问题修改

2025-10-29 09:10:18 +08:00 · 2025-10-29 09:10:18 +08:00 · 0c5344e885
parent be7dc25a1d
commit 0c5344e885
2 changed files with 72 additions and 0 deletions
--- a/bonus-api/bonus-api-system/src/main/java/com/bonus/system/api/domain/AirConditioningPosition.java
+++ b/bonus-api/bonus-api-system/src/main/java/com/bonus/system/api/domain/AirConditioningPosition.java
@ -0,0 +1,22 @@
+package com.bonus.system.api.domain;
+
+import lombok.Data;
+
+/**
+ * @author bonus
+ */
+@Data
+public class AirConditioningPosition {
+    /**
+     * 主键
+     */
+    private Integer id;
+    /**
+     * 父类id
+     */
+    private String parentId;
+    /**
+     * 楼层
+     */
+    private String title;
+}
--- a/bonus-gateway/src/main/java/com/bonus/gateway/filter/AntiClickJackingConfig.java
+++ b/bonus-gateway/src/main/java/com/bonus/gateway/filter/AntiClickJackingConfig.java
@ -0,0 +1,50 @@
+package com.bonus.gateway.filter;
+
+import org.springframework.cloud.gateway.filter.GlobalFilter;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.core.Ordered;
+import reactor.core.publisher.Mono;
+
+/**
+ * 网关全局防点击劫持过滤器（修正版：解决 X_FRAME_OPTIONS 无法识别问题）
+ */
+@Configuration
+public class AntiClickJackingConfig {
+
+    // 自定义常量：X-Frame-Options 头名称（替代未定义的 HttpHeaders.X_FRAME_OPTIONS）
+    private static final String X_FRAME_OPTIONS = "X-Frame-Options";
+    // 可选：CSP 头名称
+    private static final String CONTENT_SECURITY_POLICY = "Content-Security-Policy";
+
+    @Bean
+    public GlobalFilter antiClickJackingGlobalFilter() {
+        return (exchange, chain) -> {
+            // 1. 添加 X-Frame-Options 头（使用自定义常量）
+            exchange.getResponse().getHeaders().add(
+                    X_FRAME_OPTIONS,
+                    "DENY" // 禁止所有嵌入，按需改为 SAMEORIGIN
+            );
+
+            // 2. 可选：添加 CSP 头增强防护
+            exchange.getResponse().getHeaders().add(
+                    CONTENT_SECURITY_POLICY,
+                    "frame-ancestors 'none';" // 等价于 X-Frame-Options: DENY
+            );
+
+            // 继续执行后续过滤链
+            return chain.filter(exchange)
+                    .then(Mono.fromRunnable(() -> {
+                        // 可选：记录日志
+                        String requestUrl = exchange.getRequest().getURI().toString();
+                        System.out.printf("已为请求 %s 添加防点击劫持头%n", requestUrl);
+                    }));
+        };
+    }
+
+    // 设置过滤器优先级（最高优先级，避免头信息被覆盖）
+    @Bean
+    public Ordered antiClickJackingFilterOrder() {
+        return () -> Ordered.HIGHEST_PRECEDENCE;
+    }
+}