开发者IP白名单

\RG3.BO.Core\Provider\VerifyApiProvider.cs

   public bool VerifyRoute(string ownerId, string sysId, string value, HttpContext httpContext = null)
        {
            var isIgore = httpContext != null
              && httpContext.Request != null && httpContext.Request.Query != null
              && httpContext.Request.Query["ignore"] == "true";

            if (EnvPFUtil.IsDev() && isIgore) return true;

            //不验证的白名单
            //HttpContextUtil.GetClientUserIp
            //Provisional headers are shown
            //Referer: https://servicewechat.com/wxf6e8f170e3c80112/devtools/page-frame.html

            string path = httpContext.Request.Path;
            //测试地址，不用认证
            if (path.Contains("/bo/api/v3/debug/")) return true;
            if (path.Contains("/bo/api/v3/file/down")) return true;
            if (path == "/default") return true;

            #region 验证nginx代理获取到的数据
            if (path.Contains("/bo/api/v3/open/proxy")) return true;
            IEnumerable<string> lstWhitelistPath = new List<string>();
            _configuration.GetSection("whitelist:dev:path").Bind(lstWhitelistPath);
            if (lstWhitelistPath != null && lstWhitelistPath.Count(temp => path.Contains(temp)) > 0) return true;

            //独立验证，通常开发给第三方集成
            IEnumerable<string> lstWhitelistIndependent = new List<string>();
            _configuration.GetSection("whitelist:dev:independent").Bind(lstWhitelistIndependent);
            var xverifySource = httpContext.Request.Headers?.ContainsKey("XverifySource");
            if (xverifySource == true && lstWhitelistIndependent != null && lstWhitelistIndependent.Count(temp => path.Contains(temp)) > 0) return true;

            #endregion 验证nginx代理获取到的数据
            var ip = HttpContextUtil.GetClientUserIp(httpContext, false);

            #region 开发ip白名单 只用于特定非受权限控制接口
            IEnumerable<string> lstWhitelist = new List<string>();
            _configuration.GetSection("whitelist:dev:ips").Bind(lstWhitelist);
            bool isIp = _configuration.GetValue<bool>("whitelist:dev:open");
            if (isIp)
            {
                Console.WriteLine(ip);
            }
            if (isIp && lstWhitelist != null && lstWhitelist.Contains(ip) && isIgore) return true;
            #endregion 开发ip白名单 
            return false;
        }

尾号 * 过滤

            if (isIp && lstWhitelist != null && isIgore)
            {
                return lstWhitelist.Count(temp => ip.ToString().StartsWith(temp.Replace("*", ""))) > 0;
            }

\Config\business.Production.json

\Config\ShellApp{ownerId}\app.Production.json

{
  //跨域处理
  "withOrigins": "*",
  //如果用到websoket， 且需要跨域，需要配置对应的跨域前端地址
  "withOriginsValue": [
    "http://localhost:5521",
    "http://www.localhost:5521"
  ],
  // #region 生产配合 ignore使用，忽略ver api和 auth验证
  "whitelist": {
    "dev": {
      "open": true,
      "ips": [
        "121.204.58.75"
      ],
      // 特殊地址不受平台verapi和用户控制 header必须包含 XverifySource 才生效
      "independent": [
        "/bo/api/v3/wb-task-chat/res/my_detail"
      ],
      // 特殊地址不受平台verapi和用户控制 全局生效
      "path": [
        //"/bo/api/v3/wb-task-chat/res/my_detail"
      ]
    }
  }
  // #endregion 生产配合 ignore使用，忽略ver api和 auth验证
}