1.12.4

sop-common/pom.xml

@@ -5,7 +5,7 @@
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>com.gitee.sop</groupId>
 	<artifactId>sop-common</artifactId>
-	<version>1.12.4-SNAPSHOT</version>
+	<version>1.13.0-SNAPSHOT</version>
 	<packaging>pom</packaging>
 
 	<properties>

sop-common/sop-gateway-common/pom.xml

@@ -5,11 +5,11 @@
     <parent>
         <groupId>com.gitee.sop</groupId>
         <artifactId>sop-common</artifactId>
-        <version>1.12.4-SNAPSHOT</version>
+        <version>1.13.0-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <artifactId>sop-gateway-common</artifactId>
-    <version>1.12.4-SNAPSHOT</version>
+    <version>1.13.0-SNAPSHOT</version>
     <packaging>jar</packaging>
 
     <name>sop-gateway-common</name>

sop-common/sop-gateway-common/src/main/java/com/gitee/sop/gatewaycommon/bean/ApiConfig.java

@@ -5,10 +5,12 @@ import com.gitee.sop.gatewaycommon.gateway.result.GatewayResult;
 import com.gitee.sop.gatewaycommon.gateway.result.GatewayResultExecutor;
 import com.gitee.sop.gatewaycommon.limit.DefaultLimitManager;
 import com.gitee.sop.gatewaycommon.limit.LimitManager;
+import com.gitee.sop.gatewaycommon.manager.DefaultIPBlacklistManager;
 import com.gitee.sop.gatewaycommon.manager.DefaultIsvRoutePermissionManager;
 import com.gitee.sop.gatewaycommon.manager.DefaultLimitConfigManager;
 import com.gitee.sop.gatewaycommon.manager.DefaultRouteConfigManager;
 import com.gitee.sop.gatewaycommon.manager.DefaultServiceErrorManager;
+import com.gitee.sop.gatewaycommon.manager.IPBlacklistManager;
 import com.gitee.sop.gatewaycommon.manager.IsvRoutePermissionManager;
 import com.gitee.sop.gatewaycommon.manager.LimitConfigManager;
 import com.gitee.sop.gatewaycommon.manager.RouteConfigManager;
@@ -115,6 +117,11 @@ public class ApiConfig {
      */
     private LimitConfigManager limitConfigManager = new DefaultLimitConfigManager();
 
+    /**
+     * IP黑名单
+     */
+    private IPBlacklistManager ipBlacklistManager = new DefaultIPBlacklistManager();
+
     /**
      * 限流管理
      */

sop-common/sop-gateway-common/src/main/java/com/gitee/sop/gatewaycommon/gateway/param/GatewayParamBuilder.java

@@ -17,4 +17,9 @@ public class GatewayParamBuilder extends BaseParamBuilder<ServerWebExchange> {
         Map<String, String> params = GatewayContext.getRequestParams(exchange);
         return params == null ? Collections.emptyMap() : params;
     }
+
+    @Override
+    public String getIP(ServerWebExchange ctx) {
+        return ctx.getRequest().getRemoteAddress().getAddress().getHostAddress();
+    }
 }

sop-common/sop-gateway-common/src/main/java/com/gitee/sop/gatewaycommon/manager/AbstractConfiguration.java

@@ -53,6 +53,12 @@ public class AbstractConfiguration implements ApplicationContextAware {
     LimitConfigManager limitConfigManager() {
         return ApiConfig.getInstance().getLimitConfigManager();
     }
+
+    @Bean
+    IPBlacklistManager ipBlacklistManager() {
+        return ApiConfig.getInstance().getIpBlacklistManager();
+    }
+
     /**
      * 跨域过滤器
      *

sop-common/sop-gateway-common/src/main/java/com/gitee/sop/gatewaycommon/manager/DefaultIPBlacklistManager.java

