[go: up one dir, main page]

CN116708359A - Interface access method, device, equipment and computer readable storage medium - Google Patents

Interface access method, device, equipment and computer readable storage medium Download PDF

Info

Publication number
CN116708359A
CN116708359A CN202310741873.7A CN202310741873A CN116708359A CN 116708359 A CN116708359 A CN 116708359A CN 202310741873 A CN202310741873 A CN 202310741873A CN 116708359 A CN116708359 A CN 116708359A
Authority
CN
China
Prior art keywords
intranet
access
interface
target
domain name
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310741873.7A
Other languages
Chinese (zh)
Inventor
程亮
唐星剑
胡正军
谭清明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Syoung Cosmetics Manufacturing Co Ltd
Original Assignee
Syoung Cosmetics Manufacturing Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Syoung Cosmetics Manufacturing Co Ltd filed Critical Syoung Cosmetics Manufacturing Co Ltd
Priority to CN202310741873.7A priority Critical patent/CN116708359A/en
Publication of CN116708359A publication Critical patent/CN116708359A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/30Managing network names, e.g. use of aliases or nicknames
    • H04L61/3015Name registration, generation or assignment
    • H04L61/3025Domain name generation or assignment
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L49/00Packet switching elements
    • H04L49/10Packet switching elements characterised by the switching fabric construction
    • H04L49/111Switch interfaces, e.g. port details
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

本发明公开了一种接口访问方法、装置、设备及计算机可读存储介质,应用于互联网技术领域,包括:当接收到内网资源访问请求时,将内网资源访问请求调用的公网域名更换为局域网域名;对局域网域名进行解析,得到目标内网地址;利用虚拟专用网络根据目标内网地址对目标接口进行访问。本发明通过自动更换域名的方式,对得到的局域网域名进行解析,得到目标内网地址,从而利用虚拟专用网络根据目标内网地址对目标接口进行访问。和当前需要人工对IP地址进行更换相比,由于在接收到内网资源访问请求时,已经将内网资源访问请求调用的公网域名更换为局域网域名,使得网关可以直接将该局域网域名解析为目标IP,提高了内网接口访问的效率。

The invention discloses an interface access method, device, equipment and computer-readable storage medium, which are applied in the technical field of the Internet, including: when receiving an intranet resource access request, replacing the public network domain name invoked by the intranet resource access request It is the domain name of the local area network; the domain name of the local area network is analyzed to obtain the address of the target intranet; the virtual private network is used to access the target interface according to the address of the target intranet. The invention analyzes the obtained domain name of the local area network by automatically replacing the domain name to obtain the target intranet address, thereby utilizing the virtual private network to access the target interface according to the target intranet address. Compared with the current need to manually replace the IP address, the gateway can directly resolve the LAN domain name to The target IP improves the access efficiency of the intranet interface.

Description

一种接口访问方法、装置、设备及计算机可读存储介质An interface access method, device, equipment and computer-readable storage medium

技术领域technical field

本发明涉及互联网技术领域,特别涉及一种接口访问方法、装置、设备及计算机可读存储介质。The present invention relates to the technical field of the Internet, in particular to an interface access method, device, equipment and computer-readable storage medium.

背景技术Background technique

部分远程办公由于网络问题,必须使用公网域名系统进行上网,无法使用内网域名系统,因为使用了公网域名系统(成本问题,驻点办公室很多,每个驻点人很少)导致,请求服务器有时无法走VPN(Virtual Private Network,虚拟专用网络)隧道,客户端网址被识别为外网,导致后续服务器无法正确区分,从而无法通过VPN隧道访问网关,从而影响访问的效率。或者当前采用IP替代域名的方式,该方法当网关和服务器需要更换网关时,需要通知用户更换IP,使得管理效率较低,影响用户体验。Due to network problems, some remote offices must use the public network domain name system to access the Internet, and cannot use the intranet domain name system because of the use of the public network domain name system (cost issues, many offices at each station, and few people at each station). Sometimes the server cannot go through the VPN (Virtual Private Network, virtual private network) tunnel, and the client URL is recognized as an external network, which causes the subsequent server to be unable to distinguish correctly, so that the gateway cannot be accessed through the VPN tunnel, thereby affecting the efficiency of access. Or the method of replacing the domain name with an IP is currently used. When the gateway and the server need to replace the gateway, the user needs to be notified to change the IP, which makes the management efficiency low and affects the user experience.

因此,当前利用VPN隧道访问内网时,在网关更换时,需通知用户及时更换IP,使得访问内网的效率较低,故需要提高内网接口的访问效率,提高用户的体验感。Therefore, when using a VPN tunnel to access the intranet, when the gateway is replaced, the user needs to be notified to change the IP in time, which makes the efficiency of accessing the intranet low. Therefore, it is necessary to improve the access efficiency of the intranet interface and improve the user experience.

发明内容Contents of the invention

有鉴于此,本发明的目的在于提供一种接口访问方法、装置、设备及计算机可读存储介质,解决了现有技术中接口访问效率低的技术问题。In view of this, the object of the present invention is to provide an interface access method, device, device and computer-readable storage medium, which solves the technical problem of low interface access efficiency in the prior art.

为解决上述技术问题,本发明提供了一种接口访问方法,包括:In order to solve the above technical problems, the present invention provides an interface access method, comprising:

当接收到内网资源访问请求时,将所述内网资源访问请求调用的公网域名更换为局域网域名;When an intranet resource access request is received, the public domain name invoked by the intranet resource access request is replaced with a local area network domain name;

对所述局域网域名进行解析,得到目标内网地址;Analyzing the LAN domain name to obtain the target intranet address;

利用虚拟专用网络根据所述目标内网地址对目标接口进行访问。The virtual private network is used to access the target interface according to the target intranet address.

可选的,在所述当接收到内网资源访问请求时,将所述内网资源访问请求调用的公网域名更换为局域网域名之后,还包括:Optionally, after the said intranet resource access request is received, after replacing the public domain name invoked by the intranet resource access request with a local area network domain name, the method further includes:

在所述内网资源访问请求对应的请求头上标记内网标识。An intranet identifier is marked on the request header corresponding to the intranet resource access request.

可选的,所述利用虚拟专用网络根据所述目标内网地址对目标接口进行访问,包括:Optionally, using a virtual private network to access the target interface according to the target intranet address includes:

当微服务接收到所述内网资源访问请求时,利用所述微服务确定所述内网资源访问请求对应的请求头是否存在所述内网标识;When the microservice receives the intranet resource access request, use the microservice to determine whether the request header corresponding to the intranet resource access request has the intranet identifier;

当存在所述内网标识时,利用所述微服务允许利用所述虚拟专用网络根据所述目标内网地址对所述目标接口进行访问;When the intranet identifier exists, using the microservice to allow access to the target interface by using the virtual private network according to the target intranet address;

当不存在所述内网标识时,利用所述微服务根据接口注解确定是否允许访问;其中,所述接口注解为仅内网访问和非仅内网访问中的任意一种。When the intranet identifier does not exist, the microservice is used to determine whether to allow access according to the interface annotation; wherein, the interface annotation is any one of intranet-only access and non-intranet-only access.

