Authored by yyq

Merge branch 'feature/whiteIp' into release/0627

@@ -7,7 +7,7 @@ const sm = require('sitemap'); @@ -7,7 +7,7 @@ const sm = require('sitemap');
7 const staticUrls = require('../../../config/staticUrls'); 7 const staticUrls = require('../../../config/staticUrls');
8 const headerModel = require('../../../doraemon/models/header'); 8 const headerModel = require('../../../doraemon/models/header');
9 const siteMapService = require('../models/site-map-service'); 9 const siteMapService = require('../models/site-map-service');
10 -const cache = global.yoho.cache; 10 +const cache = global.yoho.cache.master;
11 11
12 const getStaticUrls = (currentStatics) => { 12 const getStaticUrls = (currentStatics) => {
13 let urls = []; 13 let urls = [];
@@ -11,6 +11,7 @@ const config = global.yoho.config; @@ -11,6 +11,7 @@ const config = global.yoho.config;
11 const hostname = require('os').hostname(); 11 const hostname = require('os').hostname();
12 const routeEncode = require('./route-encode'); 12 const routeEncode = require('./route-encode');
13 const pathWhiteList = require('./limiter/rules/path-white-list'); 13 const pathWhiteList = require('./limiter/rules/path-white-list');
  14 +const ipWhiteList = require('./limiter/rules/ip-white-list');
14 const _ = require('lodash'); 15 const _ = require('lodash');
15 const limiterIpTime = 3600; 16 const limiterIpTime = 3600;
16 17
@@ -104,7 +105,7 @@ exports.serverError = () => { @@ -104,7 +105,7 @@ exports.serverError = () => {
104 if (err.code === 9999991 || err.code === 9999992) { 105 if (err.code === 9999991 || err.code === 9999992) {
105 let remoteIp = req.yoho.clientIp; 106 let remoteIp = req.yoho.clientIp;
106 107
107 - if (!_.includes(pathWhiteList(), req.path)) { 108 + if (!_.includes(pathWhiteList(), req.path) && !(await ipWhiteList(remoteIp))) {
108 const isHuman = await cache.getAsync(`${config.app}:limiter:api:ishuman:${remoteIp}`); 109 const isHuman = await cache.getAsync(`${config.app}:limiter:api:ishuman:${remoteIp}`);
109 110
110 if (!isHuman) { 111 if (!isHuman) {
@@ -15,25 +15,6 @@ const captchaPolicy = require('./policies/captcha'); @@ -15,25 +15,6 @@ const captchaPolicy = require('./policies/captcha');
15 15
16 // const reporterPolicy = require('./policies/reporter'); 16 // const reporterPolicy = require('./policies/reporter');
17 17
18 -const IP_WHITE_LIST = [  
19 - '106.38.38.146', // 北京办公区域  
20 - '106.38.38.147', // 北京办公区域  
21 - '106.39.86.227', // 北京办公区域  
22 - '218.94.75.58', // 南京办公区域  
23 - '218.94.75.50', // 南京办公区域  
24 - '218.94.77.166', // 南京办公区域  
25 -  
26 - // '222.73.196.18', // B站合作方单击次数快加白名单  
27 - '123.206.73.107', // 腾讯云出口IP  
28 - '139.199.35.21', // 腾讯云出口IP  
29 - '139.199.29.44', // 腾讯云出口IP  
30 - '123.206.21.19' // 腾讯云出口IP  
31 -];  
32 -  
33 -const IP_WHITE_SEGMENT = [  
34 - '10.66.', // 内网IP段  
35 - '192.168.' // 内网IP段  
36 -];  
37 18
38 const limiter = (rule, policy, context) => { 19 const limiter = (rule, policy, context) => {
39 return rule(context, policy); 20 return rule(context, policy);
@@ -42,15 +23,12 @@ const limiter = (rule, policy, context) => { @@ -42,15 +23,12 @@ const limiter = (rule, policy, context) => {
42 // 排除条件:ip白名单/路径白名单/异步请求/登录用户 23 // 排除条件:ip白名单/路径白名单/异步请求/登录用户
43 const _excluded = (req) => { 24 const _excluded = (req) => {
44 let remoteIp = req.yoho.clientIp || ''; 25 let remoteIp = req.yoho.clientIp || '';
45 - let remoteIpSegment = `${remoteIp.split('.').slice(0, 2).join('.')}.`;  
46 26
47 return co(function* () { 27 return co(function* () {
48 - let atWhiteList = yield ipWhiteList(remoteIp); 28 + let atIPWhiteList = yield ipWhiteList(remoteIp);
49 29
50 return Boolean( 30 return Boolean(
51 - atWhiteList ||  
52 - _.includes(IP_WHITE_LIST, remoteIp) ||  
53 - _.includes(IP_WHITE_SEGMENT, remoteIpSegment) || 31 + atIPWhiteList ||
54 _.includes(pathWhiteList(), req.path) || 32 _.includes(pathWhiteList(), req.path) ||
55 req.xhr || 33 req.xhr ||
56 !_.isEmpty(_.get(req, 'user.uid')) 34 !_.isEmpty(_.get(req, 'user.uid'))
  1 +const _ = require('lodash');
1 const co = Promise.coroutine; 2 const co = Promise.coroutine;
2 const logger = global.yoho.logger; 3 const logger = global.yoho.logger;
3 const cache = global.yoho.cache.master; 4 const cache = global.yoho.cache.master;
4 const WHITE_LIST_KEY = 'whitelist:ip:'; 5 const WHITE_LIST_KEY = 'whitelist:ip:';
5 6
  7 +const IP_WHITE_LIST = [
  8 + '106.38.38.146', // 北京办公区域
  9 + '106.38.38.147', // 北京办公区域
  10 + '106.39.86.227', // 北京办公区域
  11 + '218.94.75.58', // 南京办公区域
  12 + '218.94.75.50', // 南京办公区域
  13 + '218.94.77.166', // 南京办公区域
  14 +
  15 + // '222.73.196.18', // B站合作方单击次数快加白名单
  16 + '123.206.73.107', // 腾讯云出口IP
  17 + '139.199.35.21', // 腾讯云出口IP
  18 + '139.199.29.44', // 腾讯云出口IP
  19 + '123.206.21.19' // 腾讯云出口IP
  20 +];
  21 +
  22 +const IP_WHITE_SEGMENT = [
  23 + '10.66.', // 内网IP段
  24 + '192.168.' // 内网IP段
  25 +];
  26 +
6 module.exports = (remoteIp) => { 27 module.exports = (remoteIp) => {
7 let key = `${WHITE_LIST_KEY}${remoteIp}`; 28 let key = `${WHITE_LIST_KEY}${remoteIp}`;
  29 + let remoteIpSegment = `${remoteIp.split('.').slice(0, 2).join('.')}.`;
8 30
9 return co(function* () { 31 return co(function* () {
  32 + if (_.includes(IP_WHITE_LIST, remoteIp) || _.includes(IP_WHITE_SEGMENT, remoteIpSegment)) {
  33 + return true;
  34 + }
  35 +
10 let result = Boolean(yield cache.getAsync(key)); 36 let result = Boolean(yield cache.getAsync(key));
11 37
12 logger.debug(key, result); 38 logger.debug(key, result);
13 39
14 return result; 40 return result;
15 - })(); 41 + })().catch(e => {
  42 + console.error(e);
  43 + return false;
  44 + });
16 }; 45 };