From c850712f8bf6e8c8b94b92893bef1fb6e307cd02 Mon Sep 17 00:00:00 2001 From: tanghc Date: Fri, 19 Jul 2019 20:14:34 +0800 Subject: [PATCH] 1.12.4 --- sop-common/pom.xml | 2 +- sop-common/sop-gateway-common/pom.xml | 4 +- .../sop/gatewaycommon/bean/ApiConfig.java | 7 ++++ .../gateway/param/GatewayParamBuilder.java | 5 +++ .../manager/AbstractConfiguration.java | 6 +++ .../manager/DefaultIPBlacklistManager.java | 38 +++++++++++++++++++ .../manager/IPBlacklistManager.java | 16 ++++++++ .../manager/ZookeeperContext.java | 4 ++ .../sop/gatewaycommon/message/ErrorEnum.java | 2 + .../sop/gatewaycommon/param/ApiParam.java | 10 +++++ .../gatewaycommon/param/BaseParamBuilder.java | 3 ++ .../gatewaycommon/validate/ApiValidator.java | 14 +++++++ .../zuul/filter/PreValidateFilter.java | 2 +- .../zuul/param/ZuulParamBuilder.java | 5 +++ .../resources/i18n/open/error_en.properties | 3 +- .../i18n/open/error_zh_CN.properties | 3 +- sop-common/sop-registry-api/pom.xml | 2 +- sop-common/sop-service-common/pom.xml | 4 +- 18 files changed, 121 insertions(+), 9 deletions(-) create mode 100644 sop-common/sop-gateway-common/src/main/java/com/gitee/sop/gatewaycommon/manager/DefaultIPBlacklistManager.java create mode 100644 sop-common/sop-gateway-common/src/main/java/com/gitee/sop/gatewaycommon/manager/IPBlacklistManager.java diff --git a/sop-common/pom.xml b/sop-common/pom.xml index 8f9064c0..706060c4 100644 --- a/sop-common/pom.xml +++ b/sop-common/pom.xml @@ -5,7 +5,7 @@ 4.0.0 com.gitee.sop sop-common - 1.12.4-SNAPSHOT + 1.13.0-SNAPSHOT pom diff --git a/sop-common/sop-gateway-common/pom.xml b/sop-common/sop-gateway-common/pom.xml index 2e3242bd..3223c94d 100644 --- a/sop-common/sop-gateway-common/pom.xml +++ b/sop-common/sop-gateway-common/pom.xml @@ -5,11 +5,11 @@ com.gitee.sop sop-common - 1.12.4-SNAPSHOT + 1.13.0-SNAPSHOT ../pom.xml sop-gateway-common - 1.12.4-SNAPSHOT + 1.13.0-SNAPSHOT jar sop-gateway-common diff --git a/sop-common/sop-gateway-common/src/main/java/com/gitee/sop/gatewaycommon/bean/ApiConfig.java b/sop-common/sop-gateway-common/src/main/java/com/gitee/sop/gatewaycommon/bean/ApiConfig.java index 1a846c33..6ff941de 100644 --- a/sop-common/sop-gateway-common/src/main/java/com/gitee/sop/gatewaycommon/bean/ApiConfig.java +++ b/sop-common/sop-gateway-common/src/main/java/com/gitee/sop/gatewaycommon/bean/ApiConfig.java @@ -5,10 +5,12 @@ import com.gitee.sop.gatewaycommon.gateway.result.GatewayResult; import com.gitee.sop.gatewaycommon.gateway.result.GatewayResultExecutor; import com.gitee.sop.gatewaycommon.limit.DefaultLimitManager; import com.gitee.sop.gatewaycommon.limit.LimitManager; +import com.gitee.sop.gatewaycommon.manager.DefaultIPBlacklistManager; import com.gitee.sop.gatewaycommon.manager.DefaultIsvRoutePermissionManager; import com.gitee.sop.gatewaycommon.manager.DefaultLimitConfigManager; import com.gitee.sop.gatewaycommon.manager.DefaultRouteConfigManager; import com.gitee.sop.gatewaycommon.manager.DefaultServiceErrorManager; +import com.gitee.sop.gatewaycommon.manager.IPBlacklistManager; import com.gitee.sop.gatewaycommon.manager.IsvRoutePermissionManager; import com.gitee.sop.gatewaycommon.manager.LimitConfigManager; import com.gitee.sop.gatewaycommon.manager.RouteConfigManager; @@ -115,6 +117,11 @@ public class ApiConfig { */ private LimitConfigManager limitConfigManager = new DefaultLimitConfigManager(); + /** + * IP黑名单 + */ + private IPBlacklistManager ipBlacklistManager = new DefaultIPBlacklistManager(); + /** * 限流管理 */ diff --git a/sop-common/sop-gateway-common/src/main/java/com/gitee/sop/gatewaycommon/gateway/param/GatewayParamBuilder.java b/sop-common/sop-gateway-common/src/main/java/com/gitee/sop/gatewaycommon/gateway/param/GatewayParamBuilder.java index e0f1ae96..be9f0b68 100644 --- a/sop-common/sop-gateway-common/src/main/java/com/gitee/sop/gatewaycommon/gateway/param/GatewayParamBuilder.java +++ b/sop-common/sop-gateway-common/src/main/java/com/gitee/sop/gatewaycommon/gateway/param/GatewayParamBuilder.java @@ -17,4 +17,9 @@ public class GatewayParamBuilder extends BaseParamBuilder { Map params = GatewayContext.getRequestParams(exchange); return params == null ? Collections.emptyMap() : params; } + + @Override + public String getIP(ServerWebExchange ctx) { + return ctx.getRequest().getRemoteAddress().getAddress().getHostAddress(); + } } diff --git a/sop-common/sop-gateway-common/src/main/java/com/gitee/sop/gatewaycommon/manager/AbstractConfiguration.java b/sop-common/sop-gateway-common/src/main/java/com/gitee/sop/gatewaycommon/manager/AbstractConfiguration.java index a42d03c3..fa8abada 100644 --- a/sop-common/sop-gateway-common/src/main/java/com/gitee/sop/gatewaycommon/manager/AbstractConfiguration.java +++ b/sop-common/sop-gateway-common/src/main/java/com/gitee/sop/gatewaycommon/manager/AbstractConfiguration.java @@ -53,6 +53,12 @@ public class AbstractConfiguration implements ApplicationContextAware { LimitConfigManager limitConfigManager() { return ApiConfig.getInstance().getLimitConfigManager(); } + + @Bean + IPBlacklistManager ipBlacklistManager() { + return ApiConfig.getInstance().getIpBlacklistManager(); + } + /** * 跨域过滤器 * diff --git a/sop-common/sop-gateway-common/src/main/java/com/gitee/sop/gatewaycommon/manager/DefaultIPBlacklistManager.java b/sop-common/sop-gateway-common/src/main/java/com/gitee/sop/gatewaycommon/manager/DefaultIPBlacklistManager.java new file mode 100644 index 00000000..9c1788bf --- /dev/null +++ b/sop-common/sop-gateway-common/src/main/java/com/gitee/sop/gatewaycommon/manager/DefaultIPBlacklistManager.java @@ -0,0 +1,38 @@ +package com.gitee.sop.gatewaycommon.manager; + +import com.google.common.collect.Sets; +import org.apache.commons.lang.StringUtils; + +import java.util.Set; + +/** + * ip黑名单管理 + * @author tanghc + */ +public class DefaultIPBlacklistManager implements IPBlacklistManager { + + private static Set ipList = Sets.newConcurrentHashSet(); + + @Override + public void add(String ip) { + ipList.add(ip); + } + + @Override + public void remove(String ip) { + ipList.remove(ip); + } + + @Override + public boolean contains(String ip) { + if (StringUtils.isBlank(ip)) { + return false; + } + return ipList.contains(ip); + } + + @Override + public void load() { + + } +} diff --git a/sop-common/sop-gateway-common/src/main/java/com/gitee/sop/gatewaycommon/manager/IPBlacklistManager.java b/sop-common/sop-gateway-common/src/main/java/com/gitee/sop/gatewaycommon/manager/IPBlacklistManager.java