLocal<>();
+	private static final ThreadLocal<XssIgnoreVo> TL = new ThreadLocal<>();
 
 	/**
 	 * 是否开启
@@ -45,11 +45,11 @@ public static boolean isEnabled() {
 	 * @return XssCleanIgnore
 	 */
 	static boolean isIgnore(String name) {
-		XssCleanIgnore cleanIgnore = TL.get();
+		XssIgnoreVo cleanIgnore = TL.get();
 		if (cleanIgnore == null) {
 			return false;
 		}
-		String[] ignoreArray = cleanIgnore.value();
+		String[] ignoreArray = cleanIgnore.getNames();
 		// 1. 如果没有设置忽略的字段
 		if (ignoreArray.length == 0) {
 			return true;
@@ -61,8 +61,8 @@ static boolean isIgnore(String name) {
 	/**
 	 * 标记为开启
 	 */
-	static void setIgnore(XssCleanIgnore xssCleanIgnore) {
-		TL.set(xssCleanIgnore);
+	static void setIgnore(XssIgnoreVo ignoreVo) {
+		TL.set(ignoreVo);
 	}
 
 	/**

diff --git a/mica-xss/src/main/java/net/dreamlu/mica/xss/core/XssIgnoreVo.java b/mica-xss/src/main/java/net/dreamlu/mica/xss/core/XssIgnoreVo.java
@@ -0,0 +1,39 @@
+/*
+ * Copyright (c) 2019-2029, Dreamlu 卢春梦 ([email protected] & www.dreamlu.net).
+ * <p>
+ * Licensed under the GNU LESSER GENERAL PUBLIC LICENSE 3.0;
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * <p>
+ * http://www.gnu.org/licenses/lgpl.html
+ * <p>
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package net.dreamlu.mica.xss.core;
+
+import lombok.Getter;
+import lombok.RequiredArgsConstructor;
+
+/**
+ * 忽略存储
+ *
+ * @author L.cm
+ */
+@Getter
+@RequiredArgsConstructor
+public class XssIgnoreVo {
+
+	/**
+	 * 跳过的属性名
+	 */
+	private final String[] names;
+
+	public XssIgnoreVo() {
+		this(new String[0]);
+	}
+}