序
本文次要钻研一下 dubbo-go-proxy 的 authorityFilter
authorityFilter
dubbo-go-proxy/pkg/filter/authority/authority.go
func Init() {extension.SetFilterFunc(constant.HTTPAuthorityFilter, authorityFilterFunc())
}
func authorityFilterFunc() context.FilterFunc {return New().Do()}
// authorityFilter is a filter for blacklist/whitelist.
type authorityFilter struct {
}
// New create blacklist/whitelist filter.
func New() filter.Filter {return &authorityFilter{}
}
authorityFilter 往 extension 设置了名为
dgp.filters.http.authority_filter
的 authorityFilterFunc;该 func 执行的是 authorityFilter.Do 办法
Do
dubbo-go-proxy/pkg/filter/authority/authority.go
// Do execute blacklist/whitelist filter logic.
func (f authorityFilter) Do() context.FilterFunc {return func(c context.Context) {f.doAuthorityFilter(c.(*http.HttpContext))
}
}
Do 办法执行的是 doAuthorityFilter 办法
doAuthorityFilter
dubbo-go-proxy/pkg/filter/authority/authority.go
func (f authorityFilter) doAuthorityFilter(c *http.HttpContext) {
for _, r := range c.HttpConnectionManager.AuthorityConfig.Rules {item := c.GetClientIP()
if r.Limit == model.App {item = c.GetApplicationName()
}
result := passCheck(item, r)
if !result {c.WriteWithStatus(nh.StatusForbidden, constant.Default403Body)
c.Abort()
return
}
}
c.Next()}
doAuthorityFilter 办法遍历 AuthorityConfig 的 Rules,挨个执行 passCheck 判断
passCheck
dubbo-go-proxy/pkg/filter/authority/authority.go
func passCheck(item string, rule model.AuthorityRule) bool {
result := false
for _, it := range rule.Items {
if it == item {
result = true
break
}
}
if (rule.Strategy == model.Blacklist && result == true) || (rule.Strategy == model.Whitelist && result == false) {return false}
return true
}
passCheck 办法遍历 rule.Items,挨个依据 Blacklist 或者 Whitelist 判断 clientIP 是否命中
小结
dubbo-go-proxy 的 authorityFilter 遍历 AuthorityConfig 的 Rules,挨个依据 Blacklist 或者 Whitelist 判断 clientIP 是否命中,命中则无奈通过,返回 StatusForbidden。
doc
- dubbo-go-proxy