可选的,所述利用虚拟专用网络根据所述目标内网地址对目标接口进行访问,包括:Optionally, using a virtual private network to access the target interface according to the target intranet address includes:

当确定第一微服务对第二微服务发起接口访问请求时,为所述接口访问请求添加Feign标记;其中,所述Feign标记代表微服务间的访问可以信任。When it is determined that the first microservice initiates an interface access request to the second microservice, a Feign mark is added to the interface access request; wherein the Feign mark represents that access between microservices can be trusted.

可选的,在所述当接收到内网资源访问请求时,将所述内网资源访问请求调用的公网域名更换为局域网域名之后,还包括:Optionally, after the said intranet resource access request is received, after replacing the public domain name invoked by the intranet resource access request with a local area network domain name, the method further includes:

在网关处删除所述Feign标记。Remove said Feign tag at the gateway.

可选的,所述利用虚拟专用网络根据所述目标内网地址对目标接口进行访问,包括:Optionally, using a virtual private network to access the target interface according to the target intranet address includes:

获取目标微服务的内网访问接口对应的内网注解信息;Obtain the intranet annotation information corresponding to the intranet access interface of the target microservice;

利用所述虚拟专用网络根据所述目标内网地址对所述目标接口进行访问,并利用所述内网注解信息对外网请求进行拦截。The virtual private network is used to access the target interface according to the target internal network address, and the external network request is intercepted by using the internal network annotation information.

本发明还提供了一种接口访问装置,包括:The present invention also provides an interface access device, comprising:

域名更换模块,用于当接收到内网资源访问请求时,将所述内网资源访问请求调用的公网域名更换为局域网域名;A domain name replacement module, configured to replace the public domain name invoked by the intranet resource access request with a local area network domain name when an intranet resource access request is received;

域名解析模块,用于对所述局域网域名进行解析,得到目标内网地址;A domain name resolution module, configured to resolve the domain name of the local area network to obtain a target intranet address;

接口访问模块,用于利用虚拟专用网络根据所述目标内网地址对目标接口进行访问。The interface access module is configured to use the virtual private network to access the target interface according to the target intranet address.

可选的,所述接口访问装置,还可以,包括:Optionally, the interface access device may also include:

内网标识添加模块,用于在所述内网资源访问请求对应的请求头上标记内网标识。The intranet identification adding module is configured to mark the intranet identification on the request header corresponding to the intranet resource access request.

本发明还提供了一种接口访问设备,包括:The present invention also provides an interface access device, including:

存储器,用于存储计算机程序;memory for storing computer programs;

处理器,用于执行所述计算机程序时实现上述的接口访问方法的步骤。The processor is configured to realize the steps of the above interface access method when executing the computer program.

本发明还提供了一种计算机可读存储介质,所述可读存储介质上存储有程序,所述程序被处理器执行时实现上述接口访问方法的步骤。The present invention also provides a computer-readable storage medium, where a program is stored on the readable storage medium, and when the program is executed by a processor, the steps of the above-mentioned interface access method are realized.

可见,本发明当接收到内网资源访问请求时,将内网资源访问请求调用的公网域名更换为局域网域名;对局域网域名进行解析,得到目标内网地址;利用虚拟专用网络根据目标内网地址对目标接口进行访问。可见,本发明通过自动更换域名的方式,使得公网域名系统对局域网域名进行解析,自动得到目标内网地址,从而利用虚拟专用网络根据目标内网地址对目标接口进行访问。It can be seen that when the present invention receives an intranet resource access request, the public domain name called by the intranet resource access request is replaced with a local area network domain name; the local area network domain name is analyzed to obtain the target intranet address; address to access the target interface. It can be seen that the present invention enables the public network domain name system to analyze the LAN domain name by automatically changing the domain name, and automatically obtains the target intranet address, thereby using the virtual private network to access the target interface according to the target intranet address.

因此,和当前在更换网关时,用户需要不断人工更换IP地址的接口访问方法相比,本发明在更换网关时,不需要人工对IP地址进行更换,由于在接收到内网资源访问请求时,已经将内网资源访问请求调用的公网域名更换为局域网域名,使得网关可以直接将该局域网域名解析为目标IP,提高了内网接口访问的效率。Therefore, compared with the current interface access method in which the user needs to manually change the IP address when changing the gateway, the present invention does not need to manually change the IP address when changing the gateway, because when receiving the intranet resource access request, The public domain name called by the intranet resource access request has been replaced with a LAN domain name, so that the gateway can directly resolve the LAN domain name to the target IP, which improves the efficiency of intranet interface access.

此外,本发明还提供了一种接口访问装置、设备及计算机可读存储介质,同样具有上述有益效果。In addition, the present invention also provides an interface access device, equipment, and computer-readable storage medium, which also have the above beneficial effects.

附图说明Description of drawings

为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据提供的附图获得其他的附图。In order to more clearly illustrate the technical solutions in the embodiments of the present invention or the prior art, the following will briefly introduce the drawings that need to be used in the description of the embodiments or the prior art. Obviously, the accompanying drawings in the following description are only It is an embodiment of the present invention, and those skilled in the art can also obtain other drawings according to the provided drawings without creative work.

图1为本发明实施例提供的一种接口访问方法的流程图;Fig. 1 is a flowchart of an interface access method provided by an embodiment of the present invention;

图2为本发明实施例提供的一种接口访问方法的流程示例图;FIG. 2 is an example flow chart of an interface access method provided by an embodiment of the present invention;

图3为本发明实施例提供的一种接口访问方法对应的系统架构示意图Fig. 3 is a schematic diagram of a system architecture corresponding to an interface access method provided by an embodiment of the present invention

图4为本发明实施例提供的一种内网标记添加过程的流程示例图;FIG. 4 is an example flow diagram of a process of adding an intranet mark provided by an embodiment of the present invention;

图5为本发明实施例提供的一种Feign标记在微服务处的流程示例图;Fig. 5 is a flow example diagram of a Feign mark at the microservice place provided by the embodiment of the present invention;

图6为本发明实施例提供的一种接口访问装置的结构示意图;FIG. 6 is a schematic structural diagram of an interface access device provided by an embodiment of the present invention;

图7为本发明实施例提供的一种接口访问设备的结构示意图。Fig. 7 is a schematic structural diagram of an interface access device provided by an embodiment of the present invention.

具体实施方式Detailed ways

为使本发明实施例的目的、技术方案和优点更加清楚,下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。In order to make the purpose, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below in conjunction with the drawings in the embodiments of the present invention. Obviously, the described embodiments It is only some embodiments of the present invention, but not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.

请参考图1,图1为本发明实施例提供的一种接口访问方法的流程图。该方法可以包括:Please refer to FIG. 1 , which is a flow chart of an interface access method provided by an embodiment of the present invention. The method can include:

S100,当接收到内网资源访问请求时,将内网资源访问请求调用的公网域名更换为局域网域名。S100. When an intranet resource access request is received, replace the public domain name invoked by the intranet resource access request with a local area network domain name.

