denial of service

o2server/configSample/centerServer.json

@@ -25,5 +25,6 @@
   "###configApiEnable": "允许通过Api修改config###",
   "###statEnable": "启用统计,默认启用统计.###",
   "###statExclusions": "统计忽略路径,默认忽略*.js,*.gif,*.jpg,*.png,*.css,*.ico###",
-  "###maxFormContent": "最大提交数据限制(M),限制有所上传的内容大小,包括附件.###"
+  "###maxFormContent": "最大提交数据限制(M),限制有所上传的内容大小,包括附件.###",
+  "###exposeJest": "暴露jest接口.###"
 }

o2server/configSample/components.json

@@ -259,6 +259,16 @@
       "type": "system",
       "allowList": [],
       "dentyList": []
+    },
+    {
+      "name": "IMV2",
+      "path": "IMV2",
+      "title": "聊天",
+      "iconPath": "appicon.png",
+      "orderNumber": 26.0,
+      "type": "system",
+      "allowList": [],
+      "dentyList": []
     }
   ],
   "###systems": "默认模块###"

o2server/configSample/node_127.0.0.1.json

@@ -28,7 +28,8 @@
     "###configApiEnable": "允许通过Api修改config###",
     "###statEnable": "启用统计,默认启用统计.###",
     "###statExclusions": "统计忽略路径,默认忽略*.js,*.gif,*.jpg,*.png,*.css,*.ico###",
-    "###maxFormContent": "最大提交数据限制(M),限制有所上传的内容大小,包括附件.###"
+    "###maxFormContent": "最大提交数据限制(M),限制有所上传的内容大小,包括附件.###",
+    "###exposeJest": "暴露jest接口.###"
   },
   "application": {
     "enable": true,

o2server/x_base_core_project/src/main/java/com/x/base/core/project/config/ApplicationServer.java

@@ -20,6 +20,7 @@ public class ApplicationServer extends ConfigObject {
 	private static final Boolean DEFAULT_STATENABLE = true;
 	private static final String DEFAULT_STATEXCLUSIONS = "*.js,*.gif,*.jpg,*.png,*.css,*.ico";
 	private static final Integer DEFAULT_MAXFORMCONTENT = 20;
+	private static final Boolean DEFAULT_EXPOSEJEST = true;
 
 	public ApplicationServer() {
 		this.enable = true;
@@ -36,6 +37,7 @@ public class ApplicationServer extends ConfigObject {
 		this.statEnable = DEFAULT_STATENABLE;
 		this.statExclusions = DEFAULT_STATEXCLUSIONS;
 		this.maxFormContent = DEFAULT_MAXFORMCONTENT;
+		this.exposeJest = DEFAULT_EXPOSEJEST;
 	}
 
 	@FieldDescribe("是否启用")
@@ -66,6 +68,12 @@ public class ApplicationServer extends ConfigObject {
 	private String statExclusions;
 	@FieldDescribe("最大提交数据限制(M),限制有所上传的内容大小,包括附件.")
 	private Integer maxFormContent;
+	@FieldDescribe("暴露jest接口.")
+	private Boolean exposeJest;
+
+	public Boolean getExposeJest() {
+		return BooleanUtils.isNotFalse(this.exposeJest);
+	}
 
 	public Integer getMaxFormContent() {
 		return ((null == maxFormContent) || (maxFormContent < 1)) ? DEFAULT_MAXFORMCONTENT : maxFormContent;

o2server/x_base_core_project/src/main/java/com/x/base/core/project/config/CenterServer.java

@@ -21,6 +21,7 @@ public class CenterServer extends ConfigObject {
 	private static final Boolean DEFAULT_STATENABLE = true;
 	private static final String DEFAULT_STATEXCLUSIONS = "*.js,*.gif,*.jpg,*.png,*.css,*.ico";
 	private static final Integer DEFAULT_MAXFORMCONTENT = 20;
+	private static final Boolean DEFAULT_EXPOSEJEST = true;
 
 	public static CenterServer defaultInstance() {
 		return new CenterServer();
@@ -40,6 +41,7 @@ public class CenterServer extends ConfigObject {
 		this.statEnable = DEFAULT_STATENABLE;
 		this.statExclusions = DEFAULT_STATEXCLUSIONS;
 		this.maxFormContent = DEFAULT_MAXFORMCONTENT;
+		this.exposeJest = DEFAULT_EXPOSEJEST;
 	}
 
