From fd7acc90c11ae7e200b54739780850c4e8867b90 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E9=BB=84=E6=B5=B7?= <10402852@qq.com>
Date: Mon, 23 Sep 2024 19:47:48 +0800
Subject: [PATCH] 'commit'
---
.../dsideal/gw/{Const => Bean}/RetBean.java | 2 +-
.../com/dsideal/gw/Handler/RouterHandler.java | 2 +-
dsGw/src/main/resources/logo.txt | 17 ++--
dsRes.iml | 9 --
.../dsideal/resource/Handler/XssHandler.java | 36 --------
.../Handler/XssHttpServletRequestWrapper.java | 85 -------------------
.../com/dsideal/resource/Plugin/Slf4jLog.java | 78 -----------------
.../resource/Plugin/Slf4jLogFactory.java | 17 ----
.../com/dsideal/resource/ResApplication.java | 4 -
9 files changed, 10 insertions(+), 240 deletions(-)
rename dsGw/src/main/java/com/dsideal/gw/{Const => Bean}/RetBean.java (91%)
delete mode 100644 dsRes.iml
delete mode 100644 dsRes/src/main/java/com/dsideal/resource/Handler/XssHandler.java
delete mode 100644 dsRes/src/main/java/com/dsideal/resource/Handler/XssHttpServletRequestWrapper.java
delete mode 100644 dsRes/src/main/java/com/dsideal/resource/Plugin/Slf4jLog.java
delete mode 100644 dsRes/src/main/java/com/dsideal/resource/Plugin/Slf4jLogFactory.java
diff --git a/dsGw/src/main/java/com/dsideal/gw/Const/RetBean.java b/dsGw/src/main/java/com/dsideal/gw/Bean/RetBean.java
similarity index 91%
rename from dsGw/src/main/java/com/dsideal/gw/Const/RetBean.java
rename to dsGw/src/main/java/com/dsideal/gw/Bean/RetBean.java
index 91feeef4..2bad20d8 100644
--- a/dsGw/src/main/java/com/dsideal/gw/Const/RetBean.java
+++ b/dsGw/src/main/java/com/dsideal/gw/Bean/RetBean.java
@@ -1,4 +1,4 @@
-package com.dsideal.gw.Const;
+package com.dsideal.gw.Bean;
import com.alibaba.fastjson.JSONObject;
import lombok.Getter;
diff --git a/dsGw/src/main/java/com/dsideal/gw/Handler/RouterHandler.java b/dsGw/src/main/java/com/dsideal/gw/Handler/RouterHandler.java
index 37a2b31b..d7d1906c 100644
--- a/dsGw/src/main/java/com/dsideal/gw/Handler/RouterHandler.java
+++ b/dsGw/src/main/java/com/dsideal/gw/Handler/RouterHandler.java
@@ -1,7 +1,7 @@
package com.dsideal.gw.Handler;
import com.alibaba.fastjson.JSONObject;
-import com.dsideal.gw.Const.RetBean;
+import com.dsideal.gw.Bean.RetBean;
import com.dsideal.gw.GwApplication;
import com.dsideal.gw.Util.CommonUtil;
import com.dsideal.gw.Util.JwtUtil;
diff --git a/dsGw/src/main/resources/logo.txt b/dsGw/src/main/resources/logo.txt
index 6e39f853..b5406466 100644
--- a/dsGw/src/main/resources/logo.txt
+++ b/dsGw/src/main/resources/logo.txt
@@ -1,12 +1,11 @@
- _______ ______ __ __
-/ \ / \ / | _ / |
-$$$$$$$ | _______ /$$$$$$ |$$ | / \ $$ |
-$$ | $$ | / |$$ | _$$/ $$ |/$ \$$ |
-$$ | $$ |/$$$$$$$/ $$ |/ |$$ /$$$ $$ |
-$$ | $$ |$$ \ $$ |$$$$ |$$ $$/$$ $$ |
-$$ |__$$ | $$$$$$ |$$ \__$$ |$$$$/ $$$$ |
-$$ $$/ / $$/ $$ $$/ $$$/ $$$ |
-$$$$$$$/ $$$$$$$/ $$$$$$/ $$/ $$/
+ $$\ $$$$$$\
+ $$ | $$ __$$\
+ $$$$$$$ | $$$$$$$\ $$ / \__|$$\ $$\ $$\
+$$ __$$ |$$ _____|$$ |$$$$\ $$ | $$ | $$ |
+$$ / $$ |\$$$$$$\ $$ |\_$$ |$$ | $$ | $$ |
+$$ | $$ | \____$$\ $$ | $$ |$$ | $$ | $$ |
+\$$$$$$$ |$$$$$$$ |\$$$$$$ |\$$$$$\$$$$ |
+ \_______|\_______/ \______/ \_____\____/
power by http://patorjk.com/software/taag/
\ No newline at end of file
diff --git a/dsRes.iml b/dsRes.iml
deleted file mode 100644
index 3f7372f4..00000000
--- a/dsRes.iml
+++ /dev/null
@@ -1,9 +0,0 @@
-
-
-
-
-
-
-
-
-
\ No newline at end of file
