mirror of
https://gitee.com/durcframework/SOP.git
synced 2025-08-12 07:02:14 +08:00
1.12.4
This commit is contained in:
tanghc
@@ -5,7 +5,7 @@
|
|||||||
<modelVersion>4.0.0</modelVersion>
|
<modelVersion>4.0.0</modelVersion>
|
||||||
<groupId>com.gitee.sop</groupId>
|
<groupId>com.gitee.sop</groupId>
|
||||||
<artifactId>sop-common</artifactId>
|
<artifactId>sop-common</artifactId>
|
||||||
<version>1.12.4-SNAPSHOT</version>
|
<version>1.13.0-SNAPSHOT</version>
|
||||||
<packaging>pom</packaging>
|
<packaging>pom</packaging>
|
||||||
|
|
||||||
<properties>
|
<properties>
|
||||||
|
|||||||
@@ -5,11 +5,11 @@
|
|||||||
<parent>
|
<parent>
|
||||||
<groupId>com.gitee.sop</groupId>
|
<groupId>com.gitee.sop</groupId>
|
||||||
<artifactId>sop-common</artifactId>
|
<artifactId>sop-common</artifactId>
|
||||||
<version>1.12.4-SNAPSHOT</version>
|
<version>1.13.0-SNAPSHOT</version>
|
||||||
<relativePath>../pom.xml</relativePath>
|
<relativePath>../pom.xml</relativePath>
|
||||||
</parent>
|
</parent>
|
||||||
<artifactId>sop-gateway-common</artifactId>
|
<artifactId>sop-gateway-common</artifactId>
|
||||||
<version>1.12.4-SNAPSHOT</version>
|
<version>1.13.0-SNAPSHOT</version>
|
||||||
<packaging>jar</packaging>
|
<packaging>jar</packaging>
|
||||||
|
|
||||||
<name>sop-gateway-common</name>
|
<name>sop-gateway-common</name>
|
||||||
|
|||||||
@@ -5,10 +5,12 @@ import com.gitee.sop.gatewaycommon.gateway.result.GatewayResult;
|
|||||||
import com.gitee.sop.gatewaycommon.gateway.result.GatewayResultExecutor;
|
import com.gitee.sop.gatewaycommon.gateway.result.GatewayResultExecutor;
|
||||||
import com.gitee.sop.gatewaycommon.limit.DefaultLimitManager;
|
import com.gitee.sop.gatewaycommon.limit.DefaultLimitManager;
|
||||||
import com.gitee.sop.gatewaycommon.limit.LimitManager;
|
import com.gitee.sop.gatewaycommon.limit.LimitManager;
|
||||||
|
import com.gitee.sop.gatewaycommon.manager.DefaultIPBlacklistManager;
|
||||||
import com.gitee.sop.gatewaycommon.manager.DefaultIsvRoutePermissionManager;
|
import com.gitee.sop.gatewaycommon.manager.DefaultIsvRoutePermissionManager;
|
||||||
import com.gitee.sop.gatewaycommon.manager.DefaultLimitConfigManager;
|
import com.gitee.sop.gatewaycommon.manager.DefaultLimitConfigManager;
|
||||||
import com.gitee.sop.gatewaycommon.manager.DefaultRouteConfigManager;
|
import com.gitee.sop.gatewaycommon.manager.DefaultRouteConfigManager;
|
||||||
import com.gitee.sop.gatewaycommon.manager.DefaultServiceErrorManager;
|
import com.gitee.sop.gatewaycommon.manager.DefaultServiceErrorManager;
|
||||||
|
import com.gitee.sop.gatewaycommon.manager.IPBlacklistManager;
|
||||||
import com.gitee.sop.gatewaycommon.manager.IsvRoutePermissionManager;
|
import com.gitee.sop.gatewaycommon.manager.IsvRoutePermissionManager;
|
||||||
import com.gitee.sop.gatewaycommon.manager.LimitConfigManager;
|
import com.gitee.sop.gatewaycommon.manager.LimitConfigManager;
|
||||||
import com.gitee.sop.gatewaycommon.manager.RouteConfigManager;
|
import com.gitee.sop.gatewaycommon.manager.RouteConfigManager;
|
||||||
@@ -115,6 +117,11 @@ public class ApiConfig {
|
|||||||
*/
|
*/
|
||||||
private LimitConfigManager limitConfigManager = new DefaultLimitConfigManager();
|
private LimitConfigManager limitConfigManager = new DefaultLimitConfigManager();
|
||||||
|
|
||||||
|
/**
|
||||||
|
* IP黑名单
|
||||||
|
*/
|
||||||
|
private IPBlacklistManager ipBlacklistManager = new DefaultIPBlacklistManager();
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* 限流管理
|
* 限流管理
|
||||||
*/
|
*/
|
||||||
|
|||||||
@@ -17,4 +17,9 @@ public class GatewayParamBuilder extends BaseParamBuilder<ServerWebExchange> {
|
|||||||
Map<String, String> params = GatewayContext.getRequestParams(exchange);
|
Map<String, String> params = GatewayContext.getRequestParams(exchange);
