Play 2.4 禁用某些基于请求路径或方法设置的过滤器
Play 2.4 disable certain filters set based on request path or method
在 Play 2.3 中,我可以根据不同的请求路径或方法禁用某些过滤器。但是,我找不到在 Play 2.4 中执行此操作的方法。 https://www.playframework.com/documentation/2.4.x/ScalaHttpFilters。我怎样才能在 Play 2.4 HttpFilters 中获得类似的结果。
这是我在 Play 2.3 中的做法。
object CacheCtrlHeadersFilter extends EssentialFilter {
def apply(action: EssentialAction) = new EssentialAction {
def apply(requestHeader: RequestHeader) = {
action(requestHeader).map { result =>
result.withHeaders(
CACHE_CONTROL -> "no-cache, no-store, must-revalidate, private",
PRAGMA -> "no-cache"
)
}
}
}
}
import play.api.libs.iteratee._
object FilterChainByRequestHeader {
def apply[A](action: EssentialAction, filtersFun: (RequestHeader) => List[EssentialFilter]): EssentialAction = new EssentialAction {
def apply(rh: RequestHeader): Iteratee[Array[Byte], Result] = {
val chain = filtersFun(rh).reverse.foldLeft(action) { (a, i) => i(a) }
chain(rh)
}
}
}
object Global extends GlobalSettings {
val securityFilter = SecurityHeadersFilter()
val defaultFilters = List(securityFilter,
CacheCtrlHeadersFilter)
def filters(rh: RequestHeader) = {
if (rh.method == "OPTIONS") <----------- by method
defaultFilters.filterNot(_.eq(securityFilter))
else if (rh.path.startsWith("/apps/google")) <----------- by path
defaultFilters.filterNot(_.eq(securityFilter))
else defaultFilters
}
override def doFilter(a: EssentialAction): EssentialAction = {
FilterChainByRequestHeader(super.doFilter(a), filters)
}
}
Play 2.4 的 HttpFilters 中没有可用的 RequestHeader
class Filters @Inject() (
securityHeadersFilter: SecurityHeadersFilter,
cacheCtrlHeadersFilter: CacheCtrlHeadersFilter
) extends HttpFilters {
val filters = Seq(securityHeadersFilter, cacheCtrlHeadersFilter)
}
object Global extends WithFilters(new CoreActionFilter()) {
}
class CoreActionFilter extends Filter {
lazy val serviceLogger = Logger("services")
def apply(nextFilter: RequestHeader => Future[Result])(requestHeader: RequestHeader) = {
nextFilter(requestHeader).map { result =>
val action = requestHeader.path match {
case "/favicon.ico" => s"[ ${requestHeader.remoteAddress.toString}]"
case _ => s"[ ${requestHeader.remoteAddress.toString}]" + ("[") + requestHeader.tags(Tags.RoutePattern) + ("]") + ("[") + requestHeader.tags(Tags.RouteController) + "." + requestHeader.tags(Tags.RouteActionMethod) + ("]")
}
val startTime = System.currentTimeMillis
val endTime = System.currentTimeMillis
val requestTime = endTime - startTime
val token = requestHeader.headers.get("X-Auth-Token")
serviceLogger.info(s"[$token]" + s"${action}[${requestTime}ms]" + s"[${result.header.status}]")
result.withHeaders("Request-Time" -> requestTime.toString)
}(CoreContexts.simpleSqlQuery)
}
}
我的实现:
class 过滤器 @Inject() (corsFilter: CORSFilter,coreActionFilter: CoreActionFilter) extends HttpFilters {
def 过滤器 = Seq(corsFilter, coreActionFilter)
}
class CoreActionFilter 扩展过滤器 {
def apply(nextFilter: RequestHeader => Future[Result])(requestHeader: RequestHeader) = {
if(/*yourContidion*/) {
nextFilter(requestHeader).map { result =>
val action = requestHeader.path match {
case "/favicon.ico" => s"[ ${requestHeader.remoteAddress.toString}]"
case _ => s"[ ${requestHeader.remoteAddress.toString}]" + ("[") + requestHeader.tags(Tags.RoutePattern) + ("]") + ("[") + requestHeader.tags(Tags.RouteController) + "." + requestHeader.tags(Tags.RouteActionMethod) + ("]")
}
val startTime = System.currentTimeMillis
val endTime = System.currentTimeMillis
val requestTime = endTime - startTime
val token = requestHeader.headers.get("X-Auth-Token")
serviceLogger.info(s"[$token]" + s"${action}[${requestTime}ms]" + s"[${result.header.status}]")
result.withHeaders("Request-Time" -> requestTime.toString)
}(CoreContexts.simpleSqlQuery)
}
nextFilter(requestHeader)
}
}
我就是这样实现的。它正在工作,但并不理想。基本上我们在最外层添加一个WhiteListFilter,来丰富请求,让请求永远不会被过滤掉。
如果过滤器是关于操纵响应,则可以使用相同的过滤器来有效地 unset 响应。
免责声明,我用文本编辑器键入以下代码只是为了让您获得图片。不能保证它编译:
object WhiteListFilter extends EssentialFilter {
override def apply(next: EssentialAction) = new EssentialAction {
override def apply(req: RequestHeader) = {
val whiteListedReq =
// if the filter is about to block some request by headers
// then append the valid headers, to `whitelist` request
if (req.method == "OPTIONS") {
req.copy(headers = req.headers.add("XXX" -> "XXX"))
} else {
req
}
next(whiteListedReq).map {
resp =>
// if the filter is about to manipulate response
// then unset the actions
if (req.method == "OPTIONS") {
val headers = resp.headers - "key1" - "key2"
resp.copy(headers = headers)
} else {
resp
}
}
}
}
}
这就是我最后做的。
class SecurityHeadersFilter extends EssentialFilter {
def apply(action: EssentialAction) = new EssentialAction {
def apply(rh: RequestHeader) = {
action(rh).map { result =>
if (rh.method != "OPTIONS" && !rh.path.startsWith("/apps/google"))
result.withHeaders(
"X-Frame-Options" -> "SAMEORIGIN",
"Content-Security-Policy" -> "default-src * 'self' 'unsafe-inline' 'unsafe-eval' "
)
}
}
}
}
class Filters @Inject() (
gzip: GzipFilter,
cache: CacheCtrlHeadersFilter,
cors: CorsFilter,
security: SecurityHeadersFilter
) extends HttpFilters {
val filters = Seq(gzip, cache, cors, security)
}
在 Play 2.3 中,我可以根据不同的请求路径或方法禁用某些过滤器。但是,我找不到在 Play 2.4 中执行此操作的方法。 https://www.playframework.com/documentation/2.4.x/ScalaHttpFilters。我怎样才能在 Play 2.4 HttpFilters 中获得类似的结果。
这是我在 Play 2.3 中的做法。
object CacheCtrlHeadersFilter extends EssentialFilter {
def apply(action: EssentialAction) = new EssentialAction {
def apply(requestHeader: RequestHeader) = {
action(requestHeader).map { result =>
result.withHeaders(
CACHE_CONTROL -> "no-cache, no-store, must-revalidate, private",
PRAGMA -> "no-cache"
)
}
}
}
}
import play.api.libs.iteratee._
object FilterChainByRequestHeader {
def apply[A](action: EssentialAction, filtersFun: (RequestHeader) => List[EssentialFilter]): EssentialAction = new EssentialAction {
def apply(rh: RequestHeader): Iteratee[Array[Byte], Result] = {
val chain = filtersFun(rh).reverse.foldLeft(action) { (a, i) => i(a) }
chain(rh)
}
}
}
object Global extends GlobalSettings {
val securityFilter = SecurityHeadersFilter()
val defaultFilters = List(securityFilter,
CacheCtrlHeadersFilter)
def filters(rh: RequestHeader) = {
if (rh.method == "OPTIONS") <----------- by method
defaultFilters.filterNot(_.eq(securityFilter))
else if (rh.path.startsWith("/apps/google")) <----------- by path
defaultFilters.filterNot(_.eq(securityFilter))
else defaultFilters
}
override def doFilter(a: EssentialAction): EssentialAction = {
FilterChainByRequestHeader(super.doFilter(a), filters)
}
}
Play 2.4 的 HttpFilters 中没有可用的 RequestHeader
class Filters @Inject() (
securityHeadersFilter: SecurityHeadersFilter,
cacheCtrlHeadersFilter: CacheCtrlHeadersFilter
) extends HttpFilters {
val filters = Seq(securityHeadersFilter, cacheCtrlHeadersFilter)
}
