From 648af61116cc9f3de71cbc48791db3c36533ca18 Mon Sep 17 00:00:00 2001
From: zengqiao <zengqiao@didiglobal.com>
Date: Mon, 29 Mar 2021 21:21:23 +0800
Subject: [PATCH] =?UTF-8?q?=E6=8E=A5=E5=8F=A3=E8=BF=87=E6=BB=A4=E7=AD=96?=
 =?UTF-8?q?=E7=95=A5=E7=94=B1=E6=8E=A5=E5=8F=A3=E9=BB=91=E5=90=8D=E5=8D=95?=
 =?UTF-8?q?=E8=BD=AC=E6=88=90=E6=8E=A5=E5=8F=A3=E7=99=BD=E5=90=8D=E5=8D=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../kafka/manager/common/constant/ApiPrefix.java   |  5 ++---
 .../manager/account/impl/LoginServiceImpl.java     | 14 +++++++-------
 .../kafka/manager/web/api/HealthController.java    |  5 +++--
 3 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/kafka-manager-common/src/main/java/com/xiaojukeji/kafka/manager/common/constant/ApiPrefix.java b/kafka-manager-common/src/main/java/com/xiaojukeji/kafka/manager/common/constant/ApiPrefix.java
index 3690514f..a6784204 100644
--- a/kafka-manager-common/src/main/java/com/xiaojukeji/kafka/manager/common/constant/ApiPrefix.java
+++ b/kafka-manager-common/src/main/java/com/xiaojukeji/kafka/manager/common/constant/ApiPrefix.java
@@ -7,8 +7,8 @@ package com.xiaojukeji.kafka.manager.common.constant;
  */
 public class ApiPrefix {
     public static final String API_PREFIX = "/api/";
-    public static final String API_V1_PREFIX = API_PREFIX + "v1/";
-    public static final String API_V2_PREFIX = API_PREFIX + "v2/";
+    private static final String API_V1_PREFIX = API_PREFIX + "v1/";
+    private static final String API_V2_PREFIX = API_PREFIX + "v2/";
 
     // console
     public static final String API_V1_SSO_PREFIX = API_V1_PREFIX + "sso/";
@@ -18,7 +18,6 @@ public class ApiPrefix {
 
     // open
     public static final String API_V1_THIRD_PART_PREFIX = API_V1_PREFIX + "third-part/";
-    public static final String API_V2_THIRD_PART_PREFIX = API_V2_PREFIX + "third-part/";
 
     // gateway
     public static final String GATEWAY_API_V1_PREFIX = "/gateway" + API_V1_PREFIX;
diff --git a/kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/impl/LoginServiceImpl.java b/kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/impl/LoginServiceImpl.java
index 591768fb..b168b754 100644
--- a/kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/impl/LoginServiceImpl.java
+++ b/kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/impl/LoginServiceImpl.java
@@ -64,16 +64,16 @@ public class LoginServiceImpl implements LoginService {
 
     @Override
     public boolean checkLogin(HttpServletRequest request, HttpServletResponse response) {
-        String uri = request.getRequestURI();
-        if (uri.contains("..")) {
-            LOGGER.error("class=LoginServiceImpl||method=checkLogin||msg=uri illegal||uri={}", uri);
+        String uri = request.getRequestURI().replace("//", "/");
+        if (uri.contains("/../") || uri.contains("/./")) {
+            LOGGER.error("class=LoginServiceImpl||method=checkLogin||msg=uri illegal, contains /../ or /./||uri={}", uri);
             return false;
         }
 
-        if (!(uri.contains(ApiPrefix.API_V1_NORMAL_PREFIX)
-                || uri.contains(ApiPrefix.API_V1_RD_PREFIX)
-                || uri.contains(ApiPrefix.API_V1_OP_PREFIX))) {
-            // 白名单接口, 直接忽略登录
+        if (uri.startsWith(ApiPrefix.API_V1_SSO_PREFIX)
+                || uri.startsWith(ApiPrefix.API_V1_THIRD_PART_PREFIX)
+                || uri.startsWith(ApiPrefix.GATEWAY_API_V1_PREFIX)) {
+            // 白名单接口直接true
             return true;
         }
 
diff --git a/kafka-manager-web/src/main/java/com/xiaojukeji/kafka/manager/web/api/HealthController.java b/kafka-manager-web/src/main/java/com/xiaojukeji/kafka/manager/web/api/HealthController.java
index c632eb0a..cc9a9732 100644
--- a/kafka-manager-web/src/main/java/com/xiaojukeji/kafka/manager/web/api/HealthController.java
+++ b/kafka-manager-web/src/main/java/com/xiaojukeji/kafka/manager/web/api/HealthController.java
@@ -1,5 +1,6 @@
 package com.xiaojukeji.kafka.manager.web.api;
 
+import com.xiaojukeji.kafka.manager.common.constant.ApiPrefix;
 import com.xiaojukeji.kafka.manager.common.entity.Result;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
@@ -14,9 +15,9 @@ import springfox.documentation.annotations.ApiIgnore;
  * @date 20/6/18
  */
 @ApiIgnore
-@Api(description = "web应用探活接口(REST)")
+@Api(tags = "web应用探活接口(REST)")
 @RestController
-@RequestMapping("api/")
+@RequestMapping(ApiPrefix.API_V1_THIRD_PART_PREFIX)
 public class HealthController {
 
     @ApiIgnore