Merge pull request momosecurity#69 from Flynnon/feature-menu-key-conv…

…ert-logic 补充名单维度映射逻辑
hope561 · Apr 6, 2021 · 3f00da6 · 3f00da6
2 parents 379d2d9 + 6f1271d
commit 3f00da6
Show file tree

Hide file tree

Showing 3 changed files with 25 additions and 13 deletions.
diff --git a/risk_models/menu.py b/risk_models/menu.py
@@ -8,7 +8,7 @@
 logging.basicConfig()
 
 
-def build_redis_key(event_code, dimension, menu_type):
+def build_redis_key(event_code: str, dimension: str, menu_type: str):
     """
     :param event_code: 名单code
     :param dimension:  名单维度
@@ -22,17 +22,37 @@ def build_redis_key(event_code, dimension, menu_type):
         return ''
 
 
+def get_element(req_body: dict, dimension: str) -> str:
+    """ 从req_body中得到所需维度的数据 """
+    # 目前全部从业务传参中获取
+    return req_body.get(dimension, '')
+
+
+def convert_dimension(dimension: str) -> str:
+    """ 将配置中的某个key映射到某个名单维度 """
+
+    # 暂时写死，之后可以配置化
+    convert_map = {
+        "reg_ip": "ip",
+        "reg_uid": "uid"
+    }
+    return convert_map.get(dimension, dimension)
+
+
 def hit_menu(req_body, op_name, event, dimension, menu_type):
-    if dimension not in req_body:
-        logger.error('req_body(%s) does not contain %s', req_body, dimension)
+    element = get_element(req_body, dimension)
+
+    if not element:
+        logger.warning(f'req_body({req_body}) does not contain {dimension}')
         return False
 
+    dimension = convert_dimension(dimension)
     redis_key = build_redis_key(event, dimension, menu_type)
 
     if not redis_key:
         return False
 
-    rv = req_body[dimension] in menu_cache[redis_key]
+    rv = element in menu_cache[redis_key]
     if op_name == 'is_not':
         rv = not rv
 

diff --git a/wiki/上报API.md b/wiki/上报API.md
@@ -15,8 +15,6 @@
 | key | 类型 | 含义 | 是否必填 |
 | :----: | :----: | :----: | :----: |
 | user_id | string | 账号ID | 是 |
-| token | string | 标识业务方, 接入时分发 | 是 |
-| app_name | string | 标识应用, 接入时分发 | 是 |
 | source_name | string | 数据源名称，每个接入点单独指定 | 是 |
 | timestamp | long | 用户动作发生时间(秒级时间戳) | 是 |
 | ip | string | 用户当前IP地址 | 否 |
@@ -31,11 +29,9 @@
 import requests
 
 data = {
- 'app_name': 'test_app',
  'ip': '1.1.1.1',
  'source_name': 'test_test',
  'timestamp': 1568271589,
- 'token': '11111111111111111',
  'uid': '11111111111111111111',
  'user_id': '1111'
 }

diff --git a/wiki/查询API.md b/wiki/查询API.md
@@ -15,8 +15,6 @@
 | key | 类型 | 含义 | 是否必填 |
 | ---- | ---- | ---- | ---- |
 | user_id | string | 账号ID | 是 |
-| token | string | 标识业务方, 接入时分发 | 是 |
-| app_name | string | 业务方标识，接入时分发 | 是 |
 | rule_id | string | 规则ID, 每个调用点可能不同 | 是 |
 | ip | string | 用户当前IP地址 | 否 |
 | uid | string | 用户当前设备号 | 否 |
@@ -30,10 +28,8 @@
 import requests
 
 data = {
-    'app_name': 'test_app',
     'ip': '1.1.1.1',
     'rule_id': '1',
-    'token': '111111111111111',
     'uid': '111111111111111',
     'user_id': '11111'
 }
@@ -51,7 +47,7 @@ requests.post(f'http://{ip}:{port}/query/', json=data)
 '{"result":{"control":"deny","weight":100},"em":"OK","ec":0}'
 
 # 失败结果示例
-'{"error":"invalid token","em":"invalid token","ec":70}'
+'{"error":"invalid token","em":"invalid user_id","ec":70}'
 
 # warning 规则停用后，会返回错误
 ```