该实施例的执行主体是服务器。由于部分远程办公室(仓库、小办公室)由于网络问题,必须使用公网DNS(域名系统),无法使用内网DNS,因此对“老网关域名”解析为外网IP(Internet Protocol,网址),因此无法通过VPN(Virtual Private Network,虚拟专用网络)隧道访问网关,最终导致我们的网关和服务器把这些请求的IP识别为外网IP。为了能正确把这些“远程办公室”识别为内网,把内部的管理系统调用的老网关域名(公网域名)更换为新网关域名(局域网域名)。可以理解的是,内部系统(比如oa(办公系统)、erp(企业资源计划系统)等)使用新网关域名,外部系统(比如小程序、app(应用程序)、网页商城),因为有外网访问需求,使用老网关域名。The execution subject of this embodiment is a server. Because some remote offices (warehouses, small offices) must use the public network DNS (Domain Name System) due to network problems, they cannot use the intranet DNS, so the "old gateway domain name" is resolved to the external network IP (Internet Protocol, URL), so Unable to access the gateway through a VPN (Virtual Private Network, virtual private network) tunnel, eventually causing our gateway and server to recognize these requested IPs as external network IPs. In order to correctly identify these "remote offices" as intranets, replace the old gateway domain name (public domain name) called by the internal management system with the new gateway domain name (local area network domain name). It is understandable that internal systems (such as oa (office system), erp (enterprise resource planning system), etc.) use the new gateway domain name, and external systems (such as applets, apps (application programs), web malls), because there are external networks For access requirements, use the old gateway domain name.

需要说明的是,在当接收到内网资源访问请求时,将内网资源访问请求调用的公网域名更换为局域网域名之后,还可以包括:在内网资源访问请求对应的请求头上标记内网标识。可以理解的是,如果在IP对应的请求上标记内网标识,使得后续主体很容易准确地识别该内网资源访问请求的类型是内网。即读取http请求头“内网标识”,是则标识用户来自内网,放行,否则拒绝请求。因此,在内网资源访问请求对应的请求头上标记内网标识,可以提高请求识别的准确性。It should be noted that after the public network domain name invoked by the intranet resource access request is replaced with the LAN domain name when the intranet resource access request is received, it may also include: Web logo. It can be understood that if the intranet identifier is marked on the request corresponding to the IP, the subsequent subject can easily and accurately identify that the type of the intranet resource access request is an intranet. That is, read the http request header "Intranet ID", if it is, it will identify that the user is from the intranet and let it go, otherwise it will reject the request. Therefore, marking the intranet identifier on the request header corresponding to the intranet resource access request can improve the accuracy of request identification.

需要说明的是,在当接收到内网资源访问请求时,将内网资源访问请求调用的公网域名更换为局域网域名之后,还可以包括:在网关处删除Feign标记。可以理解的是,当网关处存在Feign标记时,需要在网关处删除Feign标记,防止外网用户直接对请求添加Feign标记,从而伪装成内网,导致后续微服务的错误识别。该实施例中的Feign标记表示接口仅微服务之间(微服务A/微服务B)访问可以信任。It should be noted that after receiving the intranet resource access request, after replacing the public domain name invoked by the intranet resource access request with the LAN domain name, it may also include: deleting the Feign mark at the gateway. It is understandable that when there is a Feign tag at the gateway, the Feign tag needs to be deleted at the gateway to prevent external network users from directly adding the Feign tag to the request, thus masquerading as an internal network, resulting in misidentification of subsequent microservices. The Feign mark in this embodiment indicates that the interface can only be trusted for access between microservices (microservice A/microservice B).

S101,对局域网域名进行解析,得到目标内网地址。S101. Analyzing the LAN domain name to obtain a target intranet address.

该实施例通过同时对局域网域名利用公网DNS解析为内网IP:10.1.x.x。In this embodiment, the LAN domain name is resolved to the intranet IP: 10.1.x.x by using the public network DNS at the same time.

S102,利用虚拟专用网络根据目标内网地址对目标接口进行访问。S102. Use the virtual private network to access the target interface according to the target intranet address.

该实施例可以通过VPN隧道,从内网访问到新网关服务器。需要说明的是,上述利用虚拟专用网络根据所述目标内网地址对目标接口进行访问,可以包括:当微服务接收到内网资源访问请求时,利用微服务确定内网资源访问请求对应的请求头是否存在内网标识;当存在内网标识时,利用微服务允许利用虚拟专用网络根据目标内网地址对目标接口进行访问;当不存在所述内网标识时,利用所述微服务根据接口注解确定是否允许访问;其中,所述接口注解为仅内网访问和非仅内网访问中的任意一种。该实施例中可以利用内网标识直接确定是否可以对目标接口进行访问,提高了访问的安全性。可以理解的是,该实施例中的互联网用户继续使用老网关域名(公网域名),服务器能正确识别为外网IP。家庭、驻地办公室实际连接了公司VPN(内部系统使用(局域网域名),并解析为内网IP,访问服务器利用VPN隧道),访问服务器也是通过VPN隧道,服务器能正确识别为内网IP。当不存在所述内网标识时,利用微服务根据当前访问的接口注解,接口注解如果配置为仅内网访问,则微服务拒绝访问,否则,当接口注解为非仅内网访问时,默认允许访问。In this embodiment, the new gateway server can be accessed from the intranet through the VPN tunnel. It should be noted that, the above-mentioned access to the target interface by using the virtual private network according to the target intranet address may include: when the microservice receives an intranet resource access request, using the microservice to determine the request corresponding to the intranet resource access request Whether there is an intranet ID in the header; when there is an intranet ID, use the microservice to allow the virtual private network to access the target interface according to the target intranet address; when there is no internal network ID, use the microservice to access the target interface according to the interface The annotation determines whether access is allowed; wherein, the interface annotation is any one of intranet-only access and non-intranet-only access. In this embodiment, the internal network identifier can be used to directly determine whether the target interface can be accessed, which improves the security of the access. It can be understood that the Internet users in this embodiment continue to use the old gateway domain name (public network domain name), and the server can correctly identify it as the external network IP. The home and the resident office are actually connected to the company VPN (the internal system uses (LAN domain name) and resolves to the intranet IP, and the access server uses the VPN tunnel), and the access server is also through the VPN tunnel, and the server can be correctly identified as the intranet IP. When the intranet identifier does not exist, the microservice is used to annotate the currently accessed interface. If the interface annotation is configured as only intranet access, the microservice rejects access; otherwise, when the interface annotation is not only intranet access, the default Allow access.

需要说明的是,在上述利用虚拟专用网络根据所述目标内网地址对目标接口进行访问之后,还可以包括:当确定第一微服务对第二微服务发起接口访问请求时,为接口访问请求添加Feign标记;其中,所述Feign标记代表微服务间的访问可以信任。该实施例中的Feign标记为服务器之间调用的接口,因此安全性要求最高,需要限制“仅服务器内网调用”。该实施例中的Feign标记在接口调用处添加,可以理解的是,Feign标记只要微服务A(第一微服务)调用微服务B(第二微服务),就会在发起请求的时候打上Feign标记,区别于用户直接访问微服务B的请求。因为后者是用户直接发起(在网关清除用户伪造的feign标记),有检验是否内网的需要,而前者为微服务A直接发起,是完全可信任的,所以打上Feign标记。由于Feign标记在微服务调用处添加可以防止外网用户作弊,故可以进一步提高访问的安全性。It should be noted that, after using the above-mentioned virtual private network to access the target interface according to the target intranet address, it may also include: when it is determined that the first microservice initiates an interface access request to the second microservice, for the interface access request Add a Feign mark; wherein, the Feign mark represents that the access between microservices can be trusted. Feign in this embodiment is marked as an interface called between servers, so the security requirement is the highest, and it is necessary to limit "only server intranet calls". The Feign mark in this embodiment is added at the interface call. It can be understood that as long as microservice A (the first microservice) calls microservice B (the second microservice), the Feign mark will be marked when the request is initiated. mark, which is different from the request that the user directly accesses microservice B. Because the latter is directly initiated by the user (the feign mark forged by the user is cleared at the gateway), there is a need to check whether it is an intranet, while the former is directly initiated by microservice A and is completely trustworthy, so it is marked with Feign. Since the Feign mark is added at the microservice call to prevent external network users from cheating, it can further improve the security of access.