new file mode 100644 index 00000000..64861390 --- /dev/null +++ b/sop-common/sop-gateway-common/src/main/java/com/gitee/sop/gatewaycommon/manager/IPBlacklistManager.java @@ -0,0 +1,16 @@ +package com.gitee.sop.gatewaycommon.manager; + +import com.gitee.sop.gatewaycommon.bean.BeanInitializer; + +/** + * @author tanghc + */ +public interface IPBlacklistManager extends BeanInitializer { + + void add(String ip); + + void remove(String ip); + + boolean contains(String ip); + +} diff --git a/sop-common/sop-gateway-common/src/main/java/com/gitee/sop/gatewaycommon/manager/ZookeeperContext.java b/sop-common/sop-gateway-common/src/main/java/com/gitee/sop/gatewaycommon/manager/ZookeeperContext.java index 79c688d8..85849ccf 100644 --- a/sop-common/sop-gateway-common/src/main/java/com/gitee/sop/gatewaycommon/manager/ZookeeperContext.java +++ b/sop-common/sop-gateway-common/src/main/java/com/gitee/sop/gatewaycommon/manager/ZookeeperContext.java @@ -81,6 +81,10 @@ public class ZookeeperContext { return SOP_MSG_CHANNEL_PATH + "/limit-conf"; } + public static String getIpBlacklistChannelPath() { + return SOP_MSG_CHANNEL_PATH + "/ipblacklist-conf"; + } + public static CuratorFramework getClient() { return client; } diff --git a/sop-common/sop-gateway-common/src/main/java/com/gitee/sop/gatewaycommon/message/ErrorEnum.java b/sop-common/sop-gateway-common/src/main/java/com/gitee/sop/gatewaycommon/message/ErrorEnum.java index 6a20cfed..5f38b477 100644 --- a/sop-common/sop-gateway-common/src/main/java/com/gitee/sop/gatewaycommon/message/ErrorEnum.java +++ b/sop-common/sop-gateway-common/src/main/java/com/gitee/sop/gatewaycommon/message/ErrorEnum.java @@ -100,6 +100,8 @@ public enum ErrorEnum { ISV_ROUTE_NO_PERMISSIONS(Codes.CODE_ISV_PERM, "isv.route-no-permissions"), /** 禁止访问 */ ISV_ACCESS_FORBIDDEN(Codes.CODE_ISV_PERM, "isv.access-forbidden"), + /** 禁止IP访问 */ + ISV_IP_FORBIDDEN(Codes.CODE_ISV_PERM, "isv.ip-forbidden"), ; private ErrorMeta errorMeta; diff --git a/sop-common/sop-gateway-common/src/main/java/com/gitee/sop/gatewaycommon/param/ApiParam.java b/sop-common/sop-gateway-common/src/main/java/com/gitee/sop/gatewaycommon/param/ApiParam.java index 3523faed..b9530545 100644 --- a/sop-common/sop-gateway-common/src/main/java/com/gitee/sop/gatewaycommon/param/ApiParam.java +++ b/sop-common/sop-gateway-common/src/main/java/com/gitee/sop/gatewaycommon/param/ApiParam.java @@ -27,6 +27,8 @@ public class ApiParam extends JSONObject implements Param { private String restName; private String restVersion; + private String ip; + private transient ApiUploadContext apiUploadContext; public void fitNameVersion() { @@ -236,4 +238,12 @@ public class ApiParam extends JSONObject implements Param { public void setRestVersion(String restVersion) { this.restVersion = restVersion; } + + public void setIp(String ip) { + this.ip = ip; + } + + public String fetchIp() { + return ip; + } } diff --git a/sop-common/sop-gateway-common/src/main/java/com/gitee/sop/gatewaycommon/param/BaseParamBuilder.java b/sop-common/sop-gateway-common/src/main/java/com/gitee/sop/gatewaycommon/param/BaseParamBuilder.java index 3fb0613a..7aafcc19 100644 --- a/sop-common/sop-gateway-common/src/main/java/com/gitee/sop/gatewaycommon/param/BaseParamBuilder.java +++ b/sop-common/sop-gateway-common/src/main/java/com/gitee/sop/gatewaycommon/param/BaseParamBuilder.java @@ -19,6 +19,8 @@ public abstract class BaseParamBuilder implements ParamBuilder { public abstract Map buildRequestParams(T ctx); + public abstract String getIP(T ctx); + @Override public ApiParam build(T ctx) { ApiParam apiParam = this.newApiParam(ctx); @@ -27,6 +29,7 @@ public abstract class BaseParamBuilder implements ParamBuilder { apiParam.put(entry.getKey(), entry.getValue()); } this.initOtherProperty(apiParam); + apiParam.setIp(this.getIP(ctx)); return apiParam; } diff --git a/sop-common/sop-gateway-common/src/main/java/com/gitee/sop/gatewaycommon/validate/ApiValidator.java b/sop-common/sop-gateway-common/src/main/java/com/gitee/sop/gatewaycommon/validate/ApiValidator.java index 7a20acba..8b81e809 100644 --- a/sop-common/sop-gateway-common/src/main/java/com/gitee/sop/gatewaycommon/validate/ApiValidator.java +++ b/sop-common/sop-gateway-common/src/main/java/com/gitee/sop/gatewaycommon/validate/ApiValidator.java @@ -6,6 +6,7 @@ import com.gitee.sop.gatewaycommon.bean.BaseRouteDefinition; import com.gitee.sop.gatewaycommon.bean.Isv; import com.gitee.sop.gatewaycommon.bean.RouteConfig; import com.gitee.sop.gatewaycommon.bean.TargetRoute; +import com.gitee.sop.gatewaycommon.manager.IPBlacklistManager; import com.gitee.sop.gatewaycommon.manager.IsvRoutePermissionManager; import com.gitee.sop.gatewaycommon.manager.RouteConfigManager; import com.gitee.sop.gatewaycommon.manager.RouteRepositoryContext; @@ -46,6 +47,7 @@ public class ApiValidator implements Validator { @Override public void validate(ApiParam param) { + checkIP(param); checkEnable(param); ApiConfig apiConfig = ApiContext.getApiConfig(); @@ -64,6 +66,18 @@ public class ApiValidator implements Validator { checkPermission(param); } + /** + * 是否在IP黑名单中 + * @param param 接口参数 + */ + protected void checkIP(ApiParam param) { + IPBlacklistManager ipBlacklistManager = ApiConfig.getInstance().getIpBlacklistManager(); + String ip = param.fetchIp(); + if (ipBlacklistManager.contains(ip)) { + throw ErrorEnum.ISV_IP_FORBIDDEN.getErrorMeta().getException(); + } + } + /** * 检测能否访问 * @param param 接口参数 diff --git a/sop-common/sop-gateway-common/src/main/java/com/gitee/sop/gatewaycommon/zuul/filter/PreValidateFilter.java b/sop-common/sop-gateway-common/src/main/java/com/gitee/sop/gatewaycommon/zuul/filter/PreValidateFilter.java index a0a8b6ac..9164635b 100644 --- a/sop-common/sop-gateway-common/src/main/java/com/gitee/sop/gatewaycommon/zuul/filter/PreValidateFilter.java +++ b/sop-common/sop-gateway-common/src/main/java/com/gitee/sop/gatewaycommon/zuul/filter/PreValidateFilter.java @@ -36,7 +36,7 @@ public class PreValidateFilter extends BaseZuulFilter { try { validator.validate(param); } catch (ApiException e) { - log.error("验证失败,params:{}", param.toJSONString(), e); + log.error("验证失败,ip:{}, params:{}", param.fetchIp(), param.toJSONString(), e); throw e; } finally { param.fitNameVersion(); diff --git a/sop-common/sop-gateway-common/src/main/java/com/gitee/sop/gatewaycommon/zuul/param/ZuulParamBuilder.java b/sop-common/sop-gateway-common/src/main/java/com/gitee/sop/gatewaycommon/zuul/param/ZuulParamBuilder.java