From af57c99077ea0da586dfe75bbc199183c73fa7f2 Mon Sep 17 00:00:00 2001 From: aozhiwei Date: Thu, 12 Nov 2020 16:50:47 +0800 Subject: [PATCH] 1 --- server/analyseapi/riskmgr.go | 200 +++++------------------------------ server/analyseapi/types.go | 196 ++++++++++++++++++++++++++++++++++ 2 files changed, 224 insertions(+), 172 deletions(-) create mode 100644 server/analyseapi/types.go diff --git a/server/analyseapi/riskmgr.go b/server/analyseapi/riskmgr.go index 9710ff1..6b76af1 100644 --- a/server/analyseapi/riskmgr.go +++ b/server/analyseapi/riskmgr.go @@ -5,27 +5,11 @@ import ( "fmt" "sync" "sync/atomic" - "github.com/aliyun/alibaba-cloud-sdk-go/services/geoip" "q5" "f5" ) type RiskMgr struct { - ipWhiteList map[string]int32 - ipWhiteListMutex sync.RWMutex - - ipBlackList map[string]int32 - ipBlackListMutex sync.RWMutex - - launchWhiteList map[string]int32 - launchWhiteListMutex sync.RWMutex - - launchBlackList map[string]int32 - launchBlackListMutex sync.RWMutex - - blockProvinceCityHash map[string]int32 - blockProvinceCityHashMutex sync.RWMutex - fixedBlockProvinceCityHash map[string]int32 fixedBlockProvinceCityHashMutex sync.RWMutex @@ -38,63 +22,25 @@ type RiskMgr struct { passTimes int64 blockTimes int64 - totalIpWhiteListPassTimes int64 - ipWhiteListPassTimes int64 - totalLaunchWhiteListPassTimes int64 - launchWhiteListPassTimes int64 - totalSafeZonePassTimes int64 - safeZonePassTimes int64 - totalHttpMethodBlockTimes int64 httpMethodBlockTimes int64 totalSessionErrBlockTimes int64 sessionErrBlockTimes int64 - totalIpBlackListBlockTimes int64 - ipBlackListBlockTimes int64 - totalLaunchBlackListBlockTimes int64 - launchBlackListBlockTimes int64 - totalUnSafeZoneBlockTimes int64 - unSafeZoneBlockTimes int64 + + gameHash map[int32]*GameConf + gameHashMutex sync.RWMutex clusterConf *MtwServerInfo } func (this* RiskMgr) Init() *RiskMgr { - this.ipWhiteListMutex.Lock() - this.ipBlackListMutex.Lock() - this.launchWhiteListMutex.Lock() - this.launchBlackListMutex.Lock() - this.blockProvinceCityHashMutex.Lock() this.fixedBlockProvinceCityHashMutex.Lock() - defer this.ipWhiteListMutex.Unlock() - defer this.ipBlackListMutex.Unlock() - defer this.launchWhiteListMutex.Unlock() - defer this.launchBlackListMutex.Unlock() - defer this.blockProvinceCityHashMutex.Unlock() defer this.fixedBlockProvinceCityHashMutex.Unlock() - this.ipWhiteList = make(map[string]int32) - this.ipBlackList = make(map[string]int32) - this.launchWhiteList = make(map[string]int32) - this.launchBlackList = make(map[string]int32) - this.blockProvinceCityHash = make(map[string]int32) this.fixedBlockProvinceCityHash = make(map[string]int32) - for _, val := range G.MetaMgr.GetIpWhiteList().GetList() { - this.ipWhiteList[val] = 1 - } - for _, val := range G.MetaMgr.GetIpBlackList().GetList() { - this.ipBlackList[val] = 1 - } - for _, val := range G.MetaMgr.GetLaunchWhiteList().GetList() { - this.launchWhiteList[val] = 1 - } - for _, val := range G.MetaMgr.GetLaunchBlackList().GetList() { - this.launchBlackList[val] = 1 - } for _, val := range G.MetaMgr.GetFixedBlockProvinceCity().GetList() { this.fixedBlockProvinceCityHash[val] = 1 - this.blockProvinceCityHash[val] = 1 } this.accessKeyId = G.MetaMgr.GetAliKey().GetAccessKeyid() this.accessSecret = G.MetaMgr.GetAliKey().GetAccessSecret() @@ -110,6 +56,7 @@ func (this* RiskMgr) Init() *RiskMgr { func (params* q5.XParams) { this.OutputLog() }) + return this } @@ -121,65 +68,14 @@ func (this* RiskMgr) OutputLog() { f5.SysLog().Info("blockobj %s", this.GetBlockObj().ToJsonStr()) atomic.StoreInt64(&this.passTimes, 0) atomic.StoreInt64(&this.blockTimes, 