From bcce845bc54f08693313aca4ac94151d69e58f22 Mon Sep 17 00:00:00 2001 From: hongqiaowei Date: Sun, 25 Apr 2021 16:25:39 +0800 Subject: [PATCH 1/2] fix: ip white list of app does not take effect (#140) --- .../src/main/java/we/plugin/auth/App.java | 34 +++++++++++++----- .../test/java/we/plugin/auth/AppTests.java | 35 +++++++++++++++++++ 2 files changed, 60 insertions(+), 9 deletions(-) create mode 100644 fizz-core/src/test/java/we/plugin/auth/AppTests.java diff --git a/fizz-core/src/main/java/we/plugin/auth/App.java b/fizz-core/src/main/java/we/plugin/auth/App.java index 1221431..d384921 100644 --- a/fizz-core/src/main/java/we/plugin/auth/App.java +++ b/fizz-core/src/main/java/we/plugin/auth/App.java @@ -59,7 +59,7 @@ public class App { public String config; - private Map ips = new HashMap<>(6); + public Map ips = new HashMap<>(6); public void setUseAuth(int i) { if (i == AUTH_TYPE.SIGN || i == AUTH_TYPE.SECRETKEY || i == AUTH_TYPE.CUSTOM) { @@ -89,7 +89,7 @@ public class App { String end = a[1].trim(); this.ips.put(subnet, new String[]{beg, end}); } else { - this.ips.put(subnet, new String[]{addrSeg, addrSeg}); + this.ips.put(ip, null); } } ); @@ -97,6 +97,9 @@ public class App { } public boolean allow(String ip) { + if (ips.containsKey(ip)) { + return true; + } int originSubnetLen = ip.lastIndexOf(Constants.Symbol.DOT); for (Map.Entry e : ips.entrySet()) { String subnet = e.getKey(); @@ -116,21 +119,34 @@ public class App { if (originAddrLen < addrSegBeg.length() || addrSegEnd.length() < originAddrLen) { return false; } else { + boolean b = true; if (originAddrLen == addrSegBeg.length()) { for (byte j = 0; j < addrSegBeg.length(); j++) { - if (ip.charAt(originSubnetLen + 1 + j) < addrSegBeg.charAt(j)) { - return false; + char o = ip.charAt(originSubnetLen + 1 + j); + char a = addrSegBeg.charAt(j); + if (o < a) { + b = false; + break; + } else if (o > a) { + break; } } } - if (originAddrLen == addrSegEnd.length()) { - for (byte j = 0; j < addrSegEnd.length(); j++) { - if (addrSegEnd.charAt(j) < ip.charAt(originSubnetLen + 1 + j)) { - return false; + if (b) { + if (originAddrLen == addrSegEnd.length()) { + for (byte j = 0; j < addrSegEnd.length(); j++) { + char a = addrSegEnd.charAt(j); + char o = ip.charAt(originSubnetLen + 1 + j); + if (a < o) { + b = false; + break; + } else if (a > o) { + break; + } } } } - return true; + return b; } } } diff --git a/fizz-core/src/test/java/we/plugin/auth/AppTests.java b/fizz-core/src/test/java/we/plugin/auth/AppTests.java new file mode 100644 index 0000000..4a4527c --- /dev/null +++ b/fizz-core/src/test/java/we/plugin/auth/AppTests.java @@ -0,0 +1,35 @@ +package we.plugin.auth; + +import org.junit.jupiter.api.Test; + +import static org.junit.jupiter.api.Assertions.assertTrue; + +/** + * @author hongqiaowei + */ + +public class AppTests { + + @Test + void ipWhiteListTest() { + App app = new App(); + app.setIps("10.237.148.107,10.237.148.134,172.25.33.*,172.25.63.*,172.25.102.*,172.25.104.136-138"); + System.out.println("app: " + app); + boolean allow = app.allow("10.237.148.107"); + allow = app.allow("10.237.148.134"); + + allow = app.allow("172.25.102.2"); + allow = app.allow("172.25.102.254"); + allow = app.allow("172.25.102.3"); + allow = app.allow("172.25.102.251"); + allow = app.allow("172.25.102.249"); + allow = app.allow("172.25.102.138"); + allow = app.allow("172.25.102.22"); + + allow = app.allow("172.25.104.136"); + allow = app.allow("172.25.104.137"); + allow = app.allow("172.25.104.138"); + + assertTrue(allow); + } +} From b73aadd5af762fc4bbf11a88e24bd9d5c709301a Mon Sep 17 00:00:00 2001 From: hongqiaowei Date: Thu, 29 Apr 2021 16:56:20 +0800 Subject: [PATCH 2/2] fix: wehotel(#148) --- .../main/java/we/util/UrlTransformUtils.java | 4 +- .../java/we/plugin/auth/ApiConfigService.java | 26 ++++- .../java/we/plugin/auth/ServiceConfig.java | 110 +++++------------- 3 files changed, 51 insertions(+), 89 deletions(-) diff --git a/fizz-common/src/main/java/we/util/UrlTransformUtils.java