From b5d8fe9ffa3f665709247055441da4d9fa95ce9a Mon Sep 17 00:00:00 2001
From: liusheng <337615773@qq.com>
Date: 星期二, 09 九月 2025 11:44:54 +0800
Subject: [PATCH] IP安全验证修改
---
ruoyi-admin/src/main/java/com/ruoyi/web/controller/hanler/IpWhitelistInterceptor.java | 65 ++++++++++++++++++++++++++------
1 files changed, 52 insertions(+), 13 deletions(-)
diff --git a/ruoyi-admin/src/main/java/com/ruoyi/web/controller/hanler/IpWhitelistInterceptor.java b/ruoyi-admin/src/main/java/com/ruoyi/web/controller/hanler/IpWhitelistInterceptor.java
index 277238a..aa80b2e 100644
--- a/ruoyi-admin/src/main/java/com/ruoyi/web/controller/hanler/IpWhitelistInterceptor.java
+++ b/ruoyi-admin/src/main/java/com/ruoyi/web/controller/hanler/IpWhitelistInterceptor.java
@@ -5,7 +5,6 @@
import com.ruoyi.system.mapper.SysConfigMapper;
import org.apache.commons.net.util.SubnetUtils;
import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.beans.factory.annotation.Value;
import org.springframework.http.HttpStatus;
import org.springframework.stereotype.Component;
import org.springframework.web.method.HandlerMethod;
@@ -13,9 +12,9 @@
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
+import java.util.regex.Pattern;
@Component
public class IpWhitelistInterceptor implements HandlerInterceptor {
@@ -61,17 +60,8 @@
SysConfig sysConfig = sysConfigMapper.selectConfig(config);
List<String> whitelistIps = Arrays.asList(sysConfig.getConfigValue().split(","));
for (String whitelist : whitelistIps) {
- if (whitelist.contains("/")) {
- // CIDR鏍煎紡
- SubnetUtils subnetUtils = new SubnetUtils(whitelist);
- if (subnetUtils.getInfo().isInRange(ip)) {
- return true;
- }
- } else {
- // 鍗曚釜IP
- if (whitelist.equals(ip)) {
- return true;
- }
+ if (isInRange(ip, whitelist)) {
+ return true;
}
}
} catch (Exception e) {
@@ -79,4 +69,53 @@
}
return false;
}
+
+ /**
+ * 鏅鸿兘楠岃瘉IP鏄惁鍦ㄦ寚瀹氱殑妯″紡鍐�
+ * 鏀寔锛欳IDR鏍煎紡銆侀�氶厤绗︽牸寮忋�佸崟涓狪P
+ */
+ public boolean isInRange(String ip, String pattern) {
+ if (pattern == null || ip == null) {
+ return false;
+ }
+
+ // 1. 濡傛灉鏄疌IDR鏍煎紡锛堝寘鍚�/锛�
+ if (pattern.contains("/")) {
+ try {
+ SubnetUtils utils = new SubnetUtils(pattern);
+ return utils.getInfo().isInRange(ip);
+ } catch (IllegalArgumentException e) {
+ return false;
+ }
+ }
+
+ // 2. 濡傛灉鏄�氶厤绗︽牸寮忥紙鍖呭惈*锛�
+ if (pattern.contains("*")) {
+ return matchesWildcardPattern(ip, pattern);
+ }
+
+ // 3. 濡傛灉鏄崟涓狪P鍦板潃
+ if (isValidIp(pattern)) {
+ return ip.equals(pattern);
+ }
+
+ return false;
+ }
+
+ /**
+ * 閫氶厤绗︽ā寮忓尮閰�
+ */
+ private boolean matchesWildcardPattern(String ip, String wildcardPattern) {
+ // 灏嗛�氶厤绗﹁浆鎹负姝e垯琛ㄨ揪寮�
+ String regex = wildcardPattern.replace(".", "\\.").replace("*", "\\d+");
+
+ return Pattern.matches(regex, ip);
+ }
+
+ /**
+ * 楠岃瘉鏄惁涓哄悎娉旾P鍦板潃
+ */
+ private boolean isValidIp(String ip) {
+ return Pattern.matches("^\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}$", ip);
+ }
}
--
Gitblit v1.9.3