From 114ffafeeb20ef7066cb2e2882bb58b96f791ab5 Mon Sep 17 00:00:00 2001
From: yanjinhui <3306209981@qq.com>
Date: 星期一, 20 十月 2025 11:33:11 +0800
Subject: [PATCH] 提交数据

---
 项目代码/后端/后台管理/WIDESEAWCS_Server/WIDESEAWCS_Server/Program.cs |   93 ++++++++++++++++++++++++++++++++++++++++++++--
 1 files changed, 89 insertions(+), 4 deletions(-)

diff --git "a/\351\241\271\347\233\256\344\273\243\347\240\201/\345\220\216\347\253\257/\345\220\216\345\217\260\347\256\241\347\220\206/WIDESEAWCS_Server/WIDESEAWCS_Server/Program.cs" "b/\351\241\271\347\233\256\344\273\243\347\240\201/\345\220\216\347\253\257/\345\220\216\345\217\260\347\256\241\347\220\206/WIDESEAWCS_Server/WIDESEAWCS_Server/Program.cs"
index 2eec55f..5900489 100644
--- "a/\351\241\271\347\233\256\344\273\243\347\240\201/\345\220\216\347\253\257/\345\220\216\345\217\260\347\256\241\347\220\206/WIDESEAWCS_Server/WIDESEAWCS_Server/Program.cs"
+++ "b/\351\241\271\347\233\256\344\273\243\347\240\201/\345\220\216\347\253\257/\345\220\216\345\217\260\347\256\241\347\220\206/WIDESEAWCS_Server/WIDESEAWCS_Server/Program.cs"
@@ -89,7 +89,7 @@
 
 builder.Services.AddControllers(o =>
 {
-    o.Filters.Add(typeof(GlobalExceptionsFilter));//全锟斤拷锟届常
+    o.Filters.Add(typeof(GlobalExceptionsFilter));
 })
 .AddNewtonsoftJson(options =>
 {
@@ -107,6 +107,11 @@
 builder.Services.Replace(ServiceDescriptor.Transient<IControllerActivator, ServiceBasedControllerActivator>());
 Encoding.RegisterProvider(CodePagesEncodingProvider.Instance);
 
+//瑙ｅ喅鏈嶅姟鍣ㄥ湪HTTP鍝嶅簲涓嚜鍔ㄦ坊鍔犱簡涓�浜涗笉蹇呰鐨勬爣澶�
+builder.WebHost.ConfigureKestrel(serverOptions =>
+{
+    serverOptions.AddServerHeader = false;
+});
 
 var app = builder.Build();
 