@@ -0,0 +1,38 @@
+package com.gitee.sop.gatewaycommon.manager;
+
+import com.google.common.collect.Sets;
+import org.apache.commons.lang.StringUtils;
+
+import java.util.Set;
+
+/**
+ * ip黑名单管理
+ * @author tanghc
+ */
+public class DefaultIPBlacklistManager implements IPBlacklistManager {
+
+    private static Set<String> ipList = Sets.newConcurrentHashSet();
+
+    @Override
+    public void add(String ip) {
+        ipList.add(ip);
+    }
+
+    @Override
+    public void remove(String ip) {
+        ipList.remove(ip);
+    }
+
+    @Override
+    public boolean contains(String ip) {
+        if (StringUtils.isBlank(ip)) {
+            return false;
+        }
+        return ipList.contains(ip);
+    }
+
+    @Override
+    public void load() {
+
+    }
+}

sop-common/sop-gateway-common/src/main/java/com/gitee/sop/gatewaycommon/manager/IPBlacklistManager.java

@@ -0,0 +1,16 @@
+package com.gitee.sop.gatewaycommon.manager;
+
+import com.gitee.sop.gatewaycommon.bean.BeanInitializer;
+
+/**
+ * @author tanghc
+ */
+public interface IPBlacklistManager extends BeanInitializer {
+
+    void add(String ip);
+
+    void remove(String ip);
+
+    boolean contains(String ip);
+
+}

sop-common/sop-gateway-common/src/main/java/com/gitee/sop/gatewaycommon/manager/ZookeeperContext.java

@@ -81,6 +81,10 @@ public class ZookeeperContext {
         return SOP_MSG_CHANNEL_PATH + "/limit-conf";
     }
 
+    public static String getIpBlacklistChannelPath() {
+        return SOP_MSG_CHANNEL_PATH + "/ipblacklist-conf";
+    }
+
     public static CuratorFramework getClient() {
         return client;
     }

sop-common/sop-gateway-common/src/main/java/com/gitee/sop/gatewaycommon/message/ErrorEnum.java

@@ -100,6 +100,8 @@ public enum ErrorEnum {
     ISV_ROUTE_NO_PERMISSIONS(Codes.CODE_ISV_PERM, "isv.route-no-permissions"),
     /** 禁止访问 */
     ISV_ACCESS_FORBIDDEN(Codes.CODE_ISV_PERM, "isv.access-forbidden"),
+    /** 禁止IP访问 */
+    ISV_IP_FORBIDDEN(Codes.CODE_ISV_PERM, "isv.ip-forbidden"),
 
     ;
     private ErrorMeta errorMeta;

sop-common/sop-gateway-common/src/main/java/com/gitee/sop/gatewaycommon/param/ApiParam.java

@@ -27,6 +27,8 @@ public class ApiParam extends JSONObject implements Param {
     private String restName;
     private String restVersion;
 
+    private String ip;
+
     private transient ApiUploadContext apiUploadContext;
 
     public void fitNameVersion() {
@@ -236,4 +238,12 @@ public class ApiParam extends JSONObject implements Param {
     public void setRestVersion(String restVersion) {
         this.restVersion = restVersion;
     }
+
+    public void setIp(String ip) {
+        this.ip = ip;
+    }
+
+    public String fetchIp() {
+        return ip;
+    }
 }

sop-common/sop-gateway-common/src/main/java/com/gitee/sop/gatewaycommon/param/BaseParamBuilder.java

@@ -19,6 +19,8 @@ public abstract class BaseParamBuilder<T> implements ParamBuilder<T> {
 
     public abstract Map<String, String> buildRequestParams(T ctx);
 
+    public abstract String getIP(T ctx);
+
     @Override
     public ApiParam build(T ctx) {
         ApiParam apiParam = this.newApiParam(ctx);
@@ -27,6 +29,7 @@ public abstract class BaseParamBuilder<T> implements ParamBuilder<T> {
             apiParam.put(entry.getKey(), entry.getValue());
         }
         this.initOtherProperty(apiParam);
+        apiParam.setIp(this.getIP(ctx));
         return apiParam;
     }
 

sop-common/sop-gateway-common/src/main/java/com/gitee/sop/gatewaycommon/validate/ApiValidator.java

@@ -6,6 +6,7 @@ import com.gitee.sop.gatewaycommon.bean.BaseRouteDefinition;
 import com.gitee.sop.gatewaycommon.bean.Isv;
 import com.gitee.sop.gatewaycommon.bean.RouteConfig;
 import com.gitee.sop.gatewaycommon.bean.TargetRoute;
+import com.gitee.sop.gatewaycommon.manager.IPBlacklistManager;
 import com.gitee.sop.gatewaycommon.manager.IsvRoutePermissionManager;
 import com.gitee.sop.gatewaycommon.manager.RouteConfigManager;
 import com.gitee.sop.gatewaycommon.manager.RouteRepositoryContext;
@@ -46,6 +47,7 @@ public class ApiValidator implements Validator {
 
