CN113905031A

CN113905031A - Multifunctional HTTP service request preprocessing system and method

Info

Publication number: CN113905031A
Application number: CN202111177846.9A
Authority: CN
Inventors: 徐翔轩; 童阳
Original assignee: Shanghai Defan Information Technology Co ltd
Current assignee: Shanghai Defan Information Technology Co ltd
Priority date: 2021-10-09
Filing date: 2021-10-09
Publication date: 2022-01-07

Abstract

The invention discloses a multifunctional HTTP service request preprocessing system and method, and relates to the technical field of data stream processing. The system comprises a strategy center, a system initialization module, a timing polling and refreshing module, a refreshing signal module, a request listener, a flow-limiting processor, a filter factory and a request distributor module; the method comprises the following steps: loading a network strategy and a white list and providing a most basic network strategy; reading a current limiting strategy and using the current limiting; monitoring a request; updating the strategy in the configured third party storage or configuration file into the memory and applying the strategy to the subsequent request; filtering the request; the timing is according to a third party memory refresh policy. The invention can select whether to process or not and which to process according to the strategy aiming at different HTTP requests, so that the preprocessing is more flexible and meets the business requirements, and an extensible, safe and reliable HTTP back-end service is constructed.

Description

Multifunctional HTTP service request preprocessing system and method

Technical Field

The invention belongs to the technical field of data stream processing, and particularly relates to a multifunctional HTTP service request preprocessing system and a multifunctional HTTP service request preprocessing method.

Background

In the current internet era, HTTP backend services are used in a wider and wider range, and powerful functions and usability are shown on browsers and mobile devices. Meanwhile, the complexity of the HTTP back-end service is also increased, and in terms of use, the functional requirements of interface security, user authority, request verification, white list and the like are more and more comprehensive, and the utilization rate of these functions in systems in different fields is also increased.

With the development of emerging computer technology, various industries develop informatization and digitization, and in the process of constructing an informatization system, identity information verification, data security, request flow limitation and white lists requested by a client are very important rings in processing of client requests. However, when an actual information-based system is constructed, preprocessing of a client request is not really taken into consideration, and in most cases, the system construction is not thoroughly considered in the initial stage, and corresponding processing is often added according to the situation when an online system has a problem. At present, in large-scale internet cloud service providers such as Ali baba and Tencent, functions of providing white lists, interface safety and the like for HTTP back-end services are provided, and certain reliability guarantee is provided for the functions of the HTTP back-end services in the process of enabling enterprise services to be in the cloud.

In addition, a corresponding Security Framework, Spring Security, is also pushed out of a leading sheep Spring Framework of the JAVA open source community to provide a certain amount of interface Security check on HTTP back-end services, and the Spring Framework is a JAVA application Framework of an open source code; it can be said that the security requirements of HTTP backend services have become higher in recent years.

The HTTP service request preprocessing technique provided by the internet cloud service provider described above, due to the nature of the cloud service thereof, provides request processing only for related requests targeting its cloud server, cannot provide corresponding processing to an external service, and cannot perform logic customization to adapt to the processing of an actual business scenario. And the open source Security framework Spring Security can only meet simple scenes of providing login, accessing identity verification and preventing cross-website request forgery and the like. Therefore, in order to solve the above problems, it is important to provide a multifunctional HTTP service request preprocessing system and method.

Disclosure of Invention

The invention provides a multifunctional HTTP service request preprocessing system and method, which solve the problems.

In order to solve the technical problems, the invention is realized by the following technical scheme:

the invention discloses a multifunctional HTTP service request preprocessing system, which comprises:

the system comprises a strategy center, a system initialization module, a timing polling and refreshing module, a refreshing signal module, a request listener, a flow-limiting processor, a filter factory and a request distributor module;

the strategy center is the core of the whole processing system for commanding and dispatching, the whole strategy group is maintained in the memory, the HTTP request is judged according to the strategy group to determine which functions are required to be processed, and the HTTP request is distributed to the corresponding processing module;

the system initialization module, the timing polling and refreshing module and the refreshing signal module are used for supporting the updating of the strategy center;

the request listener is used for monitoring an HTTP request and sending the HTTP request to the flow limiting processor, the flow limiting processor processes the request according to the path and source address of the request and a flow limiting algorithm, and the request is continuously sent to the filter factory after the request conforms to a flow limiting strategy;

