✨ 集成braum，过滤恶意请求

178ba56f · 智布道 · af422e1b · 178ba56f · 178ba56f · 178ba56f
10 changed file
--- a/blog-core/pom.xml
+++ b/blog-core/pom.xml
@@ -190,5 +190,11 @@
                </exclusion>
            </exclusions>
        </dependency>
+
+        <dependency>
+            <groupId>me.zhyd.braum.spring.boot</groupId>
+            <artifactId>braum-spring-boot-starter</artifactId>
+            <version>1.0.0-alpha</version>
+        </dependency>
    </dependencies>
 </project>
--- a/blog-core/src/main/java/com/zyd/blog/util/RequestUtil.java
+++ b/blog-core/src/main/java/com/zyd/blog/util/RequestUtil.java
@@ -25,7 +25,6 @@ import javax.servlet.http.HttpServletRequest;
 import java.util.Enumeration;

 /**
- *
 * @author yadong.zhang (yadong.zhang0415(a)gmail.com)
 * @version 1.0
 * @website https://www.zhyd.me
@@ -75,4 +74,13 @@ public class RequestUtil {
        return request.getMethod();
    }

+    public static boolean isAjax(HttpServletRequest request) {
+        if (request == null) {
+            request = RequestHolder.getRequest();
+        }
+        return "XMLHttpRequest".equalsIgnoreCase(request.getHeader("X-Requested-With"))
+                || request.getParameter("ajax") != null;
+
+    }
+
 }
--- a/blog-web/src/main/java/com/zyd/blog/BlogWebApplication.java
+++ b/blog-web/src/main/java/com/zyd/blog/BlogWebApplication.java
@@ -19,6 +19,7 @@
 */
 package com.zyd.blog;

+import me.zhyd.braum.spring.boot.annotation.EnableBraumConfiguration;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.boot.web.servlet.ServletComponentScan;
@@ -36,6 +37,7 @@ import org.springframework.transaction.annotation.EnableTransactionManagement;
 @SpringBootApplication
 @ServletComponentScan
 @EnableTransactionManagement
+@EnableBraumConfiguration
 public class BlogWebApplication {

    public static void main(String[] args) {

--- a/blog-web/src/main/java/com/zyd/blog/core/WebMvcConfig.java
+++ b/blog-web/src/main/java/com/zyd/blog/core/WebMvcConfig.java
+package com.zyd.blog.core;
+
+import com.zyd.blog.core.intercepter.BraumIntercepter;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+
+/**
+ * @author yadong.zhang (yadong.zhang0415(a)gmail.com)
+ * @version 1.0
+ * @website https://www.zhyd.me
+ * @date 2018/11/19 9:39
+ * @since 1.8
+ */
+@Configuration
+public class WebMvcConfig implements WebMvcConfigurer {
+
+    @Autowired
+    BraumIntercepter braumIntercepter;
+
+    @Override
+    public void addInterceptors(InterceptorRegistry registry) {
+        registry.addInterceptor(braumIntercepter)
+                .excludePathPatterns("/assets/**", "/error/**", "favicon.ico", "/css/**", "/js/**", "/img/**")
+                .addPathPatterns("/**");
+    }
+}
--- a/blog-web/src/main/java/com/zyd/blog/core/intercepter/BraumIntercepter.java
+++ b/blog-web/src/main/java/com/zyd/blog/core/intercepter/BraumIntercepter.java
+package com.zyd.blog.core.intercepter;
+
+import com.zyd.blog.util.RequestUtil;
+import com.zyd.blog.util.ResultUtil;
+import lombok.extern.slf4j.Slf4j;
+import me.zhyd.braum.spring.boot.BraumProcessor;
+import me.zhyd.braum.spring.boot.BraumResponse;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+import org.springframework.web.servlet.HandlerInterceptor;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.PrintWriter;
+import java.util.concurrent.TimeUnit;
+
+/**
+ * braum，自动识别恶意请求
+ *
+ * @author yadong.zhang (yadong.zhang0415(a)gmail.com)
+ * @version 1.0
+ * @website https://www.zhyd.me
+ * @date 2018/11/19 9:24
+ * @since 1.8
+ */
+@Component
+@Slf4j
+public class BraumIntercepter implements HandlerInterceptor {
+    private static final int SUCCESS = 1;
+    @Autowired
+    private BraumProcessor processor;
+
+    @Override
+    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
+        BraumResponse br = processor.process(request);
+        if(br.getCode() == SUCCESS) {
+            return true;
+        }
+        String errorMsg = String.format("第%s次被限制！", br.getLimitCount());
+        log.warn(errorMsg);
+        if(RequestUtil.isAjax(request)) {
+            response.setCharacterEncoding("UTF-8");
+            response.setContentType("text/html;charset=utf-8");
+            PrintWriter writer = response.getWriter();
+            writer.write(ResultUtil.error(errorMsg).toJson());
+            writer.flush();
+            writer.close();
+            return false;
+        }
+        request.setAttribute("errorMsg", errorMsg);
+        request.setAttribute("expire", TimeUnit.MILLISECONDS.toSeconds(br.getExpire()));
+        request.getRequestDispatcher("/error/403").forward(request, response);
+        return false;
+    }
+}
--- a/blog-web/src/main/resources/application-dev.yml
+++ b/blog-web/src/main/resources/application-dev.yml
@@ -39,10 +39,19 @@ spring:
 # logging settings
 logging:
  path: /var/tmp/website-blog-web
+
 ####################################自定义配置##########################################
 app:
    # 是否启用kaptcha验证码
    enableKaptcha: false
    # 创建网站的时间，用于计算已建站的天数，默认为2018-01-01
    buildWebsiteDate: 2018-01-01 00:00:00
+
+# braum过滤器，用于过滤恶意请求
+braum:
+    limit:
+        access:
+            type: redis
+            threshold: 15
+            interval: 5000
 ####################################自定义配置##########################################
\ No newline at end of file
--- a/blog-web/src/main/resources/application-test.yml
+++ b/blog-web/src/main/resources/application-test.yml
@@ -38,6 +38,13 @@ spring:
 # logging settings
 logging:
  path: /var/tmp/website-blog-web
+# braum过滤器，用于过滤恶意请求
+braum:
+    limit:
+        access:
+            type: redis
+            threshold: 15
+            interval: 5000
 ####################################自定义配置##########################################
 app:
    # 是否启用kaptcha验证码

