wms-master.git - Gitblit

parent: 225f9914 | 补丁 | 提交 | ignore whitespace

4 天以前 936dd65f69e1c9b17ed8abd4edf4c624cee68e23

日志优化

4个文件已修改

	rsf-http-audit/src/main/java/com/vincent/rsf/httpaudit/admin/HttpAuditRuleAdminController.java	6 ●●●●● 补丁 \| 查看 \| 原始文档 \| blame \| 历史
	rsf-http-audit/src/main/java/com/vincent/rsf/httpaudit/entity/HttpAuditRule.java	2 ●●●●● 补丁 \| 查看 \| 原始文档 \| blame \| 历史
	rsf-http-audit/src/main/java/com/vincent/rsf/httpaudit/props/HttpAuditProperties.java	4 ●●●●● 补丁 \| 查看 \| 原始文档 \| blame \| 历史
	rsf-http-audit/src/main/java/com/vincent/rsf/httpaudit/service/HttpAuditRuleServiceImpl.java	52 ●●●●● 补丁 \| 查看 \| 原始文档 \| blame \| 历史

 rsf-http-audit/src/main/java/com/vincent/rsf/httpaudit/admin/HttpAuditRuleAdminController.java

@@ -140,12 +140,6 @@
        if (StringUtils.isBlank(rule.getMatchMode())) {
            rule.setMatchMode(HttpAuditRule.MODE_EQUAL);
        }
        if (StringUtils.isBlank(rule.getPattern())) {
            rule.setPattern("*");
        }
        if (StringUtils.isBlank(rule.getDirection())) {
            rule.setDirection(HttpAuditRule.DIR_BOTH);
        }
    }

    private static R validate(HttpAuditRule rule) {

 rsf-http-audit/src/main/java/com/vincent/rsf/httpaudit/entity/HttpAuditRule.java

@@ -11,7 +11,7 @@
import java.util.Date;

/**
 * HTTP 审计白名单规则（仅命中规则时才写审计日志，受 http-audit.whitelist-only 控制）
 * HTTP 审计白名单规则（whitelist-only=true 时仅命中才落库；record_all=1 仅在该条命中时对本条请求/响应截断生效）
 */
@Data
@Accessors(chain = true)

 rsf-http-audit/src/main/java/com/vincent/rsf/httpaudit/props/HttpAuditProperties.java

@@ -27,7 +27,7 @@
    private String simpleUiToken = "";

    /**
     * true：入站/出站是否落库由 {@code sys_http_audit_rule} 决定（含 record_all=1 全量、方向 IN/OUT/BOTH、截断长度）；false：排除路径外入站与全部出站均记录，截断用本配置 + 规则中「全量」行的 request/response_max_chars（若有）
     * true：入站/出站是否落库由 {@code sys_http_audit_rule} 匹配决定（record_all 仅影响命中条的截断；方向 IN/OUT/BOTH）；false：排除路径外入站与全部出站均记录，截断用本配置默认字段
     */
    private boolean whitelistOnly = true;

@@ -60,7 +60,7 @@
    private List<String> excludePathPrefixes = defaultExcludes();

    /**
     * true：默认排除中的 /httpAuditLog、/httpAuditRule 仍生效；false：不再排除这两项（便于调试；record_all 也无法绕过 true 时的排除）
     * true：默认排除中的 /httpAuditLog、/httpAuditRule 仍生效；false：不再排除这两项（便于调试；命中规则也无法绕过 true 时的排除）
     */
    private boolean excludeAuditSelfPaths = true;


 rsf-http-audit/src/main/java/com/vincent/rsf/httpaudit/service/HttpAuditRuleServiceImpl.java

@@ -18,7 +18,7 @@
import java.util.regex.Pattern;