0) - atomic.StoreInt64(&this.ipWhiteListPassTimes, 0) + /*atomic.StoreInt64(&this.ipWhiteListPassTimes, 0) atomic.StoreInt64(&this.launchWhiteListPassTimes, 0) atomic.StoreInt64(&this.safeZonePassTimes, 0) atomic.StoreInt64(&this.httpMethodBlockTimes, 0) atomic.StoreInt64(&this.sessionErrBlockTimes, 0) atomic.StoreInt64(&this.ipBlackListBlockTimes, 0) atomic.StoreInt64(&this.launchBlackListBlockTimes, 0) - atomic.StoreInt64(&this.unSafeZoneBlockTimes, 0) -} - -func (this* RiskMgr) InIpWhiteList(ip string) bool { - this.ipWhiteListMutex.Lock() - defer this.ipWhiteListMutex.Unlock() - _, ok := this.ipWhiteList[ip] - return ok -} - -func (this* RiskMgr) InIpBlackList(ip string) bool { - this.ipBlackListMutex.Lock() - defer this.ipBlackListMutex.Unlock() - _, ok := this.ipBlackList[ip] - return ok -} - -func (this* RiskMgr) InLaunchWhiteList(gameId int32, channel int32, launchInfo string) bool { - this.launchWhiteListMutex.Lock() - defer this.launchWhiteListMutex.Unlock() - _, ok := this.launchWhiteList[launchInfo] - return ok -} - -func (this* RiskMgr) InLaunchBlackList(gameId int32, channel int32, launchInfo string) bool { - this.launchBlackListMutex.Lock() - defer this.launchBlackListMutex.Unlock() - _, ok := this.launchBlackList[launchInfo] - return ok -} - -func (this* RiskMgr) IsBlockZone(gameId int32, channel int32, - country string, province string, city string) bool { - if country == "" || province == "" || city == "" { - return true - } - if country != "中国" { - return true - } - - this.blockProvinceCityHashMutex.Lock() - defer this.blockProvinceCityHashMutex.Unlock() - if _, ok := this.blockProvinceCityHash[province]; ok { - return true - } - if _, ok := this.blockProvinceCityHash[city]; ok { - return true - } - if _, ok := this.blockProvinceCityHash[province + "/" + city]; ok { - return true - } - return false + atomic.StoreInt64(&this.unSafeZoneBlockTimes, 0)*/ } func (this* RiskMgr) GetSdkInfo(accessKeyId* string, accessSecret* string) { @@ -193,12 +89,12 @@ func (this* RiskMgr) GetPassObj() *q5.XObject { passObj := q5.NewMxoObject() passObj.SetXValue("total_times", q5.NewXInt64(this.totalPassTimes)) passObj.SetXValue("curr_times", q5.NewXInt64(this.passTimes)) - passObj.SetXValue("total_white_ip_times", q5.NewXInt64(this.totalIpWhiteListPassTimes)) + /*passObj.SetXValue("total_white_ip_times", q5.NewXInt64(this.totalIpWhiteListPassTimes)) passObj.SetXValue("curr_white_ip_times", q5.NewXInt64(this.ipWhiteListPassTimes)) passObj.SetXValue("total_white_launch_times", q5.NewXInt64(this.totalLaunchWhiteListPassTimes)) passObj.SetXValue("curr_white_launch_times", q5.NewXInt64(this.launchWhiteListPassTimes)) passObj.SetXValue("total_safezone_times", q5.NewXInt64(this.totalSafeZonePassTimes)) - passObj.SetXValue("curr_safezone_times", q5.NewXInt64(this.safeZonePassTimes)) + passObj.SetXValue("curr_safezone_times", q5.NewXInt64(this.safeZonePassTimes))*/ return passObj.AsXObject() } @@ -206,7 +102,7 @@ func (this* RiskMgr) GetBlockObj() *q5.XObject { blockObj := q5.NewMxoObject() blockObj.SetXValue("total_times", q5.NewXInt64(this.totalBlockTimes)) blockObj.SetXValue("curr_times", q5.NewXInt64(this.blockTimes)) - blockObj.SetXValue("total_method_err_times", q5.NewXInt64(this.totalHttpMethodBlockTimes)) + /*blockObj.SetXValue("total_method_err_times", q5.NewXInt64(this.totalHttpMethodBlockTimes)) blockObj.SetXValue("curr_method_err_times", q5.NewXInt64(this.httpMethodBlockTimes)) blockObj.SetXValue("total_session_err_times", q5.NewXInt64(this.totalSessionErrBlockTimes)) blockObj.SetXValue("curr_session_err_times", q5.NewXInt64(this.sessionErrBlockTimes)) @@ -215,35 +111,17 @@ func (this* RiskMgr) GetBlockObj() *q5.XObject { blockObj.SetXValue("total_black_launch_times", q5.NewXInt64(this.totalLaunchBlackListBlockTimes)) blockObj.SetXValue("curr_black_launch_times", q5.NewXInt64(this.launchBlackListBlockTimes)) blockObj.SetXValue("total_unsafezone_times", q5.NewXInt64(this.totalUnSafeZoneBlockTimes)) - blockObj.SetXValue("curr_unsafezone_times", q5.NewXInt64(this.unSafeZoneBlockTimes)) + blockObj.SetXValue("curr_unsafezone_times", q5.NewXInt64(this.unSafeZoneBlockTimes))*/ return blockObj.AsXObject() } -func (this* RiskMgr) IsSafeZone(gameId int32, channel int32, ip string, response_str* string) bool { - accessKeyId := "" - accessSecret := "" - this.GetSdkInfo(&accessKeyId, &accessSecret) - client, err := geoip.NewClientWithAccessKey("cn-hangzhou", accessKeyId, accessSecret) - if err != nil { - f5.SysLog().Warning("NewClientWithAccessKey error %s", err.Error()) - return false - } - - request := geoip.CreateDescribeIpv4LocationRequest() - request.Scheme = "https" - request.Ip = ip - - response, err := client.DescribeIpv4Location(request) - if err != nil { - f5.SysLog().Warning("Ipv4Location error %s", err.Error()) - return false - } - *response_str = q5.EncodeJson(response) - return !this.IsBlockZone(gameId, channel, response.Country, response.Province, response.City) +func (this *RiskMgr) GetGameConf(gameId int32, channel int32) *GameConf { + return nil } func (this *RiskMgr) __analyseIsOpen(w* http.ResponseWriter, r *http.Request) { - response_str := "" + var gameConf *GameConf + responseStr := "" isPass := func () bool { if r.Method != "POST" { atomic.AddInt64(&this.totalHttpMethodBlockTimes, 1) @@ -260,51 +138,28 @@ func (this *RiskMgr) __analyseIsOpen(w* http.ResponseWriter, r *http.Request) { gameId := f5.ExtractGameIdFromAccountId(accountId) channel := f5.ExtractChannelFromAccountId(accountId) + gameConf = this.GetGameConf(gameId, channel) + if gameConf == nil { + return false + } + remoteAddr := q5.GetRequestRemoteAddr(r) if this.clusterConf.GetTesting() == 1 && q5.Request(r, "ip").GetString() != "" { remoteAddr = q5.Request(r, "ip").GetString() } - if G.RiskMgr.InIpWhiteList(remoteAddr) { - atomic.AddInt64(&this.totalIpWhiteListPassTimes, 1) - atomic.AddInt64(&this.ipWhiteListPassTimes, 1) - return true - } - if G.RiskMgr.InIpBlackList(remoteAddr) { - atomic.AddInt64(&this.totalIpBlackListBlockTimes, 1) - atomic.AddInt64(&this.ipBlackListBlockTimes, 1) - return false - } launchInfo := q5.GetPostBody(r).GetString() - if G.RiskMgr.InLaunchWhiteList(gameId, channel, launchInfo) { - atomic.AddInt64(&this.totalLaunchWhiteListPassTimes, 1) - atomic.AddInt64(&this.launchWhiteListPassTimes, 1) - return true - } - if G.RiskMgr.InLaunchBlackList(gameId, channel, launchInfo) { - atomic.AddInt64(&this.totalLaunchBlackListBlockTimes, 1) - atomic.AddInt64(&this.launchBlackListBlockTimes, 1) - return false - } - if G.RiskMgr.IsSafeZone(gameId, channel, remoteAddr, &response_str) { - atomic.AddInt64(&this.totalSafeZonePassTimes, 1) - atomic.AddInt64(&this.safeZonePassTimes, 1) - return true - } else { - atomic.AddInt64(&this.totalUnSafeZoneBlockTimes, 1) - atomic.AddInt64(&this.unSafeZoneBlockTimes, 1) - return false - } + return gameConf.IsPass(remoteAddr, launchInfo) } if isPass() { atomic.AddInt64(&this.totalPassTimes, 1) atomic.AddInt64(&this.passTimes, 1) if this.clusterConf.GetTesting() == 1 { - if response_str == "" { - response_str = `""` + if responseStr == "" { + responseStr = `""` } data := fmt.Sprintf(`{"errcode":0, "errmsg":"", "is_open":%d, "data":%s}`, 