From 9ef9ea52f7f6fda3ecf3a4e4d31a8edc3e42aba5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=88=98=E7=A5=A5=E8=B6=85?= <iwind.liu@gmail.com>
Date: Fri, 20 Nov 2020 22:09:26 +0800
Subject: [PATCH] =?UTF-8?q?=E6=A3=80=E6=9F=A5IP=E6=98=AF=E5=90=A6=E5=85=81?=
 =?UTF-8?q?=E8=AE=B8=E8=AE=BF=E9=97=AE=E6=97=B6=E5=A2=9E=E5=8A=A0=E7=BC=93?=
 =?UTF-8?q?=E5=AD=98?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 internal/events/events.go                   |  2 ++
 internal/securitymanager/security_config.go |  5 +++
 internal/web/helpers/utils.go               | 38 ++++++++++++++++++++-
 3 files changed, 44 insertions(+), 1 deletion(-)

diff --git a/internal/events/events.go b/internal/events/events.go
index 2b2f827e..255266e1 100644
--- a/internal/events/events.go
+++ b/internal/events/events.go
@@ -5,4 +5,6 @@ type Event = string
 const (
 	EventStart Event = "start" // start loading
 	EventQuit  Event = "quit"  // quit node gracefully
+
+	EventSecurityConfigChanged Event = "securityConfigChanged" // 安全设置变更
 )
diff --git a/internal/securitymanager/security_config.go b/internal/securitymanager/security_config.go
index dca9f0bd..ca24342e 100644
--- a/internal/securitymanager/security_config.go
+++ b/internal/securitymanager/security_config.go
@@ -2,6 +2,7 @@ package securitymanager
 
 import (
 	"encoding/json"
+	"github.com/TeaOSLab/EdgeAdmin/internal/events"
 	"github.com/TeaOSLab/EdgeAdmin/internal/rpc"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
 	"github.com/iwind/TeaGo/logs"
@@ -61,6 +62,10 @@ func UpdateSecurityConfig(securityConfig *SecurityConfig) error {
 		return err
 	}
 	sharedSecurityConfig = securityConfig
+
+	// 通知更新
+	events.Notify(events.EventSecurityConfigChanged)
+
 	return nil
 }
 
diff --git a/internal/web/helpers/utils.go b/internal/web/helpers/utils.go
index 6eb10c37..420cf7e6 100644
--- a/internal/web/helpers/utils.go
+++ b/internal/web/helpers/utils.go
@@ -1,16 +1,52 @@
 package helpers
 
 import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/events"
 	nodes "github.com/TeaOSLab/EdgeAdmin/internal/rpc"
 	"github.com/TeaOSLab/EdgeAdmin/internal/securitymanager"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
 	"github.com/iwind/TeaGo/lists"
 	"github.com/iwind/TeaGo/logs"
 	"net"
+	"sync"
 )
 
-// 检查用户IP
+var ipCacheMap = map[string]bool{} // ip => bool
+var ipCacheLocker = sync.Mutex{}
+
+func init() {
+	events.On(events.EventSecurityConfigChanged, func() {
+		ipCacheLocker.Lock()
+		ipCacheMap = map[string]bool{}
+		ipCacheLocker.Unlock()
+	})
+}
+
+// 检查用户IP并支持缓存
 func checkIP(config *securitymanager.SecurityConfig, ipAddr string) bool {
+	ipCacheLocker.Lock()
+	ipCache, ok := ipCacheMap[ipAddr]
+	if ok && ipCache {
+		ipCacheLocker.Unlock()
+		return ipCache
+	}
+	ipCacheLocker.Unlock()
+
+	result := checkIPWithoutCache(config, ipAddr)
+	ipCacheLocker.Lock()
+
+	// 缓存的内容不能过多
+	if len(ipCacheMap) > 100_000 {
+		ipCacheMap = map[string]bool{}
+	}
+
+	ipCacheMap[ipAddr] = result
+	ipCacheLocker.Unlock()
+	return result
+}
+
+// 检查用户IP
+func checkIPWithoutCache(config *securitymanager.SecurityConfig, ipAddr string) bool {
 	if config == nil {
 		return true
 	}