/**
 * 规则缓存；入站/出站或关系；record_all 时白名单下也全记
 * 规则缓存；入站/出站或关系；record_all 仅在该条规则命中时对本条日志生效（默认 -1 不截断）
 */
@Slf4j
public class HttpAuditRuleServiceImpl extends ServiceImpl<HttpAuditRuleMapper, HttpAuditRule> implements HttpAuditRuleService {
@@ -68,28 +68,21 @@
    @Override
    public HttpAuditDecision decideInbound(HttpServletRequest request, String requestBody) {
        if (!props.isWhitelistOnly()) {
            return HttpAuditDecision.yes(reqLimitFromRecordAllRow(), resLimitFromRecordAllRow());
            return HttpAuditDecision.yes(null, null);
        }
        if (cache.isEmpty()) {
            return HttpAuditDecision.SKIP;
        }
        HttpAuditRule allRow = firstRecordAllRule();
        if (allRow != null) {
            return HttpAuditDecision.yes(allRow.getRequestMaxChars(), allRow.getResponseMaxChars());
        }
        String path = HttpAuditSupport.safePath(request);
        String ip = HttpAuditSupport.clientIp(request);
        String body = requestBody == null ? "" : requestBody;
        for (HttpAuditRule r : cache) {
            if (isRecordAll(r)) {
                continue;
            }
            if (!appliesInbound(r)) {
                continue;
            }
            try {
                if (matchInbound(r, path, ip, body)) {
                    return HttpAuditDecision.yes(r.getRequestMaxChars(), r.getResponseMaxChars());
                    return decisionForMatchedRule(r);
                }
            } catch (Exception e) {
                log.debug("http-audit 规则 id={} 匹配异常：{}", r.getId(), e.getMessage());
@@ -101,26 +94,19 @@
    @Override
    public HttpAuditDecision decideOutbound(String fullUrl, String method, String requestBody) {
        if (!props.isWhitelistOnly()) {
            return HttpAuditDecision.yes(reqLimitFromRecordAllRow(), resLimitFromRecordAllRow());
            return HttpAuditDecision.yes(null, null);
        }
        if (cache.isEmpty()) {
            return HttpAuditDecision.SKIP;
        }
        HttpAuditRule allRow = firstRecordAllRule();
        if (allRow != null) {
            return HttpAuditDecision.yes(allRow.getRequestMaxChars(), allRow.getResponseMaxChars());
        }
        String body = requestBody == null ? "" : requestBody;
        for (HttpAuditRule r : cache) {
            if (isRecordAll(r)) {
                continue;
            }
            if (!appliesOutbound(r)) {
                continue;
            }
            try {
                if (matchOutbound(r, fullUrl, body)) {
                    return HttpAuditDecision.yes(r.getRequestMaxChars(), r.getResponseMaxChars());
                    return decisionForMatchedRule(r);
                }
            } catch (Exception e) {
                log.debug("http-audit 出站规则 id={} 匹配异常：{}", r.getId(), e.getMessage());
@@ -129,23 +115,13 @@
        return HttpAuditDecision.SKIP;
    }

    private Integer reqLimitFromRecordAllRow() {
        HttpAuditRule row = firstRecordAllRule();
        return row == null ? null : row.getRequestMaxChars();
    }

    private Integer resLimitFromRecordAllRow() {
        HttpAuditRule row = firstRecordAllRule();
        return row == null ? null : row.getResponseMaxChars();
    }

    private HttpAuditRule firstRecordAllRule() {
        for (HttpAuditRule r : cache) {
            if (isRecordAll(r)) {
                return r;
            }
    private static HttpAuditDecision decisionForMatchedRule(HttpAuditRule r) {
        if (isRecordAll(r)) {
            Integer req = r.getRequestMaxChars() != null ? r.getRequestMaxChars() : -1;
            Integer res = r.getResponseMaxChars() != null ? r.getResponseMaxChars() : -1;
            return HttpAuditDecision.yes(req, res);
        }
        return null;
        return HttpAuditDecision.yes(r.getRequestMaxChars(), r.getResponseMaxChars());
    }

    private static boolean isRecordAll(HttpAuditRule r) {
@@ -161,17 +137,11 @@
    }

    private static boolean appliesInbound(HttpAuditRule r) {
        if (isRecordAll(r)) {
            return false;
        }
        String d = dir(r);
        return HttpAuditRule.DIR_IN.equals(d) || HttpAuditRule.DIR_BOTH.equals(d);
    }

    private static boolean appliesOutbound(HttpAuditRule r) {
        if (isRecordAll(r)) {
            return false;
        }
        String d = dir(r);
        return HttpAuditRule.DIR_OUT.equals(d) || HttpAuditRule.DIR_BOTH.equals(d);
    }

			@@ -140,12 +140,6 @@
			if (StringUtils.isBlank(rule.getMatchMode())) {
			rule.setMatchMode(HttpAuditRule.MODE_EQUAL);
			}
			if (StringUtils.isBlank(rule.getPattern())) {
			rule.setPattern("*");
			}
			if (StringUtils.isBlank(rule.getDirection())) {
			rule.setDirection(HttpAuditRule.DIR_BOTH);
			}
			}

			private static R validate(HttpAuditRule rule) {

			@@ -11,7 +11,7 @@
			import java.util.Date;

			/**
			* HTTP 审计白名单规则（仅命中规则时才写审计日志，受 http-audit.whitelist-only 控制）
			* HTTP 审计白名单规则（whitelist-only=true 时仅命中才落库；record_all=1 仅在该条命中时对本条请求/响应截断生效）
			*/
			@Data
			@Accessors(chain = true)

			@@ -27,7 +27,7 @@
			private String simpleUiToken = "";

			/**
			* true：入站/出站是否落库由 {@code sys_http_audit_rule} 决定（含 record_all=1 全量、方向 IN/OUT/BOTH、截断长度）；false：排除路径外入站与全部出站均记录，截断用本配置 + 规则中「全量」行的 request/response_max_chars（若有）
			* true：入站/出站是否落库由 {@code sys_http_audit_rule} 匹配决定（record_all 仅影响命中条的截断；方向 IN/OUT/BOTH）；false：排除路径外入站与全部出站均记录，截断用本配置默认字段
			*/
			private boolean whitelistOnly = true;

			@@ -60,7 +60,7 @@
			private List<String> excludePathPrefixes = defaultExcludes();