the filter factory comprises a white list filter, an aging filter, a signature checking filter, an identity token filter, a content verification filter and a custom verification filter; the white list filter filters a white list and a black list of the HTTP request; the aging filter limits the aging of the HTTP request and rejects the request with the aging not meeting the requirement of the HTTP request; the signature verification filter performs signature verification on the HTTP request in a signature authentication mode, ensures that the request is not artificially modified, and confirms the validity of data; the identity token filter is used for verifying the identity token of the HTTP request, and taking the identity of the user after verification to judge whether the interface path of the HTTP request conforms to the identity of the current user; the content verification filter is used for roughly verifying the request content to ensure the legal compliance of the content; the user-defined check filter is used for self-defining the check content according to the service rule, so that the check is more flexible;

the request distributor module is used for distributing the HTTP request output by the filter factory to the corresponding service system according to the strategy of the strategy center, and then the service system carries out request processing.

A multifunctional HTTP service request preprocessing method comprises the following steps:

s01, when the application program is started, loading the network policy and the white list, and loading the network policy and the white list into the memory to provide the most basic network policy;

s02, reading a current limiting strategy in a configuration file or a database, and putting a current limiting token bucket into a memory or a third-party cache to provide current limiting use during service request;

s03, monitoring request: dividing the HTTP request of the client into two types, wherein one type is the request for updating the strategy of the program, and the other type is the request of the client for the server;

when the request address is a request for updating the policy of the program, the policy is updated to the memory according to the configured third-party storage or the policy in the configuration file, and the policy is applied to the subsequent request;

s04, filtering request: when the request address is a request to be processed, the request address is correspondingly processed according to the configured filtering strategy, and if the request content conforms to the strategy, the request is delivered to the corresponding service for processing; if the request content does not accord with the strategy, the request is intercepted, and a corresponding error is returned to the client;

s05, regularly storing and refreshing strategies according to a third party: except for the interface calling triggering refresh strategy, various strategies for refreshing by timed polling are built in, and when the system is used, after the configuration file is modified or the data stored in the third party is modified, the data can be refreshed into the strategies at a timed time so as to be provided for subsequent use.

Compared with the prior art, the invention has the following beneficial effects:

the system of the invention is highly customizable aiming at the filtering requirement of the HTTP request, and can be used in different service systems, the existence of the strategy center ensures that the filtering function is stronger, and whether the HTTP request is to be processed or not and which processing is to be performed can be selected according to the strategy aiming at different HTTP requests, so that the preprocessing is more flexible and meets the service requirement; a multifunctional HTTP service request preprocessing technology is provided to construct an extensible, safe and reliable HTTP back-end service.

Of course, it is not necessary for any product in which the invention is practiced to achieve all of the above-described advantages at the same time.

Drawings

In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to the drawings without creative efforts.

FIG. 1 is a topology diagram of a multifunctional HTTP service request preprocessing system according to the present invention;

FIG. 2 is a flow chart illustrating the implementation of a multifunctional HTTP service request preprocessing method in updating policy requests of the program itself according to the present invention;

fig. 3 is a flowchart of the steps of the method for preprocessing a multifunctional HTTP service request according to the present invention.

Detailed Description

The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.

The invention aims to provide a multifunctional HTTP service request preprocessing system and method to construct an extensible, safe and reliable HTTP back-end service.

Referring to fig. 1, a multifunctional HTTP service request preprocessing system of the present invention includes:

the system comprises a strategy center, a system initialization module, a timing polling and refreshing module, a refreshing signal module, a request monitor, a flow-limiting processor, a filter factory and a request distributor module, wherein all the modules coordinate with each other to jointly complete the whole function;

the strategy center is the core for commanding and scheduling the whole processing system, maintains the whole strategy group in the memory, judges which functions are required to be processed according to the strategy group and distributes the strategy group to the corresponding processing module;

the request listener is used for monitoring the HTTP request and sending the HTTP request to the flow limiting processor, the flow limiting processor processes the request according to the path and source address of the request and the flow limiting algorithm, and the request is continuously sent to the filter factory after the request conforms to the flow limiting strategy;

the filter factory comprises a white list filter, an aging filter, a signature checking filter, an identity token filter, a content verification filter and a custom verification filter; the white list filter filters a white list and a black list of the HTTP request; the aging filter limits the aging of the HTTP request and rejects the request with the aging not meeting the requirement of the HTTP request; the signature verification filter performs signature verification on the HTTP request in a signature authentication mode, ensures that the request is not artificially modified, and confirms the validity of data; the identity token filter is used for verifying the identity token of the HTTP request, and taking the identity of the user after verification to judge whether the interface path of the HTTP request conforms to the identity of the current user; the content checking filter is used for roughly checking the request content to ensure the legal compliance of the content; the user-defined check filter is used for self-defining the check content according to the business rule, so that the check is more flexible;

