Merge branch 'feature/whiteIp' into release/0627
Showing
4 changed files
with
35 additions
and
27 deletions
@@ -7,7 +7,7 @@ const sm = require('sitemap'); | @@ -7,7 +7,7 @@ const sm = require('sitemap'); | ||
7 | const staticUrls = require('../../../config/staticUrls'); | 7 | const staticUrls = require('../../../config/staticUrls'); |
8 | const headerModel = require('../../../doraemon/models/header'); | 8 | const headerModel = require('../../../doraemon/models/header'); |
9 | const siteMapService = require('../models/site-map-service'); | 9 | const siteMapService = require('../models/site-map-service'); |
10 | -const cache = global.yoho.cache; | 10 | +const cache = global.yoho.cache.master; |
11 | 11 | ||
12 | const getStaticUrls = (currentStatics) => { | 12 | const getStaticUrls = (currentStatics) => { |
13 | let urls = []; | 13 | let urls = []; |
@@ -11,6 +11,7 @@ const config = global.yoho.config; | @@ -11,6 +11,7 @@ const config = global.yoho.config; | ||
11 | const hostname = require('os').hostname(); | 11 | const hostname = require('os').hostname(); |
12 | const routeEncode = require('./route-encode'); | 12 | const routeEncode = require('./route-encode'); |
13 | const pathWhiteList = require('./limiter/rules/path-white-list'); | 13 | const pathWhiteList = require('./limiter/rules/path-white-list'); |
14 | +const ipWhiteList = require('./limiter/rules/ip-white-list'); | ||
14 | const _ = require('lodash'); | 15 | const _ = require('lodash'); |
15 | const limiterIpTime = 3600; | 16 | const limiterIpTime = 3600; |
16 | 17 | ||
@@ -104,7 +105,7 @@ exports.serverError = () => { | @@ -104,7 +105,7 @@ exports.serverError = () => { | ||
104 | if (err.code === 9999991 || err.code === 9999992) { | 105 | if (err.code === 9999991 || err.code === 9999992) { |
105 | let remoteIp = req.yoho.clientIp; | 106 | let remoteIp = req.yoho.clientIp; |
106 | 107 | ||
107 | - if (!_.includes(pathWhiteList(), req.path)) { | 108 | + if (!_.includes(pathWhiteList(), req.path) && !(await ipWhiteList(remoteIp))) { |
108 | const isHuman = await cache.getAsync(`${config.app}:limiter:api:ishuman:${remoteIp}`); | 109 | const isHuman = await cache.getAsync(`${config.app}:limiter:api:ishuman:${remoteIp}`); |
109 | 110 | ||
110 | if (!isHuman) { | 111 | if (!isHuman) { |
@@ -15,25 +15,6 @@ const captchaPolicy = require('./policies/captcha'); | @@ -15,25 +15,6 @@ const captchaPolicy = require('./policies/captcha'); | ||
15 | 15 | ||
16 | // const reporterPolicy = require('./policies/reporter'); | 16 | // const reporterPolicy = require('./policies/reporter'); |
17 | 17 | ||
18 | -const IP_WHITE_LIST = [ | ||
19 | - '106.38.38.146', // 北京办公区域 | ||
20 | - '106.38.38.147', // 北京办公区域 | ||
21 | - '106.39.86.227', // 北京办公区域 | ||
22 | - '218.94.75.58', // 南京办公区域 | ||
23 | - '218.94.75.50', // 南京办公区域 | ||
24 | - '218.94.77.166', // 南京办公区域 | ||
25 | - | ||
26 | - // '222.73.196.18', // B站合作方单击次数快加白名单 | ||
27 | - '123.206.73.107', // 腾讯云出口IP | ||
28 | - '139.199.35.21', // 腾讯云出口IP | ||
29 | - '139.199.29.44', // 腾讯云出口IP | ||
30 | - '123.206.21.19' // 腾讯云出口IP | ||
31 | -]; | ||
32 | - | ||
33 | -const IP_WHITE_SEGMENT = [ | ||
34 | - '10.66.', // 内网IP段 | ||
35 | - '192.168.' // 内网IP段 | ||
36 | -]; | ||
