Merge pull request Kong#1245 from Mashape/fix/ip-restriction

Leveraging LRU cache for ip-restriction plugin

kong/plugins/ip-restriction/handler.lua

@@ -27,12 +27,12 @@ function IpRestrictionHandler:access(conf)
     return responses.send_HTTP_FORBIDDEN("Cannot identify the client IP address, unix domain sockets are not supported.")
   end
 
-  if conf._blacklist_cache and #conf._blacklist_cache > 0 then
-    block = iputils.ip_in_cidrs(remote_addr, conf._blacklist_cache)
+  if conf.blacklist and #conf.blacklist > 0 then
+    block = iputils.ip_in_cidrs(remote_addr, iputils.parse_cidrs(conf.blacklist))
   end
 
-  if conf._whitelist_cache and #conf._whitelist_cache > 0 then
-    block = not iputils.ip_in_cidrs(remote_addr, conf._whitelist_cache)
+  if conf.whitelist and #conf.whitelist > 0 then
+    block = not iputils.ip_in_cidrs(remote_addr, iputils.parse_cidrs(conf.whitelist))
   end
 
   if block then

kong/plugins/ip-restriction/migrations/cassandra.lua

@@ -0,0 +1,23 @@
+return {
+  {
+    name = "2016-05-24-remove-cache",
+    up = function(_, _, factory)
+      local plugins, err = factory.plugins:find_all {name = "ip-restriction"}
+      if err then
+        return err
+      end
+
+      for _, plugin in ipairs(plugins) do
+        plugin.config._whitelist_cache = nil
+        plugin.config._blacklist_cache = nil
+        local _, err = factory.plugins:update(plugin, plugin, {full = true})
+        if err then
+          return err
+        end
+      end
+    end,
+    down = function(_, _, factory)
+      -- Do nothing
+    end
+  }
+}

kong/plugins/ip-restriction/migrations/postgres.lua

@@ -0,0 +1,23 @@
+return {
+  {
+    name = "2016-05-24-remove-cache",
+    up = function(_, _, factory)
+      local plugins, err = factory.plugins:find_all {name = "ip-restriction"}
+      if err then
+        return err
+      end
+
+      for _, plugin in ipairs(plugins) do
+        plugin.config._whitelist_cache = nil
+        plugin.config._blacklist_cache = nil
+        local _, err = factory.plugins:update(plugin, plugin, {full = true})
+        if err then
+          return err
+        end
+      end
+    end,
+    down = function()
+      -- Do nothing
+    end
+  }
+}

kong/plugins/ip-restriction/schema.lua

@@ -2,27 +2,21 @@ local iputils = require "resty.iputils"
 local Errors = require "kong.dao.errors"
 
 local function validate_ips(v, t, column)
-  local new_fields
   if v and type(v) == "table" then
     for _, ip in ipairs(v) do
       local _, err = iputils.parse_cidr(ip)
       if type(err) == "string" then -- It's an error only if the second variable is a string
         return false, "cannot parse '"..ip.."': "..err
       end
     end
-    new_fields = {["_"..column.."_cache"] = iputils.parse_cidrs(v)}
   end
-  return true, nil, new_fields
+  return true
 end
 
 return {
   fields = {
     whitelist = {type = "array", func = validate_ips},
-    blacklist = {type = "array", func = validate_ips},
-
-    -- Internal use
-    _whitelist_cache = {type = "array"},
-    _blacklist_cache = {type = "array"}
+    blacklist = {type = "array", func = validate_ips}
   },
   self_check = function(schema, plugin_t, dao, is_update)
     local wl = type(plugin_t.whitelist) == "table" and plugin_t.whitelist or {}

spec/plugins/ip-restriction/api_spec.lua

@@ -67,19 +67,5 @@ describe("ip-restriction schema", function()
       assert.True(ok)
       assert.falsy(err)
     end)
-    it("should build _whitelist_cache", function()
-      local t = {whitelist = {"127.0.0.1", "127.0.0.2"}}
-      local ok, err = v(t, schema)
-      assert.True(ok)
-      assert.falsy(err)
-      assert.is_table(t._whitelist_cache)
-    end)
-    it("should build _blacklist_cache", function()
-      local t = {blacklist = {"127.0.0.1", "127.0.0.2"}}
-      local ok, err = v(t, schema)
-      assert.True(ok)
-      assert.falsy(err)
-      assert.is_table(t._blacklist_cache)
-    end)
   end)
 end)