需要说明的是,上述利用虚拟专用网络根据目标内网地址对目标接口进行访问,可以包括:获取目标微服务的内网访问接口对应的内网注解信息;利用虚拟专用网络根据所述目标内网地址对目标接口进行访问,并利用内网注解信息对外网请求进行拦截。It should be noted that the above-mentioned access to the target interface by using the virtual private network according to the target intranet address may include: obtaining the intranet annotation information corresponding to the intranet access interface of the target microservice; The address accesses the target interface, and uses the intranet annotation information to intercept external network requests.

本发明实施例提供的接口访问方法,通过当接收到内网资源访问请求时,将内网资源访问请求调用的公网域名更换为局域网域名;对局域网域名进行解析,得到目标内网地址;利用虚拟专用网络根据目标内网地址对目标接口进行访问。可见,本发明和当前在更换网关时,用户需要不断人工更换IP地址的接口访问方法相比,本发明当接收到内网资源访问请求时,将内网资源访问请求调用的公网域名更换为局域网域名;对局域网域名进行解析,得到目标内网地址;利用虚拟专用网络根据目标内网地址对目标接口进行访问。即,本发明通过自动更换域名的方式,使得公网域名系统对局域网域名进行解析,自动得到目标内网地址,从而利用虚拟专用网络根据目标内网地址对目标接口进行访问,即本发明在更换网关时,不需要人工对IP地址进行更换,由于在接收到内网资源访问请求时,已经将内网资源访问请求调用的公网域名更换为局域网域名,使得网关可以直接将该局域网域名解析为目标IP,提高了内网接口访问的效率。并且,在内网资源访问请求对应的请求头上标记内网标识,使得后续可以准确地识别内网,利用虚拟专用网络进行准确的访问目标接口;并且,Feign标记在微服务调用处添加,由于在微服务调用处添加,使得微服务间可以相互调用,提高访问的效率;并且,可以在网关处删除Feign标记,防止外网用户直接对请求添加Feign标记,从而伪装成内网,导致后续微服务的错误识别;并且,利用内网注解信息对外网请求进行拦截,提高对外网拦截的准确性,进而提高内网访问的安全。In the interface access method provided by the embodiment of the present invention, when an intranet resource access request is received, the public domain name invoked by the intranet resource access request is replaced with a local area network domain name; the local area network domain name is analyzed to obtain the target intranet address; The virtual private network accesses the target interface according to the target intranet address. It can be seen that the present invention is compared with the current interface access method in which the user needs to manually change the IP address when replacing the gateway. When the present invention receives an intranet resource access request, it replaces the public domain name called by the intranet resource access request with LAN domain name; analyze the LAN domain name to obtain the target intranet address; use the virtual private network to access the target interface according to the target intranet address. That is, the present invention makes the domain name system of the public network analyze the domain name of the local area network by automatically replacing the domain name, and automatically obtains the target intranet address, thereby utilizing the virtual private network to access the target interface according to the target intranet address, that is, the present invention is replacing When using the gateway, there is no need to manually change the IP address. Since the public domain name invoked by the intranet resource access request has been replaced with the LAN domain name when receiving the intranet resource access request, the gateway can directly resolve the LAN domain name to The target IP improves the efficiency of internal network interface access. Moreover, mark the intranet identifier on the request header corresponding to the intranet resource access request, so that the intranet can be accurately identified later, and the virtual private network can be used to accurately access the target interface; and the Feign mark is added at the microservice call, because Add it at the microservice call, so that the microservices can call each other and improve the efficiency of access; and, you can delete the Feign mark at the gateway to prevent external network users from directly adding the Feign mark to the request, thereby masquerading as an internal network, resulting in subsequent micro-services Misidentification of services; and, use the intranet annotation information to intercept external network requests, improve the accuracy of external network interception, and then improve the security of intranet access.

为了使本发明更便于理解,具体请参考图2,图2为本发明实施例提供的一种接口访问方法的流程示例图,具体可以包括:In order to make the present invention easier to understand, please refer to FIG. 2 for details. FIG. 2 is an example flow diagram of an interface access method provided by an embodiment of the present invention, which may specifically include:

S200,将内部管理系统调用的公网域名更换为局域网域名。S200, replacing the public network domain name invoked by the internal management system with a local area network domain name.

该实施例并不限定具体的内部管理系统。例如,内部管理系统可以是企业内部软件;或者内部管理系统还可以是企业内部小程序。为便于理解,请参考图3,图3为本发明实施例提供的一种接口访问方法对应的系统架构示意图。内部管理系统:企业内部的APP(Application,应用程序)、小程序等;服务器负载均衡(ServerLoadBalancingN,SLB):服务器负载均衡(ServerLoad Balancing),可以看作HSRP(热备份路由器协议)的扩展,实现多个服务器之间的负载均衡。虚拟服务器代表的是多个真实服务器的群集,客户端向虚拟服务器发起连接时,通过某种负载均衡算法,转发到某真实服务器。网关:网关(Gateway)又称网间连接器、协议转换器。网关在传输层上以实现网络互连,是最复杂的网络互连设备,仅用于两个高层协议不同的网络互连。网关既可以用于广域网互连,也可以用于局域网互连。微服务A:微服务可以在“自己的程序”中运行,并通过“轻量级设备与HTTP(HyperTextTransfer Protocol,超文本传输协议)型API(ApplicationProgram Interface,应用程序接口)进行沟通”。关键在于该服务可以在自己的程序中运行。通过这一点我们就可以将服务公开与微服务架构(在现有系统中分布一个API)区分开来。微服务A可以直接调用微服务B的接口。This embodiment does not limit a specific internal management system. For example, the internal management system may be internal software of the enterprise; or the internal management system may also be a small program within the enterprise. For ease of understanding, please refer to FIG. 3 , which is a schematic diagram of a system architecture corresponding to an interface access method provided by an embodiment of the present invention. Internal management system: APP (Application, application program), small programs, etc. within the enterprise; Server Load Balancing (ServerLoad BalancingN, SLB): Server Load Balancing (ServerLoad Balancing), which can be regarded as an extension of HSRP (Hot Standby Router Protocol), realizes Load balancing among multiple servers. A virtual server represents a cluster of multiple real servers. When a client initiates a connection to a virtual server, it is forwarded to a real server through a load balancing algorithm. Gateway: Gateway (Gateway) is also known as an Internet connector and a protocol converter. The gateway implements network interconnection on the transport layer and is the most complex network interconnection device, which is only used for the interconnection of two networks with different high-level protocols. Gateways can be used for both WAN interconnection and LAN interconnection. Microservice A: Microservices can run in their "own programs" and communicate with HTTP (HyperTextTransfer Protocol, Hypertext Transfer Protocol)-type API (Application Program Interface, Application Programming Interface) through "lightweight devices". The point is that the service can run in its own program. Through this, we can distinguish service exposure from microservice architecture (distribute an API in an existing system). Microservice A can directly call the interface of microservice B.