object Global extends WithFilters(new CoreActionFilter()) {
}
class CoreActionFilter extends Filter {
lazy val serviceLogger = Logger("services")
def apply(nextFilter: RequestHeader => Future[Result])(requestHeader: RequestHeader) = {
nextFilter(requestHeader).map { result =>
val action = requestHeader.path match {
case "/favicon.ico" => s"[ ${requestHeader.remoteAddress.toString}]"
case _ => s"[ ${requestHeader.remoteAddress.toString}]" + ("[") + requestHeader.tags(Tags.RoutePattern) + ("]") + ("[") + requestHeader.tags(Tags.RouteController) + "." + requestHeader.tags(Tags.RouteActionMethod) + ("]")
}
val startTime = System.currentTimeMillis
val endTime = System.currentTimeMillis
val requestTime = endTime - startTime
val token = requestHeader.headers.get("X-Auth-Token")
serviceLogger.info(s"[$token]" + s"${action}[${requestTime}ms]" + s"[${result.header.status}]")
result.withHeaders("Request-Time" -> requestTime.toString)
}(CoreContexts.simpleSqlQuery)
}
}
我的实现:
class 过滤器 @Inject() (corsFilter: CORSFilter,coreActionFilter: CoreActionFilter) extends HttpFilters { def 过滤器 = Seq(corsFilter, coreActionFilter) }
class CoreActionFilter 扩展过滤器 { def apply(nextFilter: RequestHeader => Future[Result])(requestHeader: RequestHeader) = {
if(/*yourContidion*/) {
nextFilter(requestHeader).map { result =>
val action = requestHeader.path match {
case "/favicon.ico" => s"[ ${requestHeader.remoteAddress.toString}]"
case _ => s"[ ${requestHeader.remoteAddress.toString}]" + ("[") + requestHeader.tags(Tags.RoutePattern) + ("]") + ("[") + requestHeader.tags(Tags.RouteController) + "." + requestHeader.tags(Tags.RouteActionMethod) + ("]")
}
val startTime = System.currentTimeMillis
val endTime = System.currentTimeMillis
val requestTime = endTime - startTime
val token = requestHeader.headers.get("X-Auth-Token")
serviceLogger.info(s"[$token]" + s"${action}[${requestTime}ms]" + s"[${result.header.status}]")
result.withHeaders("Request-Time" -> requestTime.toString)
}(CoreContexts.simpleSqlQuery)
}
nextFilter(requestHeader)
} }
我就是这样实现的。它正在工作,但并不理想。基本上我们在最外层添加一个WhiteListFilter,来丰富请求,让请求永远不会被过滤掉。
如果过滤器是关于操纵响应,则可以使用相同的过滤器来有效地 unset 响应。
免责声明,我用文本编辑器键入以下代码只是为了让您获得图片。不能保证它编译:
object WhiteListFilter extends EssentialFilter {
override def apply(next: EssentialAction) = new EssentialAction {
override def apply(req: RequestHeader) = {
val whiteListedReq =
// if the filter is about to block some request by headers
// then append the valid headers, to `whitelist` request
if (req.method == "OPTIONS") {
req.copy(headers = req.headers.add("XXX" -> "XXX"))
} else {
req
}
next(whiteListedReq).map {
resp =>
// if the filter is about to manipulate response
// then unset the actions
if (req.method == "OPTIONS") {
val headers = resp.headers - "key1" - "key2"
resp.copy(headers = headers)
} else {
resp
}
}
}
}
}
这就是我最后做的。
class SecurityHeadersFilter extends EssentialFilter {
def apply(action: EssentialAction) = new EssentialAction {
def apply(rh: RequestHeader) = {
action(rh).map { result =>
if (rh.method != "OPTIONS" && !rh.path.startsWith("/apps/google"))
result.withHeaders(
"X-Frame-Options" -> "SAMEORIGIN",
"Content-Security-Policy" -> "default-src * 'self' 'unsafe-inline' 'unsafe-eval' "
)
}
}
}
}
class Filters @Inject() (
gzip: GzipFilter,
cache: CacheCtrlHeadersFilter,
cors: CorsFilter,
security: SecurityHeadersFilter
) extends HttpFilters {
val filters = Seq(gzip, cache, cors, security)
}