in adapter/api/src/main/java/org/apache/rocketmq/eventbridge/adapter/api/converter/HttpEventConverter.java [154:201]
private void checkConfig(ServerHttpRequest request, Map<String, String> headers, String accountId, String token) {
HttpMethod requestMethod = request.getMethod();
String requestIp = request.getRemoteAddress().getAddress().getHostAddress();
if (headers.containsKey(HEADER_X_REAL_IP)) {
requestIp = headers.get(HEADER_X_REAL_IP);
}
String requestReferer = null;
if (headers.containsKey(HttpHeaders.REFERER)) {
requestReferer = headers.get(HttpHeaders.REFERER);
}
EventSource eventSource = httpEventSourceService.getEventSourceByToken(accountId, token);
String securityConfig = (String) eventSource.getConfig().get(SECURITY_CONFIG);
List<String> methods = (List<String>) eventSource.getConfig().get(METHOD_CONFIG);
List<String> ips = (List<String>) eventSource.getConfig().get(IP_CONFIG);
List<String> referers = (List<String>) eventSource.getConfig().get(REFERER_CONFIG);
// request method check
if (!CollectionUtils.isEmpty(methods) && !new HashSet<>(methods).contains(requestMethod.name())) {
throw new EventBridgeException(PutEventsRequestSecurityCheckFailed, "request methods", methods, requestMethod);
}
if (SECURITY_CONFIG_NONE.equals(eventSource.getConfig().get(SECURITY_CONFIG))) {
return;
}
// ip check
if (SECURITY_CONFIG_IP.equals(securityConfig) && !CollectionUtils.isEmpty(ips)) {
boolean matched = false;
for (String ip : ips) {
if (StringUtils.equals(ip, requestIp) ||
(NetUtil.isNetSegment(ip) && new SubnetUtils(ip).getInfo().isInRange(requestIp))) {
matched = true;
break;
}
}
if (!matched) {
throw new EventBridgeException(PutEventsRequestSecurityCheckFailed, "sourceIP", ips, requestIp);
}
}
// referer check
if (SECURITY_CONFIG_REFERER.equals(securityConfig) && !CollectionUtils.isEmpty(referers)) {
if (!new HashSet<>(referers).contains(requestReferer)) {
throw new EventBridgeException(PutEventsRequestSecurityCheckFailed, "secure domain", referers, requestReferer);
}
}
}