Detailed Description
The following description of the embodiments of the present application will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are some, but not all, of the embodiments of the present application. All other embodiments, which can be made by one of ordinary skill in the art without undue burden from the present disclosure, are within the scope of the present disclosure.
The flow diagrams depicted in the figures are merely illustrative and not necessarily all of the elements and operations/steps are included or performed in the order described. For example, some operations/steps may be further divided, combined, or partially combined, so that the order of actual execution may be changed according to actual situations. Some embodiments of the present application are described in detail below with reference to the accompanying drawings. The following embodiments and features of the embodiments may be combined with each other without conflict.
At present, the micro-server has the advantages of independent deployment, accurate scaling of components or services in the micro-server and high expandability, so that the micro-server is widely applied by large enterprises to establish an external service system or an internal system. However, the number of micro-service ends in the system is large, the calling relationship among the micro-service ends is chaotic, the service provider cannot know all the dependent calling parties, and the security risk of illegal calling exists.
In order to solve the above problems, the embodiments of the present application provide a method, an apparatus, a server, a system, and a medium for controlling call permission of a micro service, where the call permission control method obtains a call permission configuration request including call permission information of the micro service, then sends an approval request of the call permission information to an approval system, the approval system approves the call permission information in the approval request to obtain an approval result of the call permission information, finally obtains the approval result of the call permission information sent by the approval system, and sends the call permission information to a distributed storage system to store when the approval result is approved, so that when a service call request sent by a service caller is detected by the micro service end, the service call request can be checked based on the corresponding call permission information in the distributed storage system, and if the service call request passes the check, the service call request is responded to call the corresponding micro service, thereby avoiding illegal call of the micro service, and greatly improving call security of the micro service.
Referring to fig. 1, fig. 1 is a schematic diagram of a network structure for implementing a method for controlling call authority of a micro service according to an embodiment of the present application. As shown in fig. 1, the network structure includes a server 11, an approval system 12, a distributed storage system 13 and a micro service cluster 14, wherein the server 100 is respectively in communication connection with the approval system 12, the distributed storage system 13 and the micro service cluster 14, and the distributed storage system 13 is in communication connection with the micro service cluster 14. The micro service cluster 14 includes a plurality of micro services, the server 11 is configured to configure, change, and delete the call authority information of the micro services, the approval system 12 is configured to approve the call authority information of the micro services, and the distributed storage system is configured to store the call authority information configured for the micro services.
In one embodiment, the server 11 obtains the call authority information of the micro service to be configured with the call authority, and sends an approval request of the call authority information to the approval system 12; after receiving the approval request sent by the server 11, the approval system 12 approves the call authority information in the approval request, and returns an approval result of the call authority information to the server 11; the server 11 acquires an approval result sent by the approval system, and sends the calling authority information to the distributed storage system 13 for storage when the approval result is approval passing; when detecting a service call request of a service caller, the micro server checks the service call request based on the corresponding call authority information in the distributed storage system 13, and if the service call request passes the check, the micro server responds to the service call request.
In an embodiment, a micro server intercepts a service call request sent by a service calling party through a preset SDK, wherein the service call request is used for requesting to call a service provider, and the service call request comprises service call information; acquiring calling authority information of a service provider (namely micro-service installed on a micro-server) from the distributed storage system 13 through a preset SDK; determining whether the service calling party has the authority for calling the service provider according to the calling authority information and the service calling information; if the service calling party has the authority of calling the service provider, responding to the service calling request; and if the service calling party does not have the authority for calling the service provider, sending abnormal calling information to the server.
Hereinafter, a method for controlling call authority of a micro service provided in an embodiment of the present application will be described in detail with reference to a network structure in fig. 1. It should be noted that, the network structure in fig. 1 is only used to explain the method for controlling the call authority of the micro service provided in the embodiment of the present application, but does not form a limitation on the application scenario of the method for controlling the call authority of the micro service provided in the embodiment of the present application.
Referring to fig. 2, fig. 2 is a schematic flow chart of a method for controlling call authority of a micro service according to an embodiment of the present application. The method for controlling the calling authority of the micro-service provided by the embodiment can be applied to a server.
As shown in fig. 2, the call authority control method of the micro service includes steps S101 to S103.
