use of com.duangframework.mvc.render.TextRender in project duangframework by tcrct.
the class CORSHandle method execute.
/**
* 执行处理器
* @param target 请求URI
* @param request 请求对象
* @param response 返回对象
* @throws Exception
*/
@Override
public void execute(String target, IRequest request, IResponse response) throws Exception {
if (ToolsKit.isEmpty(allowHostMap)) {
return;
}
String host = "";
boolean isAllowAccess = false;
String allowhost = request.getHeader("Host");
if (ToolsKit.isEmpty(allowhost)) {
allowhost = request.getHeader("Origin");
if (ToolsKit.isEmpty(allowhost)) {
allowhost = request.getHeader("Referer");
}
if (ToolsKit.isEmpty(allowhost)) {
allowhost = request.getRequestURL().toString();
}
if (ToolsKit.isEmpty(allowhost)) {
String key = request.getParameter("allowhost");
allowhost = allowHostMap.get(key);
}
}
if (ToolsKit.isNotEmpty(allowhost)) {
host = allowhost.toLowerCase().replace(PROTOCOL, "").replace(PROTOCOLS, "").replace("*", "");
int endIndex = host.indexOf(":");
host = host.substring(0, endIndex > -1 ? endIndex : host.length());
if (host.startsWith("127.0") || host.startsWith("192.168") || host.toLowerCase().startsWith("localhost")) {
isAllowAccess = true;
} else {
// isAllowAccess = allowHostMap.containsValue(host);
for (Iterator<Map.Entry<String, String>> iterator = allowHostMap.entrySet().iterator(); iterator.hasNext(); ) {
Map.Entry<String, String> entry = iterator.next();
if (host.contains(entry.getValue())) {
isAllowAccess = true;
break;
}
}
}
}
if (isAllowAccess) {
response.setHeader("Access-Control-Allow-Origin", host);
response.setHeader("Access-Control-Allow-Credentials", "true");
String allowString = "Accept,Content-Type,Access-Control-Allow-Headers,Authorization,X-Requested-With,Authoriza,duang-token-id";
if (ToolsKit.isEmpty(accessControlAllowHeaders)) {
accessControlAllowHeaders = allowString;
String[] arrayItem = ConfigKit.duang().key("allow.host.headers").asArray();
if (ToolsKit.isNotEmpty(arrayItem)) {
for (String allowItem : arrayItem) {
accessControlAllowHeaders += "," + allowItem;
}
}
}
response.setHeader("Access-Control-Allow-Headers", accessControlAllowHeaders);
// 如果是OPTIONS请求且符合CORS规则,则返回200
if (HttpMethod.OPTIONS.name().equalsIgnoreCase(request.getMethod())) {
TextRender render = new TextRender("200");
render.setContext(request, response).render();
return;
}
} else {
throw new DuangMvcException("the reqeust is not allow");
}
}
Aggregations