feat(web): 新增 isMatch 路径是否匹配方法

match => isMatch
2025-11-07 02:57:09 +08:00 · 2024-08-19 22:40:53 +08:00
parent 7571c05f9c
commit e55eb17d64
3 changed files with 34 additions and 27 deletions
--- a/continew-starter-web/src/main/java/top/continew/starter/web/autoconfigure/xss/XssFilter.java
+++ b/continew-starter-web/src/main/java/top/continew/starter/web/autoconfigure/xss/XssFilter.java
@@ -21,9 +21,7 @@ import jakarta.servlet.*;
 import jakarta.servlet.http.HttpServletRequest;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import org.springframework.http.server.PathContainer;
-import org.springframework.web.util.pattern.PathPattern;
-import org.springframework.web.util.pattern.PathPatternParser;
+import top.continew.starter.web.util.SpringWebUtils;

 import java.io.IOException;
 import java.util.List;
@@ -57,14 +55,15 @@ public class XssFilter implements Filter {
        if (servletRequest instanceof HttpServletRequest request && xssProperties.isEnabled()) {
            // 放行路由：忽略 XSS 过滤
            List<String> excludePatterns = xssProperties.getExcludePatterns();
-            if (CollectionUtil.isNotEmpty(excludePatterns) && isMatchPath(request.getServletPath(), excludePatterns)) {
+            if (CollectionUtil.isNotEmpty(excludePatterns) && SpringWebUtils.isMatch(request
+                .getServletPath(), excludePatterns)) {
                filterChain.doFilter(request, servletResponse);
                return;
            }
            // 拦截路由：执行 XSS 过滤
            List<String> includePatterns = xssProperties.getIncludePatterns();
            if (CollectionUtil.isNotEmpty(includePatterns)) {
-                if (isMatchPath(request.getServletPath(), includePatterns)) {
+                if (SpringWebUtils.isMatch(request.getServletPath(), includePatterns)) {
                    filterChain.doFilter(new XssServletRequestWrapper(request, xssProperties), servletResponse);
                } else {
                    filterChain.doFilter(request, servletResponse);
@@ -77,22 +76,4 @@ public class XssFilter implements Filter {
        }
        filterChain.doFilter(servletRequest, servletResponse);
    }
-
-    /**
-     * 判断数组中是否存在匹配的路径
-     *
-     * @param requestUrl   请求地址
-     * @param pathPatterns 指定匹配路径
-     * @return true：匹配；false：不匹配
-     */
-    private static boolean isMatchPath(String requestUrl, List<String> pathPatterns) {
-        for (String pattern : pathPatterns) {
-            PathPattern pathPattern = PathPatternParser.defaultInstance.parse(pattern);
-            PathContainer pathContainer = PathContainer.parsePath(requestUrl);
-            if (pathPattern.matches(pathContainer)) {
-                return true;
-            }
-        }
-        return false;
-    }
 }