You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@dubbo.apache.org by GitBox <gi...@apache.org> on 2022/11/29 12:09:19 UTC
[GitHub] [dubbo] AlbumenJ commented on a diff in pull request #11051: update(qos): support foreign ip whitelist.
AlbumenJ commented on code in PR #11051:
URL: https://github.com/apache/dubbo/pull/11051#discussion_r1034669095
##########
dubbo-plugin/dubbo-qos/src/main/java/org/apache/dubbo/qos/server/handler/LocalHostPermitHandler.java:
##########
@@ -16,33 +16,81 @@
*/
package org.apache.dubbo.qos.server.handler;
-import org.apache.dubbo.qos.common.QosConstants;
-
import io.netty.buffer.ByteBuf;
import io.netty.buffer.Unpooled;
import io.netty.channel.ChannelFutureListener;
import io.netty.channel.ChannelHandlerAdapter;
import io.netty.channel.ChannelHandlerContext;
+import org.apache.dubbo.common.utils.CIDRUtils;
+import org.apache.dubbo.common.utils.StringUtils;
+import org.apache.dubbo.qos.common.QosConstants;
+import java.net.InetAddress;
import java.net.InetSocketAddress;
+import java.net.UnknownHostException;
+import java.util.Arrays;
+import java.util.function.Predicate;
public class LocalHostPermitHandler extends ChannelHandlerAdapter {
// true means to accept foreign IP
private boolean acceptForeignIp;
- public LocalHostPermitHandler(boolean acceptForeignIp) {
+ // the whitelist of foreign IP when acceptForeignIp = false, the delimiter is colon(,)
+ // support specific ip and an ip range from CIDR specification
+ private String acceptForeignIpWhitelist;
+ private Predicate<String> whitelistPredicate = foreignIp -> false;
+
+ public LocalHostPermitHandler(boolean acceptForeignIp, String foreignIpWhitelist) {
this.acceptForeignIp = acceptForeignIp;
+ this.acceptForeignIpWhitelist = foreignIpWhitelist;
+ if (StringUtils.isNotEmpty(foreignIpWhitelist)) {
+ whitelistPredicate = Arrays.stream(foreignIpWhitelist.split(","))
+ .map(String::trim)
+ .filter(StringUtils::isNotEmpty)
+ .map(item -> (Predicate<String>) (foreignIp) -> {
+ try {
+ if (!item.contains("/")) {
+ return StringUtils.isEquals(item, foreignIp);
+ }
+ return new CIDRUtils(item).isInRange(foreignIp);
Review Comment:
use `org.apache.dubbo.common.utils.NetUtils#matchIpExpression`
##########
dubbo-plugin/dubbo-qos/src/main/java/org/apache/dubbo/qos/server/handler/LocalHostPermitHandler.java:
##########
@@ -16,33 +16,81 @@
*/
package org.apache.dubbo.qos.server.handler;
-import org.apache.dubbo.qos.common.QosConstants;
-
import io.netty.buffer.ByteBuf;
import io.netty.buffer.Unpooled;
import io.netty.channel.ChannelFutureListener;
import io.netty.channel.ChannelHandlerAdapter;
import io.netty.channel.ChannelHandlerContext;
+import org.apache.dubbo.common.utils.CIDRUtils;
+import org.apache.dubbo.common.utils.StringUtils;
+import org.apache.dubbo.qos.common.QosConstants;
+import java.net.InetAddress;
import java.net.InetSocketAddress;
+import java.net.UnknownHostException;
+import java.util.Arrays;
+import java.util.function.Predicate;
public class LocalHostPermitHandler extends ChannelHandlerAdapter {
Review Comment:
Pls rename this class
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org
For additional commands, e-mail: notifications-help@dubbo.apache.org