     @Override
     public void validate(ApiParam param) {
+        checkIP(param);
         checkEnable(param);
 
         ApiConfig apiConfig = ApiContext.getApiConfig();
@@ -64,6 +66,18 @@ public class ApiValidator implements Validator {
         checkPermission(param);
     }
 
+    /**
+     * 是否在IP黑名单中
+     * @param param 接口参数
+     */
+    protected void checkIP(ApiParam param) {
+        IPBlacklistManager ipBlacklistManager = ApiConfig.getInstance().getIpBlacklistManager();
+        String ip = param.fetchIp();
+        if (ipBlacklistManager.contains(ip)) {
+            throw ErrorEnum.ISV_IP_FORBIDDEN.getErrorMeta().getException();
+        }
+    }
+
     /**
      * 检测能否访问
      * @param param 接口参数

sop-common/sop-gateway-common/src/main/java/com/gitee/sop/gatewaycommon/zuul/filter/PreValidateFilter.java

@@ -36,7 +36,7 @@ public class PreValidateFilter extends BaseZuulFilter {
         try {
             validator.validate(param);
         } catch (ApiException e) {
-            log.error("验证失败，params:{}", param.toJSONString(), e);
+            log.error("验证失败，ip:{}, params:{}", param.fetchIp(), param.toJSONString(), e);
             throw e;
         } finally {
             param.fitNameVersion();

sop-common/sop-gateway-common/src/main/java/com/gitee/sop/gatewaycommon/zuul/param/ZuulParamBuilder.java

@@ -62,6 +62,11 @@ public class ZuulParamBuilder extends BaseParamBuilder<RequestContext> {
         return params;
     }
 
+    @Override
+    public String getIP(RequestContext ctx) {
+        return RequestUtil.getIP(ctx.getRequest());
+    }
+
     @Override
     protected ApiParam newApiParam(RequestContext ctx) {
         ApiParam apiParam = super.newApiParam(ctx);

sop-common/sop-gateway-common/src/main/resources/i18n/open/error_en.properties

@@ -56,3 +56,4 @@ open.error_40006_isv.insufficient-isv-permissions=Insufficient ISV permissions
 open.error_40006_isv.insufficient-user-permissions=Insufficient user permissions
 open.error_40006_isv.route-no-permissions=No api permissions
 open.error_40006_isv.access-forbidden=Access forbidden
+open.error_40006_isv.ip-forbidden=IP access forbidden

sop-common/sop-gateway-common/src/main/resources/i18n/open/error_zh_CN.properties

@@ -111,3 +111,4 @@ open.error_40006_isv.insufficient-isv-permissions=\u8bf7\u68c0\u67e5\u914d\u7f6e
 open.error_40006_isv.insufficient-user-permissions=\u4ee3\u7406\u7684\u5546\u6237\u6ca1\u6709\u5f53\u524d\u63a5\u53e3\u6743\u9650
 open.error_40006_isv.route-no-permissions=\u6ca1\u6709\u5f53\u524d\u63a5\u53e3\u6743\u9650
 open.error_40006_isv.access-forbidden=\u65e0\u6743\u8bbf\u95ee
+open.error_40006_isv.ip-forbidden=IP\u65e0\u6743\u8bbf\u95ee

sop-common/sop-registry-api/pom.xml

@@ -5,7 +5,7 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>com.gitee.sop</groupId>
     <artifactId>sop-registry-api</artifactId>
-    <version>1.12.4-SNAPSHOT</version>
+    <version>1.13.0-SNAPSHOT</version>
 
     <properties>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>

sop-common/sop-service-common/pom.xml

@@ -6,11 +6,11 @@
     <parent>
         <groupId>com.gitee.sop</groupId>
         <artifactId>sop-common</artifactId>
-        <version>1.12.4-SNAPSHOT</version>
+        <version>1.13.0-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <artifactId>sop-service-common</artifactId>
-    <version>1.12.4-SNAPSHOT</version>
+    <version>1.13.0-SNAPSHOT</version>
     <packaging>jar</packaging>
 
     <name>sop-service-common</name>