diff --git a/seqdata-cloud-gateway/src/main/java/cn/seqdata/gateway/GatewayConfiguration.java b/seqdata-cloud-gateway/src/main/java/cn/seqdata/gateway/GatewayConfiguration.java index 6f2aaa79542bb91723d99d766992898fd06b340b..fd2c2260f0ceb9bbf8540c60fcd58eab702df16c 100644 --- a/seqdata-cloud-gateway/src/main/java/cn/seqdata/gateway/GatewayConfiguration.java +++ b/seqdata-cloud-gateway/src/main/java/cn/seqdata/gateway/GatewayConfiguration.java @@ -16,6 +16,7 @@ import org.springframework.security.oauth2.provider.token.ResourceServerTokenSer import cn.seqdata.gateway.filter.authc.AllowlistPredicate; import cn.seqdata.gateway.filter.authc.IgnoringProperties; import cn.seqdata.gateway.filter.authc.PathMatcherGlobalFilter; +import cn.seqdata.gateway.filter.authc.SwaggerGlobalFilter; import cn.seqdata.gateway.filter.captcha.CaptchaGlobalFilter; import cn.seqdata.gateway.filter.captcha.CaptchaProperties; import cn.seqdata.gateway.filter.logging.LogRecorder; @@ -74,6 +75,12 @@ public class GatewayConfiguration { return new PathMatcherGlobalFilter(allowlistPredicate, tokenServices, permissionEvaluator); } + @Bean + @ConditionalOnProperty(value = "swagger.enabled", havingValue = "false") + public SwaggerGlobalFilter swaggerGlobalFilter() { + return new SwaggerGlobalFilter(); + } + /** * 对前端签名进行验证 */ diff --git a/seqdata-cloud-gateway/src/main/java/cn/seqdata/gateway/filter/authc/SwaggerGlobalFilter.java b/seqdata-cloud-gateway/src/main/java/cn/seqdata/gateway/filter/authc/SwaggerGlobalFilter.java new file mode 100644 index 0000000000000000000000000000000000000000..b966bea8bd6ae8437782281e55a0d37284804c78 --- /dev/null +++ b/seqdata-cloud-gateway/src/main/java/cn/seqdata/gateway/filter/authc/SwaggerGlobalFilter.java @@ -0,0 +1,54 @@ +package cn.seqdata.gateway.filter.authc; + +import lombok.AllArgsConstructor; + +import org.springframework.cloud.gateway.filter.GatewayFilterChain; +import org.springframework.cloud.gateway.filter.GlobalFilter; +import org.springframework.core.Ordered; +import org.springframework.http.HttpStatus; +import org.springframework.http.server.RequestPath; +import org.springframework.http.server.reactive.ServerHttpRequest; +import org.springframework.util.AntPathMatcher; +import org.springframework.util.PathMatcher; +import org.springframework.web.server.ResponseStatusException; +import org.springframework.web.server.ServerWebExchange; +import reactor.core.publisher.Mono; + +@AllArgsConstructor +public class SwaggerGlobalFilter implements GlobalFilter, Ordered { + protected static final PathMatcher pathMatcher = new AntPathMatcher(); + private static final String[] swaggerList = { + "/swagger-ui.html", "/*/swagger-ui.html", + "/swagger-resources/**", "/*/swagger-resources/**", + "/v2/api-docs/**", "/*/v2/api-docs/**", + "/webjars/**", "/*/webjars/**" + }; + + @Override + public Mono filter(ServerWebExchange exchange, GatewayFilterChain chain) { + ServerHttpRequest request = exchange.getRequest(); + if(test(request)) { + throw new ResponseStatusException(HttpStatus.FORBIDDEN, "URL FORBIDDEN"); + } + return chain.filter(exchange); + } + + public boolean test(ServerHttpRequest request) { + RequestPath requestPath = request.getPath(); + String path = requestPath.value(); + + //是否禁止访问 + for(String pattern : swaggerList) { + if(pathMatcher.match(pattern, path)) { + return true; + } + } + + return false; + } + + @Override + public int getOrder() { + return -100; + } +}