Step S101, acquiring calling authority information of the micro service of which the calling authority is to be configured.
The calling authority information comprises a micro service identifier of a micro service (service provider) of the calling authority to be configured, a micro service identifier of at least one service calling party, and an interface identifier of at least one interface used by the at least one service calling party to call the service provider. It is understood that the call authority of different micro services may be the same or different, which is not specifically limited in this embodiment.
The terminal equipment displays a calling authority configuration page of the micro service; responding to the calling authority information input by the user in the calling authority configuration page; responding to the triggering operation of the user to the confirmation key in the permission configuration page, and sending the permission information to the server; the server acquires calling authority information sent by the terminal equipment.
Step S102, an approval request for calling the authority information is sent to an approval system, and an approval result of the calling the authority information returned by the approval system based on the approval request is obtained.
The approval system acquires call authority information to be approved from the approval request, and determines a target approval chain of the call authority information; based on the target approval chain, approving the calling authority information; judging whether the approval of the calling authority information is finished or not at regular time, and if the approval of the calling authority information is confirmed, acquiring an approval result of each approval node in the target approval chain on the calling authority information; and determining a final approval result of the calling authority information according to the approval result of each approval node on the calling authority information, and sending the approval result of the calling authority information to the server.
For example, the manner in which the approval system determines the target approval chain of the call permission information may be: the approval system counts the number of service invokers in the invocation permission information to obtain the number of service invokers; and determining a target approval chain of the call authority information from a plurality of preset approval chains according to the number of the service call parties. The number of approval nodes in the target approval chain is greater as the number of service invokers is greater, and the number of approval nodes in the target approval chain is smaller as the number of service invokers is greater, so that the preset approval chain can be set based on actual conditions.
The method for determining the target approval chain of the call authority information from the preset multiple approval chains by the approval system according to the number of the service call parties may be: the approval system determines a preset quantity range in which the quantity of the service calling parties is located, and acquires a mapping relation between a pre-stored quantity range and an approval chain; and determining a target approval chain of the calling authority information from a plurality of preset approval chains according to the mapping relation and the preset quantity range of the quantity of the service calling parties. The mapping relationship between the pre-stored number range and the approval chain can be set by the user, which is not particularly limited in this embodiment.
In one embodiment, the server determines an approval level of the call permission information before sending an approval request to the approval system; determining a target approval chain for calling authority information from a plurality of preset approval chains according to the approval level; and generating an approval request according to the calling authority information and the target approval chain. The approval request comprises call authority information of to-be-approved and a target approval chain, the number of approval nodes in the target approval chain is increased as the approval level is higher, and the number of approval nodes in the target approval chain is also decreased as the approval level is higher.
The approval system acquires call authority information and a target approval chain to be approved from the approval request; based on the target approval chain, approving the calling authority information; judging whether the approval of the calling authority information is finished or not at regular time, and if the approval of the calling authority information is confirmed, acquiring an approval result of each approval node in the target approval chain on the calling authority information; and determining a final approval result of the calling authority information according to the approval result of each approval node on the calling authority information, and sending the approval result of the calling authority information to the server.
For example, the manner in which the server determines the approval level of the call permission information may be: determining the number of service invokers in the invocation permission information to obtain the number of service invokers, and/or determining the importance level of each service invoker in the invocation permission information; and determining the approval level of the calling authority information according to the number of the service calling parties and/or the importance level of each service calling party.
For example, according to the number of service invokers, the manner of determining the approval level of the invocation permission information may be: the server determines a preset number range in which the number of service calling parties is located, and acquires a mapping relation between a pre-stored number range and an approval level; and determining the approval level of the calling authority information according to the mapping relation and the preset quantity range of the quantity of the service calling parties.
For example, according to the importance level of each service caller, the manner of determining the approval level of the call authority information may be: comparing the importance level of each service caller to obtain the highest importance level; and determining the approval level of the calling authority information based on the highest importance level and the mapping relation between the prestored importance level and the approval level.
For example, according to the number of service invokers and the importance level of each service invoker, the manner of determining the approval level of the invocation permission information may be: determining a first trial class of the calling authority information according to the number of the service calling parties; determining a second trial class of the calling authority information according to the importance level of each service calling party; if the first approval level is greater than the second approval level, determining the first approval level as the approval level of the calling authority information; and if the first approval level is smaller than the second approval level, determining the second approval level as the approval level of the calling authority information.
