mirror of
https://github.com/eolinker/apinto
synced 2025-12-24 13:28:15 +08:00
修复访问策略匹配逻辑错误的问题
This commit is contained in:
Liujian
@@ -39,16 +39,14 @@ func (ls listChecker) Check(v string, has bool) bool {
|
||||
|
||||
func (m *multipleChecker) Check(v string, has bool) bool {
|
||||
if has && m.equals != nil {
|
||||
//全选逻辑处理
|
||||
for k, _ := range m.equals {
|
||||
if k == "ALL" {
|
||||
return true
|
||||
}
|
||||
}
|
||||
|
||||
if ok := m.equals[v]; ok {
|
||||
return true
|
||||
}
|
||||
//全选逻辑处理
|
||||
if _, ok := m.equals["ALL"]; ok {
|
||||
return true
|
||||
}
|
||||
}
|
||||
return m.other.Check(v, has)
|
||||
}
|
||||
|
||||
@@ -2,6 +2,7 @@ package limiting_strategy
|
||||
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
"net"
|
||||
"strconv"
|
||||
"testing"
|
||||
@@ -12,7 +13,7 @@ import (
|
||||
"github.com/eolinker/eosc/eocontext"
|
||||
)
|
||||
|
||||
var maxID = 1000
|
||||
var maxID = 10000
|
||||
|
||||
type EmptyContext struct {
|
||||
labels map[string]string
|
||||
@@ -22,7 +23,7 @@ func NewEmptyContext() *EmptyContext {
|
||||
e := &EmptyContext{
|
||||
labels: map[string]string{
|
||||
//"api": strconv.Itoa(rand.Intn(maxID)),
|
||||
"api": strconv.Itoa(1),
|
||||
"api": strconv.Itoa(maxID),
|
||||
},
|
||||
}
|
||||
return e
|
||||
@@ -151,11 +152,15 @@ func BenchmarkLimiting(b *testing.B) {
|
||||
handlers := make([]*LimitingHandler, 0, maxID)
|
||||
for i := 0; i < maxID; i++ {
|
||||
name := strconv.Itoa(i + 1)
|
||||
apis := make([]string, 0, maxID)
|
||||
for j := 0; j < 1000; j++ {
|
||||
apis = append(apis, fmt.Sprintf("%d", j+1))
|
||||
}
|
||||
handler, _ := NewLimitingHandler(name, &Config{
|
||||
Stop: false,
|
||||
Priority: 0,
|
||||
Priority: i,
|
||||
Filters: strategy.FilterConfig{
|
||||
"api": []string{name},
|
||||
"api": apis,
|
||||
},
|
||||
})
|
||||
handlers = append(handlers, handler)
|
||||
@@ -168,7 +173,7 @@ func BenchmarkLimiting(b *testing.B) {
|
||||
for _, h := range handlers {
|
||||
if h.Filter().Check(ctx) {
|
||||
//fmt.Printf("match %s\n", h.name)
|
||||
break
|
||||
continue
|
||||
}
|
||||
}
|
||||
//fmt.Println("spend time:", time.Now().Sub(begin))
|
||||
|
||||
@@ -82,29 +82,33 @@ func (a *tActuator) Strategy(ctx eocontext.EoContext, next eocontext.IChain) err
|
||||
a.lock.RLock()
|
||||
handlers := a.handlers
|
||||
a.lock.RUnlock()
|
||||
|
||||
pass := true
|
||||
for _, handler := range handlers {
|
||||
//check筛选条件
|
||||
// 匹配Filter
|
||||
if !handler.filter.Check(httpCtx) {
|
||||
// 未命中,下一条规则
|
||||
continue
|
||||
}
|
||||
|
||||
//第一个判断条件为访问规则必须是允许,并且生效范围检测出是黑名单 第二个判断条件为访问规则必须是拒绝,并且生效返回检测出是黑名单
|
||||
if (handler.rule.visit && !handler.rule.effectFilter.Check(ctx)) || (!handler.rule.visit && handler.rule.effectFilter.Check(ctx)) {
|
||||
ctx.SetLabel("handler", "visit")
|
||||
httpCtx.Response().SetStatus(403, "")
|
||||
errInfo := "not allowed"
|
||||
httpCtx.Response().SetBody([]byte(errInfo))
|
||||
return errors.New(errInfo)
|
||||
// 匹配资源
|
||||
match := handler.rule.effectFilter.Check(ctx)
|
||||
if match {
|
||||
// 匹配成功
|
||||
pass = handler.rule.visit
|
||||
break
|
||||
}
|
||||
|
||||
pass = !handler.rule.visit
|
||||
if handler.rule.isContinue {
|
||||
continue
|
||||
}
|
||||
break
|
||||
|
||||
}
|
||||
|
||||
if !pass {
|
||||
ctx.SetLabel("handler", "visit")
|
||||
httpCtx.Response().SetStatus(403, "")
|
||||
errInfo := "not allowed"
|
||||
httpCtx.Response().SetBody([]byte(errInfo))
|
||||
return errors.New(errInfo)
|
||||
}
|
||||
if next != nil {
|
||||
return next.DoChain(ctx)
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user