index 28bb7ec3..b3bf1670 100644 --- a/sop-common/sop-gateway-common/src/main/java/com/gitee/sop/gatewaycommon/zuul/param/ZuulParamBuilder.java +++ b/sop-common/sop-gateway-common/src/main/java/com/gitee/sop/gatewaycommon/zuul/param/ZuulParamBuilder.java @@ -62,6 +62,11 @@ public class ZuulParamBuilder extends BaseParamBuilder { return params; } + @Override + public String getIP(RequestContext ctx) { + return RequestUtil.getIP(ctx.getRequest()); + } + @Override protected ApiParam newApiParam(RequestContext ctx) { ApiParam apiParam = super.newApiParam(ctx); diff --git a/sop-common/sop-gateway-common/src/main/resources/i18n/open/error_en.properties b/sop-common/sop-gateway-common/src/main/resources/i18n/open/error_en.properties index dbdcf00c..4bf3b7b5 100644 --- a/sop-common/sop-gateway-common/src/main/resources/i18n/open/error_en.properties +++ b/sop-common/sop-gateway-common/src/main/resources/i18n/open/error_en.properties @@ -55,4 +55,5 @@ open.error_40006=Insufficient permissions open.error_40006_isv.insufficient-isv-permissions=Insufficient ISV permissions open.error_40006_isv.insufficient-user-permissions=Insufficient user permissions open.error_40006_isv.route-no-permissions=No api permissions -open.error_40006_isv.access-forbidden=Access forbidden \ No newline at end of file +open.error_40006_isv.access-forbidden=Access forbidden +open.error_40006_isv.ip-forbidden=IP access forbidden \ No newline at end of file diff --git a/sop-common/sop-gateway-common/src/main/resources/i18n/open/error_zh_CN.properties b/sop-common/sop-gateway-common/src/main/resources/i18n/open/error_zh_CN.properties index 29b9fd7f..6d5abd90 100644 --- a/sop-common/sop-gateway-common/src/main/resources/i18n/open/error_zh_CN.properties +++ b/sop-common/sop-gateway-common/src/main/resources/i18n/open/error_zh_CN.properties @@ -110,4 +110,5 @@ open.error_40006=\u6743\u9650\u4e0d\u8db3 open.error_40006_isv.insufficient-isv-permissions=\u8bf7\u68c0\u67e5\u914d\u7f6e\u7684\u8d26\u6237\u662f\u5426\u6709\u5f53\u524d\u63a5\u53e3\u6743\u9650 open.error_40006_isv.insufficient-user-permissions=\u4ee3\u7406\u7684\u5546\u6237\u6ca1\u6709\u5f53\u524d\u63a5\u53e3\u6743\u9650 open.error_40006_isv.route-no-permissions=\u6ca1\u6709\u5f53\u524d\u63a5\u53e3\u6743\u9650 -open.error_40006_isv.access-forbidden=\u65e0\u6743\u8bbf\u95ee \ No newline at end of file +open.error_40006_isv.access-forbidden=\u65e0\u6743\u8bbf\u95ee +open.error_40006_isv.ip-forbidden=IP\u65e0\u6743\u8bbf\u95ee \ No newline at end of file diff --git a/sop-common/sop-registry-api/pom.xml b/sop-common/sop-registry-api/pom.xml index 8da577ba..101cc5b9 100644 --- a/sop-common/sop-registry-api/pom.xml +++ b/sop-common/sop-registry-api/pom.xml @@ -5,7 +5,7 @@ 4.0.0 com.gitee.sop sop-registry-api - 1.12.4-SNAPSHOT + 1.13.0-SNAPSHOT UTF-8 diff --git a/sop-common/sop-service-common/pom.xml b/sop-common/sop-service-common/pom.xml index 3b86a333..a7a8309d 100644 --- a/sop-common/sop-service-common/pom.xml +++ b/sop-common/sop-service-common/pom.xml @@ -6,11 +6,11 @@ com.gitee.sop sop-common - 1.12.4-SNAPSHOT + 1.13.0-SNAPSHOT ../pom.xml sop-service-common - 1.12.4-SNAPSHOT + 1.13.0-SNAPSHOT jar sop-service-common