And step S103, when the approval result is that the approval is passed, the calling authority information is sent to the distributed storage system for storage.
The distributed storage system is used for storing calling authority information of a plurality of micro services, and the micro service end is in communication connection with the distributed storage system, so that the micro service end can acquire the configured calling authority information from the distributed storage system. Alternatively, the distributed storage system may be a Zookeeper.
In an embodiment, if the micro server detects a service call request sent by a service caller (other micro service), the service call request is verified based on call authority information of the micro service installed by the micro server in the distributed storage system, if the service call request passes the verification, the service call request is responded to, the micro service is called, and if the service call request does not pass the verification, call exception information is sent to the server. Wherein the remote procedure call (Remote Procedure Call, RPC) between micro services comprises a Feign call, i.e. the service call request comprises a Feign call request. The Feign is a calling framework of the service consumption end in the spring group, so that HTTP API can be called more quickly and gracefully.
Illustratively, each micro server as a service provider is provided with a preset Software Development Kit (SDK) for intercepting a service call request sent by the micro server as a service caller and acquiring configured call authority information from a distributed storage system.
The micro server intercepts a service call request sent by a service calling party through a preset SDK, and acquires call authority information of the service provider from a distributed storage system through the preset SDK; acquiring service calling information from the service calling request, and determining whether a service calling party has the authority of calling a service provider according to the calling authority information and the service calling information; if the service calling party has the authority of calling the service provider, responding to the service calling request; and if the service calling party does not have the authority to call the service provider, sending call exception information to the server.
In an embodiment, a server acquires service call information sent by any micro service, wherein the service call information comprises a first micro service identifier of a service provider and a second micro service identifier of the service caller; acquiring calling authority information corresponding to the first micro-service identifier from a distributed storage system; determining whether the service calling party has the authority for calling the service provider according to the acquired calling authority information and the service calling information; if the service calling party does not have the authority for calling the service provider, the preset alarm information is sent to the terminal equipment corresponding to the service calling party, so that the terminal equipment outputs the preset alarm information. The preset alarm information is used for prompting the user to have illegally called micro-services.
The service calling information further comprises a first interface identifier of an interface used by the service calling party for calling the service provider, and the calling authority information of the service provider comprises a third micro service identifier of at least one service calling party and a second interface identifier of at least one interface used by the service calling party for calling the service provider.
Illustratively, determining whether the at least one third micro-service identifier includes a second micro-service identifier, and determining whether the at least one second interface identifier includes a first interface identifier; if at least one third micro service identifier comprises a second micro service identifier and at least one second interface identifier comprises a first interface identifier, determining that the service calling party has the authority of calling the service provider; and if the at least one third micro service identifier does not contain the second micro service identifier or the at least one second interface identifier does not contain the first interface identifier, determining that the service caller does not have the authority to call the service provider.
According to the call authority control method provided by the embodiment, the call authority configuration request containing the call authority information of the micro-service is obtained, then the approval request of the call authority information is sent to the approval system, the approval system approves the call authority information in the approval request to obtain the approval result of the call authority information, finally the approval result of the call authority information sent by the approval system is obtained, and when the approval result is approval passing, the call authority information is sent to the distributed storage system to be stored, so that when the micro-service end detects the service call request sent by the service calling party, the service call request can be checked based on the corresponding call authority information in the distributed storage system, and if the service call request passes the check, the service call request is responded to call the corresponding micro-service, thereby avoiding illegal call of the micro-service and greatly improving the call safety of the micro-service.
Referring to fig. 3, fig. 3 is a flowchart illustrating a procedure of another method for controlling call authority of a micro service according to an embodiment of the present application. The call authority control method provided by the embodiment is applied to the micro server.
As shown in fig. 3, the call authority control method of the micro service includes steps S201 to S205.
Step S201, intercepting a service call request sent by a service calling party through a preset SDK.
The service call request is used for requesting to call the service provider, the service call request comprises service call information of the service caller, the service call information comprises a first micro-service identifier of the service provider, a second micro-service identifier of the service caller and a first interface identifier of an interface used by the service caller for calling the service provider, each micro-service end serving as the service provider is provided with a preset Software Development Kit (SDK) used for intercepting the service call request sent by the micro-service serving as the service caller and acquiring configured call authority information from the distributed storage system.
Step S202, call authority information of a service provider is obtained from a distributed storage system through a preset SDK.
The distributed storage system stores a plurality of calling authority information of micro services serving as service providers. Alternatively, the distributed storage system may be a Zookeeper. The call authority information of the service provider includes a third micro service identification of the at least one service caller and a second interface identification of the at least one interface used by the at least one service caller to invoke the service provider.
Step S203, determining whether the service caller has the authority to call the service provider according to the call authority information and the service call information.
Illustratively, determining whether the at least one third micro-service identifier includes a second micro-service identifier, and determining whether the at least one second interface identifier includes a first interface identifier; if at least one third micro service identifier comprises a second micro service identifier and at least one second interface identifier comprises a first interface identifier, determining that the service calling party has the authority of calling the service provider; and if the at least one third micro service identifier does not contain the second micro service identifier or the at least one second interface identifier does not contain the first interface identifier, determining that the service caller does not have the authority to call the service provider.
Step S204, if the service calling party has the authority to call the service provider, responding to the service calling request.
Illustratively, the manner of responding to the service invocation request may be: calling a micro-service end serving as a service provider based on the second micro-service identifier and the second interface identifier of the service provider to obtain response data, and sending the response data to the micro-service end serving as the service caller based on the first micro-service identifier of the service caller.
Step S205, if the service calling party does not have the authority to call the service provider, the calling exception information is sent to the server.
The calling exception information comprises a micro-service identifier of a service calling party, a micro-service identifier of a service provider, an interface identifier of an interface used by the service calling party for calling the service provider and a calling exception identifier, wherein the calling exception identifier is used for indicating that calling of the micro-service serving as the service calling party is abnormal.
According to the micro-service calling authority control method provided by the embodiment, the service provider acquires the calling authority information of the service provider from the distributed storage system by intercepting the service calling request sent by the service caller, and then determines whether the service caller has the authority to call the service provider or not based on the calling authority information and the service calling information in the service calling request, so that when the service caller has the authority to call the service provider, the service calling request is responded, and when the service caller does not have the authority to call the service provider, the service calling request is not responded, and calling abnormal information is sent to the server, so that illegal calling of the micro-service is avoided, and the calling safety of the micro-service is greatly improved.
Referring to fig. 4, fig. 4 is a schematic block diagram of a micro service call authority control device according to an embodiment of the present application.
As shown in fig. 4, the call authority control device 300 of the micro service includes:
an obtaining module 310, configured to obtain call authority information of a micro service to which call authority is to be configured;
a sending module 320, configured to send an approval request of the invoking authority information to an approval system;
the obtaining module 310 is further configured to obtain an approval result of the call permission information returned by the approval system based on the approval request;
the sending module 320 is further configured to send the call permission information to a distributed storage system for storage when the approval result is approval passing, so that when the micro server detects a service call request of a service caller, the micro server checks the service call request based on the corresponding call permission information in the distributed storage system, and if the service call request passes the check, the micro server responds to the service call request.
In one embodiment, as shown in fig. 5, the micro service call authority control device 300 further includes:
a determining module 330, configured to determine an approval level of the call authority information;
The determining module 330 is further configured to determine, according to the approval level, a target approval chain of the call authority information from a plurality of preset approval chains;
and the generating module 340 is configured to generate the approval request according to the call authority information and the target approval chain.
In an embodiment, the determining module 330 is further configured to:
determining the number of service invokers in the invocation permission information to obtain the number of service invokers, and/or determining the importance level of each service invoker in the invocation permission information;
and determining the approval level of the calling authority information according to the number of the service calling parties and/or the importance level of each service calling party.
In an embodiment, the obtaining module 310 is further configured to obtain service invocation information sent by any micro service, where the service invocation information includes a first micro service identifier of a service provider and a second micro service identifier of the service caller;
the obtaining module 310 is further configured to obtain, from the distributed storage system, the call permission information corresponding to the first micro service identifier;
the determining module 330 is further configured to determine, according to the obtained call authority information and the service call information, whether the service caller has an authority to call the service provider;
The sending module 320 is further configured to send preset alert information to a terminal device corresponding to the service caller if the service caller does not have the authority to invoke the service provider.
