From 2ece725b6328dd061315b440c309a5b055dc40db Mon Sep 17 00:00:00 2001 From: yaoxuwan Date: Fri, 31 May 2024 18:11:13 +0800 Subject: [PATCH] =?UTF-8?q?feat:=20=E6=94=AF=E6=8C=81=E6=A0=A1=E9=AA=8Cdev?= =?UTF-8?q?x=20token=20#2223?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../interceptor/devx/DevXProperties.kt | 12 +++++++ .../bkrepo/fs/server/handler/LoginHandler.kt | 18 +++++++--- .../fs/server/request/DevxLoginRequest.kt | 32 ++++++++++++++++++ .../fs/server/response/DevxTokenInfo.kt | 33 +++++++++++++++++++ .../fs/server/utils/DevxWorkspaceUtils.kt | 24 ++++++++++++++ 5 files changed, 115 insertions(+), 4 deletions(-) create mode 100644 src/backend/fs/boot-fs-server/src/main/kotlin/com/tencent/bkrepo/fs/server/request/DevxLoginRequest.kt create mode 100644 src/backend/fs/boot-fs-server/src/main/kotlin/com/tencent/bkrepo/fs/server/response/DevxTokenInfo.kt diff --git a/src/backend/common/common-security/src/main/kotlin/com/tencent/bkrepo/common/security/interceptor/devx/DevXProperties.kt b/src/backend/common/common-security/src/main/kotlin/com/tencent/bkrepo/common/security/interceptor/devx/DevXProperties.kt index da466fa6f8..9a42d1118f 100644 --- a/src/backend/common/common-security/src/main/kotlin/com/tencent/bkrepo/common/security/interceptor/devx/DevXProperties.kt +++ b/src/backend/common/common-security/src/main/kotlin/com/tencent/bkrepo/common/security/interceptor/devx/DevXProperties.kt @@ -119,4 +119,16 @@ data class DevXProperties( * 应用devX拦截器的接口 */ var includePatterns: List = emptyList(), + + /** + * 校验devx token接口url + */ + var validateTokenUrl: String = "", + + /** + * 校验devx token接口的认证token + */ + var authToken: String = "", + + ) diff --git a/src/backend/fs/boot-fs-server/src/main/kotlin/com/tencent/bkrepo/fs/server/handler/LoginHandler.kt b/src/backend/fs/boot-fs-server/src/main/kotlin/com/tencent/bkrepo/fs/server/handler/LoginHandler.kt index e358e493e0..f032643ab8 100644 --- a/src/backend/fs/boot-fs-server/src/main/kotlin/com/tencent/bkrepo/fs/server/handler/LoginHandler.kt +++ b/src/backend/fs/boot-fs-server/src/main/kotlin/com/tencent/bkrepo/fs/server/handler/LoginHandler.kt @@ -42,6 +42,7 @@ import com.tencent.bkrepo.fs.server.constant.JWT_CLAIMS_PERMIT import com.tencent.bkrepo.fs.server.constant.JWT_CLAIMS_REPOSITORY import com.tencent.bkrepo.fs.server.context.ReactiveArtifactContextHolder import com.tencent.bkrepo.fs.server.pojo.DevxLoginResponse +import com.tencent.bkrepo.fs.server.request.DevxLoginRequest import com.tencent.bkrepo.fs.server.request.IoaLoginRequest import com.tencent.bkrepo.fs.server.service.PermissionService import com.tencent.bkrepo.fs.server.utils.DevxWorkspaceUtils @@ -86,11 +87,20 @@ class LoginHandler( } suspend fun devxLogin(request: ServerRequest): ServerResponse { - val workspace = DevxWorkspaceUtils.getWorkspace().awaitSingleOrNull() ?: throw AuthenticationException() + val devxToken = request.bodyToMono(DevxLoginRequest::class.java).awaitSingleOrNull()?.token val repoName = request.pathVariable(REPO_NAME) - val userId = createUser(workspace) - val token = createToken(workspace.projectId, repoName, userId) - val response = DevxLoginResponse(workspace.projectId, token) + val response = if (devxToken.isNullOrEmpty()) { + val workspace = DevxWorkspaceUtils.getWorkspace().awaitSingleOrNull() ?: throw AuthenticationException() + val userId = createUser(workspace) + val token = createToken(workspace.projectId, repoName, userId) + DevxLoginResponse(workspace.projectId, token) + } else { + val devxTokenInfo = DevxWorkspaceUtils.validateToken(devxToken).awaitSingle() + createUser(devxTokenInfo.userId) + val token = createToken(devxTokenInfo.projectId, repoName, devxTokenInfo.userId) + DevxLoginResponse(devxTokenInfo.projectId, token) + } + return ReactiveResponseBuilder.success(response) } diff --git a/src/backend/fs/boot-fs-server/src/main/kotlin/com/tencent/bkrepo/fs/server/request/DevxLoginRequest.kt b/src/backend/fs/boot-fs-server/src/main/kotlin/com/tencent/bkrepo/fs/server/request/DevxLoginRequest.kt new file mode 100644 index 0000000000..1069930d65 --- /dev/null +++ b/src/backend/fs/boot-fs-server/src/main/kotlin/com/tencent/bkrepo/fs/server/request/DevxLoginRequest.kt @@ -0,0 +1,32 @@ +/* + * Tencent is pleased to support the open source community by making BK-CI 蓝鲸持续集成平台 available. + * + * Copyright (C) 2024 THL A29 Limited, a Tencent company. All rights reserved. + * + * BK-CI 蓝鲸持续集成平台 is licensed under the MIT license. + * + * A copy of the MIT License is included in this