Spring Cloud Gateway 过滤器实现XSS防护

已于 2022-12-13 14:31:37 修改
阅读量2.8k 收藏 5
点赞数 2
文章标签: java spring cloud gateway xss 正则表达式
于 2022-12-13 13:49:36 首次发布
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/qq_38866412/article/details/128300551
版权

背景:公司项目为微服务项目,使用了SpringCloudGateway,目前有需要防护xss攻击请求的需求

实现方案:继承AbstractGatewayFilterFactory,通过yml文件自定义配置某些需要xss防护的服务。xss匹配:自定义正则表达式匹配

之前写的一版,,自己创建新DataBuffer来读取requestbody里的内容,上生产堆外内存泄露了。

改版后的代码如下,还请各位大佬指正

gateway yml配置项:

 XssRequestFirewallGatewayFilterFactory;(参考:org.springframework.cloud.gateway.filter.factory.rewrite.ModifyRequestBodyGatewayFilterFactory)

import com.alibaba.fastjson.JSONObject;
import com.mg.mg.gateway.utils.CommonUtil;
import com.mg.mg.gateway.utils.XssCleanRuleUtils;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang3.StringUtils;
import org.reactivestreams.Publisher;
import org.springframework.cloud.gateway.filter.GatewayFilter;
import org.springframework.cloud.gateway.filter.factory.AbstractGatewayFilterFactory;
import org.springframework.cloud.gateway.support.BodyInserterContext;
import org.springframework.cloud.gateway.support.HasRouteId;
import org.springframework.cloud.gateway.support.ServerWebExchangeUtils;
import org.springframework.core.io.buffer.*;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpStatus;
import org.springframework.http.ReactiveHttpOutputMessage;
import org.springframework.http.codec.HttpMessageReader;
import org.springframework.http.server.reactive.ServerHttpRequest;
import org.springframework.http.server.reactive.ServerHttpRequestDecorator;
import org.springframework.stereotype.Component;
import org.springframework.util.MultiValueMap;
import org.springframework.web.reactive.function.BodyInserter;
import org.springframework.web.reactive.function.BodyInserters;
import org.springframework.web.reactive.function.server.HandlerStrategies;
import org.springframework.web.reactive.function.server.ServerRequest;
import org.springframework.web.server.ServerWebExchange;
import org.springframework.web.util.UriComponentsBuilder;
import reactor.core.publisher.Flux;
import reactor.core.publisher.Mono;

import java.net.URI;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.concurrent.atomic.AtomicReference;
import java.util.function.Function;
import java.util.function.Supplier;

@Component
@Slf4j
public class XssRequestFirewallGatewayFilterFactory
        extends AbstractGatewayFilterFactory<XssRequestFirewallGatewayFilterFactory.Config> {

    private final List<HttpMessageReader<?>> messageReaders;

    public XssRequestFirewallGatewayFilterFactory() {
        super(XssRequestFirewallGatewayFilterFactory.Config.class);
        this.messageReaders = HandlerStrategies.withDefaults().messageReaders();
    }

    public XssRequestFirewallGatewayFilterFactory(List<HttpMessageReader<?>> messageReaders) {
        super(XssRequestFirewallGatewayFilterFactory.Config.class);
        this.messageReaders = messageReaders;
    }

    private static final String CONTENT_TYPE = "Content-Type";

    private static final String CONTENT_TYPE_JSON = "application/json";

    @Override
    public GatewayFilter apply(Config config) {
        return (exchange, chain) -> {
            ServerHttpRequest request = exchange.getRequest();
            URI uri = request.getURI();
            MultiValueMap<String, String> queryParams = request.getQueryParams();
            switch (Objects.requireNonNull(request.getMethod())) {
                case GET:
                    if (checkParamsXss(exchange, request, uri, queryParams)) {
                        return exchange.getResponse().setComplete();
                    }
                    URI newUri1 = UriComponentsBuilder.fromUri(uri).build(true).toUri();
                    ServerHttpRequest newRequest1 = exchange.getRequest().mutate().uri(newUri1).build();
                    return chain.filter(exchange.mutate().request(newRequest1).build());
                case POST:
                    String contentType = request.getHeaders().getFirst(CONTENT_TYPE);
                    //只处理contentType为application/json的post请求
                    if (StringUtils.isNotBlank(contentType) && contentType.contains(CONTENT_TYPE_JSON)) {
                        if (checkParamsXss(exchange, request, uri, queryParams)) {
                            return exchange.getResponse().setComplete();
                        }
                        //Class inClass = config.getInClass();
                        ServerRequest serverRequest = ServerRequest.create(exchange, messageReaders);