1, - response_str) + responseStr) q5.Response(w, data) } else { q5.ResponseInt32Ok(w, "is_open", 1) @@ -313,12 +168,12 @@ func (this *RiskMgr) __analyseIsOpen(w* http.ResponseWriter, r *http.Request) { atomic.AddInt64(&this.totalBlockTimes, 1) atomic.AddInt64(&this.blockTimes, 1) if this.clusterConf.GetTesting() == 1 { - if response_str == "" { - response_str = `""` + if responseStr == "" { + responseStr = `""` } data := fmt.Sprintf(`{"errcode":0, "errmsg":"", "is_open":%d, "data":%s}`, 0, - response_str) + responseStr) q5.Response(w, data) } else { q5.ResponseInt32Ok(w, "is_open", 0) @@ -327,7 +182,7 @@ func (this *RiskMgr) __analyseIsOpen(w* http.ResponseWriter, r *http.Request) { } func (this *RiskMgr) __opsDump(w* http.ResponseWriter, r *http.Request) { - this.ipWhiteListMutex.Lock() + /*this.ipWhiteListMutex.Lock() this.ipBlackListMutex.Lock() this.launchWhiteListMutex.Lock() this.launchBlackListMutex.Lock() @@ -358,6 +213,7 @@ func (this *RiskMgr) __opsDump(w* http.ResponseWriter, r *http.Request) { fillRespObj(respObj, "block_province_city_list", &this.blockProvinceCityHash) fillRespObj(respObj, "fixed_block_province_city_list", &this.fixedBlockProvinceCityHash) q5.Response(w, respObj.ToJsonStr()) +*/ } func (this *RiskMgr) __opsSyncConf(w* http.ResponseWriter, r *http.Request) { diff --git a/server/analyseapi/types.go b/server/analyseapi/types.go new file mode 100644 index 0000000..719a291 --- /dev/null +++ b/server/analyseapi/types.go @@ -0,0 +1,196 @@ +package main + +import ( + "sync" + "github.com/aliyun/alibaba-cloud-sdk-go/services/geoip" + "f5" + "q5" +) + +type GameConf struct { + ipWhiteList map[string]int32 + ipWhiteListMutex sync.RWMutex + + ipBlackList map[string]int32 + ipBlackListMutex sync.RWMutex + + launchWhiteList map[string]int32 + launchWhiteListMutex sync.RWMutex + + launchBlackList map[string]int32 + launchBlackListMutex sync.RWMutex + + blockProvinceCityHash map[string]int32 + blockProvinceCityHashMutex sync.RWMutex + + totalPassTimes int64 + totalBlockTimes int64 + passTimes int64 + blockTimes int64 + + totalIpWhiteListPassTimes int64 + ipWhiteListPassTimes int64 + totalLaunchWhiteListPassTimes int64 + launchWhiteListPassTimes int64 + totalSafeZonePassTimes int64 + safeZonePassTimes int64 + + totalHttpMethodBlockTimes int64 + httpMethodBlockTimes int64 + totalSessionErrBlockTimes int64 + sessionErrBlockTimes int64 + totalIpBlackListBlockTimes int64 + ipBlackListBlockTimes int64 + totalLaunchBlackListBlockTimes int64 + launchBlackListBlockTimes int64 + totalUnSafeZoneBlockTimes int64 + unSafeZoneBlockTimes int64 +} + +func (this *GameConf) IsPass(remoteAddr string, launchInfo string) bool { + /* + remoteAddr := q5.GetRequestRemoteAddr(r) + if this.clusterConf.GetTesting() == 1 && q5.Request(r, "ip").GetString() != "" { + remoteAddr = q5.Request(r, "ip").GetString() + } + if G.RiskMgr.InIpWhiteList(remoteAddr) { + atomic.AddInt64(&this.totalIpWhiteListPassTimes, 1) + atomic.AddInt64(&this.ipWhiteListPassTimes, 1) + return true + } + if G.RiskMgr.InIpBlackList(remoteAddr) { + atomic.AddInt64(&this.totalIpBlackListBlockTimes, 1) + atomic.AddInt64(&this.ipBlackListBlockTimes, 1) + return false + } + launchInfo := q5.GetPostBody(r).GetString() + if G.RiskMgr.InLaunchWhiteList(gameId, channel, launchInfo) { + atomic.AddInt64(&this.totalLaunchWhiteListPassTimes, 1) + atomic.AddInt64(&this.launchWhiteListPassTimes, 1) + return true + } + if G.RiskMgr.InLaunchBlackList(gameId, channel, launchInfo) { + atomic.AddInt64(&this.totalLaunchBlackListBlockTimes, 1) + atomic.AddInt64(&this.launchBlackListBlockTimes, 1) + return false + } + if