feat: 网关新增黑白名单支持

smart-cloud · Mar 27, 2024 · a62e54d · a62e54d
1 parent be78460
commit a62e54d
Show file tree

Hide file tree

Showing 10 changed files with 202 additions and 4 deletions.
diff --git a/...rg/smartframework/cloud/examples/support/gateway/configure/SmartGatewayConfiguration.java b/...rg/smartframework/cloud/examples/support/gateway/configure/SmartGatewayConfiguration.java
@@ -0,0 +1,17 @@
+package org.smartframework.cloud.examples.support.gateway.configure;
+
+import org.smartframework.cloud.examples.support.gateway.properties.BlackWhiteListProperties;
+import org.springframework.cloud.context.config.annotation.RefreshScope;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+@Configuration
+public class SmartGatewayConfiguration {
+
+    @Bean
+    @RefreshScope
+    public BlackWhiteListProperties blackWhiteListProperties() {
+        return new BlackWhiteListProperties();
+    }
+
+}
diff --git a/.../java/org/smartframework/cloud/examples/support/gateway/constants/GatewayReturnCodes.java b/.../java/org/smartframework/cloud/examples/support/gateway/constants/GatewayReturnCodes.java
@@ -73,5 +73,13 @@ public interface GatewayReturnCodes {
      * AES key获取失败
      */
     String AES_KEY_NOT_FOUND = "400014";
+    /**
+     * 命中黑名单列表，禁止访问
+     */
+    String BLACK_LIST_FORBIDDEN_ACCSS = "400015";
+    /**
+     * 不在白名单中，禁止访问
+     */
+    String NOT_IN_WHITE_LIST = "400016";
 
 }
diff --git a/...eway/src/main/java/org/smartframework/cloud/examples/support/gateway/constants/Order.java b/...eway/src/main/java/org/smartframework/cloud/examples/support/gateway/constants/Order.java
@@ -32,10 +32,15 @@ public interface Order {
      */
     int REQUEST_LOG = REWRITE_HTTP + 1;
 
+    /**
+     * 黑白名单
+     */
+    int BLACK_WHITE_LIST = REQUEST_LOG + 1;
+
     /**
      * api access注解全局过滤器order
      */
-    int API_ACCESS = REQUEST_LOG + 1;
+    int API_ACCESS = BLACK_WHITE_LIST + 1;
 
