欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页  >  IT编程

SpringCloud gateway request的body验证或修改方式

程序员文章站 2022-03-21 10:22:48
springcloud gateway request的body验证或修改后续版本新增了以下过滤器org.springframework.cloud.gateway.filter.headers.re...

springcloud gateway request的body验证或修改

后续版本新增了以下过滤器

org.springframework.cloud.gateway.filter.headers.removehopbyhopheadersfilter

默认会把以下头部移除(暂不了解这做法的目的)

- connection

- keep-alive

- te

- transfer-encoding

- trailer

- proxy-authorization

- proxy-authenticate

- x-application-context

- upgrade

从而导致下面我们重写getheaders方法时添加的transfer-encoding头部移除,导致无法解析body。

解决办法:

在yml文件中配置自定义的头部移除列表

spring:
  cloud:
      filter:
        remove-hop-by-hop:
          headers:
            - connection
            - keep-alive
            - te
            - trailer
            - proxy-authorization
            - proxy-authenticate
            - x-application-context
            - upgrade

源码可见链接,且可实现动态路由配置:https://github.com/singletigger/springcloudgateway-nacos-demo

------------原文------------

往往业务中我们需要在网关对请求参数作修改操作(注意以下只针对带有body的请求),springcloud gateway中有提供一个

modifyrequestbodygatewayfilterfactory的filter,看了一下它的实现,需要指定输入类型和输出类型,比较局限。

我就参考它自己实现了一个拦截器

注意:上传文件也带有请求body,需特殊处理。

以下是主要代码

 
import org.springframework.cloud.gateway.filter.gatewayfilter;
import org.springframework.cloud.gateway.filter.factory.abstractgatewayfilterfactory;
import org.springframework.cloud.gateway.support.bodyinsertercontext;
import org.springframework.core.io.buffer.databuffer;
import org.springframework.http.httpheaders;
import org.springframework.http.codec.httpmessagereader;
import org.springframework.http.server.reactive.serverhttprequest;
import org.springframework.http.server.reactive.serverhttprequestdecorator;
import org.springframework.stereotype.component;
import org.springframework.web.reactive.function.bodyinserter;
import org.springframework.web.reactive.function.bodyinserters;
import org.springframework.web.reactive.function.server.handlerstrategies;
import org.springframework.web.reactive.function.server.serverrequest;
import org.springframework.web.server.serverwebexchange;
import reactor.core.publisher.flux;
import reactor.core.publisher.mono;
 
import java.util.list;
import java.util.concurrent.atomic.atomicreference;
import java.util.function.bifunction;
 
/**
 * @author chenws
 * @date 2019/12/12 09:33:53
 */
@component
public class cmodifyrequestbodygatewayfilterfactory extends abstractgatewayfilterfactory { 
    private final list<httpmessagereader<?>> messagereaders; 
    public cmodifyrequestbodygatewayfilterfactory() {
        this.messagereaders = handlerstrategies.withdefaults().messagereaders();
    }
 
    @override
    @suppresswarnings("unchecked")
    public gatewayfilter apply(object config) {
        return (exchange, chain) -> {
            serverrequest serverrequest = serverrequest.create(exchange,
                    this.messagereaders);
 
            mono<string> modifiedbody = serverrequest.bodytomono(string.class)
                    .flatmap(originalbody -> modifybody()
                            .apply(exchange,mono.just(originalbody)));
 
            bodyinserter bodyinserter = bodyinserters.frompublisher(modifiedbody,
                    string.class);
            httpheaders headers = new httpheaders();
            headers.putall(exchange.getrequest().getheaders());
            headers.remove(httpheaders.content_length);
 
            cachedbodyoutputmessage outputmessage = new cachedbodyoutputmessage(exchange,
                    headers);
            return bodyinserter.insert(outputmessage, new bodyinsertercontext())
                    .then(mono.defer(() -> {
                        serverhttprequest decorator = decorate(exchange, headers,
                                outputmessage);
                        return chain.filter(exchange.mutate().request(decorator).build());
                    })); 
        };
    }
 
