From 71b92def56e4e8d95b00af934f23fa554c474b12 Mon Sep 17 00:00:00 2001
From: hongqiaowei <hongqiaowei@163.com>
Date: Wed, 18 Aug 2021 17:23:27 +0800
Subject: [PATCH] Optimize route auth msg

---
 .../java/we/plugin/auth/ApiConfigService.java     | 15 ++++++++-------
 .../main/java/we/plugin/auth/ServiceConfig.java   | 12 ++++++------
 2 files changed, 14 insertions(+), 13 deletions(-)

diff --git a/fizz-core/src/main/java/we/plugin/auth/ApiConfigService.java b/fizz-core/src/main/java/we/plugin/auth/ApiConfigService.java
index 13fb5f7..dc03a7d 100644
--- a/fizz-core/src/main/java/we/plugin/auth/ApiConfigService.java
+++ b/fizz-core/src/main/java/we/plugin/auth/ApiConfigService.java
@@ -255,17 +255,18 @@ public class ApiConfigService {
                     if (ac.checkApp) {
                         if (apiConifg2appsService.contains(ac.id, app)) {
                             matchPathPatterns.add(ac.path);
-                        } /*else {
-                            if (app == null) {
-                                ThreadContext.set(ApiConfigService.AUTH_MSG, "request not carry app message");
-                            } else {
-                                ThreadContext.set(ApiConfigService.AUTH_MSG, app + " can't access " + service + ' ' + method + ' ' + path);
-                            }
-                        }*/
+                        }
                     } else {
                         matchPathPatterns.add(ac.path);
                     }
                 }
+                if (matchPathPatterns.isEmpty()) {
+                    if (app == null) {
+                        ThreadContext.set(ApiConfigService.AUTH_MSG, "no app msg in req");
+                    } else {
+                        ThreadContext.set(ApiConfigService.AUTH_MSG, app + " not in app whitelist of routes which match " + gatewayGroup + ' ' + service + ' ' + method + ' ' + path);
+                    }
+                }
                 if (!matchPathPatterns.isEmpty()) {
                     if (matchPathPatterns.size() > 1) {
                         Collections.sort(matchPathPatterns, UrlTransformUtils.ANT_PATH_MATCHER.getPatternComparator(path));
diff --git a/fizz-core/src/main/java/we/plugin/auth/ServiceConfig.java b/fizz-core/src/main/java/we/plugin/auth/ServiceConfig.java
index f44a016..1556497 100644
--- a/fizz-core/src/main/java/we/plugin/auth/ServiceConfig.java
+++ b/fizz-core/src/main/java/we/plugin/auth/ServiceConfig.java
@@ -146,19 +146,19 @@ public class ServiceConfig {
             for (int i = 0; i < matchGatewayGroup2apiConfigs.size(); i++) {
                 GatewayGroup2apiConfig gatewayGroup2apiConfig = matchGatewayGroup2apiConfigs.get(i);
                 Set<ApiConfig> apiConfigs = gatewayGroup2apiConfig.get(gatewayGroup);
-                if (apiConfigs != null) {
+                if (apiConfigs == null) {
+                    ThreadContext.set(ApiConfigService.AUTH_MSG, "route which match " + id + ' ' + method + ' ' + path + " is not exposed to " + gatewayGroup);
+                } else {
                     for (ApiConfig ac : apiConfigs) {
                         if (ac.access == ApiConfig.ALLOW) {
                             lst.add(ac);
                         }
                     }
+                    if (lst.isEmpty()) {
+                        ThreadContext.set(ApiConfigService.AUTH_MSG, "route which match " + id + ' ' + method + ' ' + path + " not allow access");
+                    }
                 }
             }
-            // if (lst.isEmpty()) {
-            //     ThreadContext.set(
-            //             ApiConfigService.AUTH_MSG,
-            //             "route which match " + id + ' ' + method + ' ' + path + " is not exposed to " + gatewayGroup + " gateway group or allow access");
-            // }
             return lst;
         }
     }