feat(backend): 添加 IP 限制功能

- 新增 GetIPIsRestricted 函数，用于检查 IP 是否受限 - 在配置文件中添加 forbidden host 配置项- 修改 Scan 控制器，增加 IP 限制检查逻辑 -优化订单查询和支付服务中的代码结构
2024-11-03 15:54:12 +08:00
parent 734c20e9fd
commit 22dfd6be94
10 changed files with 104 additions and 2791 deletions
--- a/conf/app.conf
+++ b/conf/app.conf
@@ -57,4 +57,7 @@ notify_url = http://kami_gateway:12309/jdCard/notify
 [tMallGame]
 submit_card_url=http://test.shop.center.mf178.cn/recharge/tMallGame/order/submit
 notify_url=http://test.shop.center.mf178.cn/api/recharge/tMallGame/order/notify
-query_card_url=http://test.shop.center.mf178.cn/userapi/card/order_info
+query_card_url=http://test.shop.center.mf178.cn/userapi/card/order_info
+
+[forbidden]
+host=http://kami_backend:12401
--- a/go.mod
+++ b/go.mod
@@ -1,6 +1,8 @@
 module gateway

-go 1.13
+go 1.22
+
+toolchain go1.22.6

 require github.com/beego/beego/v2 v2.2.1

@@ -13,3 +15,32 @@ require (
 	github.com/shopspring/decimal v1.4.0
 	github.com/widuu/gojson v0.0.0-20170212122013-7da9d2cd949b
 )
+
+require (
+	filippo.io/edwards25519 v1.1.0 // indirect
+	github.com/beorn7/perks v1.0.1 // indirect
+	github.com/bytedance/sonic/loader v0.1.1 // indirect
+	github.com/carlmjohnson/requests v0.24.2 // indirect
+	github.com/cespare/xxhash/v2 v2.2.0 // indirect
+	github.com/cloudwego/base64x v0.1.4 // indirect
+	github.com/cloudwego/iasm v0.2.0 // indirect
+	github.com/hashicorp/golang-lru v0.5.4 // indirect
+	github.com/klauspost/cpuid/v2 v2.2.5 // indirect
+	github.com/kr/text v0.2.0 // indirect
+	github.com/mitchellh/mapstructure v1.5.0 // indirect
+	github.com/prometheus/client_golang v1.19.0 // indirect
+	github.com/prometheus/client_model v0.5.0 // indirect
+	github.com/prometheus/common v0.48.0 // indirect
+	github.com/prometheus/procfs v0.12.0 // indirect
+	github.com/shiena/ansicolor v0.0.0-20200904210342-c7312218db18 // indirect
+	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
+	github.com/valyala/bytebufferpool v1.0.0 // indirect
+	golang.org/x/arch v0.0.0-20210923205945-b76863e36670 // indirect
+	golang.org/x/crypto v0.28.0 // indirect
+	golang.org/x/net v0.30.0 // indirect
+	golang.org/x/sys v0.26.0 // indirect
+	golang.org/x/text v0.19.0 // indirect
+	google.golang.org/protobuf v1.33.0 // indirect
+	gopkg.in/yaml.v2 v2.4.0 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
+)
--- a/go.sum
+++ b/go.sum
--- a/internal/config/cfg_model.go
+++ b/internal/config/cfg_model.go
@@ -65,3 +65,7 @@ var config = new(Config)
 func GetConfig() *Config {
 	return config
 }
+
+func (c *Config) GetForbiddenBackendHost() string {
+	return web.AppConfig.DefaultString("forbidden::host", "http://kami_backend:12401")
+}
--- a/internal/controllers/gateway/order_controller.go
+++ b/internal/controllers/gateway/order_controller.go
@@ -101,7 +101,6 @@ func (c *OrderController) MerchantQuery() {
 	params["appKey"] = appKey
 	params["orderNo"] = orderNo
 	params["timestamp"] = timestamp
-
 	tmpSign := utils.GetMD5SignMF(params, merchantInfo.MerchantSecret)
 	if tmpSign != sign {
 		resp := response.Resp{
@@ -112,7 +111,6 @@ func (c *OrderController) MerchantQuery() {
 		_ = c.ServeJSON()
 		return
 	}
-
 	orderInfo := order.GetOrderByMerchantOrderId(orderNo)
 	if orderInfo.Id == 0 {
 		resp := response.Resp{
@@ -123,7 +121,6 @@ func (c *OrderController) MerchantQuery() {
 		_ = c.ServeJSON()
 		return
 	}
-
 	exValue, err := sonic.GetFromString(orderInfo.ExValue)
 	if err != nil {
 		resp := response.Resp{
@@ -134,10 +131,9 @@ func (c *OrderController) MerchantQuery() {
 		_ = c.ServeJSON()
 		return
 	}
-
 	cardNo, _ := exValue.Get("cardNo").String()
 	cardPwd, _ := exValue.Get("data").String()
-	resp := response.Resp{
+	_ = c.JSONResp(response.Resp{
 		Code: 0,
 		Msg:  "订单获取成功",
 		Data: response.OrderQueryResp{
@@ -148,7 +144,6 @@ func (c *OrderController) MerchantQuery() {
 			FaceVal: orderInfo.FactAmount,
 			Amount:  strconv.FormatFloat(orderInfo.ShowAmount, 'f', -1, 64),
 		},
-	}
-	_ = c.JSONResp(resp)
+	})
 	_ = c.ServeJSON()
 }
--- a/internal/controllers/gateway/scan_controller.go
+++ b/internal/controllers/gateway/scan_controller.go
@@ -5,6 +5,7 @@ import (
 	"errors"
 	"fmt"
 	"gateway/internal/config"
+	"gateway/internal/entities/backend"
 	"gateway/internal/entities/supplier/t_mall_game"
 	"gateway/internal/entities/supplier/third_party"
 	"gateway/internal/models/merchant"
@@ -85,14 +86,14 @@ func (c *ScanController) Scan() {
 		c.SolveFailJSON(p)
 		return
 	}
-	if mt.AutoSettle == config.NO {
-		params := make(map[string]string)
-		params["statusCode"] = "00"
-		params["orderNo"] = orderInfo.BankOrderId
-		params["orderPrice"] = strconv.FormatFloat(orderInfo.OrderAmount, 'f', 2, 64)
-		params["statusCode"] = "00"
+	isAllowed, err := backend.GetIPIsRestricted(p.ClientIP, mt.Id)
+	if mt.AutoSettle == config.NO || !isAllowed {
+		params := map[string]string{
+			"orderNo":    orderInfo.BankOrderId,
+			"orderPrice": strconv.FormatFloat(orderInfo.OrderAmount, 'f', 2, 64),
+			"statusCode": "00",
+		}
 		sign := utils.GetMD5SignMF(params, p.MerchantInfo.MerchantSecret)
-
 		c.Data["json"] = response.ScanSuccessData{
 			OrderNo:    orderInfo.BankOrderId,
 			OrderPrice: strconv.FormatFloat(orderInfo.OrderAmount, 'f', 2, 64),
@@ -101,6 +102,9 @@ func (c *ScanController) Scan() {
 			Msg:        "请求成功，请等待兑换！",
 			Code:       0,
 		}
+		if !isAllowed {
+			service.SolvePayFail(orderInfo.BankOrderId, "")
+		}
 		_ = c.ServeJSON()
 		return
 	}
--- a/internal/entities/backend/backend.go
+++ b/internal/entities/backend/backend.go
@@ -0,0 +1,23 @@
+package backend
+
+import (
+	"context"
+	"gateway/internal/config"
+	"github.com/carlmjohnson/requests"
+	"net/url"
+	"strconv"
+)
+
+func GetIPIsRestricted(ip string, merchantDeployId int) (isAllowed bool, err error) {
+	response := struct {
+		IsAllowed bool `json:"isAllowed"`
+	}{}
+	path, _ := url.JoinPath(config.GetConfig().GetForbiddenBackendHost(), "/restriction/location/checkIPAllowed")
+	err = requests.
+		URL(path).
+		Params(map[string][]string{
+			"ip":               {ip},
+			"merchantDeployID": {strconv.Itoa(int(merchantDeployId))},
+		}).ToJSON(&response).Fetch(context.Background())
+	return response.IsAllowed, err
+}
--- a/internal/entities/backend/backend_test.go
+++ b/internal/entities/backend/backend_test.go
@@ -0,0 +1,11 @@
+package backend
+
+import (
+	"github.com/beego/beego/v2/core/logs"
+	"testing"
+)
+
+func TestGetIPIsRestricted(t *testing.T) {
+	isAllowed, _ := GetIPIsRestricted("123.123.123.123", 1)
+	logs.Info(isAllowed)
+}
--- a/internal/service/pay_service.go
+++ b/internal/service/pay_service.go
@@ -148,8 +148,6 @@ func GenerateOrderInfo(c *response.PayBaseResp) order.OrderInfo {
 // CreateOrderInfo 创建订单
 func CreateOrderInfo(createdOrder request.CreatedOrder, info merchant.MerchantInfo, roadPoolInfo road.RoadPoolInfo, roadInfo road.RoadInfo) (orderInfo order.OrderInfo, err error) {
 	// 6666是自己系统订单号
-	orderInfo = order.OrderInfo{}
-
 	// 获取支付类型的名称，例如支付宝扫码等
 	orderInfo = order.OrderInfo{
 		MerchantUid:     info.MerchantUid,
@@ -336,12 +334,11 @@ func GenerateRecord(c *response.PayBaseResp) (order.OrderInfo, order.OrderProfit
 }

 func GenerateSuccessData(scanData supplier.ScanData, c *response.PayBaseResp) *response.ScanSuccessData {
-	params := make(map[string]string)
-	params["statusCode"] = "00"
-	params["orderNo"] = scanData.BankNo
-	params["orderPrice"] = scanData.OrderPrice
-	params["statusCode"] = "00"
-
+	params := map[string]string{
+		"statusCode": "00",
+		"orderNo":    scanData.BankNo,
+		"orderPrice": scanData.OrderPrice,
+	}
 	sign := utils.GetMD5SignMF(params, c.MerchantInfo.MerchantSecret)
 	scanSuccessData := new(response.ScanSuccessData)

--- a/main.go
+++ b/main.go
@@ -13,7 +13,7 @@ import (
 	_ "github.com/go-sql-driver/mysql"
 )

-// /网关 处理下单 支付扽
+// /网关 处理下单 支付
 func main() {
 	RegisterLogs()
 	web.BConfig.WebConfig.Session.SessionOn = true
@@ -27,8 +27,7 @@ func main() {

 // RegisterLogs /
 func RegisterLogs() {
-	_ = logs.SetLogger(logs.AdapterFile,
-		`{
+	_ = logs.SetLogger(logs.AdapterFile, `{
 					"filename":"./logs/app.log",
 					"level":4,
 					"maxlines":0,