|
||||||
return params == null ? Collections.emptyMap() : params;
|
return params == null ? Collections.emptyMap() : params;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public String getIP(ServerWebExchange ctx) {
|
||||||
|
return ctx.getRequest().getRemoteAddress().getAddress().getHostAddress();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -53,6 +53,12 @@ public class AbstractConfiguration implements ApplicationContextAware {
|
|||||||
LimitConfigManager limitConfigManager() {
|
LimitConfigManager limitConfigManager() {
|
||||||
return ApiConfig.getInstance().getLimitConfigManager();
|
return ApiConfig.getInstance().getLimitConfigManager();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Bean
|
||||||
|
IPBlacklistManager ipBlacklistManager() {
|
||||||
|
return ApiConfig.getInstance().getIpBlacklistManager();
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* 跨域过滤器
|
* 跨域过滤器
|
||||||
*
|
*
|
||||||
|
|||||||
@@ -0,0 +1,38 @@
|
|||||||
|
package com.gitee.sop.gatewaycommon.manager;
|
||||||
|
|
||||||
|
import com.google.common.collect.Sets;
|
||||||
|
import org.apache.commons.lang.StringUtils;
|
||||||
|
|
||||||
|
import java.util.Set;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* ip黑名单管理
|
||||||
|
* @author tanghc
|
||||||
|
*/
|
||||||
|
public class DefaultIPBlacklistManager implements IPBlacklistManager {
|
||||||
|
|
||||||
|
private static Set<String> ipList = Sets.newConcurrentHashSet();
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void add(String ip) {
|
||||||
|
ipList.add(ip);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void remove(String ip) {
|
||||||
|
ipList.remove(ip);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public boolean contains(String ip) {
|
||||||
|
if (StringUtils.isBlank(ip)) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
return ipList.contains(ip);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void load() {
|
||||||
|
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -0,0 +1,16 @@
|
|||||||
|
package com.gitee.sop.gatewaycommon.manager;
|
||||||
|
|
||||||
|
import com.gitee.sop.gatewaycommon.bean.BeanInitializer;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @author tanghc
|
||||||
|
*/
|
||||||
|
public interface IPBlacklistManager extends BeanInitializer {
|
||||||
|
|
||||||
|
void add(String ip);
|
||||||
|
|
||||||
|
void remove(String ip);
|
||||||
|
|
||||||
|
boolean contains(String ip);
|
||||||
|
|
||||||
|
}
|
||||||
@@ -81,6 +81,10 @@ public class ZookeeperContext {
|
|||||||
return SOP_MSG_CHANNEL_PATH + "/limit-conf";
|
return SOP_MSG_CHANNEL_PATH + "/limit-conf";
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public static String getIpBlacklistChannelPath() {
|
||||||
|
return SOP_MSG_CHANNEL_PATH + "/ipblacklist-conf";
|
||||||
|
}
|
||||||
|
|
||||||
public static CuratorFramework getClient() {
|
public static CuratorFramework getClient() {
|
||||||
return client;
|
return client;
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -100,6 +100,8 @@ public enum ErrorEnum {
|
|||||||
ISV_ROUTE_NO_PERMISSIONS(Codes.CODE_ISV_PERM, "isv.route-no-permissions"),
|
ISV_ROUTE_NO_PERMISSIONS(Codes.CODE_ISV_PERM, "isv.route-no-permissions"),
|
||||||
/** 禁止访问 */
|
/** 禁止访问 */
|
||||||
ISV_ACCESS_FORBIDDEN(Codes.CODE_ISV_PERM, "isv.access-forbidden"),
|
ISV_ACCESS_FORBIDDEN(Codes.CODE_ISV_PERM, "isv.access-forbidden"),
|
||||||
|
/** 禁止IP访问 */
|
||||||
|
ISV_IP_FORBIDDEN(Codes.CODE_ISV_PERM, "isv.ip-forbidden"),
|
||||||
|
|
||||||
;
|
;
|
||||||
private ErrorMeta errorMeta;
|
private ErrorMeta errorMeta;
|
||||||
|
|||||||
@@ -27,6 +27,8 @@ public class ApiParam extends JSONObject implements Param {
|
|||||||
private String restName;
|
private String restName;
|
||||||
private String restVersion;
