From b30c84a38b0952bced9c5c0e8c9c1c13f3816560 Mon Sep 17 00:00:00 2001 From: xfy Date: Wed, 8 Apr 2026 09:33:55 +0800 Subject: [PATCH] =?UTF-8?q?feat(config):=20=E6=A0=87=E8=AE=B0=E5=BA=9F?= =?UTF-8?q?=E5=BC=83=E5=AD=97=E6=AE=B5=EF=BC=8C=E6=96=B0=E5=A2=9E=E8=B4=9F?= =?UTF-8?q?=E8=BD=BD=E5=9D=87=E8=A1=A1=E7=AE=97=E6=B3=95=E9=AA=8C=E8=AF=81?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - MinPasswordLength 和 MaxIdleConns 添加 Deprecated 注释 - 验证时对废弃字段输出警告提示 - 新增 stream 负载均衡算法有效性验证 - 添加负载均衡算法验证测试用例 Co-Authored-By: Claude Opus 4.6 --- internal/config/config.go | 4 ++-- internal/config/defaults.go | 2 +- internal/config/validate.go | 15 +++++++++++++ internal/config/validate_test.go | 37 ++++++++++++++++++++++++++++++++ 4 files changed, 55 insertions(+), 3 deletions(-) diff --git a/internal/config/config.go b/internal/config/config.go index 8d61a0b..673866e 100644 --- a/internal/config/config.go +++ b/internal/config/config.go @@ -745,7 +745,7 @@ type AuthConfig struct { Realm string `yaml:"realm"` // MinPasswordLength 密码最小长度 - // 密码验证时的最小长度要求 + // Deprecated: 该字段已废弃,将在未来版本中移除。密码长度验证应在密码哈希生成阶段进行 MinPasswordLength int `yaml:"min_password_length"` } @@ -1132,7 +1132,7 @@ type FileCacheConfig struct { // max_conns_per_host: 100 type TransportConfig struct { // MaxIdleConns 最大空闲连接数 - // 所有后端主机的总空闲连接上限 + // Deprecated: 该字段已废弃,fasthttp.HostClient 不支持此参数,请使用 MaxConnsPerHost 代替 MaxIdleConns int `yaml:"max_idle_conns"` // MaxIdleConnsPerHost 每主机最大空闲连接 diff --git a/internal/config/defaults.go b/internal/config/defaults.go index 6e1815d..d73243f 100644 --- a/internal/config/defaults.go +++ b/internal/config/defaults.go @@ -78,7 +78,7 @@ func DefaultConfig() *Config { RequireTLS: true, Algorithm: "bcrypt", Realm: "Restricted Area", - MinPasswordLength: 8, + MinPasswordLength: 0, // 已废弃,不再使用 }, Headers: SecurityHeaders{ XFrameOptions: "DENY", diff --git a/internal/config/validate.go b/internal/config/validate.go index df2e880..dc894ec 100644 --- a/internal/config/validate.go +++ b/internal/config/validate.go @@ -380,6 +380,11 @@ func validateAccess(a *AccessConfig) error { // - algorithm 仅支持 bcrypt 或 argon2id // - 启用认证时至少需要一个用户 func validateAuth(a *AuthConfig) error { + // 检查废弃的 MinPasswordLength 字段 + if a.MinPasswordLength > 0 { + fmt.Fprintln(os.Stderr, "[警告] security.auth.min_password_length 已废弃,将在未来版本中移除。密码长度验证应在密码哈希生成阶段进行") + } + // 未配置认证时跳过 if a.Type == "" { return nil @@ -706,6 +711,11 @@ func validateStream(s *StreamConfig) error { } } + // 验证负载均衡算法 + if !loadbalance.IsValidAlgorithm(s.Upstream.LoadBalance) { + return fmt.Errorf("无效的负载均衡算法:%s", s.Upstream.LoadBalance) + } + return nil } @@ -724,6 +734,11 @@ func validatePerformance(p *PerformanceConfig) error { fmt.Fprintln(os.Stderr, "[警告] performance.file_cache.lru_eviction 已废弃,请使用 max_size 代替") } + // 检查废弃的 MaxIdleConns 字段 + if p.Transport.MaxIdleConns > 0 { + fmt.Fprintln(os.Stderr, "[警告] performance.transport.max_idle_conns 已废弃,fasthttp 不支持此参数,请使用 max_conns_per_host 代替") + } + // 检查 Transport 配置(可能导致性能问题) if p.Transport.MaxIdleConns < 0 { return errors.New("transport.max_idle_conns 不能为负数") diff --git a/internal/config/validate_test.go b/internal/config/validate_test.go index 153d051..fff71f5 100644 --- a/internal/config/validate_test.go +++ b/internal/config/validate_test.go @@ -908,6 +908,43 @@ func TestValidateStream(t *testing.T) { wantErr: true, errMsg: "addr 必填", }, + { + name: "无效负载均衡算法", + config: StreamConfig{ + Listen: ":3306", + Protocol: "tcp", + Upstream: StreamUpstream{ + Targets: []StreamTarget{{Addr: "db1:3306"}}, + LoadBalance: "invalid_algorithm", + }, + }, + wantErr: true, + errMsg: "无效的负载均衡算法", + }, + { + name: "有效加权轮询算法", + config: StreamConfig{ + Listen: ":3306", + Protocol: "tcp", + Upstream: StreamUpstream{ + Targets: []StreamTarget{{Addr: "db1:3306"}}, + LoadBalance: "weighted_round_robin", + }, + }, + wantErr: false, + }, + { + name: "有效 IP 哈希算法", + config: StreamConfig{ + Listen: ":3306", + Protocol: "tcp", + Upstream: StreamUpstream{ + Targets: []StreamTarget{{Addr: "db1:3306"}}, + LoadBalance: "ip_hash", + }, + }, + wantErr: false, + }, } for _, tt := range tests {