S201,利用公网DNS将局域网域名解析为目标内网地址。S201. Use the public network DNS to resolve the local area network domain name to a target intranet address.

S202,通过VPN实现目标内网地址至目标网关服务器的访问。S202, realizing access from the target intranet address to the target gateway server through the VPN.

S203,在网关处为局域网域名对应的请求头添加内网标记,且当网关处有Feign标记时,对Feign标记进行删除。S203. Add an intranet mark to the request header corresponding to the LAN domain name at the gateway, and delete the Feign mark when there is a Feign mark at the gateway.

该实施例具体的过程具体请参考图4,图4为本发明实施例提供的一种内网标记添加过程的流程示例图,步骤1,利用网关检查用户请求IP是否是内网。步骤2用户请求IP是内网则将请求头标记为“1”;步骤3,否则标记为“0”;步骤4,用户请求IP对应的HTTP请求头清除Feign标记。For the specific process of this embodiment, please refer to FIG. 4 . FIG. 4 is an example flow diagram of a process of adding an intranet mark provided by an embodiment of the present invention. Step 1: Use the gateway to check whether the user's requested IP is an intranet. In step 2, if the IP requested by the user is an intranet, the request header is marked as "1"; in step 3, otherwise, it is marked as "0"; in step 4, the HTTP request header corresponding to the user's requested IP clears the Feign flag.

S204,在微服务处添加Feign标记;其中,Feign标记表示可信任微服务发起的请求。S204, adding a Feign mark at the microservice; wherein, the Feign mark indicates a request initiated by the trusted microservice.

该实施例Feign标记在微服务处的具体应用过程可以参考图5,图5为本发明实施例提供的一种Feign标记在微服务处的流程示例图,步骤1:确定微服务是否为仅内网访问,步骤2:当仅内网访问时,不允许访问并判断URL是否在匿名表,步骤3:否则允许访问;步骤4:当不是仅内网访问时,允许访问微服务对应的目标接口。步骤5:当URL(统一资源定位符)不在匿名表时,不允许访问并根据请求头判断是否为服务器内网192.168,步骤6:当在匿名表时,允许访问;步骤7:当不是服务器内网192.168时,不允许访问并判断是否具有feign标记,步骤8:当是服务器内网192.168时,允许访问;步骤9:当具有feign标记时,允许访问,步骤10:当不具有feign标记时,不允许访问并判断是否具有内网标记,步骤11:当具有内网标记时,允许访问,步骤12:否则不允许访问。The specific application process of the Feign mark at the microservice in this embodiment can refer to Figure 5. Figure 5 is an example diagram of the process of a Feign mark at the microservice provided by the embodiment of the present invention. Step 1: Determine whether the microservice is internal only Network access, step 2: when only intranet access is allowed, access is not allowed and judge whether the URL is in the anonymous table, step 3: otherwise, access is allowed; step 4: when it is not only intranet access, allow access to the target interface corresponding to the microservice . Step 5: When the URL (uniform resource locator) is not in the anonymous table, access is not allowed and judge whether it is the server intranet 192.168 according to the request header; Step 6: When it is in the anonymous table, allow access; Step 7: When it is not in the server When the network is 192.168, access is not allowed and judge whether it has a feign mark. Step 8: When it is the server intranet 192.168, allow access; Step 9: When it has a feign mark, allow access. Step 10: When it does not have a feign mark, Access is not allowed and judge whether there is an intranet flag, step 11: when there is an intranet flag, allow access, step 12: otherwise, not allow access.

下面对本发明实施例提供的一种接口访问装置进行介绍,下文描述的接口访问装置与上文描述的接口访问方法可相互对应参照。An interface access device provided by an embodiment of the present invention is introduced below, and the interface access device described below and the interface access method described above may be referred to in correspondence.

具体请参考图6,图6为本发明实施例提供的接口访问装置的结构示意图,可以包括:Please refer to FIG. 6 for details. FIG. 6 is a schematic structural diagram of an interface access device provided by an embodiment of the present invention, which may include:

域名更换模块100,用于当接收到内网资源访问请求时,将所述内网资源访问请求调用的公网域名更换为局域网域名;The domain name replacement module 100 is used to replace the public network domain name invoked by the intranet resource access request with a local area network domain name when the intranet resource access request is received;

域名解析模块200,用于对所述局域网域名进行解析,得到目标内网地址;The domain name resolution module 200 is configured to resolve the domain name of the local area network to obtain the target intranet address;

接口访问模块300,用于利用虚拟专用网络根据所述目标内网地址对目标接口进行访问。The interface access module 300 is configured to use the virtual private network to access the target interface according to the target intranet address.

进一步地,基于上述实施例,上述接口访问装置,还可以包括:Further, based on the above embodiment, the above interface access device may further include:

内网标识添加模块,用于在所述内网资源访问请求对应的请求头上标记内网标识。The intranet identification adding module is configured to mark the intranet identification on the request header corresponding to the intranet resource access request.

进一步地,基于上述实施例,上述接口访问模块300,可以包括:Further, based on the above-mentioned embodiment, the above-mentioned interface access module 300 may include:

内网标识确定单元,用于当微服务接收到所述内网资源访问请求时,利用所述微服务确定所述内网资源访问请求对应的请求头是否存在所述内网标识;An intranet identifier determination unit, configured to use the microservice to determine whether the request header corresponding to the intranet resource access request has the intranet identifier when the microservice receives the intranet resource access request;

接口访问单元,用于当存在所述内网标识时,利用所述微服务允许利用所述虚拟专用网络根据所述目标内网地址对所述目标接口进行访问;An interface access unit, configured to use the microservice to allow the virtual private network to access the target interface according to the target intranet address when the intranet identifier exists;

接口访问判断单元,用于当不存在所述内网标识时,利用所述微服务根据接口注解确定是否允许访问;其中,所述接口注解为仅内网访问和非仅内网访问中的任意一种。An interface access judging unit, configured to use the microservice to determine whether to allow access according to the interface annotation when the intranet identifier does not exist; wherein, the interface annotation is any of intranet access only and non-intranet access A sort of.

进一步地,基于上述任意实施例,上述接口访问装置,还可以包括:Further, based on any of the above-mentioned embodiments, the above-mentioned interface access device may further include:

Feign标记添加模块,用于当确定第一微服务对第二微服务发起接口访问请求时,为所述接口访问请求添加Feign标记;其中,所述Feign标记代表微服务间的访问可以信任。A Feign mark adding module, configured to add a Feign mark to the interface access request when it is determined that the first microservice initiates an interface access request to the second microservice; wherein, the Feign mark represents that the access between microservices can be trusted.

进一步地,基于上述实施例,上述接口访问装置,还可以包括:Further, based on the above embodiment, the above interface access device may further include:

Feign标记删除单元,用于在网关处删除所述Feign标记。The Feign mark deletion unit is configured to delete the Feign mark at the gateway.

进一步,基于上述任意实施例,上述接口访问模块300,可以包括:Further, based on any of the above-mentioned embodiments, the above-mentioned interface access module 300 may include:

内网注解信息获取模块,用于获取目标微服务的内网访问接口对应的内网注解信息;The intranet annotation information acquisition module is used to obtain the intranet annotation information corresponding to the intranet access interface of the target microservice;

外网请求拦截模块,用于利用所述虚拟专用网络根据所述目标内网地址对所述目标接口进行访问,并利用所述内网注解信息对外网请求进行拦截。The external network request interception module is used to use the virtual private network to access the target interface according to the target internal network address, and use the internal network annotation information to intercept external network requests.