                        AtomicReference<String> bodyAc = new AtomicReference<>();
                        // TODO: flux or mono
                        Mono<String> modifiedBody = serverRequest.bodyToMono(String.class)
                                .flatMap(originalBody -> {
                                    bodyAc.set(originalBody);
                                    return Mono.just(originalBody);
                                });
                        BodyInserter bodyInserter = BodyInserters.fromPublisher(modifiedBody, String.class);
                        HttpHeaders headers = new HttpHeaders();
                        headers.putAll(exchange.getRequest().getHeaders());

                        // the new content type will be computed by bodyInserter
                        // and then set in the request decorator
                        headers.remove(HttpHeaders.CONTENT_LENGTH);

                        CachedBodyOutputMessageInner outputMessage = new CachedBodyOutputMessageInner(exchange, headers);
                        return bodyInserter.insert(outputMessage, new BodyInserterContext())
                                // .log("modify_request", Level.INFO)
                                .then(Mono.defer(() -> {
                                    String bodyString = bodyAc.get();
                                    if (XssCleanRuleUtils.xssMatch(bodyString)) {
                                        log.info("检测到xss注入攻击,uri:{},bodyString:{},ip:{}", uri, bodyString, CommonUtil.getIpAddr(request));
                                        ServerWebExchangeUtils.setResponseStatus(exchange, HttpStatus.FORBIDDEN);
                                        return exchange.getResponse().setComplete();
                                    }
                                    ServerHttpRequest decorator = decorate(exchange, headers, outputMessage);
                                    return chain.filter(exchange.mutate().request(decorator).build());
                                })).onErrorResume((Function<Throwable, Mono<Void>>) throwable -> release(exchange,
                                        outputMessage, throwable));
                    }
                    break;
                default:
                    break;
            }
            return chain.filter(exchange);
        };
    }

    private boolean checkParamsXss(ServerWebExchange exchange, ServerHttpRequest request, URI uri, MultiValueMap<String, String> queryParams) {
        for (Map.Entry<String, List<String>> entry : queryParams.entrySet()) {
            List<String> value = entry.getValue();
            if (XssCleanRuleUtils.xssMatch(Arrays.toString(value.toArray()))) {
                log.info("检测到xss注入攻击,uri:{},queryParams:{},ip:{}", uri, JSONObject.toJSONString(queryParams), CommonUtil.getIpAddr(request));
                ServerWebExchangeUtils.setResponseStatus(exchange, HttpStatus.FORBIDDEN);
                return true;
            }
        }
        return false;
    }

    protected Mono<Void> release(ServerWebExchange exchange, CachedBodyOutputMessageInner outputMessage,
                                 Throwable throwable) {
        if (outputMessage.isCached()) {
            return outputMessage.getBody().map(DataBufferUtils::release).then(Mono.error(throwable));
        }
        return Mono.error(throwable);
    }

    ServerHttpRequestDecorator decorate(ServerWebExchange exchange, HttpHeaders headers,
                                        CachedBodyOutputMessageInner outputMessage) {
        return new ServerHttpRequestDecorator(exchange.getRequest()) {
            @Override
            public HttpHeaders getHeaders() {
                long contentLength = headers.getContentLength();
                HttpHeaders httpHeaders = new HttpHeaders();
                httpHeaders.putAll(headers);
                if (contentLength > 0) {
                    httpHeaders.setContentLength(contentLength);
                } else {
                    // TODO: this causes a 'HTTP/1.1 411 Length Required' // on
                    // httpbin.org
                    httpHeaders.set(HttpHeaders.TRANSFER_ENCODING, "chunked");
                }
                return httpHeaders;
            }