In an embodiment, the service invocation information further includes a first interface identifier of an interface used by the service caller to invoke the service provider, the invocation authority information includes a third micro service identifier of at least one service caller and a second interface identifier of at least one interface used by the service caller to invoke the service provider, and the determining module 330 is further configured to:
determining whether at least one third micro service identifier comprises the second micro service identifier or not, and determining whether at least one second interface identifier comprises the first interface identifier or not;
if at least one third micro service identifier comprises the second micro service identifier and at least one second interface identifier comprises the first interface identifier, determining that the service calling party has the authority to call the service provider;
and if at least one third micro service identifier does not contain the second micro service identifier or at least one second interface identifier does not contain the first interface identifier, determining that the service caller does not have the authority to call the service provider.
Referring to fig. 6, fig. 6 is a schematic block diagram of another micro service call authority control device according to an embodiment of the present application.
As shown in fig. 6, the call authority control device 400 of the micro service includes:
an interception module 410, configured to intercept a service call request sent by a service caller, where the service call request is used to request to call a service provider, and the service call request includes service call information;
an obtaining module 420, configured to obtain, from a distributed storage system through the preset SDK, call permission information of the service provider;
a determining module 430, configured to determine, according to the call authority information and the service call information, whether the service caller has an authority to call the service provider;
a response module 440, configured to respond to the service call request if the service caller has the authority to call the service provider;
and the sending module 450 is configured to send call exception information to a server if the service caller does not have the authority to call the service provider.
It should be noted that, for convenience and brevity of description, specific working processes of the above-described apparatus and modules and units may refer to corresponding processes in the foregoing embodiments of the micro-service invocation authority control method, which are not described herein again.
Referring to fig. 7, fig. 7 is a schematic block diagram of a server according to an embodiment of the present application.
As shown in fig. 7, the server includes a processor, a memory, and a network interface connected by a system bus, wherein the memory may include a storage medium and an internal memory.
The storage medium may store an operating system and a computer program. The computer program includes program instructions that, when executed, cause the processor to perform any of the call authority control methods for the micro-services.
The processor is used to provide computing and control capabilities, supporting the operation of the entire server.
The network interface is used for network communication such as transmitting assigned tasks and the like. It will be appreciated by those skilled in the art that the structure shown in fig. 7 is merely a block diagram of a portion of the structure associated with the present application and is not limiting of the server to which the present application applies, and that a particular server may include more or fewer components than shown, or may combine some of the components, or have a different arrangement of components.
It should be appreciated that the processor may be a central processing unit (Central Processing Unit, CPU), but may also be other general purpose processors, digital signal processors (Digital Signal Processor, DSP), application specific integrated circuits (Application Specific Integrated Circuit, ASIC), field-programmable gate arrays (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, or the like. Wherein the general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
Wherein, in an embodiment, the processor is configured to execute a computer program stored in the memory to implement the steps of:
acquiring call authority information of micro-services of which call authorities are to be configured;
sending an approval request of the call authority information to an approval system, and acquiring an approval result of the call authority information returned by the approval system based on the approval request;
and when the approval result is that the approval is passed, the calling authority information is sent to a distributed storage system for storage, so that when the micro server detects a service calling request of a service calling party, the service calling request is checked based on the corresponding calling authority information in the distributed storage system, and if the service calling request passes the check, the service calling request is responded.
In an embodiment, before implementing the approval request for sending the call permission information to the approval system, the processor is further configured to implement:
determining the approval level of the calling authority information;
determining a target approval chain of the calling authority information from a plurality of preset approval chains according to the approval grade;
and generating the approval request according to the calling authority information and the target approval chain.
In an embodiment, the processor, when implementing determining the approval level of the call permission information, is configured to implement:
determining the number of service invokers in the invocation permission information to obtain the number of service invokers, and/or determining the importance level of each service invoker in the invocation permission information;
and determining the approval level of the calling authority information according to the number of the service calling parties and/or the importance level of each service calling party.