--- a/blog-web/src/main/resources/static/css/zhyd.core.css
+++ b/blog-web/src/main/resources/static/css/zhyd.core.css
@@ -2582,7 +2582,7 @@ nav a:first-child .meta-nav {
 }

 .forbidden .left img {
-    width: 350px;
+    width: 210px;
    -moz-box-shadow: 10px 10px 20px #eeeeee;
    -webkit-box-shadow: 10px 10px 20px #eeeeee;
    box-shadow: 10px 10px 20px #eeeeee;

--- a/blog-web/src/main/resources/static/img/forbidden.jpg
+++ b/blog-web/src/main/resources/static/img/forbidden.jpg
--- a/blog-web/src/main/resources/templates/error/403.ftl
+++ b/blog-web/src/main/resources/templates/error/403.ftl
 <#include "include/macros.ftl">
 <@header title="Forbidden :("></@header>
 <div class="container custome-container">
+    <div class="clearfix"></div>
    <div class="row blog-main">
-        <div class="blog-body forbidden">
-            您已被禁止访问该页面！
+        <div class="blog-body forbidden" style="overflow: hidden;">
+            <div class="col-md-6 left">
+                <div class="error-container text-center">
+                    <p class="text-center"><i class="fa fa-info-circle"></i><strong>系统检测到您的访问状态异常，已被临时限制访问！</strong></p>
+                    <p class="forbidden-img"><img class="img-responsive center-block" src="${config.staticWebSite}/img/forbidden.jpg" alt="你已被拉入黑名单"></p>
+                    <p class="text-center"><i class="fa fa-spinner fa-pulse fa-fw fa-2x"></i>系统将于 <em><span class="limit-expiration-time"></span></em>秒后解除限制</p>
+                </div>
+            </div>
+            <div class="col-md-6 right">
+                <blockquote class="pull-left">
+                    <div class="bottom-line title"><i class="fa fa-question-circle-o"></i><strong>为什么会被限制？</strong></div>
+                    <ol>
+                        <li>1.快速的、频繁的、大量的刷新页面</li>
+                        <li>2.疑是Spider</strong></li>
+                        <li>3.系统抽风</li>
+                    </ol>
+                    <div class="clear"></div>
+                    <div class="bottom-line title" style="margin-top: 2.5rem;"><i class="fa fa-question-circle-o"></i><strong>如何解除限制？</strong></div>
+                    <ol>
+                        <li>1.出门喝杯咖啡，一般来说回来的时候限制就被解除了 <i class="fa fa-coffee fa-2x"></i></li>
+                        <li>2.文明上网，勿刷流量！</li>
+                        <li>3.请联系<a target="_blank" href="javascript:void(0);" title="点击QQ联系我"onclick="window.open('tencent://message/?uin=${config.qq}&amp;Site=www.${config.domain}&amp;Menu=yes')" rel="external nofollow">网站管理员</a></strong></li>
+                    </ol>
+                    <div class="clear"></div>
+                </blockquote>
+            </div>
        </div>
    </div>
 </div>
-<@footer></@footer>
+<@footer>
+    <script type="text/javascript">
+        var expire = parseInt('${expire?c}' || 60);
+        $(".limit-expiration-time").text(expire);
+        var timer = setInterval(function () {
+            if(expire <= 1){
+                window.clearInterval(timer);
+                window.location.reload();
+            } else {
+                $(".forbidden-img").toggleClass("shake");
+                $(".limit-expiration-time").text(expire = expire - 1);
+            }
+        }, 1000);
+    </script>
+</@footer>