            @Override
            public Flux<DataBuffer> getBody() {
                return outputMessage.getBody();
            }
        };
    }

    private <T> T getOrDefault(T configValue, T defaultValue) {
        return (configValue != null) ? configValue : defaultValue;
    }

    public static class CachedBodyOutputMessageInner implements ReactiveHttpOutputMessage {

        private final DataBufferFactory bufferFactory;

        private final HttpHeaders httpHeaders;

        private boolean cached = false;

        private Flux<DataBuffer> body = Flux
                .error(new IllegalStateException("The body is not set. " + "Did handling complete with success?"));

        public CachedBodyOutputMessageInner(ServerWebExchange exchange, HttpHeaders httpHeaders) {
            this.bufferFactory = exchange.getResponse().bufferFactory();
            this.httpHeaders = httpHeaders;
        }

        @Override
        public void beforeCommit(Supplier<? extends Mono<Void>> action) {

        }

        @Override
        public boolean isCommitted() {
            return false;
        }

        boolean isCached() {
            return this.cached;
        }

        @Override
        public HttpHeaders getHeaders() {
            return this.httpHeaders;
        }

        @Override
        public DataBufferFactory bufferFactory() {
            return this.bufferFactory;
        }

        /**
         * Return the request body, or an error stream if the body was never set or when.
         *
         * @return body as {@link Flux}
         */
        public Flux<DataBuffer> getBody() {
            return this.body;
        }

        @Override
        public Mono<Void> writeWith(Publisher<? extends DataBuffer> body) {
            this.body = Flux.from(body);
            this.cached = true;
            return Mono.empty();
        }

        @Override
        public Mono<Void> writeAndFlushWith(Publisher<? extends Publisher<? extends DataBuffer>> body) {
            return writeWith(Flux.from(body).flatMap(p -> p));
        }

        @Override
        public Mono<Void> setComplete() {
            return writeWith(Flux.empty());
        }

    }

    public static class Config implements HasRouteId {

        private String routeId;

        @Override
        public void setRouteId(String routeId) {
            this.routeId = routeId;
        }

        @Override
        public String getRouteId() {
            return this.routeId;
        }

    }
}

XssCleanRuleUtils


import org.springframework.util.StringUtils;

import java.util.StringJoiner;
import java.util.regex.Pattern;

public class XssCleanRuleUtils {

    private XssCleanRuleUtils() {

    }

    private static StringJoiner joiner = new StringJoiner("|");
    private static Pattern xssPattern = null;
    private static final String[] xssScriptRegArr = {
            "<script>(.*?)</script>",
            "src[\r\n]*=[\r\n]*\\'(.*?)\\'",
            "</script>",
            "<script(.*?)>",
            "eval\\((.*?)\\)",
            "expression\\((.*?)\\)",
            "javascript:",
            "vbscript:",
            "onload(.*?)=",
            "\\b(and|exec|insert|select|drop|grant|alter|delete|update|count|chr|mid|master|truncate|char|declare|or)\\b|(\\*|;|\\+|'|%)"
    };

    static {
        for (String reg : xssScriptRegArr) {
            joiner.add(reg);
        }

        xssPattern = Pattern.compile(joiner.toString(), Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL);
    }

    public static void main(String[] args) {
        System.out.println(xssMatch("select:567"));
    }

    /**
     * xssMatch
     *
     * @param value
     * @return
     */
    public static boolean xssMatch(String value) {
        value = StringUtils.trimAllWhitespace(value);
        if (StringUtils.isEmpty(value)) {
            return false;
        }
        return xssPattern.matcher(value).find();
    }

    /**
     * xssClean
     *
     * @param value
     * @return
     */
    public static String xssClean(String value) {
        if (StringUtils.isEmpty(value)) {
            return value;
        }

        value = xssPattern.matcher(value).replaceAll("&lt;XssScript&gt;***&lt;/XssScript&gt;");
        value = value.replace("<", "&lt;").replace(">", "&gt;");

        return value;
    }
}

CommonUtil
import org.springframework.http.HttpHeaders;
import org.springframework.http.server.reactive.ServerHttpRequest;

import java.net.InetAddress;
import java.net.UnknownHostException;
import java.util.*;

public class CommonUtil {

    /**
     * 生成指定位数的随机数
     *
     * @param length
     * @return
     */
    public static String getRandomString(int length) {
        String base = "0123456789";
        Random random = new Random();
        StringBuffer sb = new StringBuffer();
        int number = 0;
        for (int i = 0; i < length; i++) {
            number = random.nextInt(base.length());
            sb.append(base.charAt(number));
        }
        return sb.toString();
    }