需要说明的是,上述接口访问装置中的模块以及单元在不影响逻辑的情况下,其顺序可以前后进行更改。It should be noted that the order of the modules and units in the above-mentioned interface access device can be changed back and forth without affecting the logic.

本发明实施例提供的接口访问装置,可以包括:域名更换模块100,用于当接收到内网资源访问请求时,将所述内网资源访问请求调用的公网域名更换为局域网域名;域名解析模块200,用于对所述局域网域名进行解析,得到目标内网地址;接口访问模块300,用于利用虚拟专用网络根据所述目标内网地址对目标接口进行访问。可见,本发明和当前在更换网关时,用户需要不断人工更换IP地址的接口访问方法相比,本发明当接收到内网资源访问请求时,将内网资源访问请求调用的公网域名更换为局域网域名;对局域网域名进行解析,得到目标内网地址;利用虚拟专用网络根据目标内网地址对目标接口进行访问。即,本发明通过自动更换域名的方式,使得公网域名系统对局域网域名进行解析,自动得到目标内网地址,从而利用虚拟专用网络根据目标内网地址对目标接口进行访问,即本发明在更换网关时,不需要人工对IP地址进行更换,由于在接收到内网资源访问请求时,已经将内网资源访问请求调用的公网域名更换为局域网域名,使得网关可以直接将该局域网域名解析为目标IP,提高了内网接口访问的效率。并且,在内网资源访问请求对应的请求头上标记内网标识,使得后续可以准确地识别内网,利用虚拟专用网络进行准确的访问目标接口;并且,Feign标记在微服务调用处添加,由于在接口调用处添加,使得微服务间可以相互调用,提高访问的效率;并且,可以在网关处删除Feign标记,防止外网用户直接对请求添加Feign标记,从而伪装成内网,导致后续微服务的错误识别;并且,利用内网注解信息对外网请求进行拦截,提高对外网拦截的准确性,进而提高内网访问的安全。The interface access device provided by the embodiment of the present invention may include: a domain name replacement module 100, configured to replace the public network domain name invoked by the intranet resource access request with a local area network domain name when an intranet resource access request is received; domain name resolution The module 200 is configured to analyze the LAN domain name to obtain the target intranet address; the interface access module 300 is configured to use a virtual private network to access the target interface according to the target intranet address. It can be seen that the present invention is compared with the current interface access method in which the user needs to manually change the IP address when replacing the gateway. When the present invention receives an intranet resource access request, it replaces the public domain name called by the intranet resource access request with LAN domain name; analyze the LAN domain name to obtain the target intranet address; use the virtual private network to access the target interface according to the target intranet address. That is, the present invention makes the domain name system of the public network analyze the domain name of the local area network by automatically replacing the domain name, and automatically obtains the target intranet address, thereby utilizing the virtual private network to access the target interface according to the target intranet address, that is, the present invention is replacing When using the gateway, there is no need to manually change the IP address. Since the public domain name invoked by the intranet resource access request has been replaced with the LAN domain name when receiving the intranet resource access request, the gateway can directly resolve the LAN domain name to The target IP improves the efficiency of internal network interface access. Moreover, mark the intranet identifier on the request header corresponding to the intranet resource access request, so that the intranet can be accurately identified later, and the virtual private network can be used to accurately access the target interface; and the Feign mark is added at the microservice call, because Add it at the interface call, so that microservices can call each other and improve access efficiency; and, you can delete the Feign tag at the gateway to prevent external network users from directly adding Feign tags to the request, thereby masquerading as an intranet, resulting in subsequent microservices In addition, use the intranet annotation information to intercept external network requests, improve the accuracy of external network interception, and then improve the security of intranet access.

下面对本发明实施例提供的一种接口访问设备进行介绍,下文描述的接口访问设备与上文描述的接口访问方法可相互对应参照。An interface access device provided by an embodiment of the present invention is introduced below, and the interface access device described below and the interface access method described above may be referred to in correspondence.

请参考图7,图7为本发明实施例提供的一种接口访问设备的结构示意图,可以包括:Please refer to FIG. 7. FIG. 7 is a schematic structural diagram of an interface access device provided by an embodiment of the present invention, which may include:

存储器10,用于存储计算机程序;memory 10 for storing computer programs;

处理器20,用于执行计算机程序,以实现上述的接口访问方法。The processor 20 is configured to execute a computer program to implement the above interface access method.

存储器10、处理器20、通信接口30均通过通信总线40完成相互间的通信。The memory 10 , the processor 20 , and the communication interface 30 all communicate with each other through the communication bus 40 .

在本发明实施例中,存储器10中用于存放一个或者一个以上程序,程序可以包括程序代码,程序代码包括计算机操作指令,在本发明实施例中,存储器10中可以存储有用于实现以下功能的程序:In the embodiment of the present invention, the memory 10 is used to store one or more programs. The program may include program codes, and the program code includes computer operation instructions. In the embodiment of the present invention, the memory 10 may store the following functions: program:

当接收到内网资源访问请求时,将内网资源访问请求调用的公网域名更换为局域网域名;When receiving an intranet resource access request, replace the public domain name invoked by the intranet resource access request with the LAN domain name;

对局域网域名进行解析,得到目标内网地址;Analyze the LAN domain name to obtain the target intranet address;

利用虚拟专用网络根据目标内网地址对目标接口进行访问。Use the virtual private network to access the target interface according to the target intranet address.

在一种可能的实现方式中,存储器10可包括存储程序区和存储数据区,其中,存储程序区可存储操作系统,以及至少一个功能所需的应用程序等;存储数据区可存储使用过程中所创建的数据。In a possible implementation, the memory 10 may include a program storage area and a data storage area, wherein the program storage area may store an operating system and at least one application program required by a function; the data storage area may store The data created.

此外,存储器10可以包括只读存储器和随机存取存储器,并向处理器提供指令和数据。存储器的一部分还可以包括NVRAM。存储器存储有操作系统和操作指令、可执行模块或者数据结构,或者它们的子集,或者它们的扩展集,其中,操作指令可包括各种操作指令,用于实现各种操作。操作系统可以包括各种系统程序,用于实现各种基础任务以及处理基于硬件的任务。Additionally, memory 10 may include read-only memory and random-access memory, and provides instructions and data to the processor. A portion of the memory may also include NVRAM. The memory stores operating systems and operating instructions, executable modules or data structures, or their subsets, or their extended sets, wherein the operating instructions may include various operating instructions for implementing various operations. An operating system may include various system programs for implementing various basic tasks as well as handling hardware-based tasks.

处理器20可以为中央处理器(Central ProcessingUnit,CPU)、特定应用集成电路、数字信号处理器、现场可编程门阵列或者其他可编程逻辑器件,处理器20可以是微处理器或者也可以是任何常规的处理器等。处理器20可以调用存储器10中存储的程序。The processor 20 can be a central processing unit (Central Processing Unit, CPU), a specific application integrated circuit, a digital signal processor, a field programmable gate array or other programmable logic devices, and the processor 20 can be a microprocessor or any conventional processors, etc. The processor 20 can call programs stored in the memory 10 .