G.RiskMgr.IsSafeZone(gameId, channel, remoteAddr, &responseStr) { + atomic.AddInt64(&this.totalSafeZonePassTimes, 1) + atomic.AddInt64(&this.safeZonePassTimes, 1) + return true + } else { + atomic.AddInt64(&this.totalUnSafeZoneBlockTimes, 1) + atomic.AddInt64(&this.unSafeZoneBlockTimes, 1) + return false + } +*/ + return false +} + +func (this* GameConf) InIpWhiteList(ip string) bool { + this.ipWhiteListMutex.Lock() + defer this.ipWhiteListMutex.Unlock() + _, ok := this.ipWhiteList[ip] + return ok +} + +func (this* GameConf) InIpBlackList(ip string) bool { + this.ipBlackListMutex.Lock() + defer this.ipBlackListMutex.Unlock() + _, ok := this.ipBlackList[ip] + return ok +} + +func (this* GameConf) InLaunchWhiteList(gameId int32, channel int32, launchInfo string) bool { + this.launchWhiteListMutex.Lock() + defer this.launchWhiteListMutex.Unlock() + _, ok := this.launchWhiteList[launchInfo] + return ok +} + +func (this* GameConf) InLaunchBlackList(gameId int32, channel int32, launchInfo string) bool { + this.launchBlackListMutex.Lock() + defer this.launchBlackListMutex.Unlock() + _, ok := this.launchBlackList[launchInfo] + return ok +} + +func (this* GameConf) Init() { + this.ipWhiteListMutex.Lock() + this.ipBlackListMutex.Lock() + this.launchWhiteListMutex.Lock() + this.launchBlackListMutex.Lock() + this.blockProvinceCityHashMutex.Lock() + defer this.ipWhiteListMutex.Unlock() + defer this.ipBlackListMutex.Unlock() + defer this.launchWhiteListMutex.Unlock() + defer this.launchBlackListMutex.Unlock() + defer this.blockProvinceCityHashMutex.Unlock() + + this.ipWhiteList = make(map[string]int32) + this.ipBlackList = make(map[string]int32) + this.launchWhiteList = make(map[string]int32) + this.launchBlackList = make(map[string]int32) + this.blockProvinceCityHash = make(map[string]int32) + + for _, val := range G.MetaMgr.GetIpWhiteList().GetList() { + this.ipWhiteList[val] = 1 + } + for _, val := range G.MetaMgr.GetIpBlackList().GetList() { + this.ipBlackList[val] = 1 + } + for _, val := range G.MetaMgr.GetLaunchWhiteList().GetList() { + this.launchWhiteList[val] = 1 + } + for _, val := range G.MetaMgr.GetLaunchBlackList().GetList() { + this.launchBlackList[val] = 1 + } + for _, val := range G.MetaMgr.GetFixedBlockProvinceCity().GetList() { + this.blockProvinceCityHash[val] = 1 + } +} + +func (this* GameConf) IsBlockZone(country string, province string, city string) bool { + if country == "" || province == "" || city == "" { + return true + } + if country != "中国" { + return true + } + + /*this.blockProvinceCityHashMutex.Lock() + defer this.blockProvinceCityHashMutex.Unlock() + if _, ok := this.blockProvinceCityHash[province]; ok { + return true + } + if _, ok := this.blockProvinceCityHash[city]; ok { + return true + } + if _, ok := this.blockProvinceCityHash[province + "/" + city]; ok { + return true + }*/ + return false +} + +func (this* GameConf) IsSafeZone(ip string, response_str* string) bool { + accessKeyId := "" + accessSecret := "" + G.RiskMgr.GetSdkInfo(&accessKeyId, &accessSecret) + client, err := geoip.NewClientWithAccessKey("cn-hangzhou", accessKeyId, accessSecret) + if err != nil { + f5.SysLog().Warning("NewClientWithAccessKey error %s", err.Error()) + return false + } + + request := geoip.CreateDescribeIpv4LocationRequest() + request.Scheme = "https" + request.Ip = ip + + response, err := client.DescribeIpv4Location(request) + if err != nil { + f5.SysLog().Warning("Ipv4Location error %s", err.Error()) + return false + } + *response_str = q5.EncodeJson(response) + return !this.IsBlockZone(response.Country, response.Province, response.City) +}