limit

yyq
Commit 003896f0ac4e05e61359f2bb63cd9b08eb8bde2a 1 parent b7a2829f
Showing 3 changed files with 89 additions and 32 deletions
doraemon/middleware/limiter/index.js
doraemon/middleware/limiter/rules/ip-white-list.js
doraemon/middleware/limiter/rules/useragent.js
--- a/doraemon/middleware/limiter/index.js
View file @003896f
+++ b/doraemon/middleware/limiter/index.js
View file @003896f
@@ -4,7 +4,9 @@ const _ = require('lodash');
 const logger = global.yoho.logger;
 const ip = require('./rules/ip-list');
 const userAgent = require('./rules/useragent');
+const ipWhiteList = require('./rules/ip-white-list');
 const qpsLimiter = require('./rules/qps-limit');
+const co = Promise.coroutine;
 // const asynchronous = require('./rules/asynchronous');
 // const fakerLimiter = require('./rules/faker-limit');
@@ -13,12 +15,23 @@ const captchaPolicy = require('./policies/captcha');
 // const reporterPolicy = require('./policies/reporter');
 const IP_WHITE_LIST = [
-    '106.38.38.146',
-    '106.38.38.147',
-    '106.39.86.227',
-    '218.94.75.58',
-    '218.94.75.50',
-    '218.94.77.166'
+    '106.38.38.146', // 北京办公区域
+    '106.38.38.147', // 北京办公区域
+    '106.39.86.227', // 北京办公区域
+    '218.94.75.58', // 南京办公区域
+    '218.94.75.50', // 南京办公区域
+    '218.94.77.166', // 南京办公区域
+
+    // '222.73.196.18', // B站合作方单击次数快加白名单
+    '123.206.73.107', // 腾讯云出口IP
+    '139.199.35.21', // 腾讯云出口IP
+    '139.199.29.44', // 腾讯云出口IP
+    '123.206.21.19' // 腾讯云出口IP
+];
+
+const IP_WHITE_SEGMENT = [
+    '10.66.', // 内网IP段
+    '192.168.' // 内网IP段
 ];
 const PATH_WHITE_LIST = [
@@ -36,30 +49,45 @@ const limiter = (rule, policy, context) => {
     return rule(context, policy);
 };
-module.exports = (req, res, next) => {
-    let remoteIp = req.get('X-Yoho-Real-IP') || req.get('X-Forwarded-For') || req.get('X-Real-IP') || '';
-
-    if (remoteIp.indexOf(',') > 0) {
-        let arr = remoteIp.split(',');
-
-        remoteIp = arr[arr.length - 1];
-    }
+// 排除条件：ip白名单/路径白名单/异步请求/登录用户
+const _excluded = (req) => {
+    let remoteIp = req.yoho.clientIp || '';
+    let remoteIpSegment = `${remoteIp.split('.').slice(0, 2).join('.')}.`;
+
+    return co(function* () {
+        let atWhiteList = yield ipWhiteList(remoteIp);
+
+        return Boolean(
+            atWhiteList ||
+            _.includes(IP_WHITE_LIST, remoteIp) ||
+            _.includes(IP_WHITE_SEGMENT, remoteIpSegment) ||
+            _.includes(PATH_WHITE_LIST, req.path) ||
+            req.xhr ||
+            !_.isEmpty(_.get(req, 'user.uid'))
+        );
+    })();
+};
-    remoteIp = _.trim(remoteIp);
+module.exports = (req, res, next) => {
+    const remoteIp = req.yoho.clientIp || '';
+    const enabled = !_.get(req.app.locals, 'pc.sys.noLimiter');
-    if (_.startsWith(remoteIp, '10.66.')) {
-        remoteIp = req.get('X-Real-IP');
+    // 开关为关或者未获取到remoteIp，放行
+    if (!enabled || !remoteIp) {
+        logger.debug(`request remote ip: ${remoteIp}; enabled: ${enabled}`);
+        return next();
     }
-    // 排除条件：ip白名单/路径白名单/异步请求/登录用户
-    const excluded = _.includes(IP_WHITE_LIST, remoteIp) ||
-        _.includes(PATH_WHITE_LIST, req.path) || req.xhr || !_.isEmpty(_.get(req, 'user.uid'));
-    const enabled = !_.get(req.app.locals, 'pc.sys.noLimiter');
+    return co(function* () {
+        let excluded = yield _excluded(req);
         logger.debug(`request remote ip: ${remoteIp}; excluded: ${excluded}; enabled: ${enabled}`);
-    // 判断获取remoteIp成功，并且开关未关闭
-    if (enabled && remoteIp && !excluded) {
+        // 白名单，放行
+        if (excluded) {
+            return next();
+        }
+
         const context = {
             req: req,
             res: res,
@@ -67,14 +95,16 @@ module.exports = (req, res, next) => {
             remoteIp: remoteIp
         };
-        Promise.all([
+
+        let results = yield Promise.all([
             limiter(userAgent, captchaPolicy, context),
             limiter(ip, captchaPolicy, context),
             limiter(qpsLimiter, captchaPolicy, context)
             // limiter(asynchronous, captchaPolicy, context)
             // limiter(fakerLimiter, reporterPolicy, context)
-        ]).then((results) => {
+        ]);
+
         let allPass = true, exclusion = false, policy = null;
         logger.debug('limiter result: ' + JSON.stringify(results));
@@ -97,12 +127,8 @@ module.exports = (req, res, next) => {
         } else {
             return next();
         }
-
-        }).catch((err) => {
+    })().catch((err) => {
         logger.error(err);
         return next();
     });
-    } else {
-        return next();
-    }
 };
--- a/doraemon/middleware/limiter/rules/ip-white-list.js 0 → 100644
View file @003896f
+++ b/doraemon/middleware/limiter/rules/ip-white-list.js 0 → 100644
View file @003896f
+const co = Promise.coroutine;
+const logger = global.yoho.logger;
+const cache = global.yoho.cache.master;
+const WHITE_LIST_KEY = 'whitelist:ip:';
+
+module.exports = (remoteIp) => {
+    let key = `${WHITE_LIST_KEY}${remoteIp}`;
+
+    return co(function* () {
+        let result = Boolean(yield cache.getAsync(key));
+
+        logger.debug(key, result);
+
+        return result;
+    })();
+};
--- a/doraemon/middleware/limiter/rules/useragent.js
View file @003896f
+++ b/doraemon/middleware/limiter/rules/useragent.js
View file @003896f
@@ -15,8 +15,23 @@ module.exports = (limiter, policy) => {
         cache.getAsync(blackKey),
         cache.getAsync(whiteKey)
     ]).then((args) => {
-        const blacklist = args[0] || [],
-            whitelist = args[1] || [];
+        let blacklist = [];
+        let whitelist = [];
+
+        try {
+            blacklist = JSON.parse(args[0]);
+        } catch (error) {
+            logger.error(error);
+        }
+
+        try {
+            whitelist = JSON.parse(args[1]);
+        } catch (error) {
+            logger.error(error);
+        }
+
+        blacklist = blacklist || [];
+        whitelist = whitelist || [];
         if (blacklist.length === 0 && whitelist.length === 0) {
             return Promise.resolve(true);