通信接口30可以为通信模块的接口,用于与其他设备或者系统连接。The communication interface 30 may be an interface of a communication module, and is used for connecting with other devices or systems.

当然,需要说明的是,图7所示的结构并不构成对本发明实施例中接口访问设备的限定,在实际应用中接口访问设备可以包括比图7所示的更多或更少的部件,或者组合某些部件。Of course, it should be noted that the structure shown in FIG. 7 does not constitute a limitation on the interface access device in the embodiment of the present invention. In practical applications, the interface access device may include more or less components than those shown in FIG. 7 , Or combine certain parts.

下面对本发明实施例提供的计算机可读存储介质进行介绍,下文描述的计算机可读存储介质与上文描述的接口访问方法可相互对应参照。The computer-readable storage medium provided by the embodiments of the present invention is introduced below, and the computer-readable storage medium described below and the interface access method described above may refer to each other correspondingly.

本发明还提供一种计算机可读存储介质,该计算机可读存储介质上存储有计算机程序,计算机程序被处理器执行时实现上述的接口访问方法的步骤。The present invention also provides a computer-readable storage medium, where a computer program is stored on the computer-readable storage medium, and when the computer program is executed by a processor, the steps of the above-mentioned interface access method are realized.

该计算机可读存储介质可以包括:U盘、移动硬盘、只读存储器(Read-OnlyMemory,ROM)、随机存取存储器(Random Access Memory,RAM)、磁碟或者光盘等各种可以存储程序代码的介质。The computer-readable storage medium may include: U disk, mobile hard disk, read-only memory (Read-Only Memory, ROM), random access memory (Random Access Memory, RAM), magnetic disk or optical disk, etc., which can store program codes. medium.

本说明书中各个实施例采用递进的方式描述,每个实施例重点说明的都是与其它实施例的不同之处,各个实施例之间相同或相似部分互相参见即可。对于实施例公开的装置而言,由于其与实施例公开的方法相对应,所以描述的比较简单,相关之处参见方法部分说明即可。Each embodiment in this specification is described in a progressive manner, each embodiment focuses on the difference from other embodiments, and the same or similar parts of each embodiment can be referred to each other. As for the device disclosed in the embodiment, since it corresponds to the method disclosed in the embodiment, the description is relatively simple, and for relevant details, please refer to the description of the method part.

专业人员还可以进一步意识到,结合本文中所公开的实施例描述的各示例的单元及算法步骤,能够以电子硬件、计算机软件或者二者的结合来实现,为了清楚地说明硬件和软件的可互换性,在上述说明中已经按照功能一般性地描述了各示例的组成及步骤。这些功能究竟以硬件还是软件的方式来执行,取决于技术方案的特定应用和设计约束条件。专业技术人员可以对每个特定的应用来使用不同方法来实现所描述的功能,但是这种实现不应该认为超出本发明的范围。Professionals can further realize that the units and algorithm steps of the examples described in conjunction with the embodiments disclosed herein can be implemented by electronic hardware, computer software or a combination of the two. In order to clearly illustrate the possible For interchangeability, in the above description, the composition and steps of each example have been generally described according to their functions. Whether these functions are executed by means of hardware or software depends on the specific application and design constraints of the technical solution. Those skilled in the art may use different methods to implement the described functions for each specific application, but such implementation should not be regarded as exceeding the scope of the present invention.

最后,还需要说明的是,在本文中,诸如第一和第二等之类的关系属于仅仅用来将一个实体或者操作与另一个实体或者操作区分开来,而不一定要求或者暗示这些实体或操作之间存在任何这种实际的关系或者顺序。而且,术语“包括”、“包含”或者其他任何变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、物品或者设备不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、物品或者设备所固有的要素。Finally, it should also be noted that in this article, relationships such as first and second etc. are only used to distinguish one entity or operation from another entity or operation, and do not necessarily require or imply that these entities or operations, any such actual relationship or order exists. Furthermore, the term "comprises", "comprising", or any other variation is intended to cover a non-exclusive inclusion such that a process, method, article, or apparatus comprising a set of elements includes not only those elements, but also items not expressly listed. other elements, or also include elements inherent in such a process, method, article, or apparatus.

以上对本发明所提供的一种接口访问方法、装置、设备及计算机可读存储介质进行了详细介绍,本文中应用了具体个例对本发明的原理及实施方式进行了阐述,以上实施例的说明只是用于帮助理解本发明的方法及其核心思想;同时,对于本领域的一般技术人员,依据本发明的思想,在具体实施方式及应用范围上均会有改变之处,综上所述,本说明书内容不应理解为对本发明的限制。The interface access method, device, equipment and computer-readable storage medium provided by the present invention have been introduced in detail above. In this paper, specific examples are used to illustrate the principle and implementation of the present invention. The description of the above embodiments is only It is used to help understand the method of the present invention and its core idea; at the same time, for those of ordinary skill in the art, according to the idea of the present invention, there will be changes in the specific implementation and scope of application. In summary, this The content of the description should not be construed as limiting the present invention.

Claims (10)

