화이트리스트 멤버에 tag 추가
This commit is contained in:
@ -28,25 +28,24 @@ type blockinfo struct {
|
||||
Reason string `bson:"reason" json:"reason"`
|
||||
}
|
||||
|
||||
type whitelistAuthType = string
|
||||
type whitelistMemberTag = string
|
||||
|
||||
const (
|
||||
whitelistAuthType_Default = whitelistAuthType("")
|
||||
whitelistAuthType_QA = whitelistAuthType("qa")
|
||||
whitelistMemberTag_Default = whitelistMemberTag("")
|
||||
whitelistMemberTag_QA = whitelistMemberTag("#qa")
|
||||
)
|
||||
|
||||
type whitelistmember struct {
|
||||
Service string `bson:"service" json:"service"`
|
||||
Email string `bson:"email" json:"email"`
|
||||
Platform string `bson:"platform" json:"platform"`
|
||||
Desc string `bson:"desc" json:"desc"`
|
||||
Auth []whitelistAuthType `bson:"auth" json:"auth"`
|
||||
Expired primitive.DateTime `bson:"_ts,omitempty" json:"_ts,omitempty"`
|
||||
Service string `bson:"service" json:"service"`
|
||||
Email string `bson:"email" json:"email"`
|
||||
Platform string `bson:"platform" json:"platform"`
|
||||
Desc string `bson:"desc" json:"desc"`
|
||||
Tag string `bson:"tag" json:"tag"`
|
||||
Expired primitive.DateTime `bson:"_ts,omitempty" json:"_ts,omitempty"`
|
||||
}
|
||||
|
||||
type whitelist struct {
|
||||
emailptr unsafe.Pointer
|
||||
qaptr unsafe.Pointer
|
||||
working int32
|
||||
}
|
||||
|
||||
@ -61,29 +60,11 @@ type usertokeninfo struct {
|
||||
}
|
||||
|
||||
func (wl *whitelist) init(total []whitelistmember) {
|
||||
auths := make(map[string]map[string]*whitelistmember)
|
||||
all := make(map[string]*whitelistmember)
|
||||
for _, member := range total {
|
||||
all := auths[""]
|
||||
if all == nil {
|
||||
all = make(map[string]*whitelistmember)
|
||||
auths[""] = all
|
||||
}
|
||||
all[whitelistKey(member.Email)] = &member
|
||||
|
||||
for _, auth := range member.Auth {
|
||||
spec := auths[auth]
|
||||
if spec == nil {
|
||||
spec = make(map[string]*whitelistmember)
|
||||
auths[auth] = spec
|
||||
}
|
||||
spec[whitelistKey(member.Email)] = &member
|
||||
}
|
||||
}
|
||||
all := auths[whitelistAuthType_Default]
|
||||
atomic.StorePointer(&wl.emailptr, unsafe.Pointer(&all))
|
||||
|
||||
qa := auths[whitelistAuthType_QA]
|
||||
atomic.StorePointer(&wl.qaptr, unsafe.Pointer(&qa))
|
||||
}
|
||||
|
||||
func addToUnsafePointer(to *unsafe.Pointer, m *whitelistmember) {
|
||||
@ -111,17 +92,13 @@ func removeFromUnsafePointer(from *unsafe.Pointer, email string) {
|
||||
}
|
||||
|
||||
func (wl *whitelist) add(m *whitelistmember) {
|
||||
// 테스트
|
||||
m.Tag = whitelistMemberTag_QA
|
||||
addToUnsafePointer(&wl.emailptr, m)
|
||||
for _, auth := range m.Auth {
|
||||
if auth == whitelistAuthType_QA {
|
||||
addToUnsafePointer(&wl.qaptr, m)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func (wl *whitelist) remove(email string) {
|
||||
removeFromUnsafePointer(&wl.emailptr, email)
|
||||
removeFromUnsafePointer(&wl.qaptr, email)
|
||||
}
|
||||
|
||||
func (wl *whitelist) isMember(email string, platform string) bool {
|
||||
@ -138,14 +115,12 @@ func (wl *whitelist) isMember(email string, platform string) bool {
|
||||
return false
|
||||
}
|
||||
|
||||
func (wl *whitelist) hasAuth(email string, platform string, auth whitelistAuthType) bool {
|
||||
if auth == whitelistAuthType_QA {
|
||||
ptr := atomic.LoadPointer(&wl.qaptr)
|
||||
src := *(*map[string]*whitelistmember)(ptr)
|
||||
func (wl *whitelist) hasTag(email string, platform string, tag whitelistMemberTag) bool {
|
||||
ptr := atomic.LoadPointer(&wl.emailptr)
|
||||
src := *(*map[string]*whitelistmember)(ptr)
|
||||
|
||||
if member, exists := src[whitelistKey(email)]; exists {
|
||||
return member.Platform == platform
|
||||
}
|
||||
if member, exists := src[whitelistKey(email)]; exists {
|
||||
return strings.Contains(member.Tag, tag)
|
||||
}
|
||||
|
||||
return false
|
||||
@ -732,7 +707,7 @@ func (sh *serviceDescription) ServeHTTP(w http.ResponseWriter, r *http.Request)
|
||||
// 세션키가 있는지 확인
|
||||
if _, ok := sh.auths.IsValid(sk, ""); !ok {
|
||||
logger.Println("sessionkey is not valid :", sk)
|
||||
w.WriteHeader(http.StatusBadRequest)
|
||||
w.WriteHeader(http.StatusUnauthorized)
|
||||
return
|
||||
}
|
||||
|
||||
@ -754,7 +729,7 @@ func (sh *serviceDescription) ServeHTTP(w http.ResponseWriter, r *http.Request)
|
||||
w.WriteHeader(http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
if sh.wl.hasAuth(cell.ToAuthinfo().Email, cell.ToAuthinfo().Platform, whitelistAuthType_QA) {
|
||||
if sh.wl.hasTag(cell.ToAuthinfo().Email, cell.ToAuthinfo().Platform, whitelistMemberTag_QA) {
|
||||
// qa 권한이면 입장 가능
|
||||
w.Write([]byte(fmt.Sprintf(`{"service":"%s"}`, div.Url)))
|
||||
} else if div.Maintenance != nil {
|
||||
|
||||
Reference in New Issue
Block a user