 	@FieldDescribe("是否启用")
@@ -70,6 +72,12 @@ public class CenterServer extends ConfigObject {
 	private String statExclusions;
 	@FieldDescribe("最大提交数据限制(M),限制有所上传的内容大小,包括附件.")
 	private Integer maxFormContent;
+	@FieldDescribe("暴露jest接口.")
+	private Boolean exposeJest;
+
+	public Boolean getExposeJest() {
+		return BooleanUtils.isNotFalse(this.exposeJest);
+	}
 
 	public Integer getMaxFormContent() {
 		return ((null == maxFormContent) || (maxFormContent < 1)) ? DEFAULT_MAXFORMCONTENT : maxFormContent;

o2server/x_base_core_project/src/main/java/com/x/base/core/project/http/FilterTools.java

@@ -42,4 +42,6 @@ public class FilterTools {
 
 	public static final String Application_Not_Cipher_Json = "{\"type\": \"error\", \"message\": \"not cipher.\"}";
 
+	public static final String Application_403_Json = "{\"type\": \"error\", \"message\": \"403\"}";
+
 }

o2server/x_base_core_project/src/main/java/com/x/base/core/project/jaxrs/DenialOfServiceFilter.java

@@ -0,0 +1,36 @@
+package com.x.base.core.project.jaxrs;
+
+import java.io.IOException;
+
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletResponse;
+
+import com.x.base.core.project.http.FilterTools;
+
+public class DenialOfServiceFilter implements Filter {
+
+	@Override
+	public void doFilter(ServletRequest req, ServletResponse res, FilterChain filterChain)
+			throws IOException, ServletException {
+		HttpServletResponse response = (HttpServletResponse) res;
+		response.setStatus(403);
+		response.setHeader("Content-Type", "application/json;charset=UTF-8");
+		response.getWriter().write(FilterTools.Application_403_Json);
+	}
+
+	@Override
+	public void init(FilterConfig filterConfig) throws ServletException {
+		// nothing
+	}
+
+	@Override
+	public void destroy() {
+		// nothing
+	}
+
+}

o2server/x_console/src/main/java/com/x/server/console/server/application/ApplicationServerTools.java

@@ -69,6 +69,7 @@ import com.x.base.core.project.annotation.ModuleCategory;
 import com.x.base.core.project.annotation.ModuleType;
 import com.x.base.core.project.config.ApplicationServer;
 import com.x.base.core.project.config.Config;
+import com.x.base.core.project.jaxrs.DenialOfServiceFilter;
 import com.x.base.core.project.logger.Logger;
 import com.x.base.core.project.logger.LoggerFactory;
 import com.x.base.core.project.tools.ClassLoaderTools;
@@ -183,6 +184,13 @@ public class ApplicationServerTools extends JettySeverTools {
 						statServletHolder.setInitParameter("sessionStatEnable", BooleanUtils.toStringTrueFalse(false));
 						webApp.addServlet(statServletHolder, "/druid/*");
 					}
+					if (BooleanUtils.isFalse(applicationServer.getExposeJest())) {
+						FilterHolder denialOfServiceFilterHolder = new FilterHolder(new DenialOfServiceFilter());
+						webApp.addFilter(denialOfServiceFilterHolder, "/jest/index.html",
+								EnumSet.of(DispatcherType.REQUEST));
+						webApp.addFilter(denialOfServiceFilterHolder, "/jest/list.html",
+								EnumSet.of(DispatcherType.REQUEST));
+					}
 					handlers.addHandler(webApp);
 				} else if (Files.exists(dir)) {
 					PathUtils.cleanDirectory(dir);

o2server/x_console/src/main/java/com/x/server/console/server/center/CenterServerTools.java

@@ -27,6 +27,7 @@ import com.alibaba.druid.support.http.WebStatFilter;
 import com.x.base.core.project.x_program_center;
 import com.x.base.core.project.config.CenterServer;
 import com.x.base.core.project.config.Config;
+import com.x.base.core.project.jaxrs.DenialOfServiceFilter;
 import com.x.base.core.project.logger.Logger;
 import com.x.base.core.project.logger.LoggerFactory;
 import com.x.base.core.project.tools.DefaultCharset;
@@ -72,6 +73,11 @@ public class CenterServerTools extends JettySeverTools {
 				statServletHolder.setInitParameter("sessionStatEnable", "false");
 				webApp.addServlet(statServletHolder, "/druid/*");
 			}
+			if (BooleanUtils.isFalse(centerServer.getExposeJest())) {
+				FilterHolder denialOfServiceFilterHolder = new FilterHolder(new DenialOfServiceFilter());
+				webApp.addFilter(denialOfServiceFilterHolder, "/jest/index.html", EnumSet.of(DispatcherType.REQUEST));
+				webApp.addFilter(denialOfServiceFilterHolder, "/jest/list.html", EnumSet.of(DispatcherType.REQUEST));
+			}
 			handlers.addHandler(webApp);
 		} else {
 			throw new IOException("centerServer war not exist.");