1.一种接口访问方法,其特征在于,包括:1. An interface access method, characterized in that, comprising: 当接收到内网资源访问请求时,将所述内网资源访问请求调用的公网域名更换为局域网域名;When an intranet resource access request is received, the public domain name invoked by the intranet resource access request is replaced with a local area network domain name; 对所述局域网域名进行解析,得到目标内网地址;Analyzing the LAN domain name to obtain the target intranet address; 利用虚拟专用网络根据所述目标内网地址对目标接口进行访问。The virtual private network is used to access the target interface according to the target intranet address. 2.根据权利要求1所述的接口访问方法,其特征在于,在所述当接收到内网资源访问请求时,将所述内网资源访问请求调用的公网域名更换为局域网域名之后,还包括:2. The interface access method according to claim 1, characterized in that, after the internal network resource access request is received, after the public network domain name called by the internal network resource access request is replaced with a local area network domain name, include: 在所述内网资源访问请求对应的请求头上标记内网标识。An intranet identifier is marked on the request header corresponding to the intranet resource access request. 3.根据权利要求2所述的接口访问方法,其特征在于,所述利用虚拟专用网络根据所述目标内网地址对目标接口进行访问,包括:3. The interface access method according to claim 2, wherein said utilizing a virtual private network to access the target interface according to the target intranet address comprises: 当微服务接收到所述内网资源访问请求时,利用所述微服务确定所述内网资源访问请求对应的请求头是否存在所述内网标识;When the microservice receives the intranet resource access request, use the microservice to determine whether the request header corresponding to the intranet resource access request has the intranet identifier; 当存在所述内网标识时,利用所述微服务允许利用所述虚拟专用网络根据所述目标内网地址对所述目标接口进行访问;When the intranet identifier exists, using the microservice to allow access to the target interface by using the virtual private network according to the target intranet address; 当不存在所述内网标识时,利用所述微服务根据接口注解确定是否允许访问;其中,所述接口注解为仅内网访问和非仅内网访问中的任意一种。When the intranet identifier does not exist, the microservice is used to determine whether to allow access according to the interface annotation; wherein, the interface annotation is any one of intranet-only access and non-intranet-only access. 4.根据权利要求1所述的接口访问方法,其特征在于,在所述利用虚拟专用网络根据所述目标内网地址对目标接口进行访问之后,还包括:4. The method for accessing an interface according to claim 1, further comprising: 当确定第一微服务对第二微服务发起接口访问请求时,为所述接口访问请求添加Feign标记;其中,所述Feign标记代表微服务间的访问可以信任。When it is determined that the first microservice initiates an interface access request to the second microservice, a Feign mark is added to the interface access request; wherein the Feign mark represents that access between microservices can be trusted. 5.根据权利要求4所述的接口访问方法,其特征在于,在所述当接收到内网资源访问请求时,将所述内网资源访问请求调用的公网域名更换为局域网域名之后,还包括:5. The interface access method according to claim 4, characterized in that, after the internal network resource access request is received, after the public network domain name called by the internal network resource access request is replaced with a local area network domain name, include: 在网关处删除所述Feign标记。Remove said Feign tag at the gateway. 6.根据权利要求1至5任一项所述的接口访问方法,其特征在于,所述利用虚拟专用网络根据所述目标内网地址对目标接口进行访问,包括:6. The interface access method according to any one of claims 1 to 5, wherein said utilizing a virtual private network to access the target interface according to the target intranet address comprises: 获取目标微服务的内网访问接口对应的内网注解信息;Obtain the intranet annotation information corresponding to the intranet access interface of the target microservice; 利用所述虚拟专用网络根据所述目标内网地址对所述目标接口进行访问,并利用所述内网注解信息对外网请求进行拦截。The virtual private network is used to access the target interface according to the target internal network address, and the external network request is intercepted by using the internal network annotation information. 7.一种接口访问装置,其特征在于,包括:7. An interface access device, characterized in that it comprises: 域名更换模块,用于当接收到内网资源访问请求时,将所述内网资源访问请求调用的公网域名更换为局域网域名;A domain name replacement module, configured to replace the public domain name invoked by the intranet resource access request with a local area network domain name when an intranet resource access request is received; 域名解析模块,用于对所述局域网域名进行解析,得到目标内网地址;A domain name resolution module, configured to resolve the domain name of the local area network to obtain a target intranet address; 接口访问模块,用于利用虚拟专用网络根据所述目标内网地址对目标接口进行访问。The interface access module is configured to use the virtual private network to access the target interface according to the target intranet address. 8.根据权利要求7所述的接口访问装置,其特征在于,所述接口访问装置,还可以,包括:8. The interface access device according to claim 7, characterized in that, the interface access device may also include: 内网标识添加模块,用于在所述内网资源访问请求对应的请求头上标记内网标识。The intranet identification adding module is configured to mark the intranet identification on the request header corresponding to the intranet resource access request. 9.一种接口访问设备,其特征在于,包括:9. An interface access device, characterized in that it comprises: 存储器,用于存储计算机程序;memory for storing computer programs; 处理器,用于执行所述计算机程序时实现如权利要求1至6任一项所述的接口访问方法的步骤。A processor, configured to implement the steps of the interface access method according to any one of claims 1 to 6 when executing the computer program. 10.一种计算机可读存储介质,其特征在于,所述可读存储介质上存储有程序,所述程序被处理器执行时实现如权利要求1至6任一项所述接口访问方法的步骤。10. A computer-readable storage medium, characterized in that a program is stored on the readable storage medium, and when the program is executed by a processor, the steps of the interface access method according to any one of claims 1 to 6 are implemented .
CN202310741873.7A 2023-06-21 2023-06-21 Interface access method, device, equipment and computer readable storage medium Pending CN116708359A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310741873.7A CN116708359A (en) 2023-06-21 2023-06-21 Interface access method, device, equipment and computer readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310741873.7A CN116708359A (en) 2023-06-21 2023-06-21 Interface access method, device, equipment and computer readable storage medium

Publications (1)

Publication Number Publication Date
CN116708359A true CN116708359A (en) 2023-09-05

Family

ID=87823683

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310741873.7A Pending CN116708359A (en) 2023-06-21 2023-06-21 Interface access method, device, equipment and computer readable storage medium

Country Status (1)

Country Link
CN (1) CN116708359A (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104038474A (en) * 2014-05-09 2014-09-10 深信服网络科技(深圳)有限公司 Internet access detection method and device
CN112272158A (en) * 2020-09-16 2021-01-26 厦门网宿有限公司 Data proxy method, system and proxy server
CN113364741A (en) * 2021-05-17 2021-09-07 网宿科技股份有限公司 Application access method and proxy server
CN113992382A (en) * 2021-10-22 2022-01-28 北京京东振世信息技术有限公司 Service data processing method and device, electronic equipment and storage medium
CN115622736A (en) * 2022-09-14 2023-01-17 北京车欢欢信息技术有限公司 Safety verification method, device, electronic equipment and storage medium
CN116208367A (en) * 2022-12-27 2023-06-02 中国航空油料有限责任公司 Access right control method, system, device, electronic equipment and medium

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104038474A (en) * 2014-05-09 2014-09-10 深信服网络科技(深圳)有限公司 Internet access detection method and device
CN112272158A (en) * 2020-09-16 2021-01-26 厦门网宿有限公司 Data proxy method, system and proxy server
CN113364741A (en) * 2021-05-17 2021-09-07 网宿科技股份有限公司 Application access method and proxy server
CN113992382A (en) * 2021-10-22 2022-01-28 北京京东振世信息技术有限公司 Service data processing method and device, electronic equipment and storage medium
CN115622736A (en) * 2022-09-14 2023-01-17 北京车欢欢信息技术有限公司 Safety verification method, device, electronic equipment and storage medium
CN116208367A (en) * 2022-12-27 2023-06-02 中国航空油料有限责任公司 Access right control method, system, device, electronic equipment and medium

Similar Documents

Publication Publication Date Title
US9985927B2 (en) Managing content delivery network service providers by a content broker
US9160703B2 (en) Request routing management based on network components
US8495220B2 (en) Managing CDN registration by a storage provider
US9172674B1 (en) Managing request routing information utilizing performance information
CN102884764B (en) Message receiving method, deep packet inspection device, and system
US20100138559A1 (en) Systems and methods for direction of communication traffic
WO2021057889A1 (en) Data processing method and apparatus, electronic device, and storage medium
CN112104640B (en) Data processing method, device and equipment of gateway and readable storage medium
CN114389886B (en) Access method, device, equipment and storage medium of virtual private cloud service
US11134117B1 (en) Network request intercepting framework for compliance monitoring
CN106330849A (en) Method and device for preventing domain name hijacking
CN101729491B (en) Method, device and system for enhancing application reliability of script-based business
CN111917900A (en) Request processing method and device for domain name proxy
CN107613037A (en) Method and system for domain name redirection
CN107181785A (en) Method for executing request instruction and related server
CN106992906A (en) Method and system for adjusting access rate
CN111865976A (en) Access control method, device and gateway
Reuther et al. A model for service-oriented communication systems
CN114285821B (en) Domain name resolution method, device, electronic device, storage medium and product
WO2023050933A1 (en) Method and apparatus for determining lost host
CN116708359A (en) Interface access method, device, equipment and computer readable storage medium
CN116436894A (en) Domain name policy configuration method, domain name policy matching method and related devices
CN114338809B (en) Access control method, device, electronic equipment and storage medium
CN117220903A (en) Secure access method and system for private network
US10958580B2 (en) System and method of performing load balancing over an overlay network

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination