feat(*): 开启 ip 白名单限制

c5fd8152 · 李文彬 · 3e95d329 · c5fd8152 · c5fd8152 · c5fd8152
Commit c5fd8152 authored Dec 17, 2024 by 李文彬
3 changed files
--- a/src/main/java/cn/quantgroup/xyqb/constant/IpLimiterProperties.java
+++ b/src/main/java/cn/quantgroup/xyqb/constant/IpLimiterProperties.java
+package cn.quantgroup.xyqb.constant;
+import lombok.Getter;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.cloud.context.config.annotation.RefreshScope;
+import org.springframework.stereotype.Component;
+/**
+ * @author hyuk
+ */
+@Getter
+@RefreshScope
+@Component
+public class IpLimiterProperties {
+    @Value("${extranet.known.ips:123.56.31.54}")
+    private String[] extranetIps;
+}
--- a/src/main/java/cn/quantgroup/xyqb/controller/api/v2/IpLimitController.java
+++ b/src/main/java/cn/quantgroup/xyqb/controller/api/v2/IpLimitController.java
 package cn.quantgroup.xyqb.controller.api.v2;
+import cn.quantgroup.xyqb.constant.IpLimiterProperties;
 import cn.quantgroup.xyqb.model.JsonResult;
+import com.alibaba.fastjson.JSON;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang3.StringUtils;
@@ -34,7 +36,7 @@ public class IpLimitController {
        }
        String status = stringRedisTemplate.opsForValue().get(IP_LIMIT_STATUS_KEY);
        if (StringUtils.isEmpty(status)) {
-            status = "1";
+            status = "0";
        }
        return JsonResult.buildSuccessResult("success", status);
    }
@@ -50,4 +52,12 @@ public class IpLimitController {
        stringRedisTemplate.opsForValue().set(IP_LIMIT_STATUS_KEY, status);
        return JsonResult.buildSuccessResult("success", status);
    }
+    private final IpLimiterProperties ipLimiterProperties;
+    @GetMapping("/properties")
+    public JsonResult<String> getProperties() {
+        return JsonResult.buildSuccessResult("success", JSON.toJSONString(ipLimiterProperties.getExtranetIps()));
+    }
 }
--- a/src/main/java/cn/quantgroup/xyqb/filter/IpLimitFilter.java
+++ b/src/main/java/cn/quantgroup/xyqb/filter/IpLimitFilter.java
@@ -2,7 +2,9 @@ package cn.quantgroup.xyqb.filter;
 import cn.hutool.core.date.DateUtil;
 import cn.hutool.extra.servlet.ServletUtil;
+import cn.quantgroup.xyqb.constant.IpLimiterProperties;
 import cn.quantgroup.xyqb.util.IpUtil;
+import com.alibaba.fastjson.JSON;
 import lombok.Getter;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
@@ -20,6 +22,7 @@ import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
+import java.util.Map;
 import java.util.Objects;
 import java.util.concurrent.TimeUnit;
@@ -33,12 +36,10 @@ import static cn.quantgroup.xyqb.controller.api.v2.IpLimitController.IP_LIMIT_ST
 @Configuration
 public class IpLimitFilter implements Filter {
-    @Getter
-    @Value("${extranet.known.ips:123.56.31.54}")
-    private String[] extranetIps;
    private final StringRedisTemplate stringRedisTemplate;
+    private final IpLimiterProperties ipLimiterProperties;
    // 1. 日 IP 访问次数
    static final String DAY_IP_COUNT_KEY = "xyqb_user:01:ip_limit:day_count:00cs:%s";
@@ -75,16 +76,22 @@ public class IpLimitFilter implements Filter {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
-        log.info("[IpLimitFilter]外网调用, clientIp : {}, uri : {}", clientIp, request.getRequestURI());
-        String uri = request.getRequestURI();
+        if (request.getRequestURI().startsWith("/ip/limit")) {
-        if (Objects.equals(uri, "/api/captcha/new")) {
+            filterChain.doFilter(servletRequest, servletResponse);
-            response.setStatus(HttpServletResponse.SC_FORBIDDEN);
            return;
        }
-        filterChain.doFilter(servletRequest, servletResponse);
-        return;
+        Map<String, String[]> parameterMap = request.getParameterMap();
+        String status = stringRedisTemplate.opsForValue().get(IP_LIMIT_STATUS_KEY);
+        log.info("[IpLimitFilter]外网调用, clientIp : {}, uri : {}， params : {}, status : {}", clientIp, request.getRequestURI(),
+                JSON.toJSONString(parameterMap), status);
+        if (status == null || Objects.equals(status, "0")) {
+            filterChain.doFilter(servletRequest, servletResponse);
+        } else {
+            response.setStatus(HttpServletResponse.SC_FORBIDDEN);
+        }
+        return;
 //        String status = stringRedisTemplate.opsForValue().get(IP_LIMIT_STATUS_KEY);
 //        if (status == null || Objects.equals(status, "1")) {
 //            filterChain.doFilter(servletRequest, servletResponse);
@@ -117,7 +124,7 @@ public class IpLimitFilter implements Filter {
    }
    private boolean isInExtranet(String clientIp) {
-        for (String extranetIp : extranetIps) {
+        for (String extranetIp : ipLimiterProperties.getExtranetIps()) {
            if (clientIp.startsWith(extranetIp)) {
                return true;
            }
@@ -129,4 +136,4 @@ public class IpLimitFilter implements Filter {
    public void destroy() {
    }
 }
\ No newline at end of file