    /**
     * 获取客户端IP地址
     *
     * @param request
     * @return
     */
    public static String getIpAddr(ServerHttpRequest request) {
        String header1 = "x-forwarded-for";
        String header2 = "Proxy-Client-IP";
        String header3 = "WL-Proxy-Client-IP";
        String ip1 = "unknown";
        String ip2 = "127.0.0.1";
        String ip3 = "0:0:0:0:0:0:0:1";

        HttpHeaders headers = request.getHeaders();
        String ipAddress = String.valueOf(headers.get(header1));
        if (ipAddress == null || ipAddress.length() == 0 || ip1.equalsIgnoreCase(ipAddress)) {
            ipAddress = String.valueOf(headers.get(header2));
        }
        if (ipAddress == null || ipAddress.length() == 0 || ip1.equalsIgnoreCase(ipAddress)) {
            ipAddress = String.valueOf(headers.get(header3));
        }
        if (ipAddress == null || ipAddress.length() == 0 || ip1.equalsIgnoreCase(ipAddress)) {
            ipAddress = request.getRemoteAddress().getHostName();
            if (ip2.equals(ipAddress) || ip3.equals(ipAddress)) {
                //根据网卡取本机配置的IP
                InetAddress inet = null;
                try {
                    inet = InetAddress.getLocalHost();
                } catch (UnknownHostException e) {
                    e.printStackTrace();
                }
                ipAddress = inet.getHostAddress();
            }
        }
        //对于通过多个代理的情况,第一个IP为客户端真实IP,多个IP按照','分割
        int i = 15;
        if (ipAddress != null && ipAddress.length() > i) {
            String split = ",";
            if (ipAddress.indexOf(split) > 0) {
                ipAddress = ipAddress.substring(0, ipAddress.indexOf(split));
            }
        }
        return ipAddress;
    }