			/**
			* true：默认排除中的 /httpAuditLog、/httpAuditRule 仍生效；false：不再排除这两项（便于调试；record_all 也无法绕过 true 时的排除）
			* true：默认排除中的 /httpAuditLog、/httpAuditRule 仍生效；false：不再排除这两项（便于调试；命中规则也无法绕过 true 时的排除）
			*/
			private boolean excludeAuditSelfPaths = true;

			@@ -18,7 +18,7 @@
			import java.util.regex.Pattern;

			/**
			* 规则缓存；入站/出站或关系；record_all 时白名单下也全记
			* 规则缓存；入站/出站或关系；record_all 仅在该条规则命中时对本条日志生效（默认 -1 不截断）
			*/
			@Slf4j
			public class HttpAuditRuleServiceImpl extends ServiceImpl<HttpAuditRuleMapper, HttpAuditRule> implements HttpAuditRuleService {
			@@ -68,28 +68,21 @@
			@Override
			public HttpAuditDecision decideInbound(HttpServletRequest request, String requestBody) {
			if (!props.isWhitelistOnly()) {
			return HttpAuditDecision.yes(reqLimitFromRecordAllRow(), resLimitFromRecordAllRow());
			return HttpAuditDecision.yes(null, null);
			}
			if (cache.isEmpty()) {
			return HttpAuditDecision.SKIP;
			}
			HttpAuditRule allRow = firstRecordAllRule();
			if (allRow != null) {
			return HttpAuditDecision.yes(allRow.getRequestMaxChars(), allRow.getResponseMaxChars());
			}
			String path = HttpAuditSupport.safePath(request);
			String ip = HttpAuditSupport.clientIp(request);
			String body = requestBody == null ? "" : requestBody;
			for (HttpAuditRule r : cache) {
			if (isRecordAll(r)) {
			continue;
			}
			if (!appliesInbound(r)) {
			continue;
			}
			try {
			if (matchInbound(r, path, ip, body)) {
			return HttpAuditDecision.yes(r.getRequestMaxChars(), r.getResponseMaxChars());
			return decisionForMatchedRule(r);
			}
			} catch (Exception e) {
			log.debug("http-audit 规则 id={} 匹配异常：{}", r.getId(), e.getMessage());
			@@ -101,26 +94,19 @@
			@Override
			public HttpAuditDecision decideOutbound(String fullUrl, String method, String requestBody) {
			if (!props.isWhitelistOnly()) {
			return HttpAuditDecision.yes(reqLimitFromRecordAllRow(), resLimitFromRecordAllRow());
			return HttpAuditDecision.yes(null, null);
			}
			if (cache.isEmpty()) {
			return HttpAuditDecision.SKIP;
			}
			HttpAuditRule allRow = firstRecordAllRule();
			if (allRow != null) {
			return HttpAuditDecision.yes(allRow.getRequestMaxChars(), allRow.getResponseMaxChars());
			}
			String body = requestBody == null ? "" : requestBody;
			for (HttpAuditRule r : cache) {
			if (isRecordAll(r)) {
			continue;
			}
			if (!appliesOutbound(r)) {
			continue;
			}
			try {
			if (matchOutbound(r, fullUrl, body)) {
			return HttpAuditDecision.yes(r.getRequestMaxChars(), r.getResponseMaxChars());
			return decisionForMatchedRule(r);
			}
			} catch (Exception e) {
			log.debug("http-audit 出站规则 id={} 匹配异常：{}", r.getId(), e.getMessage());
			@@ -129,23 +115,13 @@
			return HttpAuditDecision.SKIP;
			}

			private Integer reqLimitFromRecordAllRow() {
			HttpAuditRule row = firstRecordAllRule();
			return row == null ? null : row.getRequestMaxChars();
			}

			private Integer resLimitFromRecordAllRow() {
			HttpAuditRule row = firstRecordAllRule();
			return row == null ? null : row.getResponseMaxChars();
			}

			private HttpAuditRule firstRecordAllRule() {
			for (HttpAuditRule r : cache) {
			if (isRecordAll(r)) {
			return r;
			}
			private static HttpAuditDecision decisionForMatchedRule(HttpAuditRule r) {
			if (isRecordAll(r)) {
			Integer req = r.getRequestMaxChars() != null ? r.getRequestMaxChars() : -1;
			Integer res = r.getResponseMaxChars() != null ? r.getResponseMaxChars() : -1;
			return HttpAuditDecision.yes(req, res);
			}
			return null;
			return HttpAuditDecision.yes(r.getRequestMaxChars(), r.getResponseMaxChars());
			}

			private static boolean isRecordAll(HttpAuditRule r) {
			@@ -161,17 +137,11 @@
			}

			private static boolean appliesInbound(HttpAuditRule r) {
			if (isRecordAll(r)) {
			return false;
			}
			String d = dir(r);
			return HttpAuditRule.DIR_IN.equals(d) \|\| HttpAuditRule.DIR_BOTH.equals(d);
			}

			private static boolean appliesOutbound(HttpAuditRule r) {
			if (isRecordAll(r)) {
			return false;
			}
			String d = dir(r);
			return HttpAuditRule.DIR_OUT.equals(d) \|\| HttpAuditRule.DIR_BOTH.equals(d);
			}