37 | 18 | ||
38 | const limiter = (rule, policy, context) => { | 19 | const limiter = (rule, policy, context) => { |
39 | return rule(context, policy); | 20 | return rule(context, policy); |
@@ -42,15 +23,12 @@ const limiter = (rule, policy, context) => { | @@ -42,15 +23,12 @@ const limiter = (rule, policy, context) => { | ||
42 | // 排除条件:ip白名单/路径白名单/异步请求/登录用户 | 23 | // 排除条件:ip白名单/路径白名单/异步请求/登录用户 |
43 | const _excluded = (req) => { | 24 | const _excluded = (req) => { |
44 | let remoteIp = req.yoho.clientIp || ''; | 25 | let remoteIp = req.yoho.clientIp || ''; |
45 | - let remoteIpSegment = `${remoteIp.split('.').slice(0, 2).join('.')}.`; | ||
46 | 26 | ||
47 | return co(function* () { | 27 | return co(function* () { |
48 | - let atWhiteList = yield ipWhiteList(remoteIp); | 28 | + let atIPWhiteList = yield ipWhiteList(remoteIp); |
49 | 29 | ||
50 | return Boolean( | 30 | return Boolean( |
51 | - atWhiteList || | ||
52 | - _.includes(IP_WHITE_LIST, remoteIp) || | ||
53 | - _.includes(IP_WHITE_SEGMENT, remoteIpSegment) || | 31 | + atIPWhiteList || |
54 | _.includes(pathWhiteList(), req.path) || | 32 | _.includes(pathWhiteList(), req.path) || |
55 | req.xhr || | 33 | req.xhr || |
56 | !_.isEmpty(_.get(req, 'user.uid')) | 34 | !_.isEmpty(_.get(req, 'user.uid')) |
1 | +const _ = require('lodash'); | ||
1 | const co = Promise.coroutine; | 2 | const co = Promise.coroutine; |
2 | const logger = global.yoho.logger; | 3 | const logger = global.yoho.logger; |
3 | const cache = global.yoho.cache.master; | 4 | const cache = global.yoho.cache.master; |
4 | const WHITE_LIST_KEY = 'whitelist:ip:'; | 5 | const WHITE_LIST_KEY = 'whitelist:ip:'; |
5 | 6 | ||
7 | +const IP_WHITE_LIST = [ | ||
8 | + '106.38.38.146', // 北京办公区域 | ||
9 | + '106.38.38.147', // 北京办公区域 | ||
10 | + '106.39.86.227', // 北京办公区域 | ||
11 | + '218.94.75.58', // 南京办公区域 | ||
12 | + '218.94.75.50', // 南京办公区域 | ||
13 | + '218.94.77.166', // 南京办公区域 | ||
14 | + | ||
15 | + // '222.73.196.18', // B站合作方单击次数快加白名单 | ||
16 | + '123.206.73.107', // 腾讯云出口IP | ||
17 | + '139.199.35.21', // 腾讯云出口IP | ||
18 | + '139.199.29.44', // 腾讯云出口IP | ||
19 | + '123.206.21.19' // 腾讯云出口IP | ||
20 | +]; | ||
21 | + | ||
22 | +const IP_WHITE_SEGMENT = [ | ||
23 | + '10.66.', // 内网IP段 | ||
24 | + '192.168.' // 内网IP段 | ||
25 | +]; | ||
26 | + | ||
6 | module.exports = (remoteIp) => { | 27 | module.exports = (remoteIp) => { |
7 | let key = `${WHITE_LIST_KEY}${remoteIp}`; | 28 | let key = `${WHITE_LIST_KEY}${remoteIp}`; |
29 | + let remoteIpSegment = `${remoteIp.split('.').slice(0, 2).join('.')}.`; | ||
8 | 30 | ||
9 | return co(function* () { | 31 | return co(function* () { |
32 | + if (_.includes(IP_WHITE_LIST, remoteIp) || _.includes(IP_WHITE_SEGMENT, remoteIpSegment)) { | ||
33 | + return true; | ||
34 | + } | ||
35 | + | ||
10 | let result = Boolean(yield cache.getAsync(key)); | 36 | let result = Boolean(yield cache.getAsync(key)); |
11 | 37 | ||
12 | logger.debug(key, result); | 38 | logger.debug(key, result); |
13 | 39 | ||
14 | return result; | 40 | return result; |
15 | - })(); | 41 | + })().catch(e => { |
42 | + console.error(e); | ||
43 | + return false; | ||
44 | + }); | ||
16 | }; | 45 | }; |
-
Please register or login to post a comment