65 lines
2.0 KiB
C#
65 lines
2.0 KiB
C#
using System.Net;
|
|
using Flawless.Server.Models;
|
|
using Microsoft.EntityFrameworkCore;
|
|
|
|
namespace Flawless.Server.Services;
|
|
|
|
public class AccessControlService(AppDbContext dbContext)
|
|
{
|
|
public async Task<IEnumerable<string>> GetIpListAsync(IpPolicyType policyType)
|
|
{
|
|
return await dbContext.IpPolicies
|
|
.Where(x => x.PolicyType == policyType)
|
|
.Select(x => x.IpAddress)
|
|
.ToListAsync();
|
|
}
|
|
|
|
public async Task UpdatePolicyAsync(IpPolicyType policyType, IEnumerable<string> ips)
|
|
{
|
|
var validIps = ips.Where(IsValidIp).Distinct().ToList();
|
|
|
|
// 删除旧策略
|
|
var existing = await dbContext.IpPolicies
|
|
.Where(x => x.PolicyType == policyType)
|
|
.ToListAsync();
|
|
dbContext.IpPolicies.RemoveRange(existing);
|
|
|
|
// 添加新策略
|
|
var newPolicies = validIps.Select(ip => new IpPolicy
|
|
{
|
|
IpAddress = ip,
|
|
PolicyType = policyType,
|
|
CreatedAt = DateTime.UtcNow
|
|
});
|
|
|
|
await dbContext.IpPolicies.AddRangeAsync(newPolicies);
|
|
|
|
await dbContext.SaveChangesAsync();
|
|
}
|
|
|
|
public async Task<bool> IsIpAllowedAsync(string ip)
|
|
{
|
|
if (!IsValidIp(ip)) return false;
|
|
|
|
var policies = await dbContext.IpPolicies
|
|
.Where(x => x.IpAddress == ip)
|
|
.ToListAsync();
|
|
|
|
var isWhitelisted = policies.Any(x => x.PolicyType == IpPolicyType.Whitelist);
|
|
var isBlacklisted = policies.Any(x => x.PolicyType == IpPolicyType.Blacklist);
|
|
|
|
// 如果有白名单记录则优先判断
|
|
var hasAnyWhitelist = await dbContext.IpPolicies
|
|
.AnyAsync(x => x.PolicyType == IpPolicyType.Whitelist);
|
|
|
|
return hasAnyWhitelist ?
|
|
isWhitelisted && !isBlacklisted :
|
|
!isBlacklisted;
|
|
}
|
|
|
|
private static bool IsValidIp(string ip)
|
|
{
|
|
return IPAddress.TryParse(ip, out _);
|
|
}
|
|
|
|
} |