}

挡在门外的犀牛
关注
  • 2
    点赞
  • 5
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
Springboot配置XSS过滤器XssFilter.zip
12-31
直接可以运行,包含测试类,对HTML和SQL进行过滤,方便扩展。并且可以配置不拦截的路径,包含注释,方便学习。 博客地址:https://blog.csdn.net/u011974797/article/details/121792680
一个过滤器实现Gateway层面防xss攻击
m0_72646515的博客
09-14 397
# 最后还需要一个缓存过滤器缓存请求body,以免后面需要获取body时为null。## 相信很多项目都有防xss攻击要求,下面用一个过滤器实现xss攻击。## 废话不多说直接上代码复制即可使用。XssProperties配置类。StringUtils工具类。
spring cloud gateway中过滤xss攻击
程序员记事本
02-22 862
spring cloud实现xss攻击拦截的一种方法
SpringCloud微服务实战——搭建企业级开发框架(五十一):微服务安全加固—自定义Gateway拦截器实现防止SQL注入/XSS攻击
全栈程序猿的专栏
03-10 1136
SQL注入是常见的系统安全问题之一,用户通过特定方式向系统发送SQL脚本,可直接自定义操作系统数据库,如果系统没有对SQL注入进行拦截,那么用户甚至可以直接对数据库进行增删改查等操作。XSS全称为Cross Site Script跨站点脚本攻击,和SQL注入类似,都是通过特定方式向系统发送攻击脚本,对系统进行控制和侵害。SQL注入主要以攻击数据库来达到攻击系统的目的,而XSS则是以恶意执行前端脚本来攻击系统。
spring cloud gateway 过滤器防止跨站脚本攻击(存储XSS、反射XSS
qq_26801767的博客
05-20 7891
spring cloud gateway 过滤器防止跨站脚本攻击背景接下来直接上代码CacheBodyGlobalFilterXssRequestGlobalFilterXssResponseGlobalFilter.javaXssCleanRuleUtils.java 背景 <spring-boot.version>2.1.4.RELEASE</spring-boot.version> <spring-cloud.version>Greenwich.RELEASE&lt
Spring Cloud Gateway XSS防护大众方案实现优化
bossfriday - 个人博客
10-20 1835
Spring Cloud Gateway XSS防护大众方案优化。
SpringCloud微服务实战——搭建企业级开发框架:微服务安全加固—自定义Gateway拦截器实现防止SQL注入/XSS攻击
qw_6918966011的博客
06-30 1513
SQL注入是常见的系统安全问题之一,用户通过特定方式向系统发送SQL脚本,可直接自定义操作系统数据库,如果系统没有对SQL注入进行拦截,那么用户甚至可以直接对数据库进行增删改查等操作。XSS全称为Cross Site Script跨站点脚本攻击,和SQL注入类似,都是通过特定方式向系统发送攻击脚本,对系统进行控制和侵害。SQL注入主要以攻击数据库来达到攻击系统的目的,而XSS则是以恶意执行前端脚本来攻击系统。
SpringCloud gateway 防止XSS漏洞
qq_20236937的博客
01-31 1443
此外,面对XSS,往往要牺牲产品的便利性才能保证完全的安全,如何在安全和便利之间平衡也是一件需要考虑的事情。存储型XSS:存储型XSS,持久化,代码是存储在服务器中的,如在个人信息或发表文章等地方,插入代码,如果没有过滤或过滤不严,那么这些代码将储存到服务器中,用户访问该页面的时候触发代码执行。DOM型XSS:不经过后端,DOM-XSS漏洞是基于文档对象模型(Document Objeet Model,DOM)的一种漏洞,DOM-XSS是通过url传入参数去控制触发的,其实也属于反射型XSS
Spring Cloud Gateway 实现XSS、SQL注入拦截
liuerchong的博客
05-29 3381
创建Filter 实现GlobalFilter, Ordered @Slf4j @Component public class SqLinjectionFilter implements GlobalFilter, Ordered { @SneakyThrows @Override public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain){ // grab configur
Spring Cloud Gateway网关XSS过滤
u010044936的博客
07-01 6448
XSS是一种经常出现在web应用中的计算机安全漏洞,具体信息请自行Google。本文只分享在Spring Cloud Gateway中执行通用的XSS防范。首次作文,全是代码,若有遗漏不明之处,请各位看官原谅指点。 使用版本 Spring Cloud版本为 Greenwich.SR4 Spring Boot版本为 2.1.11.RELEASE 1.创建一个Filter。特别注意的是在处理完成之后需要重新构造请求,否则后续业务无法获得参数。 import io.netty.buffer.ByteBufAllo
JSP使用过滤器防止Xss漏洞
10-17
主要为大家详细介绍了JSP使用过滤器防止Xss漏洞,具有一定的参考价值,感兴趣的小伙伴们可以参考一下
JSP spring boot / cloud 使用filter防止XSS
10-19
主要介绍了JSP spring boot / cloud 使用filter防止XSS的相关资料,需要的朋友可以参考下
深入理解Spring Cloud Zuul过滤器
08-31
主要给大家介绍了关于Spring Cloud Zuul过滤器的相关资料,通过阅读本文您将了解:Zuul过滤器类型与请求生命周期、如何编写Zuul过滤器、如何禁用Zuul过滤器Spring Cloud为Zuul编写的过滤器及其功能,需要的朋友可以参考下。
JSP过滤器防止Xss漏洞的实现方法(分享)
10-19
下面小编就为大家带来一篇JSP过滤器防止Xss漏洞的实现方法(分享)。小编觉得挺不错的,现在就分享给大家,也给大家做个参考。一起跟随小编过来看看吧
C#(C Sharp)学习笔记_类【十五】
追求细节,成就完美
05-01 465