|
private String restVersion;
|
||||||
|
|
||||||
|
private String ip;
|
||||||
|
|
||||||
private transient ApiUploadContext apiUploadContext;
|
private transient ApiUploadContext apiUploadContext;
|
||||||
|
|
||||||
public void fitNameVersion() {
|
public void fitNameVersion() {
|
||||||
@@ -236,4 +238,12 @@ public class ApiParam extends JSONObject implements Param {
|
|||||||
public void setRestVersion(String restVersion) {
|
public void setRestVersion(String restVersion) {
|
||||||
this.restVersion = restVersion;
|
this.restVersion = restVersion;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public void setIp(String ip) {
|
||||||
|
this.ip = ip;
|
||||||
|
}
|
||||||
|
|
||||||
|
public String fetchIp() {
|
||||||
|
return ip;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -19,6 +19,8 @@ public abstract class BaseParamBuilder<T> implements ParamBuilder<T> {
|
|||||||
|
|
||||||
public abstract Map<String, String> buildRequestParams(T ctx);
|
public abstract Map<String, String> buildRequestParams(T ctx);
|
||||||
|
|
||||||
|
public abstract String getIP(T ctx);
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public ApiParam build(T ctx) {
|
public ApiParam build(T ctx) {
|
||||||
ApiParam apiParam = this.newApiParam(ctx);
|
ApiParam apiParam = this.newApiParam(ctx);
|
||||||
@@ -27,6 +29,7 @@ public abstract class BaseParamBuilder<T> implements ParamBuilder<T> {
|
|||||||
apiParam.put(entry.getKey(), entry.getValue());
|
apiParam.put(entry.getKey(), entry.getValue());
|
||||||
}
|
}
|
||||||
this.initOtherProperty(apiParam);
|
this.initOtherProperty(apiParam);
|
||||||
|
apiParam.setIp(this.getIP(ctx));
|
||||||
return apiParam;
|
return apiParam;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -6,6 +6,7 @@ import com.gitee.sop.gatewaycommon.bean.BaseRouteDefinition;
|
|||||||
import com.gitee.sop.gatewaycommon.bean.Isv;
|
import com.gitee.sop.gatewaycommon.bean.Isv;
|
||||||
import com.gitee.sop.gatewaycommon.bean.RouteConfig;
|
import com.gitee.sop.gatewaycommon.bean.RouteConfig;
|
||||||
import com.gitee.sop.gatewaycommon.bean.TargetRoute;
|
import com.gitee.sop.gatewaycommon.bean.TargetRoute;
|
||||||
|
import com.gitee.sop.gatewaycommon.manager.IPBlacklistManager;
|
||||||
import com.gitee.sop.gatewaycommon.manager.IsvRoutePermissionManager;
|
import com.gitee.sop.gatewaycommon.manager.IsvRoutePermissionManager;
|
||||||
import com.gitee.sop.gatewaycommon.manager.RouteConfigManager;
|
import com.gitee.sop.gatewaycommon.manager.RouteConfigManager;
|
||||||
import com.gitee.sop.gatewaycommon.manager.RouteRepositoryContext;
|
import com.gitee.sop.gatewaycommon.manager.RouteRepositoryContext;
|
||||||
@@ -46,6 +47,7 @@ public class ApiValidator implements Validator {
|
|||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void validate(ApiParam param) {
|
public void validate(ApiParam param) {
|
||||||
|
checkIP(param);
|
||||||
checkEnable(param);
|
checkEnable(param);
|
||||||
|
|
||||||
ApiConfig apiConfig = ApiContext.getApiConfig();
|
ApiConfig apiConfig = ApiContext.getApiConfig();
|
||||||
@@ -64,6 +66,18 @@ public class ApiValidator implements Validator {
|
|||||||
checkPermission(param);
|
checkPermission(param);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* 是否在IP黑名单中
|
||||||
|
* @param param 接口参数
|
||||||
|
*/
|
||||||
|
protected void checkIP(ApiParam param) {
|
||||||
|
IPBlacklistManager ipBlacklistManager = ApiConfig.getInstance().getIpBlacklistManager();
|
||||||
|
String ip = param.fetchIp();
|
||||||
|
if (ipBlacklistManager.contains(ip)) {
|
||||||
|
throw ErrorEnum.ISV_IP_FORBIDDEN.getErrorMeta().getException();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* 检测能否访问
|
* 检测能否访问
|
||||||
* @param param 接口参数
|
* @param param 接口参数
|
||||||
|
|||||||
