From a4701309cb1320c8a171337f8a72547a2b092e53 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=96=B0=E4=BA=AE?= Date: Wed, 3 Feb 2021 20:43:02 +0800 Subject: [PATCH] upgrade --- deploy/loki/loki.yaml | 44 ++++++++++++++ deploy/loki/promtail.yaml | 20 +++++++ internal/api/controller/user_handler/user.go | 3 +- internal/api/model/user_model/user.go | 10 ++-- pkg/ddm/README.md | 26 ++++++++ pkg/ddm/mark.go | 62 ++++++++++++++++++++ pkg/ddm/type.go | 21 +++++++ pkg/ddm/type_test.go | 32 ++++++++++ 8 files changed, 213 insertions(+), 5 deletions(-) create mode 100644 deploy/loki/loki.yaml create mode 100644 deploy/loki/promtail.yaml create mode 100644 pkg/ddm/README.md create mode 100644 pkg/ddm/mark.go create mode 100644 pkg/ddm/type.go create mode 100644 pkg/ddm/type_test.go diff --git a/deploy/loki/loki.yaml b/deploy/loki/loki.yaml new file mode 100644 index 00000000..6fde85e0 --- /dev/null +++ b/deploy/loki/loki.yaml @@ -0,0 +1,44 @@ +auth_enabled: false + +server: + http_listen_port: 3100 + +ingester: + lifecycler: + address: 127.0.0.1 + ring: + kvstore: + store: inmemory + replication_factor: 1 + final_sleep: 0s + chunk_idle_period: 5m + chunk_retain_period: 30s + +schema_config: + configs: + - from: 2020-01-01 + store: boltdb + object_store: filesystem + schema: v9 + index: + prefix: index_ + period: 168h # 每张表的时间范围6天 + +storage_config: + boltdb: + directory: /data/loki/index # 索引文件存储地址 + + filesystem: + directory: /data/loki/chunks # 块存储地址 + +limits_config: + enforce_metric_name: false + reject_old_samples: true + reject_old_samples_max_age: 168h + +chunk_store_config: + max_look_back_period: 0s + +table_manager: + retention_deletes_enabled: false + retention_period: 0s \ No newline at end of file diff --git a/deploy/loki/promtail.yaml b/deploy/loki/promtail.yaml new file mode 100644 index 00000000..48c866cc --- /dev/null +++ b/deploy/loki/promtail.yaml @@ -0,0 +1,20 @@ +server: + http_listen_port: 9080 + grpc_listen_port: 0 + +# Positions +positions: + filename: /data/loki/positions.yaml + +# Loki服务器的地址 +clients: + - url: http://127.0.0.1:3100/loki/api/v1/push + +scrape_configs: + - job_name: go-gin-api + static_configs: + - targets: + - localhost + labels: + job: accesslog + __path__: /data/logs/*.log # 日志目录 \ No newline at end of file diff --git a/internal/api/controller/user_handler/user.go b/internal/api/controller/user_handler/user.go index d4831a3b..b9584927 100644 --- a/internal/api/controller/user_handler/user.go +++ b/internal/api/controller/user_handler/user.go @@ -9,6 +9,7 @@ import ( "github.com/xinliangnote/go-gin-api/internal/pkg/cache" "github.com/xinliangnote/go-gin-api/internal/pkg/core" "github.com/xinliangnote/go-gin-api/internal/pkg/db" + "github.com/xinliangnote/go-gin-api/pkg/ddm" "go.uber.org/zap" ) @@ -169,7 +170,7 @@ func (u *userDemo) Detail() core.HandlerFunc { res.Id = user.Id res.UserName = user.UserName res.NickName = user.NickName - res.Mobile = user.Mobile + res.Mobile = ddm.Mobile(user.Mobile) c.Payload(code.OK.WithData(res)) } } diff --git a/internal/api/model/user_model/user.go b/internal/api/model/user_model/user.go index 8f711696..39969099 100644 --- a/internal/api/model/user_model/user.go +++ b/internal/api/model/user_model/user.go @@ -2,6 +2,8 @@ package user_model import ( "time" + + "github.com/xinliangnote/go-gin-api/pkg/ddm" ) // 用户Demo表 @@ -54,8 +56,8 @@ type DetailRequest struct { // user_handler Detail Response type DetailResponse struct { - Id uint `json:"id"` // 用户主键ID - UserName string `json:"user_name"` // 用户名 - NickName string `json:"nick_name"` // 昵称 - Mobile string `json:"mobile"` // 手机号 + Id uint `json:"id"` // 用户主键ID + UserName string `json:"user_name"` // 用户名 + NickName string `json:"nick_name"` // 昵称 + Mobile ddm.Mobile `json:"mobile"` // 手机号(脱敏) } diff --git a/pkg/ddm/README.md b/pkg/ddm/README.md new file mode 100644 index 00000000..0fd2e04d --- /dev/null +++ b/pkg/ddm/README.md @@ -0,0 +1,26 @@ +## DDM + +动态数据掩码(Dynamic Data Masking,简称为DDM)能够防止把敏感数据暴露给未经授权的用户。 + +| 类型 | 要求 | 示例 | 说明 +| ---- | ---- | ---- | ---- +| 手机号 | 前 3 后 4 | 132****7986 | 定长 11 位数字 +| 邮箱地址 | 前 1 后 1 | l**w@gmail.com | 仅对 @ 之前的邮箱名称进行掩码 +| 姓名 | 隐姓 | *鸿章 | 将姓氏隐藏 +| 密码 | 不输出 | ****** | +| 银行卡卡号 | 前 6 后 4 | 622888******5676 | 银行卡卡号最多 19 位数字 +| 身份证号 | 前 1 后 1 | 1******7 | 定长 18 位 + +#### 代码示例 + +``` +// 返回值 +type message struct { + Email ddm.Email `json:"email"` +} + +msg := new(message) +msg.Email = ddm.Email("xinliangnote@163.com") +... + +``` diff --git a/pkg/ddm/mark.go b/pkg/ddm/mark.go new file mode 100644 index 00000000..3d95e00b --- /dev/null +++ b/pkg/ddm/mark.go @@ -0,0 +1,62 @@ +package ddm + +import ( + "fmt" + "strings" +) + +func (m Mobile) MarshalJSON() ([]byte, error) { + if len(m) != 11 { + return []byte(`"` + m + `"`), nil + } + + v := fmt.Sprintf("%s****%s", m[:3], m[len(m)-4:]) + return []byte(`"` + v + `"`), nil +} + +func (bc BankCard) MarshalJSON() ([]byte, error) { + if len(bc) > 19 || len(bc) < 16 { + return []byte(`"` + bc + `"`), nil + } + + v := fmt.Sprintf("%s******%s", bc[:6], bc[len(bc)-4:]) + return []byte(`"` + v + `"`), nil +} + +func (card IDCard) MarshalJSON() ([]byte, error) { + if len(card) != 18 { + return []byte(`"` + card + `"`), nil + } + + v := fmt.Sprintf("%s******%s", card[:1], card[len(card)-1:]) + return []byte(`"` + v + `"`), nil +} + +func (name IDName) MarshalJSON() ([]byte, error) { + if len(name) < 1 { + return []byte(`""`), nil + } + + nameRune := []rune(name) + v := fmt.Sprintf("*%s", string(nameRune[1:])) + return []byte(`"` + v + `"`), nil +} + +func (pw PassWord) MarshalJSON() ([]byte, error) { + v := "******" + return []byte(`"` + v + `"`), nil +} + +func (e Email) MarshalJSON() ([]byte, error) { + if !strings.Contains(string(e), "@") { + return []byte(`"` + e + `"`), nil + } + + split := strings.Split(string(e), "@") + if len(split[0]) < 1 || len(split[1]) < 1 { + return []byte(`"` + e + `"`), nil + } + + v := fmt.Sprintf("%s***%s", split[0][:1], split[0][len(split[0])-1:]) + return []byte(`"` + v + "@" + split[1] + `"`), nil +} diff --git a/pkg/ddm/type.go b/pkg/ddm/type.go new file mode 100644 index 00000000..5a25842c --- /dev/null +++ b/pkg/ddm/type.go @@ -0,0 +1,21 @@ +package ddm + +// 手机号 132****7986 +type Mobile string + +// 银行卡号 622888******5676 +type BankCard string + +// 身份证号 1******7 +type IDCard string + +// 姓名 *鸿章 +// TODO:参考 https://blog.thinkeridea.com/201910/go/efficient_string_truncation.html +// Deprecated:有更好的性能选择 +type IDName string + +// 密码 ****** +type PassWord string + +// 邮箱 l***w@gmail.com +type Email string diff --git a/pkg/ddm/type_test.go b/pkg/ddm/type_test.go new file mode 100644 index 00000000..7ebd8934 --- /dev/null +++ b/pkg/ddm/type_test.go @@ -0,0 +1,32 @@ +package ddm + +import ( + "encoding/json" + "testing" +) + +type message struct { + Name IDName `json:"name"` + Mobile Mobile `json:"mobile"` + IDCard IDCard `json:"id_card"` + PassWord PassWord `json:"password"` + Email Email `json:"email"` + BankCard1 BankCard `json:"bank_card_1"` + BankCard2 BankCard `json:"bank_card_2"` + BankCard3 BankCard `json:"bank_card_3"` +} + +func TestMarshalJSON(t *testing.T) { + msg := new(message) + msg.Name = IDName("李鸿章") + msg.Mobile = Mobile("13288887986") + msg.IDCard = IDCard("125252525252525252") + msg.PassWord = PassWord("123456") + msg.Email = Email("xinliangnote@163.com") + msg.BankCard1 = BankCard("6545654565456545") + msg.BankCard2 = BankCard("65485269874569852") + msg.BankCard3 = BankCard("6548526987456985298") + + marshal, _ := json.Marshal(msg) + t.Log(string(marshal)) +}