diff --git a/.beagle.yml b/.beagle.yml index a78ca412e4afff9b904f886a82c2276e60aa2ca6..47adb7c5646b3ca4c7ef4dd72f4113e4770d5e3a 100644 --- a/.beagle.yml +++ b/.beagle.yml @@ -30,7 +30,7 @@ pipeline: base: registry.cn-qingdao.aliyuncs.com/wod/alpine:3.12 dockerfile: build/dockerfile repo: wod/apaas-meshproxy - version: v3.0.3 + version: v3.0.4 channel: alpha args: "TARGETOS=linux,TARGETARCH=amd64" registry: registry.cn-qingdao.aliyuncs.com @@ -47,8 +47,8 @@ pipeline: dns: 223.5.5.5 volumes: - /var/run/docker.sock:/var/run/docker.sock - source: registry.cn-qingdao.aliyuncs.com/wod/apaas-meshproxy:v3.0.3-alpha - target: registry.cn-qingdao.aliyuncs.com/wod/apaas-meshproxy:v3.0.3 + source: registry.cn-qingdao.aliyuncs.com/wod/apaas-meshproxy:v3.0.4-alpha + target: registry.cn-qingdao.aliyuncs.com/wod/apaas-meshproxy:v3.0.4 registry: registry.cn-qingdao.aliyuncs.com secrets: - source: REGISTRY_USER_ALIYUN @@ -63,7 +63,7 @@ pipeline: dns: 223.5.5.5 volumes: - /var/run/docker.sock:/var/run/docker.sock - source: registry.cn-qingdao.aliyuncs.com/wod/apaas-meshproxy:v3.0.3 + source: registry.cn-qingdao.aliyuncs.com/wod/apaas-meshproxy:v3.0.4 target: registry.cn-qingdao.aliyuncs.com/wod/apaas-meshproxy:v3.0 registry: registry.cn-qingdao.aliyuncs.com secrets: @@ -83,7 +83,7 @@ pipeline: base: registry.cn-qingdao.aliyuncs.com/wod/alpine:3.12-arm64 dockerfile: build/dockerfile repo: wod/apaas-meshproxy - version: "v3.0.3" + version: v3.0.4 channel: alpha-arm64 args: "TARGETOS=linux,TARGETARCH=arm64" registry: registry.cn-qingdao.aliyuncs.com @@ -100,8 +100,8 @@ pipeline: dns: 223.5.5.5 volumes: - /var/run/docker.sock:/var/run/docker.sock - source: registry.cn-qingdao.aliyuncs.com/wod/apaas-meshproxy:v3.0.3-alpha-arm64 - target: registry.cn-qingdao.aliyuncs.com/wod/apaas-meshproxy:v3.0.3-arm64 + source: registry.cn-qingdao.aliyuncs.com/wod/apaas-meshproxy:v3.0.4-alpha-arm64 + target: registry.cn-qingdao.aliyuncs.com/wod/apaas-meshproxy:v3.0.4-arm64 registry: registry.cn-qingdao.aliyuncs.com secrets: - source: REGISTRY_USER_ALIYUN @@ -116,7 +116,7 @@ pipeline: dns: 223.5.5.5 volumes: - /var/run/docker.sock:/var/run/docker.sock - source: registry.cn-qingdao.aliyuncs.com/wod/apaas-meshproxy:v3.0.3-arm64 + source: registry.cn-qingdao.aliyuncs.com/wod/apaas-meshproxy:v3.0.4-arm64 target: registry.cn-qingdao.aliyuncs.com/wod/apaas-meshproxy:v3.0-arm64 registry: registry.cn-qingdao.aliyuncs.com secrets: diff --git a/src/handler/proxyhandler.go b/src/handler/proxyhandler.go index c4241e9737515ca0e23491129e70818b082c2e9e..fe53500af1defe7a1a19a4a10ae408a3163c1327 100644 --- a/src/handler/proxyhandler.go +++ b/src/handler/proxyhandler.go @@ -36,14 +36,31 @@ func Proxy(c *gin.Context) { return } apiId := c.Param("apiid") + + var apaasToken string + apaasToken = c.Query("apaasToken") + if apaasToken == "" { + apaasToken = c.GetHeader("Authorization") + } + fmt.Println("apaasToken:", apaasToken) + if apaasToken == "" { + c.JSON(403, "Get Authorization Token failed") + return + } + //获取服务相关信息 proxyData, err := service.GetRealPath(applyId, apiId) - if err != nil { fmt.Println("err......", err.Error()) c.Error(err) return } + + if proxyData.ApaasToken != apaasToken { + c.JSON(403, "invalid Authorization Token") + return + } + //proxyData.ReqUrl = "https://apaas3.wodcloud.com/iam/login/#/login" if proxyData.SecondLevel != 1 { res := model.WebRes{} @@ -86,6 +103,17 @@ func Proxy(c *gin.Context) { c.JSON(200, res) return }*/ + + switch proxyData.ReqAuthMthod { + case 0: // 注册的服务无鉴权 + c.Request.Header.Del("Authorization") + case 1: // 注册的服务通过静态token鉴权 + c.Request.Header.Set(proxyData.ReqAuthTokenName, proxyData.ReqAuthToken) + case 2: // 注册的服务通过动态token鉴权 + // 透传apaasToken + break + } + fmt.Println("判断是否为静态文件") //如果是静态文件 if CheckStaticFile(c.Request.URL.Path) { diff --git a/src/model/response.go b/src/model/response.go index 010cca6f049266049fe4aa5602df77869f9573ec..42f219ee21e4fc72a97527c5c2494c7a807d0c6d 100644 --- a/src/model/response.go +++ b/src/model/response.go @@ -1,3 +1,11 @@ +/* + * @Descripttion: + * @Author: Zhang YaSong + * @version: + * @Date: 2022-03-22 15:50:26 + * @LastEditors: Zhang YaSong + * @LastEditTime: 2022-03-22 15:52:03 + */ package model import "time" @@ -29,6 +37,10 @@ type ProxyData struct { ApiId int64 `json:"api_id"` //接口ID RequestStartTime string `json:"request_start_time"` // 申请使用开始时间 RequestEndTime string `json:"request_end_time"` // 申请使用结束时间 + ApaasToken string `json:"apaas_token"` // apaas校验token + ReqAuthMthod int64 `json:"req_auth_mthod"` // 0 注册的服务无鉴权,1 注册的服务通过静态token鉴权 2 注册的服务通过动态token鉴权 + ReqAuthToken string `json:"req_auth_token"` + ReqAuthTokenName string `json:"req_auth_token_name"` } type WebRes struct { diff --git a/src/service/field.go b/src/service/field.go index d983df7629f37c4799deffd42f9f5649c39d6948..6c323bc25c20b4979400e3d2261393fcf2ecdffa 100644 --- a/src/service/field.go +++ b/src/service/field.go @@ -475,7 +475,7 @@ func GetRealPath(applyId, apiId string) (model.ProxyData, error) { var res model.ProxyData apiid := cast.ToInt64(apiId) if apiid == 0 { - has, err := db.NewSession().Select("ssc.sensituve_word,sa.service_id,sa.id as apply_id, s.req_url,sa.request_count,sa.duration,sa.duration_unit,sa.spcs_type,sa.spcs_count,sa.res_fields,s.data_service_type1,s.data_service_type2 ,s.data_service_type3,sa.second_level,sa.service_end_time,s.req_name,s.state as service_state,sa.pay_status,sa.user_id as apply_user_id,s.user_id as service_user_id,s.organization as service_oid,sa.apply_oid,sa.request_start_time,sa.request_end_time"). + has, err := db.NewSession().Select("ssc.sensituve_word,sa.service_id,sa.id as apply_id, s.req_url,sa.request_count,sa.duration,sa.duration_unit,sa.spcs_type,sa.spcs_count,sa.res_fields,s.data_service_type1,s.data_service_type2 ,s.data_service_type3,sa.second_level,sa.service_end_time,s.req_name,s.state as service_state,sa.pay_status,sa.user_id as apply_user_id,s.user_id as service_user_id,s.organization as service_oid,sa.apply_oid,sa.request_start_time,sa.request_end_time,s.req_auth_token,s.req_auth_token_name,sa.apaas_token,s.req_auth_mthod"). Table("service_apply").Alias("sa").Join("inner", []string{"service", "s"}, "sa.service_id=s.id").Join("left", []string{"service_safe_config", "ssc"}, "ssc.service_id=sa.service_id").Where("s.is_deleted =0 and sa.is_deleted =0 and s.state in(1,3) and sa.uuid=?", applyId).Get(&res) if err != nil { log.Println(err) @@ -484,7 +484,7 @@ func GetRealPath(applyId, apiId string) (model.ProxyData, error) { return model.ProxyData{}, errors.New(`未找到发布的服务!`) } } else { - has, err := db.NewSession().Select("ssc.sensituve_word,sre.id as api_id,sa.service_id,sa.id as apply_id,sre.req_url,sa.request_count,sa.duration,sa.duration_unit,sa.spcs_type,sa.spcs_count,sa.res_fields,s.data_service_type1,s.data_service_type2 ,s.data_service_type3,sa.second_level,sa.service_end_time,sre.req_name,s.state as service_state,sa.pay_status,sa.user_id as apply_user_id,s.user_id as service_user_id,s.organization as service_oid,sa.apply_oid,sa.request_start_time,sa.request_end_time"). + has, err := db.NewSession().Select("ssc.sensituve_word,sre.id as api_id,sa.service_id,sa.id as apply_id,sre.req_url,sa.request_count,sa.duration,sa.duration_unit,sa.spcs_type,sa.spcs_count,sa.res_fields,s.data_service_type1,s.data_service_type2 ,s.data_service_type3,sa.second_level,sa.service_end_time,sre.req_name,s.state as service_state,sa.pay_status,sa.user_id as apply_user_id,s.user_id as service_user_id,s.organization as service_oid,sa.apply_oid,sa.request_start_time,sa.request_end_time,s.req_auth_token,s.req_auth_token_name,sa.apaas_token,s.req_auth_mthod"). Table("service_apply").Alias("sa").Join("inner", []string{"service", "s"}, "sa.service_id=s.id").Join("inner", []string{"service_req_extend", "sre"}, "sre.service_id = sa.service_id and sre.id =?", apiid).Join("left", []string{"service_safe_config", "ssc"}, "ssc.service_id=sa.service_id").Where("s.is_deleted =0 and sa.is_deleted =0 and s.state in(1,3) and sa.uuid=?", applyId).Get(&res) if err != nil { log.Println(err)