✨ mica-xss 添加一个使用场景。

552bcc82 · 如梦技术 · 0eb550c3 · 552bcc82 · 552bcc82 · 552bcc82
4 changed file
--- a/mica-lite/src/main/java/net/dreamlu/mica/lite/config/MicaLiteConfiguration.java
+++ b/mica-lite/src/main/java/net/dreamlu/mica/lite/config/MicaLiteConfiguration.java
@@ -17,6 +17,7 @@
 package net.dreamlu.mica.lite.config;

 import net.dreamlu.mica.core.spring.SpringContextUtil;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;

@@ -29,6 +30,7 @@ import org.springframework.context.annotation.Configuration;
 public class MicaLiteConfiguration {

 	@Bean
+	@ConditionalOnMissingBean
 	public SpringContextUtil springContextUtil() {
 		return new SpringContextUtil();
 	}

--- a/mica-xss/README.md
+++ b/mica-xss/README.md
@@ -35,6 +35,10 @@ compile("net.dreamlu:mica-xss:${version}")
 ## 注解
 可以使用 `@XssCleanIgnore` 注解对方法和类级别进行忽略。

+## 针对某个 json 对象 `String` 字段处理
+1. 添加 `@XssCleanIgnore` 注解对路由忽略 xss 处理。
+2. 对需要处理得字段添加 `@JsonDeserialize(using = XssCleanDeserializer.class)` 注解。
+
 ## 自定义 xss 清理
 如果内置的 xss 清理规则不满足需求，可以自己实现 `XssCleaner`，注册成 Spring bean 即可。


--- a/mica-xss/src/main/java/net/dreamlu/mica/xss/config/MicaXssConfiguration.java
+++ b/mica-xss/src/main/java/net/dreamlu/mica/xss/config/MicaXssConfiguration.java
@@ -17,6 +17,7 @@
 package net.dreamlu.mica.xss.config;

 import lombok.RequiredArgsConstructor;
+import net.dreamlu.mica.core.spring.SpringContextUtil;
 import net.dreamlu.mica.xss.core.*;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
@@ -49,6 +50,12 @@ import java.util.List;
 public class MicaXssConfiguration implements WebMvcConfigurer {
 	private final MicaXssProperties xssProperties;

+	@Bean
+	@ConditionalOnMissingBean
+	public SpringContextUtil springContextUtil() {
+		return new SpringContextUtil();
+	}
+
 	@Bean
 	@ConditionalOnMissingBean
 	public XssCleaner xssCleaner(MicaXssProperties properties) {
@@ -64,8 +71,7 @@ public class MicaXssConfiguration implements WebMvcConfigurer {
 	@Bean
 	public Jackson2ObjectMapperBuilderCustomizer xssJacksonCustomizer(MicaXssProperties properties,
 																	  XssCleaner xssCleaner) {
-		JacksonXssClean xssClean = new JacksonXssClean(properties, xssCleaner);
-		return builder -> builder.deserializerByType(String.class, xssClean);
+		return builder -> builder.deserializerByType(String.class, new JacksonXssClean(properties, xssCleaner));
 	}

 	@Override

--- a/mica-xss/src/main/java/net/dreamlu/mica/xss/core/XssCleanDeserializer.java
+++ b/mica-xss/src/main/java/net/dreamlu/mica/xss/core/XssCleanDeserializer.java
+/*
+ * Copyright (c) 2019-2029, Dreamlu 卢春梦 (596392912@qq.com & www.dreamlu.net).
+ * <p>
+ * Licensed under the GNU LESSER GENERAL PUBLIC LICENSE 3.0;
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * <p>
+ * http://www.gnu.org/licenses/lgpl.html
+ * <p>
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package net.dreamlu.mica.xss.core;
+
+import com.fasterxml.jackson.core.JsonParser;
+import com.fasterxml.jackson.databind.DeserializationContext;
+import com.fasterxml.jackson.databind.JsonDeserializer;
+import lombok.extern.slf4j.Slf4j;
+import net.dreamlu.mica.core.spring.SpringContextUtil;
+import net.dreamlu.mica.xss.config.MicaXssProperties;
+import net.dreamlu.mica.xss.utils.XssUtil;
+
+import java.io.IOException;
+
+/**
+ * jackson xss 处理
+ *
+ * @author L.cm
+ */
+@Slf4j
+public class XssCleanDeserializer extends JsonDeserializer<String> {
+
+	@Override
+	public String deserialize(JsonParser p, DeserializationContext ctx) throws IOException {
+		// XSS filter
+		String text = p.getValueAsString();
+		if (text == null) {
+			return null;
+		}
+		// 读取 xss 配置
+		MicaXssProperties properties = SpringContextUtil.getBean(MicaXssProperties.class);
+		if (properties == null) {
+			return text;
+		}
+		// 读取 XssCleaner bean
+		XssCleaner xssCleaner = SpringContextUtil.getBean(XssCleaner.class);
+		if (xssCleaner == null) {
+			return XssUtil.trim(text, properties.isTrimText());
+		}
+		String value = xssCleaner.clean(XssUtil.trim(text, properties.isTrimText()));
+		log.debug("Json property value:{} cleaned up by mica-xss, current value is:{}.", text, value);
+		return value;
+	}
+
+}