diff --git a/dsRes/src/main/java/com/dsideal/resource/Handler/XssHandler.java b/dsRes/src/main/java/com/dsideal/resource/Handler/XssHandler.java
deleted file mode 100644
index 47477f2c..00000000
--- a/dsRes/src/main/java/com/dsideal/resource/Handler/XssHandler.java
+++ /dev/null
@@ -1,36 +0,0 @@
-package com.dsideal.resource.Handler;
-
-import com.dsideal.resource.Handler.XssHttpServletRequestWrapper;
-import com.jfinal.handler.Handler;
-import org.jsoup.internal.StringUtil;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.util.regex.Pattern;
-
-public class XssHandler extends Handler {
- // 排除的url,使用的target.startsWith匹配的
- private final String excludePattern;
-
- /**
- * 忽略列表,使用正则
- */
- public XssHandler(String excludePattern) {
-// System.out.println("进入xss拦截------------------------------" + new Date());
- this.excludePattern = excludePattern;
- }
-
- @Override
- public void handle(String target, HttpServletRequest request, HttpServletResponse response, boolean[] isHandled) {
-
- Pattern pattern = Pattern.compile(excludePattern);
- //带.表示非action请求,忽略(其实不太严谨,如果是伪静态,比如.html会被错误地排除);匹配excludePattern的,忽略
- if (!target.contains(".") && !(!StringUtil.isBlank(excludePattern) && pattern.matcher(target).find())
- && !target.contains("addGlobal") && !target.contains("updateGlobalById")) {
- request = new XssHttpServletRequestWrapper(request);
- }
- //别忘了
- next.handle(target, request, response, isHandled);
-
- }
-}
diff --git a/dsRes/src/main/java/com/dsideal/resource/Handler/XssHttpServletRequestWrapper.java b/dsRes/src/main/java/com/dsideal/resource/Handler/XssHttpServletRequestWrapper.java
deleted file mode 100644
index d1d3a666..00000000
--- a/dsRes/src/main/java/com/dsideal/resource/Handler/XssHttpServletRequestWrapper.java
+++ /dev/null
@@ -1,85 +0,0 @@
-package com.dsideal.resource.Handler;
-
-import org.jsoup.Jsoup;
-import org.jsoup.safety.Safelist;
-
-import javax.servlet.http.HttpServletRequest;
-import java.util.HashMap;
-import java.util.Map;
-
-/**
- * 重写HttpServletRequestWrapper用于配合XssHandler
- *
- * @author ren
- * @date 创建时间:2017年5月18日 下午1:49:26
- */
-public class XssHttpServletRequestWrapper extends javax.servlet.http.HttpServletRequestWrapper {
-
- public XssHttpServletRequestWrapper(HttpServletRequest request) {
- super(request);
- }
-
- /**
- * 重写并过滤getParameter方法
- */
- @Override
- public String getParameter(String name) {
- return getBasicHtmlandimage(super.getParameter(name));
-
- }
-
- /**
- * 重写并过滤getParameterValues方法
- */
- @Override
- public String[] getParameterValues(String name) {
- String[] values = super.getParameterValues(name);
- if (null == values) {
- return null;
- }
- for (int i = 0; i < values.length; i++) {
- values[i] = getBasicHtmlandimage(values[i]);
- }
- return values;
- }
-
- /**
- * 重写并过滤getParameterMap方法
- */
- @Override
- public Map getParameterMap() {
- @SuppressWarnings("unchecked")
- Map paraMap = super.getParameterMap();
- // 对于paraMap为空的直接return
- if (null == paraMap || paraMap.isEmpty()) {
- return paraMap;
- }
-
- //super.getParameterMap()不允许任何修改,所以只能做深拷贝
- Map paraMapCopy = new HashMap();
- //实际上putAll只对基本类型深拷贝有效,如果是自定义类型,则要找其他办法
- paraMapCopy.putAll(paraMap);
-
- for (Map.Entry entry : paraMapCopy.entrySet()) {
- String[] values = entry.getValue();
- if (null == values) {
- continue;
- }
- String[] newValues = new String[values.length];
- for (int i = 0; i < values.length; i++) {
- newValues[i] = getBasicHtmlandimage(values[i]);
- }
- entry.setValue(newValues);
- }
- return paraMapCopy;
- }
-