b/fizz-common/src/main/java/we/util/UrlTransformUtils.java index a7671db..b689e85 100644 --- a/fizz-common/src/main/java/we/util/UrlTransformUtils.java +++ b/fizz-common/src/main/java/we/util/UrlTransformUtils.java @@ -24,7 +24,7 @@ public class UrlTransformUtils { private UrlTransformUtils() {} - private static final FizzGatewayUrlAntPathMatcher ANT_PATH_MATCHER = new FizzGatewayUrlAntPathMatcher(); + public static final FizzGatewayUrlAntPathMatcher ANT_PATH_MATCHER = new FizzGatewayUrlAntPathMatcher(); /** * transform the backend path to the real backend request path @@ -63,7 +63,7 @@ public class UrlTransformUtils { * * @author zhongjie */ - static class FizzGatewayUrlAntPathMatcher extends AntPathMatcher { + public static class FizzGatewayUrlAntPathMatcher extends AntPathMatcher { private static final String DEFAULT_PATH_SEPARATOR = "#"; private static final int CACHE_TURNOFF_THRESHOLD = 65536; diff --git a/fizz-core/src/main/java/we/plugin/auth/ApiConfigService.java b/fizz-core/src/main/java/we/plugin/auth/ApiConfigService.java index 315444f..c73b820 100644 --- a/fizz-core/src/main/java/we/plugin/auth/ApiConfigService.java +++ b/fizz-core/src/main/java/we/plugin/auth/ApiConfigService.java @@ -48,7 +48,9 @@ import java.util.concurrent.TimeUnit; @Service public class ApiConfigService { - private static final Logger log = LoggerFactory.getLogger(ApiConfigService.class); + private static final Logger log = LoggerFactory.getLogger(ApiConfigService.class); + + private static final String mpps = "$mpps"; @NacosValue(value = "${fizz-api-config.key:fizz_api_config_route}", autoRefreshed = true) @Value("${fizz-api-config.key:fizz_api_config_route}") @@ -246,17 +248,29 @@ public class ApiConfigService { public ApiConfig getApiConfig(String service, HttpMethod method, String path, String gatewayGroup, String app) { ServiceConfig sc = serviceConfigMap.get(service); if (sc != null) { - Set acs = sc.getApiConfigs(method, path, gatewayGroup); - if (acs != null) { - for (ApiConfig ac : acs) { + List apiConfigs = sc.getApiConfigs(method, path, gatewayGroup); + if (!apiConfigs.isEmpty()) { + List matchPathPatterns = ThreadContext.getArrayList(mpps, String.class); + for (ApiConfig ac : apiConfigs) { if (ac.checkApp) { if (apiConifg2appsService.contains(ac.id, app)) { - return ac; + matchPathPatterns.add(ac.path); } else if (log.isDebugEnabled()) { log.debug(ac + " not contains app " + app); } } else { - return ac; + matchPathPatterns.add(ac.path); + } + } + if (!matchPathPatterns.isEmpty()) { + if (matchPathPatterns.size() > 1) { + Collections.sort(matchPathPatterns, UrlTransformUtils.ANT_PATH_MATCHER.getPatternComparator(path)); + } + String bestPathPattern = matchPathPatterns.get(0); + for (ApiConfig ac : apiConfigs) { + if (StringUtils.equals(ac.path, bestPathPattern)) { + return ac; + } } } } diff --git a/fizz-core/src/main/java/we/plugin/auth/ServiceConfig.java b/fizz-core/src/main/java/we/plugin/auth/ServiceConfig.java index 2065fb0..308c3c0 100644 --- a/fizz-core/src/main/java/we/plugin/auth/ServiceConfig.java +++ b/fizz-core/src/main/java/we/plugin/auth/ServiceConfig.java @@ -18,15 +18,11 @@ package we.plugin.auth; import com.fasterxml.jackson.annotation.JsonIgnore; - -import org.apache.commons.lang3.StringUtils; -import org.springframework.http.HttpMethod; -import org.springframework.util.AntPathMatcher; - import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import we.util.JacksonUtils; +import org.springframework.http.HttpMethod; import we.util.ThreadContext; +import we.util.UrlTransformUtils; import java.util.*; @@ -36,11 +32,9 @@ import java.util.