In an embodiment, the distributed storage system stores call authority information of a plurality of the micro services, and the processor is further configured to implement the following steps:
acquiring service calling information sent by any micro service, wherein the service calling information comprises a first micro service identifier of a service provider and a second micro service identifier of the service caller;
acquiring the calling authority information corresponding to the first micro-service identifier from the distributed storage system;
determining whether the service calling party has the authority for calling the service provider according to the acquired calling authority information and the service calling information;
and if the service calling party does not have the authority to call the service provider, sending preset alarm information to the terminal equipment corresponding to the service calling party.
In an embodiment, the service calling information further includes a first interface identifier of an interface used by the service caller to call the service provider, the calling authority information includes a third micro service identifier of at least one service caller and a second interface identifier of at least one interface used by the service caller to call the service provider, and the processor is configured to, when implementing determining whether the service caller has authority to call the service provider according to the obtained calling authority information and the service calling information:
determining whether at least one third micro service identifier comprises the second micro service identifier or not, and determining whether at least one second interface identifier comprises the first interface identifier or not;
if at least one third micro service identifier comprises the second micro service identifier and at least one second interface identifier comprises the first interface identifier, determining that the service calling party has the authority to call the service provider;
and if at least one third micro service identifier does not contain the second micro service identifier or at least one second interface identifier does not contain the first interface identifier, determining that the service caller does not have the authority to call the service provider.
It should be noted that, for convenience and brevity of description, a specific working process of the server described above may refer to a corresponding process in the foregoing embodiment of the method for controlling call authority of the micro service, which is not described herein again.
From the above description of embodiments, it will be apparent to those skilled in the art that the present application may be implemented in software plus a necessary general purpose hardware platform. Based on such understanding, the technical solutions of the present application may be embodied essentially or in a part contributing to the prior art in the form of a software product, which may be stored in a storage medium, such as a ROM/RAM, a magnetic disk, an optical disk, etc., including several instructions to cause a server (which may be a personal computer, a server, or a network device, etc.) to perform the methods described in the embodiments or some parts of the embodiments of the present application.
Referring to fig. 8, fig. 8 is a schematic block diagram of a micro-service invocation authority control system according to an embodiment of the present application.
As shown in fig. 8, the call authority control system 500 of the micro service includes: the distributed storage system 510, the micro service cluster 520 and the server 530, wherein the distributed storage system 510 is respectively connected with the micro service cluster 520 and the server 530, and the server 530 is in communication connection with the micro service cluster 520. Wherein the micro service cluster 520 includes a plurality of micro services.
It should be noted that, for convenience and brevity of description, a specific working process of the above-described micro service invocation permission control system may refer to a corresponding process in the foregoing micro service invocation permission control method embodiment, which is not described herein again.
Embodiments of the present application further provide a computer readable storage medium, where a computer program is stored, where the computer program includes program instructions, and a method implemented when the program instructions are executed may refer to embodiments of a method for controlling call authority of a microservice according to the present application.
Wherein the computer readable storage medium may be volatile or nonvolatile. The computer readable storage medium may be an internal storage unit of the server according to the foregoing embodiment, for example, a hard disk or a memory of the server. The computer readable storage medium may also be an external storage device of the server, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), or the like, which are provided on the server.
Further, the computer-readable storage medium may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function, and the like; the storage data area may store data created from the use of blockchain nodes, and the like.
The blockchain referred to in the application is a novel application mode of computer technologies such as distributed data storage, point-to-point transmission, consensus mechanism, encryption algorithm and the like. The Blockchain (Blockchain), which is essentially a decentralised database, is a string of data blocks that are generated by cryptographic means in association, each data block containing a batch of information of network transactions for verifying the validity of the information (anti-counterfeiting) and generating the next block. The blockchain may include a blockchain underlying platform, a platform product services layer, an application services layer, and the like.
It is to be understood that the terminology used in the description of the present application is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used in this specification and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.
It should also be understood that the term "and/or" as used in this specification and the appended claims refers to any and all possible combinations of one or more of the associated listed items, and includes such combinations. It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or system that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or system. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or system that comprises the element.
The foregoing embodiment numbers of the present application are merely for describing, and do not represent advantages or disadvantages of the embodiments. While the invention has been described with reference to certain preferred embodiments, it will be understood by those skilled in the art that various changes and substitutions of equivalents may be made and equivalents will be apparent to those skilled in the art without departing from the scope of the invention. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.