- private static String getBasicHtmlandimage(String html) {
- if (html == null)
- return null;
-
- html = Jsoup.clean(html, Safelist.basicWithImages());
- //再次过滤
- return html;
- }
-}
\ No newline at end of file
diff --git a/dsRes/src/main/java/com/dsideal/resource/Plugin/Slf4jLog.java b/dsRes/src/main/java/com/dsideal/resource/Plugin/Slf4jLog.java
deleted file mode 100644
index 9e36e5ce..00000000
--- a/dsRes/src/main/java/com/dsideal/resource/Plugin/Slf4jLog.java
+++ /dev/null
@@ -1,78 +0,0 @@
-package com.dsideal.resource.Plugin;
-
-import com.jfinal.log.Log;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-public class Slf4jLog extends Log {
- private Logger log;
-
- Slf4jLog(Class clazz) {
- log = LoggerFactory.getLogger(clazz);
- }
-
- Slf4jLog(String name) {
- log = LoggerFactory.getLogger(name);
- }
-
-
- public void info(String message) {
- log.info(message);
- }
-
- public void info(String message, Throwable t) {
- log.info(message, t);
- }
-
- public void debug(String message) {
- log.debug(message);
- }
-
- public void debug(String message, Throwable t) {
- log.debug(message, t);
- }
-
- public void warn(String message) {
- log.warn(message);
- }
-
- public void warn(String message, Throwable t) {
- log.warn(message, t);
- }
-
- public void error(String message) {
- log.error(message);
- }
-
- public void error(String message, Throwable t) {
- log.error(message, t);
- }
-
- public void fatal(String message) {
- log.error(message);
- }
-
- public void fatal(String message, Throwable t) {
- log.error(message, t);
- }
-
- public boolean isDebugEnabled() {
- return log.isDebugEnabled();
- }
-
- public boolean isInfoEnabled() {
- return log.isInfoEnabled();
- }
-
- public boolean isWarnEnabled() {
- return log.isWarnEnabled();
- }
-
- public boolean isErrorEnabled() {
- return log.isErrorEnabled();
- }
-
- public boolean isFatalEnabled() {
- return log.isErrorEnabled();
- }
-}
diff --git a/dsRes/src/main/java/com/dsideal/resource/Plugin/Slf4jLogFactory.java b/dsRes/src/main/java/com/dsideal/resource/Plugin/Slf4jLogFactory.java
deleted file mode 100644
index 222ba999..00000000
--- a/dsRes/src/main/java/com/dsideal/resource/Plugin/Slf4jLogFactory.java
+++ /dev/null
@@ -1,17 +0,0 @@
-package com.dsideal.resource.Plugin;
-
-import com.jfinal.log.ILogFactory;
-import com.jfinal.log.Log;
-
-public class Slf4jLogFactory implements ILogFactory {
-
- @Override
- public Log getLog(Class aClass) {
- return new Slf4jLog(aClass);
- }
-
- @Override
- public Log getLog(String name) {
- return new Slf4jLog(name);
- }
-}
diff --git a/dsRes/src/main/java/com/dsideal/resource/ResApplication.java b/dsRes/src/main/java/com/dsideal/resource/ResApplication.java
index d9f35240..e35649a8 100644
--- a/dsRes/src/main/java/com/dsideal/resource/ResApplication.java
+++ b/dsRes/src/main/java/com/dsideal/resource/ResApplication.java
@@ -1,7 +1,6 @@
package com.dsideal.resource;
import com.dsideal.resource.Controller.IndexController;
-import com.dsideal.resource.Handler.XssHandler;
import com.dsideal.resource.Interceptor.*;
import com.dsideal.resource.Plugin.YamlProp;
import com.dsideal.resource.Util.FileUtil;
@@ -155,9 +154,6 @@ public class ResApplication extends JFinalConfig {
*/
@Override
public void configHandler(Handlers me) {
- //加入统一的XSS处理器
- //添加xss 过滤(正则表达式:"/((\\%3C)|<)((\\%2F)|\\/)*[a-z0-9\\%]+((\\%3E)|>)/ix")
- me.add(new XssHandler("/((\\%3C)|<)((\\%2F)|\\/)*[a-z0-9\\%]+((\\%3E)|>)/ix"));
}
/**