本文次要钻研一下dubbo-go-proxy的authorityFilter

authorityFilter

dubbo-go-proxy/pkg/filter/authority/authority.go

func Init() {    extension.SetFilterFunc(constant.HTTPAuthorityFilter, authorityFilterFunc())}func authorityFilterFunc() context.FilterFunc {    return New().Do()}// authorityFilter is a filter for blacklist/whitelist.type authorityFilter struct {}// New create blacklist/whitelist filter.func New() filter.Filter {    return &authorityFilter{}}
authorityFilter往extension设置了名为dgp.filters.http.authority_filter的authorityFilterFunc;该func执行的是authorityFilter.Do办法

Do

dubbo-go-proxy/pkg/filter/authority/authority.go

// Do execute blacklist/whitelist filter logic.func (f authorityFilter) Do() context.FilterFunc {    return func(c context.Context) {        f.doAuthorityFilter(c.(*http.HttpContext))    }}
Do办法执行的是doAuthorityFilter办法

doAuthorityFilter

dubbo-go-proxy/pkg/filter/authority/authority.go

func (f authorityFilter) doAuthorityFilter(c *http.HttpContext) {    for _, r := range c.HttpConnectionManager.AuthorityConfig.Rules {        item := c.GetClientIP()        if r.Limit == model.App {            item = c.GetApplicationName()        }        result := passCheck(item, r)        if !result {            c.WriteWithStatus(nh.StatusForbidden, constant.Default403Body)            c.Abort()            return        }    }    c.Next()}
doAuthorityFilter办法遍历AuthorityConfig的Rules,挨个执行passCheck判断

passCheck

dubbo-go-proxy/pkg/filter/authority/authority.go

func passCheck(item string, rule model.AuthorityRule) bool {    result := false    for _, it := range rule.Items {        if it == item {            result = true            break        }    }    if (rule.Strategy == model.Blacklist && result == true) || (rule.Strategy == model.Whitelist && result == false) {        return false    }    return true}
passCheck办法遍历rule.Items,挨个依据Blacklist或者Whitelist判断clientIP是否命中

小结

dubbo-go-proxy的authorityFilter遍历AuthorityConfig的Rules,挨个依据Blacklist或者Whitelist判断clientIP是否命中,命中则无奈通过,返回StatusForbidden。

doc

  • dubbo-go-proxy