Skip to content

Commit

Permalink
fix:fix auth method match. (#568)
Browse files Browse the repository at this point in the history
  • Loading branch information
@SkyeBeFreeman
SkyeBeFreeman authored Nov 25, 2024
1 parent 0907ebc commit 5b79f39
Show file tree
Hide file tree
Showing 3 changed files with 46 additions and 12 deletions.
12 changes: 9 additions & 3 deletions polaris-common/polaris-model/src/main/java/com/tencent/polaris/api/utils/RuleUtils.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -169,7 +169,7 @@ public static boolean matchMetadata(Map<String, MatchString> ruleMeta, Map<Strin
// 匹配metadata
public static boolean matchMetadata(Map<String, MatchString> ruleMeta, Map<String, String> destMeta,
boolean isMatchSource, Map<String, String> multiEnvRouterParamMap, Map<String
, String> variables) {
, String> variables) {
return matchMetadata(ruleMeta, destMeta, null, isMatchSource, multiEnvRouterParamMap, variables, null);
}

Expand Down Expand Up @@ -346,13 +346,19 @@ public static boolean matchService(ServiceKey serviceKey, String namespace, Stri

public static boolean matchMethod(String path, String protocol, String method, ModelProto.API api,
Function<String, Pattern> regexToPattern, Function<String, TrieNode<String>> trieNodeFunction) {
MatchStringType methodMatchStringType = MatchStringType.EXACT;
String apiMethod = api.getMethod();
if (StringUtils.isNotBlank(apiMethod) && apiMethod.startsWith("!")) {
methodMatchStringType = MatchStringType.NOT_EQUALS;
apiMethod = apiMethod.substring(1);
}
if (trieNodeFunction != null) {
return RuleUtils.matchStringValue(MatchString.MatchStringType.EXACT, protocol, api.getProtocol())
&& RuleUtils.matchStringValue(MatchString.MatchStringType.EXACT, method, api.getMethod())
&& RuleUtils.matchStringValue(methodMatchStringType, method, apiMethod)
&& RuleUtils.matchStringValue(api.getPath().getType(), path, api.getPath().getValue().getValue(), regexToPattern, true, trieNodeFunction);
} else {
return RuleUtils.matchStringValue(MatchString.MatchStringType.EXACT, protocol, api.getProtocol())
&& RuleUtils.matchStringValue(MatchString.MatchStringType.EXACT, method, api.getMethod())
&& RuleUtils.matchStringValue(methodMatchStringType, method, apiMethod)
&& RuleUtils.matchStringValue(api.getPath(), path, regexToPattern);
}
}
Expand Down
26 changes: 21 additions & 5 deletions ...java/com/tencent/polaris/plugins/connector/consul/service/authority/AuthorityService.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -198,11 +198,23 @@ private List<BlockAllowListProto.BlockAllowListRule> parseResponse(String decode
} else if (StringUtils.equals(authTag.getTagField(), TagConstant.SYSTEM_FIELD.SOURCE_NAMESPACE_SERVICE_NAME)) {
matchArgumentBuilder.setType(BlockAllowListProto.BlockAllowConfig.MatchArgument.Type.CALLER_SERVICE);
matchArgumentBuilder.setKey("*");
String[] split = authTag.getTagValue().split("/");
if (split.length == 2) {
matchArgumentBuilder.setKey(split[0]);
authTag.setTagValue(split[1]);
String[] tagValues = authTag.getTagValue().split(",");
StringBuilder serviceNameStringBuilder = new StringBuilder();
for (String tagValue : tagValues) {
if (StringUtils.isNotEmpty(tagValue)) {
String[] split = tagValue.split("/");
if (split.length == 2) {
serviceNameStringBuilder.append(split[1]).append(",");
} else {
serviceNameStringBuilder.append(tagValue).append(",");
}
}
}
String serviceNameString = serviceNameStringBuilder.toString();
if (serviceNameString.endsWith(",")) {
serviceNameString = serviceNameString.substring(0, serviceNameString.length() - 1);
}
authTag.setTagValue(serviceNameString);
} else if (StringUtils.equals(authTag.getTagField(), TagConstant.SYSTEM_FIELD.SOURCE_APPLICATION_ID)) {
matchArgumentBuilder.setType(BlockAllowListProto.BlockAllowConfig.MatchArgument.Type.CALLER_METADATA);
matchArgumentBuilder.setKey(TsfMetadataConstants.TSF_APPLICATION_ID);
Expand Down Expand Up @@ -238,7 +250,11 @@ private List<BlockAllowListProto.BlockAllowListRule> parseResponse(String decode
ModelProto.API.Builder apiBuilder = ModelProto.API.newBuilder();
apiBuilder.setPath(matchStringBuilder);
apiBuilder.setProtocol("*");
apiBuilder.setMethod(authTag.getTagValue());
String method = authTag.getTagValue();
if (authTag.getTagOperator().equals(TagConstant.OPERATOR.NOT_EQUAL)) {
method = "!" + method;
}
apiBuilder.setMethod(method);
blockAllowConfigBuilder.setApi(apiBuilder.build());
continue;
} else {
Expand Down
20 changes: 16 additions & 4 deletions ...om/tencent/polaris/plugins/connector/consul/service/ratelimiting/RateLimitingService.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -255,11 +255,23 @@ private List<RateLimitProto.Rule> parseResponse(String decodedValue, String name
} else if (StringUtils.equals(cond.get("tagField"), TagConstant.SYSTEM_FIELD.SOURCE_NAMESPACE_SERVICE_NAME)) {
matchArgumentBuilder.setType(RateLimitProto.MatchArgument.Type.CALLER_SERVICE);
matchArgumentBuilder.setKey("*");
String[] split = cond.get("tagValue").split("/");
if (split.length == 2) {
matchArgumentBuilder.setKey(split[0]);
cond.put("tagValue", split[1]);
String[] tagValues = cond.get("tagValue").split(",");
StringBuilder serviceNameStringBuilder = new StringBuilder();
for (String tagValue : tagValues) {
if (StringUtils.isNotEmpty(tagValue)) {
String[] split = tagValue.split("/");
if (split.length == 2) {
serviceNameStringBuilder.append(split[1]).append(",");
} else {
serviceNameStringBuilder.append(tagValue).append(",");
}
}
}
String serviceNameString = serviceNameStringBuilder.toString();
if (serviceNameString.endsWith(",")) {
serviceNameString = serviceNameString.substring(0, serviceNameString.length() - 1);
}
cond.put("tagValue", serviceNameString);
} else if (StringUtils.equals(cond.get("tagField"), TagConstant.SYSTEM_FIELD.SOURCE_APPLICATION_ID)) {
matchArgumentBuilder.setType(RateLimitProto.MatchArgument.Type.CALLER_METADATA);
matchArgumentBuilder.setKey(TsfMetadataConstants.TSF_APPLICATION_ID);
Expand Down

0 comments on commit 5b79f39

Please sign in to comment.