92 lines
2.8 KiB
Go
92 lines
2.8 KiB
Go
package auth
|
||
|
||
import (
|
||
"context"
|
||
"sort"
|
||
"strings"
|
||
|
||
"hyapp/pkg/appcode"
|
||
authdomain "hyapp/services/user-service/internal/domain/auth"
|
||
)
|
||
|
||
// ListLoginRiskBlockedCountries 返回当前 App 实际生效的登录地区风控词表。
|
||
// 静态配置和后台动态配置都下发给 App;App 可异步做本地风险提示,最终封禁仍以服务端 worker 为准。
|
||
func (s *Service) ListLoginRiskBlockedCountries(ctx context.Context) ([]authdomain.LoginRiskCountryBlock, error) {
|
||
if !s.loginRiskPolicy.Enabled {
|
||
return nil, nil
|
||
}
|
||
appCode := appcode.FromContext(ctx)
|
||
blocks := make([]authdomain.LoginRiskCountryBlock, 0, len(s.loginRiskPolicy.UnsupportedCountries))
|
||
seen := map[string]struct{}{}
|
||
for _, country := range s.loginRiskPolicy.UnsupportedCountries {
|
||
countryCode := normalizeCountryCode(country)
|
||
if countryCode == "" {
|
||
continue
|
||
}
|
||
block := authdomain.LoginRiskCountryBlock{
|
||
AppCode: appCode,
|
||
Keyword: countryCode,
|
||
CountryCode: countryCode,
|
||
Enabled: true,
|
||
}
|
||
blocks = appendUniqueCountryBlock(blocks, seen, block)
|
||
}
|
||
if s.authRepository != nil {
|
||
dynamicBlocks, err := s.authRepository.ListEnabledLoginRiskCountryBlocks(ctx)
|
||
if err != nil {
|
||
return nil, err
|
||
}
|
||
for _, block := range dynamicBlocks {
|
||
block.AppCode = appcode.Normalize(block.AppCode)
|
||
block.Keyword = strings.TrimSpace(block.Keyword)
|
||
block.CountryCode = normalizeCountryCode(block.CountryCode)
|
||
block.Enabled = true
|
||
if block.Keyword == "" {
|
||
continue
|
||
}
|
||
blocks = appendUniqueCountryBlock(blocks, seen, block)
|
||
}
|
||
}
|
||
sort.SliceStable(blocks, func(i, j int) bool {
|
||
if blocks[i].CountryCode != blocks[j].CountryCode {
|
||
return blocks[i].CountryCode < blocks[j].CountryCode
|
||
}
|
||
return strings.ToLower(blocks[i].Keyword) < strings.ToLower(blocks[j].Keyword)
|
||
})
|
||
return blocks, nil
|
||
}
|
||
|
||
func appendUniqueCountryBlock(blocks []authdomain.LoginRiskCountryBlock, seen map[string]struct{}, block authdomain.LoginRiskCountryBlock) []authdomain.LoginRiskCountryBlock {
|
||
key := strings.ToLower(block.CountryCode + "\x00" + block.Keyword)
|
||
if _, ok := seen[key]; ok {
|
||
return blocks
|
||
}
|
||
seen[key] = struct{}{}
|
||
return append(blocks, block)
|
||
}
|
||
|
||
func (s *Service) countryBlockedByStaticPolicy(countryCode string) bool {
|
||
for _, country := range s.loginRiskPolicy.UnsupportedCountries {
|
||
if normalizeCountryCode(country) == countryCode {
|
||
return true
|
||
}
|
||
}
|
||
return false
|
||
}
|
||
|
||
func (s *Service) countryBlockedByDynamicPolicy(ctx context.Context, countryCode string) (bool, error) {
|
||
if s.authRepository == nil {
|
||
return false, nil
|
||
}
|
||
blocks, err := s.authRepository.ListEnabledLoginRiskCountryBlocks(ctx)
|
||
if err != nil {
|
||
return false, err
|
||
}
|
||
for _, block := range blocks {
|
||
if normalizeCountryCode(block.CountryCode) == countryCode || normalizeCountryCode(block.Keyword) == countryCode {
|
||
return true, nil
|
||
}
|
||
}
|
||
return false, nil
|
||
}
|