    /**
     * 修改body
     * @return apply 返回mono<string>,数据是修改后的body
     */
    private bifunction<serverwebexchange,mono<string>,mono<string>> modifybody(){
        return (exchange,json)-> {
            atomicreference<string> result = new atomicreference<>();
            json.subscribe(
                    value -> {
                        //value 即为请求body,在此处修改
                        result.set(value);
                        system.out.println(result.get());
                    },
                    throwable::printstacktrace
            );
            return mono.just(result.get());
        };
    }
 
    private serverhttprequestdecorator decorate(serverwebexchange exchange, httpheaders headers,
                                        cachedbodyoutputmessage outputmessage) {
        return new serverhttprequestdecorator(exchange.getrequest()) {
            @override
            public httpheaders getheaders() {
                long contentlength = headers.getcontentlength();
                httpheaders httpheaders = new httpheaders();
                httpheaders.putall(super.getheaders());
                if (contentlength > 0) {
                    httpheaders.setcontentlength(contentlength);
                }
                else {
                    httpheaders.set(httpheaders.transfer_encoding, "chunked");
                }
                return httpheaders;
            }
 
            @override
            public flux<databuffer> getbody() {
                return outputmessage.getbody();
            }
        };
    }
}

springcloud gateway获取post请求体(request body)不完整解决方案

spring cloud gateway做为网关服务,通过gateway进行请求转发,在请求到达后端服务前我们可以通过filter进行一些预处理如:请求的合法性,商户验证等。

如我们在请求体中添加商户id(merid)和商户key(merkey),通过此来验证请求的合法性。但是如果我们请求内容太长如转为base64的文件存储请求。此时我们在filter获取body内容就会被截取(太长的 body 会被截断)。目前网上也没有好的解决方式。

springboot及cloud版本如下;

版本
springboot 2.0.8.release
springcloud finchley.sr2

这里提供一种解决方式,相关代码如下:

1.requestfilter

我们采用gateway网关的gobalfilter,建立我们的第一个过滤器过滤所有请求。

1).通过spring 5 的 webflux我们使用bodytomono方法把响应内容转换成类 string的对象,最终得到的结果是 mono对象

2).bodytomono方法我们可以拿到完整的body内容,并返回string。

3).我们生成唯一的token(通过uuid),并将token放入请求的header中。

4).将获取到的完整body内容,存放到redis中。

@component
public class requestfilter implements globalfilter, ordered {
	@autowired
	private redisclienttemplate redisclienttemplate;
	@override
	public mono<void> filter(serverwebexchange exchange, gatewayfilterchain chain) {
		defaultserverrequest req = new defaultserverrequest( exchange );
		string token = uuid.randomuuid().tostring();
		//向headers中放入token信息
		serverhttprequest serverhttprequest =exchange.getrequest().mutate().header("token", token)
				.build();
		//将现在的request变成change对象
		serverwebexchange build = exchange.mutate().request( serverhttprequest ).build();
		return req.bodytomono( string.class ).map( str -> {
			redisclienttemplate.setobjex( "microservice:gateway:".concat( token ), 180, str );
			myslf4j.textinfo( "请求参数:{0}", str );
			return str;
		} ).then( chain.filter( build ) );
	}
	@override
	public int getorder() {
		return 0;
	}
}

2.merchantauthfilter

建立商户认证过滤器,相关代码如下:

1).获取存储在headers中的token。

2).通过token获取我们存储在redis中的body内容(webflux 中不能使用阻塞的操作,目前想到的是通过这种方式实现)。

3).获取到完整的body内容后我们就可以进行相应的商户认证操作。

4).认证通过,将信息重新写入,不通过则返回异常信息。

@override
public mono<void> filter(serverwebexchange exchange, gatewayfilterchain chain) {
	/** 验证商户是否有权限访问 */
	serverhttprequest serverhttprequest = exchange.getrequest();
	string token = serverhttprequest.getheaders().get( "token" ).get( 0 );
       string bodystr = (string) redisclienttemplate.getobj("microservice:gateway:".concat(token));
	basereqvo basereqvo = jsonutil.fromjson( bodystr, basereqvo.class );
	try {
		// 商户认证
		baserespvo<?> baserespvo = merchantauthservice.checkmerchantauth( basereqvo );
		if (microserviceconstantparamutils.result_code_succ.equals( baserespvo.getcode() )) {
               // 若验证成功,将信息重新写入避免request信息消费后后续无法从request获取信息的问题
               uri uri = serverhttprequest.geturi();
               serverhttprequest request = serverhttprequest.mutate().uri(uri).build();
               databuffer bodydatabuffer = stringbuffer(bodystr);
               flux<databuffer> bodyflux = flux.just(bodydatabuffer);
               request = new serverhttprequestdecorator(request) {
                   @override
                   public flux<databuffer> getbody() {
                       return bodyflux;
                   }
               };
			// 封装request,传给下一级
               return chain.filter(exchange.mutate().request(request).build());
		} else {
			// 若验证不成功,返回提示信息
			return gatewayresponse( baserespvo.getcode(), baserespvo.getmessage(), exchange );
		}
	} catch (microserviceserviceexception ex) {
		// 若验证不成功,返回提示信息
		myslf4j.texterror( "商户访问权限验证异常,异常代码:{0},异常信息:{1}, 异常{2}", ex.getcode(), ex.getmessage(), ex );
		return gatewayresponse( ex.getcode(), ex.getmessage(), exchange );
	} catch (exception ex) {
		myslf4j.texterror( "商户访问权限验证服务异常:{0}", logutil.exceptiontostring( ex ) );
		return gatewayresponse( microserviceexception.err_100000, "系统异常", exchange );
	} finally {
		redisclienttemplate.del( "microservice:gateway:".concat( token ) );
	}
}
/**数据流处理方法*/
private databuffer stringbuffer(string value) {
	byte[] bytes = value.getbytes( standardcharsets.utf_8 );
	nettydatabufferfactory nettydatabufferfactory = new nettydatabufferfactory( bytebufallocator.default );
	databuffer buffer = nettydatabufferfactory.allocatebuffer( bytes.length );
	buffer.write( bytes );
	return buffer;
}
/**网关请求响应*/
private mono<void> gatewayresponse(string code, string message, serverwebexchange exchange) {
	// 若验证不成功,返回提示信息
	serverhttpresponse response = exchange.getresponse();
	baserespvo<t> baserespvo = responseutils.responsemsg( code, message, null );
	byte[] bits = jsonutil.tojson( baserespvo ).getbytes( standardcharsets.utf_8 );
	databuffer buffer = response.bufferfactory().wrap( bits );
	response.setstatuscode( httpstatus.unauthorized );
	// 指定编码,否则在浏览器中会中文乱码
	response.getheaders().add( "content-type", "text/plain;charset=utf-8" );
	return response.writewith( mono.just( buffer ) );
}
@override
public int getorder() {
	return 1;
}

另外我们还可以通过globalfilter实现请求过滤,oauth授权,相关代码如下:

请求方式验证过滤器(requestauthfilter):

@override
public mono<void> filter(serverwebexchange exchange, gatewayfilterchain chain) {
 serverhttprequest serverhttprequest = exchange.getrequest();
 string method = serverhttprequest.getmethodvalue();
 if (!"post".equals(method)) {
  serverhttpresponse response = exchange.getresponse();
  baserespvo<t> baserespvo = responseutils.responsemsg(microserviceexception.err_100008, "非法请求", null);
  byte[] bits = jsonutil.tojson(baserespvo).getbytes(standardcharsets.utf_8);
  databuffer buffer = response.bufferfactory().wrap(bits);
  response.setstatuscode(httpstatus.unauthorized);
  //指定编码,否则在浏览器中会中文乱码
  response.getheaders().add("content-type", "text/plain;charset=utf-8");
  return response.writewith(mono.just(buffer));
 }
 return chain.filter(exchange);
 }

oauth授权过滤器(oauthsignaturefilter):

/**授权访问用户名*/
@value("${spring.security.user.name}")
private string securityusername;
/**授权访问密码*/
@value("${spring.security.user.password}")
private string securityuserpassword;
@override
public mono<void> filter(serverwebexchange exchange, gatewayfilterchain chain) {
 /**oauth授权*/
 string auth = securityusername.concat(":").concat(securityuserpassword);
 string encodedauth = new sun.misc.base64encoder().encode(auth.getbytes(charset.forname("us-ascii")));
 string authheader = "basic " + encodedauth;
 //向headers中放授权信息
 serverhttprequest serverhttprequest = exchange.getrequest().mutate().header("authorization", authheader)
   .build();
 //将现在的request变成change对象
 serverwebexchange build = exchange.mutate().request(serverhttprequest).build();
 return chain.filter(build);
}

以上为个人经验,希望能给大家一个参考,也希望大家多多支持。