file. + * + * + * Terms of the MIT License: + * --------------------------------------------------- + * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated + * documentation files (the "Software"), to deal in the Software without restriction, including without limitation the + * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all copies or substantial portions of + * the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT + * LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN + * NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, + * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE + * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + */ + +package com.tencent.bkrepo.fs.server.request + +data class DevxLoginRequest( + val token: String? +) diff --git a/src/backend/fs/boot-fs-server/src/main/kotlin/com/tencent/bkrepo/fs/server/response/DevxTokenInfo.kt b/src/backend/fs/boot-fs-server/src/main/kotlin/com/tencent/bkrepo/fs/server/response/DevxTokenInfo.kt new file mode 100644 index 0000000000..935a26a1d6 --- /dev/null +++ b/src/backend/fs/boot-fs-server/src/main/kotlin/com/tencent/bkrepo/fs/server/response/DevxTokenInfo.kt @@ -0,0 +1,33 @@ +/* + * Tencent is pleased to support the open source community by making BK-CI 蓝鲸持续集成平台 available. + * + * Copyright (C) 2024 THL A29 Limited, a Tencent company. All rights reserved. + * + * BK-CI 蓝鲸持续集成平台 is licensed under the MIT license. + * + * A copy of the MIT License is included in this file. + * + * + * Terms of the MIT License: + * --------------------------------------------------- + * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated + * documentation files (the "Software"), to deal in the Software without restriction, including without limitation the + * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all copies or substantial portions of + * the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT + * LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN + * NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, + * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE + * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + */ + +package com.tencent.bkrepo.fs.server.response + +data class DevxTokenInfo( + val userId: String, + val projectId: String +) diff --git a/src/backend/fs/boot-fs-server/src/main/kotlin/com/tencent/bkrepo/fs/server/utils/DevxWorkspaceUtils.kt b/src/backend/fs/boot-fs-server/src/main/kotlin/com/tencent/bkrepo/fs/server/utils/DevxWorkspaceUtils.kt index 8e60f07ee0..069fa1b236 100644 --- a/src/backend/fs/boot-fs-server/src/main/kotlin/com/tencent/bkrepo/fs/server/utils/DevxWorkspaceUtils.kt +++ b/src/backend/fs/boot-fs-server/src/main/kotlin/com/tencent/bkrepo/fs/server/utils/DevxWorkspaceUtils.kt @@ -28,12 +28,16 @@ package com.tencent.bkrepo.fs.server.utils import com.google.common.cache.CacheBuilder +import com.tencent.bkrepo.common.api.exception.ErrorCodeException +import com.tencent.bkrepo.common.api.message.CommonMessageCode import com.tencent.bkrepo.common.api.util.toJsonString import com.tencent.bkrepo.common.security.interceptor.devx.ApiAuth import com.tencent.bkrepo.common.security.interceptor.devx.DevXProperties import com.tencent.bkrepo.common.security.interceptor.devx.DevXWorkSpace import com.tencent.bkrepo.common.security.interceptor.devx.QueryResponse import com.tencent.bkrepo.fs.server.context.ReactiveRequestContextHolder +import com.tencent.bkrepo.fs.server.response.DevxTokenInfo +import com.tencent.devops.api.pojo.Response import kotlinx.coroutines.reactor.mono import kotlinx.coroutines.sync.Mutex import kotlinx.coroutines.sync.withLock @@ -150,6 +154,26 @@ class DevxWorkspaceUtils( ) } + suspend fun validateToken(devxToken: String): Mono { + return httpClient + .get() + .uri("${devXProperties.validateTokenUrl}?dToken=$devxToken") + .header("X-DEVOPS-BK-TOKEN", devXProperties.authToken) + .exchangeToMono { + mono { parseDevxTokenInfo(it) } + } + } + + private suspend fun parseDevxTokenInfo(response: ClientResponse): DevxTokenInfo { + return if (response.statusCode() != HttpStatus.OK) { + val errorMsg = response.awaitBody() + logger.error("${response.statusCode()} $errorMsg") + throw ErrorCodeException(CommonMessageCode.RESOURCE_EXPIRED, "token") + } else { + response.awaitBody>().data!! + } + } + private suspend fun listIpFromProject(projectId: String): Mono> { val apiAuth = ApiAuth(devXProperties.appCode, devXProperties.appSecret) val token = apiAuth.toJsonString().replace(System.lineSeparator(), "")