feat: implement #7

Author: Cyaim

Cyaim.WebSocketServer/Cyaim.WebSocketServer.sln

@@ -1,7 +1,7 @@
 
 Microsoft Visual Studio Solution File, Format Version 12.00
 # Visual Studio Version 18
-VisualStudioVersion = 18.0.11217.181 d18.0
+VisualStudioVersion = 18.0.11217.181
 MinimumVisualStudioVersion = 10.0.40219.1
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Cyaim.WebSocketServer", "Cyaim.WebSocketServer\Cyaim.WebSocketServer.csproj", "{F1683A2D-FA48-4F06-B99D-AD9548EF060D}"
 EndProject
@@ -23,6 +23,8 @@ Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Cyaim.WebSocketServer.Examp
 EndProject
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Cyaim.WebSocketServer.Sample.Dashboard", "Sample\Cyaim.WebSocketServer.Sample.Dashboard\Cyaim.WebSocketServer.Sample.Dashboard.csproj", "{EA37AAED-D05E-A539-F096-B6520032CFD7}"
 EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Cyaim.WebSocketServer.Sample.AccessControl", "Sample\Cyaim.WebSocketServer.Sample.AccessControl\Cyaim.WebSocketServer.Sample.AccessControl.csproj", "{F9C82F6A-8725-6A10-C3AF-73406DCD1A61}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -129,6 +131,18 @@ Global
 		{EA37AAED-D05E-A539-F096-B6520032CFD7}.Release|x64.Build.0 = Release|Any CPU
 		{EA37AAED-D05E-A539-F096-B6520032CFD7}.Release|x86.ActiveCfg = Release|Any CPU
 		{EA37AAED-D05E-A539-F096-B6520032CFD7}.Release|x86.Build.0 = Release|Any CPU
+		{F9C82F6A-8725-6A10-C3AF-73406DCD1A61}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{F9C82F6A-8725-6A10-C3AF-73406DCD1A61}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{F9C82F6A-8725-6A10-C3AF-73406DCD1A61}.Debug|x64.ActiveCfg = Debug|Any CPU
+		{F9C82F6A-8725-6A10-C3AF-73406DCD1A61}.Debug|x64.Build.0 = Debug|Any CPU
+		{F9C82F6A-8725-6A10-C3AF-73406DCD1A61}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{F9C82F6A-8725-6A10-C3AF-73406DCD1A61}.Debug|x86.Build.0 = Debug|Any CPU
+		{F9C82F6A-8725-6A10-C3AF-73406DCD1A61}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{F9C82F6A-8725-6A10-C3AF-73406DCD1A61}.Release|Any CPU.Build.0 = Release|Any CPU
+		{F9C82F6A-8725-6A10-C3AF-73406DCD1A61}.Release|x64.ActiveCfg = Release|Any CPU
+		{F9C82F6A-8725-6A10-C3AF-73406DCD1A61}.Release|x64.Build.0 = Release|Any CPU
+		{F9C82F6A-8725-6A10-C3AF-73406DCD1A61}.Release|x86.ActiveCfg = Release|Any CPU
+		{F9C82F6A-8725-6A10-C3AF-73406DCD1A61}.Release|x86.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
@@ -137,6 +151,7 @@ Global
 		{26B4308D-3AC5-DB9D-4FCC-08761FD9E25D} = {8AB54424-C8DA-4B64-B84C-8E696D7939C7}
 		{1E66F9B8-2F53-49AC-FDE8-159A5AF78846} = {B0CA25E1-04AB-4C66-93B8-21DDF6CC996F}
 		{EA37AAED-D05E-A539-F096-B6520032CFD7} = {B0CA25E1-04AB-4C66-93B8-21DDF6CC996F}
+		{F9C82F6A-8725-6A10-C3AF-73406DCD1A61} = {B0CA25E1-04AB-4C66-93B8-21DDF6CC996F}
 	EndGlobalSection
 	GlobalSection(ExtensibilityGlobals) = postSolution
 		SolutionGuid = {5078C553-A1C2-42BD-9F21-BCDE0A70B225}

Cyaim.WebSocketServer/Cyaim.WebSocketServer/Infrastructure/AccessControl/AccessControlExtensions.cs

@@ -0,0 +1,66 @@
+using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.Configuration;
+using System;
+
+namespace Cyaim.WebSocketServer.Infrastructure.AccessControl
+{
+    /// <summary>
+    /// Extension methods for access control configuration / 访问控制配置扩展方法
+    /// </summary>
+    public static class AccessControlExtensions
+    {
+        /// <summary>
+        /// Add access control service / 添加访问控制服务
+        /// </summary>
+        /// <param name="services">Service collection / 服务集合</param>
+        /// <param name="configure">Configuration action / 配置操作</param>
+        /// <returns>Service collection / 服务集合</returns>
+        public static IServiceCollection AddAccessControl(
+            this IServiceCollection services,
+            Action<AccessControlPolicy> configure = null)
+        {
+            var policy = new AccessControlPolicy();
+            configure?.Invoke(policy);
+
+            services.AddSingleton(policy);
+            services.AddSingleton<AccessControlService>();
+
+            return services;
+        }
+
+        /// <summary>
+        /// Add access control service from configuration / 从配置添加访问控制服务
+        /// </summary>
+        /// <param name="services">Service collection / 服务集合</param>
+        /// <param name="configuration">Configuration / 配置</param>
+        /// <param name="sectionName">Configuration section name (default: "AccessControlPolicy") / 配置节名称（默认："AccessControlPolicy"）</param>
+        /// <returns>Service collection / 服务集合</returns>
+        public static IServiceCollection AddAccessControl(
+            this IServiceCollection services,
+            IConfiguration configuration,
+            string sectionName = "AccessControlPolicy")
+        {
+            var policy = new AccessControlPolicy();
+            configuration.GetSection(sectionName).Bind(policy);
+
+            services.AddSingleton(policy);
+            services.AddSingleton<AccessControlService>();
+
+            return services;
+        }
+
+        /// <summary>
+        /// Register geographic location provider / 注册地理位置提供者
+        /// </summary>
+        /// <typeparam name="T">Provider type / 提供者类型</typeparam>
+        /// <param name="services">Service collection / 服务集合</param>
+        /// <returns>Service collection / 服务集合</returns>
+        public static IServiceCollection AddGeoLocationProvider<T>(this IServiceCollection services)
+            where T : class, IGeoLocationProvider
+        {
+            services.AddSingleton<IGeoLocationProvider, T>();
+            return services;
+        }
+    }
+}
+

Cyaim.WebSocketServer/Cyaim.WebSocketServer/Infrastructure/AccessControl/AccessControlPolicy.cs

@@ -0,0 +1,100 @@
+using System.Collections.Generic;
+
+namespace Cyaim.WebSocketServer.Infrastructure.AccessControl
+{
+    /// <summary>
+    /// Access control policy for IP and geographic location filtering
+    /// IP 和地理位置访问控制策略
+    /// </summary>
+    public class AccessControlPolicy
+    {
+        /// <summary>
+        /// Enable access control / 启用访问控制
+        /// </summary>
+        public bool Enabled { get; set; } = false;
+
+        /// <summary>
+        /// IP whitelist / IP 白名单
+        /// Supports CIDR notation (e.g., "192.168.1.0/24") / 支持 CIDR 表示法（例如："192.168.1.0/24"）
+        /// </summary>
+        public List<string> IpWhitelist { get; set; } = new List<string>();
+
+        /// <summary>
+        /// IP blacklist / IP 黑名单
+        /// Supports CIDR notation (e.g., "10.0.0.0/8") / 支持 CIDR 表示法（例如："10.0.0.0/8"）
+        /// </summary>
+        public List<string> IpBlacklist { get; set; } = new List<string>();
+
+        /// <summary>
+        /// Country whitelist (ISO 3166-1 alpha-2 country codes, e.g., "CN", "US") / 国家白名单（ISO 3166-1 alpha-2 国家代码，例如："CN", "US"）
+        /// </summary>
+        public List<string> CountryWhitelist { get; set; } = new List<string>();
+
+        /// <summary>
+        /// Country blacklist (ISO 3166-1 alpha-2 country codes) / 国家黑名单（ISO 3166-1 alpha-2 国家代码）
+        /// </summary>
+        public List<string> CountryBlacklist { get; set; } = new List<string>();
+
+        /// <summary>
+        /// City whitelist (format: "CountryCode:CityName", e.g., "CN:Beijing", "US:New York") / 城市白名单（格式："CountryCode:CityName"，例如："CN:Beijing", "US:New York"）
+        /// </summary>
+        public List<string> CityWhitelist { get; set; } = new List<string>();
+
+        /// <summary>
+        /// City blacklist (format: "CountryCode:CityName") / 城市黑名单（格式："CountryCode:CityName"）
+        /// </summary>
+        public List<string> CityBlacklist { get; set; } = new List<string>();
+
+        /// <summary>
+        /// Region whitelist (format: "CountryCode:RegionName", e.g., "CN:Beijing", "US:California") / 地区白名单（格式："CountryCode:RegionName"，例如："CN:Beijing", "US:California"）
+        /// </summary>
+        public List<string> RegionWhitelist { get; set; } = new List<string>();
+
+        /// <summary>
+        /// Region blacklist (format: "CountryCode:RegionName") / 地区黑名单（格式："CountryCode:RegionName"）
+        /// </summary>
+        public List<string> RegionBlacklist { get; set; } = new List<string>();
+
+        /// <summary>
+        /// Action when access is denied / 拒绝访问时的操作
+        /// </summary>
+        public AccessDeniedAction DeniedAction { get; set; } = AccessDeniedAction.CloseConnection;
+
+        /// <summary>
+        /// Custom denial message / 自定义拒绝消息
+        /// </summary>
+        public string DenialMessage { get; set; } = "Access denied";
+
+        /// <summary>
+        /// Enable geographic location lookup / 启用地理位置查询
+        /// </summary>
+        public bool EnableGeoLocationLookup { get; set; } = true;
+
+        /// <summary>
+        /// Cache geographic location results (in seconds) / 缓存地理位置查询结果（秒）
+        /// </summary>
+        public int GeoLocationCacheSeconds { get; set; } = 3600; // 1 hour
+    }
+
+    /// <summary>
+    /// Action to take when access is denied / 拒绝访问时的操作
+    /// </summary>
+    public enum AccessDeniedAction
+    {
+        /// <summary>
+        /// Close connection immediately / 立即关闭连接
+        /// </summary>
+        CloseConnection,
+
+        /// <summary>
+        /// Return HTTP 403 Forbidden / 返回 HTTP 403 Forbidden
+        /// </summary>
+        ReturnForbidden,
+
+        /// <summary>
+        /// Return HTTP 401 Unauthorized / 返回 HTTP 401 Unauthorized
+        /// </summary>
+        ReturnUnauthorized
+    }
+}
+