feat(acl): add group-based ACL rules and related structures (#1265)

* feat(acl): add group-based ACL rules and related structures * refactor(acl): optimize group handling with Arc and improve cache management * refactor(acl): clippy * feat(tests): add performance tests for generate_with_proof and verify methods * feat: update group_trust_map to use HashMap for more secure group proofs * refactor: refactor the logic of the trusted group getting and setting * feat(acl): support kcp/quic use group acl * feat(proxy): optimize group retrieval by IP in Kcp and Quic proxy handlers * feat(tests): add group-based ACL tree node test * always allow quic proxy traffic --------- Co-authored-by: Sijie.Sun <sunsijie@buaa.edu.cn> Co-authored-by: sijie.sun <sijie.sun@smartx.com>
2026-05-07 10:14:35 +00:00 · 2025-08-22 22:25:00 +08:00
parent 34560af141
commit 08a92a53c3
18 changed files with 1042 additions and 29 deletions
@@ -122,9 +122,58 @@ pub trait Route {

    async fn get_peer_info_last_update_time(&self) -> std::time::Instant;

+    fn get_peer_groups(&self, peer_id: PeerId) -> Arc<Vec<String>>;
+
+    async fn get_peer_groups_by_ip(&self, ip: &std::net::IpAddr) -> Arc<Vec<String>> {
+        match self.get_peer_id_by_ip(ip).await {
+            Some(peer_id) => self.get_peer_groups(peer_id),
+            None => Arc::new(Vec::new()),
+        }
+    }
+
+    async fn get_peer_groups_by_ipv4(&self, ipv4: &Ipv4Addr) -> Arc<Vec<String>> {
+        match self.get_peer_id_by_ipv4(ipv4).await {
+            Some(peer_id) => self.get_peer_groups(peer_id),
+            None => Arc::new(Vec::new()),
+        }
+    }
+
    async fn dump(&self) -> String {
        "this route implementation does not support dump".to_string()
    }
 }

 pub type ArcRoute = Arc<Box<dyn Route + Send + Sync>>;
+
+pub struct MockRoute {}
+
+#[async_trait::async_trait]
+impl Route for MockRoute {
+    async fn open(&self, _interface: RouteInterfaceBox) -> Result<u8, ()> {
+        panic!("mock route")
+    }
+
+    async fn close(&self) {
+        panic!("mock route")
+    }
+
+    async fn get_next_hop(&self, _peer_id: PeerId) -> Option<PeerId> {
+        panic!("mock route")
+    }
+
+    async fn list_routes(&self) -> Vec<crate::proto::cli::Route> {
+        panic!("mock route")
+    }
+
+    async fn get_peer_info(&self, _peer_id: PeerId) -> Option<RoutePeerInfo> {
+        panic!("mock route")
+    }
+
+    async fn get_peer_info_last_update_time(&self) -> std::time::Instant {
+        panic!("mock route")
+    }
+
+    fn get_peer_groups(&self, _peer_id: PeerId) -> Arc<Vec<String>> {
+        panic!("mock route")
+    }
+}