*; public class ServiceConfig { - private static final Logger log = LoggerFactory.getLogger(ServiceConfig.class); + private static final Logger log = LoggerFactory.getLogger(ServiceConfig.class); - private static final AntPathMatcher antPathMatcher = new AntPathMatcher(); - - private static final String mpps = "$mpps"; + private static final String gg2acs = "$gg2acs"; public String id; @@ -118,87 +112,41 @@ public class ServiceConfig { } } - // @JsonIgnore - // public ApiConfig getApiConfig(HttpMethod method, String path, String gatewayGroup, String app) { - // GatewayGroup2apiConfig r = getApiConfig(method, path); - // if (r == null) { - // return null; - // } - // if (StringUtils.isBlank(app)) { - // app = App.ALL_APP; - // } - // return r.get(gatewayGroup, app); - // } - @JsonIgnore - public Set getApiConfigs(HttpMethod method, String path, String gatewayGroup) { - Set apiConfigs = null; - GatewayGroup2apiConfig r = getApiConfig(method, path); - if (r != null) { - apiConfigs = r.get(gatewayGroup); - } - if (log.isDebugEnabled()) { - log.debug(gatewayGroup + ' ' + method + ' ' + path + ' ' + JacksonUtils.writeValueAsString(apiConfigs)); - } - return apiConfigs; - } + public List getApiConfigs(HttpMethod method, String path, String gatewayGroup) { - private GatewayGroup2apiConfig getApiConfig(HttpMethod method, String reqPath) { - - List matchPathPatterns = ThreadContext.getArrayList(mpps, String.class); + List matchGatewayGroup2apiConfigs = ThreadContext.getArrayList(gg2acs, GatewayGroup2apiConfig.class); Set>> es = path2methodToApiConfigMapMap.entrySet(); for (Map.Entry> e : es) { - String pathPattern = e.getKey(); - if (ApiConfig.isAntPathPattern(pathPattern)) { - if (antPathMatcher.match(pathPattern, reqPath)) { - matchPathPatterns.add(pathPattern); + EnumMap method2gatewayGroupToApiConfigMap = e.getValue(); + GatewayGroup2apiConfig gatewayGroup2apiConfig = method2gatewayGroupToApiConfigMap.get(method); + if (gatewayGroup2apiConfig == null) { + gatewayGroup2apiConfig = method2gatewayGroupToApiConfigMap.get(HttpMethod.TRACE); + } + if (gatewayGroup2apiConfig != null) { + String pathPattern = e.getKey(); + if (ApiConfig.isAntPathPattern(pathPattern)) { + if (UrlTransformUtils.ANT_PATH_MATCHER.match(pathPattern, path)) { + matchGatewayGroup2apiConfigs.add(gatewayGroup2apiConfig); + } + } else if (path.equals(pathPattern)) { + matchGatewayGroup2apiConfigs.add(gatewayGroup2apiConfig); } - } else if (reqPath.equals(pathPattern)) { - return getGatewayGroup2apiConfig(method, e.getValue()); } } - if (matchPathPatterns.isEmpty()) { - return null; + + if (matchGatewayGroup2apiConfigs.isEmpty()) { + return Collections.emptyList(); } else { - Collections.sort(matchPathPatterns, antPathMatcher.getPatternComparator(reqPath)); - String bestPattern = matchPathPatterns.get(0); - if (log.isDebugEnabled()) { - log.debug("req path: " + reqPath + - "\nmatch patterns: " + matchPathPatterns + - "\nbest one: " + bestPattern); + List lst = new ArrayList<>(8); + for (GatewayGroup2apiConfig gatewayGroup2apiConfig : matchGatewayGroup2apiConfigs) { + Set apiConfigs = gatewayGroup2apiConfig.get(gatewayGroup); + if (apiConfigs != null) { + lst.addAll(apiConfigs); + } } - return getGatewayGroup2apiConfig(method, path2methodToApiConfigMapMap.get(bestPattern)); - } - } - - // private GatewayGroup2appsToApiConfig getApiConfig0(HttpMethod method, String path) { - // while (true) { - // EnumMap method2apiConfigMap = path2methodToApiConfigMapMap.get(path); - // if (method2apiConfigMap == null) { - // int i = path.lastIndexOf(Constants.Symbol.FORWARD_SLASH); - // if (i == 0) { - // method2apiConfigMap = path2methodToApiConfigMapMap.get(Constants.Symbol.FORWARD_SLASH_STR); - // if (method2apiConfigMap == null) { - // return null; - // } else { - // return getGatewayGroup2appsToApiConfig(method, method2apiConfigMap); - // } - // } else { - // path = path.substring(0, i); - // } - // } else { - // return getGatewayGroup2appsToApiConfig(method, method2apiConfigMap); - // } - // } - // } - - private GatewayGroup2apiConfig getGatewayGroup2apiConfig(HttpMethod method, EnumMap method2apiConfigMap) { - GatewayGroup2apiConfig r = method2apiConfigMap.get(method); - if (r == null) { - return method2apiConfigMap.get(HttpMethod.TRACE); - } else { - return r; + return lst; } } }