@@ -36,7 +36,7 @@ public class PreValidateFilter extends BaseZuulFilter {
|
|||||||
try {
|
try {
|
||||||
validator.validate(param);
|
validator.validate(param);
|
||||||
} catch (ApiException e) {
|
} catch (ApiException e) {
|
||||||
log.error("验证失败,params:{}", param.toJSONString(), e);
|
log.error("验证失败,ip:{}, params:{}", param.fetchIp(), param.toJSONString(), e);
|
||||||
throw e;
|
throw e;
|
||||||
} finally {
|
} finally {
|
||||||
param.fitNameVersion();
|
param.fitNameVersion();
|
||||||
|
|||||||
@@ -62,6 +62,11 @@ public class ZuulParamBuilder extends BaseParamBuilder<RequestContext> {
|
|||||||
return params;
|
return params;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public String getIP(RequestContext ctx) {
|
||||||
|
return RequestUtil.getIP(ctx.getRequest());
|
||||||
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected ApiParam newApiParam(RequestContext ctx) {
|
protected ApiParam newApiParam(RequestContext ctx) {
|
||||||
ApiParam apiParam = super.newApiParam(ctx);
|
ApiParam apiParam = super.newApiParam(ctx);
|
||||||
|
|||||||
@@ -56,3 +56,4 @@ open.error_40006_isv.insufficient-isv-permissions=Insufficient ISV permissions
|
|||||||
open.error_40006_isv.insufficient-user-permissions=Insufficient user permissions
|
open.error_40006_isv.insufficient-user-permissions=Insufficient user permissions
|
||||||
open.error_40006_isv.route-no-permissions=No api permissions
|
open.error_40006_isv.route-no-permissions=No api permissions
|
||||||
open.error_40006_isv.access-forbidden=Access forbidden
|
open.error_40006_isv.access-forbidden=Access forbidden
|
||||||
|
open.error_40006_isv.ip-forbidden=IP access forbidden
|
||||||
@@ -111,3 +111,4 @@ open.error_40006_isv.insufficient-isv-permissions=\u8bf7\u68c0\u67e5\u914d\u7f6e
|
|||||||
open.error_40006_isv.insufficient-user-permissions=\u4ee3\u7406\u7684\u5546\u6237\u6ca1\u6709\u5f53\u524d\u63a5\u53e3\u6743\u9650
|
open.error_40006_isv.insufficient-user-permissions=\u4ee3\u7406\u7684\u5546\u6237\u6ca1\u6709\u5f53\u524d\u63a5\u53e3\u6743\u9650
|
||||||
open.error_40006_isv.route-no-permissions=\u6ca1\u6709\u5f53\u524d\u63a5\u53e3\u6743\u9650
|
open.error_40006_isv.route-no-permissions=\u6ca1\u6709\u5f53\u524d\u63a5\u53e3\u6743\u9650
|
||||||
open.error_40006_isv.access-forbidden=\u65e0\u6743\u8bbf\u95ee
|
open.error_40006_isv.access-forbidden=\u65e0\u6743\u8bbf\u95ee
|
||||||
|
open.error_40006_isv.ip-forbidden=IP\u65e0\u6743\u8bbf\u95ee
|
||||||
@@ -5,7 +5,7 @@
|
|||||||
<modelVersion>4.0.0</modelVersion>
|
<modelVersion>4.0.0</modelVersion>
|
||||||
<groupId>com.gitee.sop</groupId>
|
<groupId>com.gitee.sop</groupId>
|
||||||
<artifactId>sop-registry-api</artifactId>
|
<artifactId>sop-registry-api</artifactId>
|
||||||
<version>1.12.4-SNAPSHOT</version>
|
<version>1.13.0-SNAPSHOT</version>
|
||||||
|
|
||||||
<properties>
|
<properties>
|
||||||
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
|
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
|
||||||
|
|||||||
@@ -6,11 +6,11 @@
|
|||||||
<parent>
|
<parent>
|
||||||
<groupId>com.gitee.sop</groupId>
|
<groupId>com.gitee.sop</groupId>
|
||||||
<artifactId>sop-common</artifactId>
|
<artifactId>sop-common</artifactId>
|
||||||
<version>1.12.4-SNAPSHOT</version>
|
<version>1.13.0-SNAPSHOT</version>
|
||||||
<relativePath>../pom.xml</relativePath>
|
<relativePath>../pom.xml</relativePath>
|
||||||
</parent>
|
</parent>
|
||||||
<artifactId>sop-service-common</artifactId>
|
<artifactId>sop-service-common</artifactId>
|
||||||
<version>1.12.4-SNAPSHOT</version>
|
<version>1.13.0-SNAPSHOT</version>
|
||||||
<packaging>jar</packaging>
|
<packaging>jar</packaging>
|
||||||
|
|
||||||
<name>sop-service-common</name>
|
<name>sop-service-common</name>
|
||||||
|
|||||||
Reference in New Issue
Block a user