/
nethttp.go
120 lines (111 loc) · 3.54 KB
/
nethttp.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
package middleware
/*
定义中间件在net/http库下的实现或者入口。
*/
import (
"encoding/base64"
"net/http"
"strings"
"github.com/eudore/eudore"
)
// NewNetHTTPBasicAuthFunc 函数创建一个net/http BasicAuth中间件处理函数,文档见NewBasicAuthFunc函数。
func NewNetHTTPBasicAuthFunc(next http.Handler, names map[string]string) http.HandlerFunc {
checks := make(map[string]string, len(names))
for name, pass := range names {
checks[base64.StdEncoding.EncodeToString([]byte(name+":"+pass))] = name
}
return func(w http.ResponseWriter, r *http.Request) {
auth := r.Header.Get(eudore.HeaderAuthorization)
if len(auth) > 5 && auth[:6] == "Basic " {
name, ok := checks[auth[6:]]
if ok {
r.Header.Add("Basic-Name", name)
next.ServeHTTP(w, r)
return
}
}
w.Header().Set(eudore.HeaderWWWAuthenticate, "Basic")
w.WriteHeader(http.StatusUnauthorized)
}
}
// NewNetHTTPBodyLimitFunc 函数创建一个net/http BodyLimt中间件处理函数,优化NoBody和Size。
func NewNetHTTPBodyLimitFunc(next http.Handler, size int64) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
switch {
case r.Body == http.NoBody:
case r.ContentLength > size:
w.Header().Set(eudore.HeaderConnection, "close")
w.WriteHeader(http.StatusRequestEntityTooLarge)
w.Write([]byte(http.StatusText(http.StatusRequestEntityTooLarge)))
return
default:
r.Body = http.MaxBytesReader(w, r.Body, size)
}
next.ServeHTTP(w, r)
}
}
// NewNetHTTPBlackFunc 函数创建一个net/http黑名单中间件处理函数,文档见NewBlackFunc函数。
func NewNetHTTPBlackFunc(next http.Handler, data map[string]bool) http.HandlerFunc {
b := newBlack()
for k, v := range data {
if v {
b.InsertWhite(k)
} else {
b.InsertBlack(k)
}
}
return func(w http.ResponseWriter, r *http.Request) {
ip := ip2int(getRealClientIP(r))
if b.White.Look(ip) {
next.ServeHTTP(w, r)
return
}
if b.Black.Look(ip) {
w.WriteHeader(eudore.StatusForbidden)
_, _ = w.Write([]byte("black list deny your ip " + getRealClientIP(r)))
} else {
next.ServeHTTP(w, r)
}
}
}
// NewNetHTTPRewriteFunc 函数创建一个net/http路径重写中间件处理函数,文档见NewRewriteFunc函数。
func NewNetHTTPRewriteFunc(next http.Handler, data map[string]string) http.HandlerFunc {
node := new(rewriteNode)
for k, v := range data {
node.insert(k, v)
}
return func(w http.ResponseWriter, r *http.Request) {
r.URL.Path = node.rewrite(r.URL.Path)
next.ServeHTTP(w, r)
}
}
// NewNetHTTPRateRequestFunc 函数创建一个net/http限流中间件处理函数,文档见NewRateFunc函数。
func NewNetHTTPRateRequestFunc(next http.Handler, speed, max int64, options ...any) http.HandlerFunc {
getKeyFunc := getRealClientIP
for _, i := range options {
if fn, ok := i.(func(*http.Request) string); ok {
getKeyFunc = fn
break
}
}
r := newRate(speed, max, options...)
return func(w http.ResponseWriter, req *http.Request) {
key := getKeyFunc(req)
if r.GetVisitor(key).WaitWithDeadline(req.Context(), 1) {
next.ServeHTTP(w, req)
return
}
w.WriteHeader(http.StatusTooManyRequests)
_, _ = w.Write([]byte("deny request of rate request: " + key))
}
}
// getRealClientIP 函数获取http请求的真实ip。
func getRealClientIP(r *http.Request) string {
if realip := r.Header.Get(eudore.HeaderXRealIP); realip != "" {
return realip
}
if xforward := r.Header.Get(eudore.HeaderXForwardedFor); xforward != "" {
return strings.SplitN(xforward, ",", 2)[0]
}
return strings.SplitN(r.RemoteAddr, ":", 2)[0]
}