类(Class)是面向对象程序设计(OOP,Object-Oriented Programming)实现信息封装的基础。类是一种用户定义的引用数据类型,也称类类型。每个类包含数据说明和一组操作数据或传递消息的函数。类的实例称为对象。
链表刷题集
yajunjiao的专栏
04-30 619
本文主要列举了一些刷的题,不多,有那么几道,也建议各位去建立自己的刷题集。积少成多。
Spring Cloud——LoadBalancer
最新发布
????
05-01 1576
这里只是简单的讲解了一下LoadBalancer如何使用,因为实际上我们使用的不是很多,主要还是使用OpenFeign。
d15(136-148)-勇敢开始Java,咖啡拯救人生
m0_73459387的博客
04-28 1202
对象哈希值的特点:同一个对象调用hashCode()返回的哈希值相同;HashMap的键依赖hashCode方法和equals方法保证键的唯一,存储自定义类型的对象时,重写这两个方法。实际上,Set系列集合的底层就是基于Map实现的,只是Set集合中的元素要键数据,不要值数据。当12个位置都占满时就会扩容,大约扩容为原来的二倍,再把原数组数据转移到新数组。使用迭代器遍历集合时,又同时在删除集合中的数据,程序就会出现并发修改异常的错误。基于哈希表实现,每个键值对额外多了一个双链表的机制,记录元素顺序(保证。
Java解决最长公共前缀
无人罪的博客
04-28 508
编写一个函数来查找字符串数组中的最长公共前缀。如果不存在公共前缀,返回空字符串""。
springcloudgateway实现XSS过滤
05-11
Spring Cloud Gateway可以通过编写自定义的过滤器实现XSS过滤。 首先,我们需要创建一个XSS过滤器类,实现`GlobalFilter`和`Ordered`接口: ```java @Component public class XssGlobalFilter implements GlobalFilter, Ordered { @Override public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) { ServerHttpRequest request = exchange.getRequest(); HttpHeaders headers = request.getHeaders(); MediaType contentType = headers.getContentType(); HttpMethod method = request.getMethod(); if (contentType != null && contentType.isCompatibleWith(MediaType.APPLICATION_JSON) && HttpMethod.POST.equals(method)) { return chain.filter(exchange.mutate().request(new XssServerHttpRequest(request)).build()); } return chain.filter(exchange); } @Override public int getOrder() { return -1; } } ``` 这里,我们首先判断请求的Content-Type是否为`application/json`,并且请求方法是否为POST,如果是,则将请求的`ServerHttpRequest`替换为我们自定义的`XssServerHttpRequest`,该类继承自`ServerHttpRequestDecorator`,在该类中对请求体进行XSS过滤,代码如下: ```java public class XssServerHttpRequest extends ServerHttpRequestDecorator { public XssServerHttpRequest(ServerHttpRequest delegate) { super(delegate); } @Override public Flux<DataBuffer> getBody() { Flux<DataBuffer> body = super.getBody(); return body.map(dataBuffer -> { CharBuffer charBuffer = StandardCharsets.UTF_8.decode(dataBuffer.asByteBuffer()); String bodyContent = charBuffer.toString(); // 进行XSS过滤 String filteredBodyContent = Jsoup.clean(bodyContent, Whitelist.none()); byte[] bytes = filteredBodyContent.getBytes(StandardCharsets.UTF_8); DataBuffer buffer = new DefaultDataBufferFactory().wrap(bytes); DataBufferUtils.release(dataBuffer); return buffer; }); } } ``` 在该类中,我们首先将`DataBuffer`转换成`CharBuffer`,再将其转换成字符串,然后使用Jsoup对字符串进行XSS过滤,最后再将过滤后的字符串转换成`DataBuffer`返回。 最后,我们需要将这个过滤器添加到Spring Cloud Gateway过滤器链中,在配置类中添加: ```java @Configuration public class GatewayConfig { @Bean public XssGlobalFilter xssGlobalFilter() { return new XssGlobalFilter(); } @Bean public RouteLocator customRouteLocator(RouteLocatorBuilder builder) { return builder.routes() // 添加自定义路由 .route(r -> r.path("/api/**").uri("lb://service-provider")) .build(); } } ``` 这样,当请求Content-Type为`application/json`,并且请求方法为POST时,请求体中的HTML标签就会被过滤掉,从而实现XSS过滤。

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值