@@ -118,12 +123,92 @@
 app.UseAllServicesMiddle(builder.Services);
 //FaceAI.Face.sdk_init(null);//浜鸿劯璇嗗埆
 app.UseSession();
-//if (app.Environment.IsDevelopment())
+if (app.Environment.IsDevelopment())
 {
     //todo
     app.UseSwaggerAuthorized();
-    app.UseSwaggerMiddle(() => Assembly.GetExecutingAssembly().GetManifestResourceStream("WIDESEAWCS_Server.index.html") ?? throw new Exception("未锟揭碉拷WIDESEAWCS_Server.index.html锟侥硷拷"));
-}//锟叫讹拷锟角凤拷锟斤拷要锟斤拷swagger
+    app.UseSwaggerMiddle(() => Assembly.GetExecutingAssembly().GetManifestResourceStream("WIDESEAWCS_Server.index.html") ?? throw new Exception("鏈壘鍒癢IDESEAWCS_Server.index.html鏂囦欢"));
+}////鍒ゆ柇鏄惁闇�瑕佹墦寮�swagger
+
+
+//X-Content-Type-Options鈥濆ご缂哄け鎴栦笉瀹夊叏
+// 浣跨敤 AddDefaultSecurityHeaders 鏂规硶娣诲姞涓�缁勬帹鑽愮殑瀹夊叏鏍囧ご
+app.UseSecurityHeaders(policies => policies
+    .AddFrameOptionsDeny() // 娣诲姞 X-Frame-Options: DENY
+    .AddContentTypeOptionsNoSniff() // 杩欏氨鏄綘闇�瑕佺殑 X-Content-Type-Options: nosniff
+    .AddXssProtectionBlock() // 娣诲姞 X-XSS-Protection: 1; mode=block
+    .AddStrictTransportSecurityMaxAgeIncludeSubDomains(maxAgeInSeconds: 60 * 60 * 24 * 365) // 娣诲姞 HSTS 澶�
+    // 绉婚櫎鏈嶅姟鍣ㄤ俊鎭ご
+    //.AddCustomHeader("X-Powered-By", string.Empty) // 娉ㄦ剰鏄� AddCustomHeader
+    //瑙ｅ喅Content-Security-Policy缂哄け
+        .AddContentSecurityPolicy(builder =>
+        {
+            builder.AddDefaultSrc().Self();
+            builder.AddScriptSrc().Self();
+            builder.AddStyleSrc().Self();
+            builder.AddImgSrc().Self().Data();
+            builder.AddFontSrc().Self();
+        })
+
+);
+// 鎵嬪姩绉婚櫎澶氫綑鍝嶅簲澶达紙鏃х増鍖呭繀椤伙級
+app.Use(async (context, next) =>
+{
+    context.Response.Headers.Remove("Server");
+    context.Response.Headers.Remove("X-Powered-By");
+    context.Response.Headers.Remove("x-miniprofiler-ids"); // MiniProfiler 鐨勬寚鏍囧ご
+    await next();
+});
+// 鎷︽埅鏁忔劅璺緞锛岃繑鍥� 404
+app.Use(async (context, next) =>
+{
+    var path = context.Request.Path.Value ?? string.Empty;
+
+    var blacklist = new[]
+    {
+        "/.git", "/.svn", "/.env", "/backup", "/backups", "/config", "/database", "/.idea", "/.vscode", "/node_modules"
+    };
+
+    if (path.Contains("..") || blacklist.Any(b => path.StartsWith(b, StringComparison.OrdinalIgnoreCase)))
+    {
+        context.Response.StatusCode = StatusCodes.Status404NotFound;
+        await context.Response.WriteAsync("Not Found");
+        return;
+    }
+    await next();
+});
+//搴旂敤绋嬪簭鎸囨爣鏁版嵁鏆撮湶
+app.Use(async (context, next) =>
+{
+    var path = context.Request.Path.Value ?? string.Empty;
+    // 闇�瑕佷繚鎶ょ殑绔偣鍓嶇紑
+    var sensitivePrefixes = new[]
+    {
+        "/metrics", "/health", "/actuator", "/diagnostics", "/debug", "/metrics/prometheus"
+    };
+
+    if (sensitivePrefixes.Any(p => path.StartsWith(p, StringComparison.OrdinalIgnoreCase)))
+    {
+        var secret = app.Configuration["Internal:MetricsKey"]; // 鍦� appsettings.json 鎴� 鐜鍙橀噺閲岄厤缃�
+        if (string.IsNullOrWhiteSpace(secret))
+        {
+            // 鏈厤缃瘑閽ワ細涓轰簡瀹夊叏鎷掔粷璁块棶
+            context.Response.StatusCode = StatusCodes.Status403Forbidden;
+            await context.Response.WriteAsync("Forbidden");
+            return;
+        }
+
+        if (!context.Request.Headers.TryGetValue("X-Internal-Secret", out var provided) || provided != secret)
+        {
+            context.Response.StatusCode = StatusCodes.Status401Unauthorized;
+            await context.Response.WriteAsync("Unauthorized");
+            return;
+        }
+    }
+
+    await next();
+});
+app.UseHttpsRedirection();
 
 app.UseIpLimitMiddle();
 app.UseApiLogMiddleware();

--
Gitblit v1.9.3