     /**
      * api access注解全局过滤器order

diff --git a/.../java/org/smartframework/cloud/examples/support/gateway/exception/BlackListException.java b/.../java/org/smartframework/cloud/examples/support/gateway/exception/BlackListException.java
@@ -0,0 +1,18 @@
+package org.smartframework.cloud.examples.support.gateway.exception;
+
+import io.github.smart.cloud.exception.BaseException;
+import org.smartframework.cloud.examples.support.gateway.constants.GatewayReturnCodes;
+
+/**
+ * 黑名单异常
+ *
+ * @author collin
+ * @date 2024-03-26
+ */
+public class BlackListException extends BaseException {
+
+    public BlackListException() {
+        super(GatewayReturnCodes.BLACK_LIST_FORBIDDEN_ACCSS);
+    }
+
+}
diff --git a/.../java/org/smartframework/cloud/examples/support/gateway/exception/WhiteListException.java b/.../java/org/smartframework/cloud/examples/support/gateway/exception/WhiteListException.java
@@ -0,0 +1,18 @@
+package org.smartframework.cloud.examples.support.gateway.exception;
+
+import io.github.smart.cloud.exception.BaseException;
+import org.smartframework.cloud.examples.support.gateway.constants.GatewayReturnCodes;
+
+/**
+ * 白名单异常
+ *
+ * @author collin
+ * @date 2024-03-26
+ */
+public class WhiteListException extends BaseException {
+
+    public WhiteListException() {
+        super(GatewayReturnCodes.NOT_IN_WHITE_LIST);
+    }
+
+}
diff --git a/...org/smartframework/cloud/examples/support/gateway/filter/access/BlackWhiteListFilter.java b/...org/smartframework/cloud/examples/support/gateway/filter/access/BlackWhiteListFilter.java
@@ -0,0 +1,95 @@
+package org.smartframework.cloud.examples.support.gateway.filter.access;
+
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.collections4.CollectionUtils;
+import org.smartframework.cloud.examples.support.gateway.constants.Order;
+import org.smartframework.cloud.examples.support.gateway.exception.BlackListException;
+import org.smartframework.cloud.examples.support.gateway.exception.WhiteListException;
+import org.smartframework.cloud.examples.support.gateway.properties.BlackWhiteListProperties;
+import org.springframework.core.Ordered;
+import org.springframework.stereotype.Component;
+import org.springframework.web.server.ServerWebExchange;
+import org.springframework.web.server.WebFilter;
+import org.springframework.web.server.WebFilterChain;
+import reactor.core.publisher.Mono;
+
+import java.util.Map;
+import java.util.Set;
+
+/**
+ * 黑、白名单校验
+ *
+ * @author collin
+ * @date 2024-03-26
+ */
+@Slf4j
+@Component
+@RequiredArgsConstructor
+public class BlackWhiteListFilter implements WebFilter, Ordered {
+
+    private final BlackWhiteListProperties blackWhiteListProperties;
+
+    @Override
+    public int getOrder() {
+        return Order.BLACK_WHITE_LIST;
+    }
+
+    @Override
+    public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
+        String url = exchange.getRequest().getURI().getPath();
+        String ipAddress = exchange.getRequest().getRemoteAddress().getAddress().getHostAddress();
+
+        checkBlackList(url, ipAddress, blackWhiteListProperties.getBlackList());
+        checkWhiteList(url, ipAddress, blackWhiteListProperties.getWhiteList());
+
+        return chain.filter(exchange);
+    }
+
+    /**
+     * 检查黑名单
+     *
+     * @param url
+     * @param ipAddress
+     * @param blackList
+     */
+    private void checkBlackList(String url, String ipAddress, Map<String, Set<String>> blackList) {
+        Set<String> blackIps = blackList.get(url);
+        if (CollectionUtils.isEmpty(blackIps)) {
+            return;
+        }
+
+        for (String blackIp : blackIps) {
+            if (ipAddress.startsWith(blackIp)) {
+                throw new BlackListException();
+            }
+        }
+    }
+
+    /**
+     * 检查白名单
+     *
+     * @param url
+     * @param ipAddress
+     * @param whiteList
+     */
+    private void checkWhiteList(String url, String ipAddress, Map<String, Set<String>> whiteList) {
+        Set<String> whiteIps = whiteList.get(url);
+        if (CollectionUtils.isEmpty(whiteIps)) {
+            return;
+        }
+
+        boolean meetWhiteList = false;
+        for (String whiteIp : whiteIps) {
+            if (ipAddress.startsWith(whiteIp)) {
+                meetWhiteList = true;
+                break;
+            }
+        }
+
+        if (!meetWhiteList) {
+            throw new WhiteListException();
+        }
+    }
+
+}
diff --git a/...rg/smartframework/cloud/examples/support/gateway/properties/BlackWhiteListProperties.java b/...rg/smartframework/cloud/examples/support/gateway/properties/BlackWhiteListProperties.java
@@ -0,0 +1,31 @@
+package org.smartframework.cloud.examples.support.gateway.properties;
+
+import lombok.Getter;
+import lombok.Setter;
+import lombok.ToString;
+
+import java.util.LinkedHashMap;
+import java.util.Map;
+import java.util.Set;
+
+/**
+ * 黑白名单配置
+ *
+ * @author collin
+ * @date 2024-03-27
+ */
+@Getter
+@Setter
+@ToString
+public class BlackWhiteListProperties {
+
+    /**
+     * 黑名单<url, 黑名单集合>
+     */
+    private Map<String, Set<String>> blackList = new LinkedHashMap<>();
+    /**
+     * 白名单<url, 白名单集合>
+     */
+    private Map<String, Set<String>> whiteList = new LinkedHashMap<>();
+
+}
diff --git a/...upport-module/support-service-gateway/src/main/resources/i18n/gateway_messages.properties b/...upport-module/support-service-gateway/src/main/resources/i18n/gateway_messages.properties
@@ -11,4 +11,6 @@
 400011=\u8BF7\u6C42\u65F6\u95F4\u6233\u683C\u5F0F\u9519\u8BEF\uFF01
 400012=\u8BF7\u6C42\u65F6\u95F4\u6233\u975E\u6CD5\uFF01
 400013=security key\u8FC7\u671F\uFF01
-400014=AES key\u83B7\u53D6\u5931\u8D25\uFF01
+400014=AES key\u83B7\u53D6\u5931\u8D25\uFF01
+400015=\u547D\u4E2D\u9ED1\u540D\u5355\u5217\u8868\uFF0C\u7981\u6B62\u8BBF\u95EE
+400016=\u4E0D\u5728\u767D\u540D\u5355\u4E2D\uFF0C\u7981\u6B62\u8BBF\u95EE
diff --git a/...-module/support-service-gateway/src/main/resources/i18n/gateway_messages_en_US.properties b/...-module/support-service-gateway/src/main/resources/i18n/gateway_messages_en_US.properties
@@ -11,4 +11,6 @@
 400011=Request timestamp format error!
 400012=Illegal request timestamp!
 400013=Security key expired!
-400014=AES key is not found!
+400014=AES key is not found!
+400015=Matches the blacklist list, and the access is prohibited
+400016=The access is not in the whitelist
diff --git a/...-module/support-service-gateway/src/main/resources/i18n/gateway_messages_zh_CN.properties b/...-module/support-service-gateway/src/main/resources/i18n/gateway_messages_zh_CN.properties
@@ -11,4 +11,6 @@
 400011=\u8BF7\u6C42\u65F6\u95F4\u6233\u683C\u5F0F\u9519\u8BEF\uFF01
 400012=\u8BF7\u6C42\u65F6\u95F4\u6233\u975E\u6CD5\uFF01
 400013=security key\u8FC7\u671F\uFF01
-400014=AES key\u83B7\u53D6\u5931\u8D25\uFF01
+400014=AES key\u83B7\u53D6\u5931\u8D25\uFF01
+400015=\u547D\u4E2D\u9ED1\u540D\u5355\u5217\u8868\uFF0C\u7981\u6B62\u8BBF\u95EE
+400016=\u4E0D\u5728\u767D\u540D\u5355\u4E2D\uFF0C\u7981\u6B62\u8BBF\u95EE