As shown in fig. 2-3, a multifunctional HTTP service request preprocessing method includes the following steps:

s05, regularly storing and refreshing strategies according to a third party: except for the interface calling triggering refresh strategy, various strategies for refreshing by timed polling are built in, and when the system is used, after the configuration file is modified or the data stored in a third party is modified, the data can be refreshed into the strategies at a timed time so as to be provided for subsequent use;

as shown in fig. 2, the process steps implemented based on the server a specifically include: when the server a is started, a network request policy and a white list are initialized by 002, and the step reads data in a configuration file and a database, loads the data into a server memory m1 according to the sorting sequence of order fields, and stores the data for subsequent use; after 002 loading is completed, the throttling strategy is loaded through 003, the step also reads data in a configuration file and a database in advance, the throttling strategy is analyzed, a token bucket is initialized, the number of the token bucket is set according to the throttling strategy, and after the step is completed, the server is started.

After the completion of the server startup, two threads T1 and T2 need to be derived from the startup, wherein one thread T1 is used for 004 to listen to requests issued by the client, and the other thread T2 is used for 005 to time according to a database or redis refresh policy.

In the thread T2, it is queried according to the system time every minute whether there is data update in the database or data update in the memory database such as redis. If the policy is found to be updated in the polling process, a signal is sent to the 006 refresh policy request module, the 006 determines whether to add a policy request according to the incoming policy 008 or update the policy request according to the policy 009 or delete the policy request according to the policy 010, and then changes the value of the policy in the memory m1 according to the determination result.

The client snoops the request in the thread T1, and the 004 snooping request divides the request into two requests, one is the request of the client requesting the backend service, and the other is the 006 refresh policy request. The 006 flush policy request, like the execution rules in thread T2 above, changes the value of the policy in memory m 1. 004 will give this request to 007 for logical filtering; the processing procedure is shown in fig. 3.

In fig. 3, client C sends HTTP request R, and the server a delivered to fig. 2 enters fig. 3 after passing through 004 and 007. Firstly, the HTTP request R enters a 021 network white list and a black list for filtering, whether the HTTP request R meets the conditions of the white list and the black list in the memory M1 is judged, if the HTTP request R meets the conditions of the white list and the black list, the HTTP request R is distributed to a subsequent filter, if the HTTP request R does not meet the conditions of the white list and the black list, the HTTP request R is delivered to 030 to reject the HTTP request R, and the HTTP request R is returned to the client C. And after the request meets the 021 condition, delivering the request to a 022 request aging checker, acquiring a current system timestamp and a timestamp carried by the user request in the checker, and delivering the request to a 030 and rejecting the request if the request does not meet the check condition. If the request requires interface verification in the 023 signature filter, the data in the request body is encrypted in combination with the request interface path and compared with the signature in the request body, if the comparison is successful, the next filtering function is performed, and if the request is not satisfied, the request is similarly delivered to 030. Then the request reaches a 024 filter to carry out identity verification, wherein token data in a request header is analyzed, the token is analyzed to obtain the identity data of the current request, time and effective time for generating the token are obtained, the time and the effective time are compared with system time, if the identity data meet requirements and the effective time of the token meets a policy set in a memory M1, the token passes the request, if the identity data do not meet the requirements, the request is delivered to 030 in the same way, then the request is subjected to 025 content verification, content verification is carried out according to the policy set in the memory M1, and if the verification does not pass, the token is delivered to 030 to reject the request. After 025, the user can define whether to enter 026 a custom verification filter, which can verify the requested data according to the requirements of the actual business scenario. After the verification of a series of filters, the request is distributed to an actual service system according to a request distribution rule set by M1 in the memory, and data returned by the service system is delivered to the client.

Has the advantages that:

The preferred embodiments of the invention disclosed above are intended to be illustrative only. The preferred embodiments are not intended to be exhaustive or to limit the invention to the precise embodiments disclosed. Obviously, many modifications and variations are possible in light of the above teaching. The embodiments were chosen and described in order to best explain the principles of the invention and the practical application, to thereby enable others skilled in the art to best utilize the invention. The invention is limited only by the claims and their full scope and equivalents.

Claims

1. A multi-functional HTTP service request preprocessing system, comprising:

2. A multi-functional HTTP service request preprocessing method, implemented by a multi-functional HTTP service request preprocessing system according to claim 1, comprising the steps of: