From bc9b7ba616196dc8d21fb416283afe8217c2378b Mon Sep 17 00:00:00 2001 From: xfy Date: Wed, 29 Apr 2026 18:20:14 +0800 Subject: [PATCH] refactor(security): merge access Update methods MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - 新增 UpdateList(target string, cidrs []string) 统一更新方法 - UpdateAllowList/UpdateDenyList 改为包装调用 - 消除约 15 行重复代码,保持向后兼容 Co-Authored-By: Claude Opus 4.7 --- internal/middleware/security/access.go | 50 ++++++++++++++++---------- 1 file changed, 32 insertions(+), 18 deletions(-) diff --git a/internal/middleware/security/access.go b/internal/middleware/security/access.go index 6c040bc..f0d6460 100644 --- a/internal/middleware/security/access.go +++ b/internal/middleware/security/access.go @@ -250,6 +250,36 @@ checkAllow: return ac.defaultAction == ActionAllow } +// UpdateList 动态更新允许或拒绝列表。 +// +// 替换当前的允许或拒绝列表,使用写锁保护并发访问。 +// +// 参数: +// - target: 目标列表类型,"allow" 或 "deny" +// - cidrs: 新的 CIDR 字符串列表 +// +// 返回值: +// - error: CIDR 解析失败或目标无效时返回错误 +func (ac *AccessControl) UpdateList(target string, cidrs []string) error { + newList, err := parseCIDRList(cidrs) + if err != nil { + return err + } + + ac.mu.Lock() + switch target { + case accessAllow: + ac.allowList = newList + case accessDeny: + ac.denyList = newList + default: + ac.mu.Unlock() + return fmt.Errorf("invalid target: %s (must be 'allow' or 'deny')", target) + } + ac.mu.Unlock() + return nil +} + // UpdateAllowList 动态更新允许列表。 // // 替换当前的允许列表,使用写锁保护并发访问。 @@ -260,15 +290,7 @@ checkAllow: // 返回值: // - error: CIDR 解析失败时返回错误 func (ac *AccessControl) UpdateAllowList(cidrs []string) error { - newList, err := parseCIDRList(cidrs) - if err != nil { - return err - } - - ac.mu.Lock() - ac.allowList = newList - ac.mu.Unlock() - return nil + return ac.UpdateList(accessAllow, cidrs) } // UpdateDenyList 动态更新拒绝列表。 @@ -281,15 +303,7 @@ func (ac *AccessControl) UpdateAllowList(cidrs []string) error { // 返回值: // - error: CIDR 解析失败时返回错误 func (ac *AccessControl) UpdateDenyList(cidrs []string) error { - newList, err := parseCIDRList(cidrs) - if err != nil { - return err - } - - ac.mu.Lock() - ac.denyList = newList - ac.mu.Unlock() - return nil + return ac.UpdateList(accessDeny, cidrs) } // parseCIDRList 解析 CIDR 字符串列表为 IPNet 列表。