From 91cc29e1cab9f14b10b145e9c3e2cdf98cb95d6b Mon Sep 17 00:00:00 2001 From: Liujian <824010343@qq.com> Date: Mon, 11 Mar 2024 15:41:34 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E8=AE=BF=E9=97=AE=E7=AD=96?= =?UTF-8?q?=E7=95=A5=E5=8C=B9=E9=85=8D=E9=80=BB=E8=BE=91=E9=94=99=E8=AF=AF?= =?UTF-8?q?=E7=9A=84=E9=97=AE=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- checker/multiple.go | 10 +++---- .../limiting-strategy/limiting_test.go | 15 ++++++---- drivers/strategy/visit-strategy/actuator.go | 30 +++++++++++-------- 3 files changed, 31 insertions(+), 24 deletions(-) diff --git a/checker/multiple.go b/checker/multiple.go index 69cb9c8e..d121efb0 100644 --- a/checker/multiple.go +++ b/checker/multiple.go @@ -39,16 +39,14 @@ func (ls listChecker) Check(v string, has bool) bool { func (m *multipleChecker) Check(v string, has bool) bool { if has && m.equals != nil { - //全选逻辑处理 - for k, _ := range m.equals { - if k == "ALL" { - return true - } - } if ok := m.equals[v]; ok { return true } + //全选逻辑处理 + if _, ok := m.equals["ALL"]; ok { + return true + } } return m.other.Check(v, has) } diff --git a/drivers/strategy/limiting-strategy/limiting_test.go b/drivers/strategy/limiting-strategy/limiting_test.go index 23c7a4e4..8a8be9f7 100644 --- a/drivers/strategy/limiting-strategy/limiting_test.go +++ b/drivers/strategy/limiting-strategy/limiting_test.go @@ -2,6 +2,7 @@ package limiting_strategy import ( "context" + "fmt" "net" "strconv" "testing" @@ -12,7 +13,7 @@ import ( "github.com/eolinker/eosc/eocontext" ) -var maxID = 1000 +var maxID = 10000 type EmptyContext struct { labels map[string]string @@ -22,7 +23,7 @@ func NewEmptyContext() *EmptyContext { e := &EmptyContext{ labels: map[string]string{ //"api": strconv.Itoa(rand.Intn(maxID)), - "api": strconv.Itoa(1), + "api": strconv.Itoa(maxID), }, } return e @@ -151,11 +152,15 @@ func BenchmarkLimiting(b *testing.B) { handlers := make([]*LimitingHandler, 0, maxID) for i := 0; i < maxID; i++ { name := strconv.Itoa(i + 1) + apis := make([]string, 0, maxID) + for j := 0; j < 1000; j++ { + apis = append(apis, fmt.Sprintf("%d", j+1)) + } handler, _ := NewLimitingHandler(name, &Config{ Stop: false, - Priority: 0, + Priority: i, Filters: strategy.FilterConfig{ - "api": []string{name}, + "api": apis, }, }) handlers = append(handlers, handler) @@ -168,7 +173,7 @@ func BenchmarkLimiting(b *testing.B) { for _, h := range handlers { if h.Filter().Check(ctx) { //fmt.Printf("match %s\n", h.name) - break + continue } } //fmt.Println("spend time:", time.Now().Sub(begin)) diff --git a/drivers/strategy/visit-strategy/actuator.go b/drivers/strategy/visit-strategy/actuator.go index 02350ce9..d0167614 100644 --- a/drivers/strategy/visit-strategy/actuator.go +++ b/drivers/strategy/visit-strategy/actuator.go @@ -82,29 +82,33 @@ func (a *tActuator) Strategy(ctx eocontext.EoContext, next eocontext.IChain) err a.lock.RLock() handlers := a.handlers a.lock.RUnlock() - + pass := true for _, handler := range handlers { - //check筛选条件 + // 匹配Filter if !handler.filter.Check(httpCtx) { + // 未命中,下一条规则 continue } - - //第一个判断条件为访问规则必须是允许,并且生效范围检测出是黑名单 第二个判断条件为访问规则必须是拒绝,并且生效返回检测出是黑名单 - if (handler.rule.visit && !handler.rule.effectFilter.Check(ctx)) || (!handler.rule.visit && handler.rule.effectFilter.Check(ctx)) { - ctx.SetLabel("handler", "visit") - httpCtx.Response().SetStatus(403, "") - errInfo := "not allowed" - httpCtx.Response().SetBody([]byte(errInfo)) - return errors.New(errInfo) + // 匹配资源 + match := handler.rule.effectFilter.Check(ctx) + if match { + // 匹配成功 + pass = handler.rule.visit + break } - + pass = !handler.rule.visit if handler.rule.isContinue { continue } break - } - + if !pass { + ctx.SetLabel("handler", "visit") + httpCtx.Response().SetStatus(403, "") + errInfo := "not allowed" + httpCtx.Response().SetBody([]byte(errInfo)) + return errors.New(errInfo) + } if next != nil { return next.DoChain(ctx) }