From 6c48075f3f0834f4998093abc6b7ad79054dd6a7 Mon Sep 17 00:00:00 2001 From: Eason <291028775@qq.com> Date: Thu, 30 Mar 2023 22:23:53 +0800 Subject: [PATCH] fix: security problems --- .../src/main/resources/application-sonic-server-gateway.yml | 2 +- .../main/java/org/cloud/sonic/gateway/config/AuthFilter.java | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sonic-server-common/src/main/resources/application-sonic-server-gateway.yml b/sonic-server-common/src/main/resources/application-sonic-server-gateway.yml index 8f3d82fb..308c1ca3 100644 --- a/sonic-server-common/src/main/resources/application-sonic-server-gateway.yml +++ b/sonic-server-common/src/main/resources/application-sonic-server-gateway.yml @@ -2,7 +2,7 @@ server: port: 3000 filter: - white-list: /server,/projects/list,/websockets,/users/login,/users/register,/users/loginConfig,/swagger,/v3/api-docs,/doc.html,/folder/upload,/keepFiles/,/imageFiles/,/recordFiles/,/logFiles/,/packageFiles/ + white-list: /projects/list,/websockets,/users/login,/users/register,/users/loginConfig,/swagger,/v3/api-docs,/doc.html,/folder/upload,/keepFiles/,/imageFiles/,/recordFiles/,/logFiles/,/packageFiles/ knife4j: gateway: diff --git a/sonic-server-gateway/src/main/java/org/cloud/sonic/gateway/config/AuthFilter.java b/sonic-server-gateway/src/main/java/org/cloud/sonic/gateway/config/AuthFilter.java index 5e8d38a5..c272a0aa 100644 --- a/sonic-server-gateway/src/main/java/org/cloud/sonic/gateway/config/AuthFilter.java +++ b/sonic-server-gateway/src/main/java/org/cloud/sonic/gateway/config/AuthFilter.java @@ -45,7 +45,7 @@ public class AuthFilter implements GlobalFilter, Ordered { @Override public Mono filter(ServerWebExchange exchange, GatewayFilterChain chain) { for (String white : whiteList) { - if (exchange.getRequest().getURI().toString().contains(white)) { + if (exchange.getRequest().getURI().getPath().contains(white)) { return chain.filter(exchange); } }