fix: clean shit
在原始配置基础上重新应用限流功能,恢复丢失的路由和服务依赖。
This commit is contained in:
zetaloop
+77
-4
@@ -14,6 +14,7 @@ static_resources:
|
||||
codec_type: AUTO
|
||||
generate_request_id: true
|
||||
use_remote_address: true
|
||||
xff_num_trusted_hops: 1
|
||||
route_config:
|
||||
name: local_route
|
||||
virtual_hosts:
|
||||
@@ -36,6 +37,11 @@ static_resources:
|
||||
route:
|
||||
cluster: user_api_cluster
|
||||
timeout: 30s
|
||||
rate_limits:
|
||||
- actions:
|
||||
- generic_key:
|
||||
descriptor_value: login
|
||||
- remote_address: {}
|
||||
typed_per_filter_config:
|
||||
envoy.filters.http.ext_authz:
|
||||
"@type": type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthzPerRoute
|
||||
@@ -46,6 +52,11 @@ static_resources:
|
||||
route:
|
||||
cluster: user_api_cluster
|
||||
timeout: 30s
|
||||
rate_limits:
|
||||
- actions:
|
||||
- generic_key:
|
||||
descriptor_value: register
|
||||
- remote_address: {}
|
||||
typed_per_filter_config:
|
||||
envoy.filters.http.ext_authz:
|
||||
"@type": type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthzPerRoute
|
||||
@@ -76,6 +87,11 @@ static_resources:
|
||||
route:
|
||||
cluster: email_api_cluster
|
||||
timeout: 30s
|
||||
rate_limits:
|
||||
- actions:
|
||||
- generic_key:
|
||||
descriptor_value: forgot_password_send
|
||||
- remote_address: {}
|
||||
typed_per_filter_config:
|
||||
envoy.filters.http.ext_authz:
|
||||
"@type": type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthzPerRoute
|
||||
@@ -86,6 +102,11 @@ static_resources:
|
||||
route:
|
||||
cluster: email_api_cluster
|
||||
timeout: 30s
|
||||
rate_limits:
|
||||
- actions:
|
||||
- generic_key:
|
||||
descriptor_value: verify_code_send
|
||||
- remote_address: {}
|
||||
typed_per_filter_config:
|
||||
envoy.filters.http.ext_authz:
|
||||
"@type": type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthzPerRoute
|
||||
@@ -307,14 +328,37 @@ static_resources:
|
||||
body:
|
||||
inline_string: gateway route not found
|
||||
|
||||
access_log:
|
||||
- name: envoy.access_loggers.stdout
|
||||
typed_config:
|
||||
"@type": type.googleapis.com/envoy.extensions.access_loggers.stream.v3.StdoutAccessLog
|
||||
log_format:
|
||||
json_format:
|
||||
start_time: "%START_TIME%"
|
||||
method: "%REQ(:METHOD)%"
|
||||
path: "%REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%"
|
||||
protocol: "%PROTOCOL%"
|
||||
authority: "%REQ(:AUTHORITY)%"
|
||||
user_agent: "%REQ(USER-AGENT)%"
|
||||
request_id: "%REQ(X-REQUEST-ID)%"
|
||||
response_code: "%RESPONSE_CODE%"
|
||||
response_flags: "%RESPONSE_FLAGS%"
|
||||
bytes_received: "%BYTES_RECEIVED%"
|
||||
bytes_sent: "%BYTES_SENT%"
|
||||
duration_ms: "%DURATION%"
|
||||
upstream_cluster: "%UPSTREAM_CLUSTER%"
|
||||
upstream_host: "%UPSTREAM_HOST%"
|
||||
upstream_service_time_ms: "%RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)%"
|
||||
route_name: "%ROUTE_NAME%"
|
||||
|
||||
http_filters:
|
||||
- name: envoy.filters.http.lua
|
||||
typed_config:
|
||||
"@type": type.googleapis.com/envoy.extensions.filters.http.lua.v3.Lua
|
||||
inline_code: |
|
||||
local TOKEN_HEADER = "xsrf-token"
|
||||
local TOKEN_COOKIE = "XSRF-TOKEN"
|
||||
local GUARD_COOKIE = "XSRF-GUARD"
|
||||
local TOKEN_COOKIE = "__Host-XSRF-TOKEN"
|
||||
local GUARD_COOKIE = "__Host-XSRF-GUARD"
|
||||
|
||||
local seeded = false
|
||||
|
||||
@@ -420,14 +464,14 @@ static_resources:
|
||||
if metadata["need_set_token_cookie"] == true and token_value ~= nil and token_value ~= "" then
|
||||
response_handle:headers():add(
|
||||
"set-cookie",
|
||||
TOKEN_COOKIE .. "=" .. token_value .. "; Path=/; Max-Age=7200; SameSite=Strict"
|
||||
TOKEN_COOKIE .. "=" .. token_value .. "; Path=/; Max-Age=7200; SameSite=Strict; Secure"
|
||||
)
|
||||
end
|
||||
|
||||
if metadata["need_set_guard_cookie"] == true and guard_value ~= nil and guard_value ~= "" then
|
||||
response_handle:headers():add(
|
||||
"set-cookie",
|
||||
GUARD_COOKIE .. "=" .. guard_value .. "; Path=/; Max-Age=7200; SameSite=Strict; HttpOnly"
|
||||
GUARD_COOKIE .. "=" .. guard_value .. "; Path=/; Max-Age=7200; SameSite=Strict; Secure; HttpOnly"
|
||||
)
|
||||
end
|
||||
end
|
||||
@@ -539,6 +583,20 @@ static_resources:
|
||||
cluster_name: authz_adapter_cluster
|
||||
timeout: 0.5s
|
||||
|
||||
- name: envoy.filters.http.ratelimit
|
||||
typed_config:
|
||||
"@type": type.googleapis.com/envoy.extensions.filters.http.ratelimit.v3.RateLimit
|
||||
domain: api
|
||||
failure_mode_deny: false
|
||||
rate_limited_as_resource_exhausted: true
|
||||
enable_x_ratelimit_headers: DRAFT_VERSION_03
|
||||
rate_limit_service:
|
||||
transport_api_version: V3
|
||||
grpc_service:
|
||||
envoy_grpc:
|
||||
cluster_name: ratelimit_cluster
|
||||
timeout: 0.2s
|
||||
|
||||
- name: envoy.filters.http.router
|
||||
typed_config:
|
||||
"@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
|
||||
@@ -685,6 +743,21 @@ static_resources:
|
||||
address: authz-adapter
|
||||
port_value: 9002
|
||||
|
||||
- name: ratelimit_cluster
|
||||
connect_timeout: 0.25s
|
||||
type: STRICT_DNS
|
||||
lb_policy: ROUND_ROBIN
|
||||
http2_protocol_options: {}
|
||||
load_assignment:
|
||||
cluster_name: ratelimit_cluster
|
||||
endpoints:
|
||||
- lb_endpoints:
|
||||
- endpoint:
|
||||
address:
|
||||
socket_address:
|
||||
address: ratelimit
|
||||
port_value: 8081
|
||||
|
||||
admin:
|
||||
access_log_path: /tmp/admin.log
|
||||
address:
|
||||
|
||||
Reference in New Issue
Block a user