添加token鉴权认证

.beagle.yml

@@ -30,7 +30,7 @@ pipeline:
     base: registry.cn-qingdao.aliyuncs.com/wod/alpine:3.12
     dockerfile: build/dockerfile
     repo: wod/apaas-meshproxy
-    version: v3.0.3
+    version: v3.0.4
     channel: alpha
     args: "TARGETOS=linux,TARGETARCH=amd64"
     registry: registry.cn-qingdao.aliyuncs.com
@@ -47,8 +47,8 @@ pipeline:
     dns: 223.5.5.5
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
-    source: registry.cn-qingdao.aliyuncs.com/wod/apaas-meshproxy:v3.0.3-alpha
-    target: registry.cn-qingdao.aliyuncs.com/wod/apaas-meshproxy:v3.0.3
+    source: registry.cn-qingdao.aliyuncs.com/wod/apaas-meshproxy:v3.0.4-alpha
+    target: registry.cn-qingdao.aliyuncs.com/wod/apaas-meshproxy:v3.0.4
     registry: registry.cn-qingdao.aliyuncs.com
     secrets:
       - source: REGISTRY_USER_ALIYUN
@@ -63,7 +63,7 @@ pipeline:
     dns: 223.5.5.5
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
-    source: registry.cn-qingdao.aliyuncs.com/wod/apaas-meshproxy:v3.0.3
+    source: registry.cn-qingdao.aliyuncs.com/wod/apaas-meshproxy:v3.0.4
     target: registry.cn-qingdao.aliyuncs.com/wod/apaas-meshproxy:v3.0
     registry: registry.cn-qingdao.aliyuncs.com
     secrets:
@@ -83,7 +83,7 @@ pipeline:
     base: registry.cn-qingdao.aliyuncs.com/wod/alpine:3.12-arm64
     dockerfile: build/dockerfile
     repo: wod/apaas-meshproxy
-    version: "v3.0.3"
+    version: v3.0.4
     channel: alpha-arm64
     args: "TARGETOS=linux,TARGETARCH=arm64"
     registry: registry.cn-qingdao.aliyuncs.com
@@ -100,8 +100,8 @@ pipeline:
     dns: 223.5.5.5
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
-    source: registry.cn-qingdao.aliyuncs.com/wod/apaas-meshproxy:v3.0.3-alpha-arm64
-    target: registry.cn-qingdao.aliyuncs.com/wod/apaas-meshproxy:v3.0.3-arm64
+    source: registry.cn-qingdao.aliyuncs.com/wod/apaas-meshproxy:v3.0.4-alpha-arm64
+    target: registry.cn-qingdao.aliyuncs.com/wod/apaas-meshproxy:v3.0.4-arm64
     registry: registry.cn-qingdao.aliyuncs.com
     secrets:
       - source: REGISTRY_USER_ALIYUN
@@ -116,7 +116,7 @@ pipeline:
     dns: 223.5.5.5
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
-    source: registry.cn-qingdao.aliyuncs.com/wod/apaas-meshproxy:v3.0.3-arm64
+    source: registry.cn-qingdao.aliyuncs.com/wod/apaas-meshproxy:v3.0.4-arm64
     target: registry.cn-qingdao.aliyuncs.com/wod/apaas-meshproxy:v3.0-arm64
     registry: registry.cn-qingdao.aliyuncs.com
     secrets:

src/handler/proxyhandler.go

@@ -36,14 +36,31 @@ func Proxy(c *gin.Context) {
 		return
 	}
 	apiId := c.Param("apiid")
+
+	var apaasToken string
+	apaasToken = c.Query("apaasToken")
+	if apaasToken == "" {
+		apaasToken = c.GetHeader("Authorization")
+	}
+	fmt.Println("apaasToken:", apaasToken)
+	if apaasToken == "" {
+		c.JSON(403, "Get Authorization Token failed")
+		return
+	}
+
 	//获取服务相关信息
 	proxyData, err := service.GetRealPath(applyId, apiId)
-
 	if err != nil {
 		fmt.Println("err......", err.Error())
 		c.Error(err)
 		return
 	}
+
+	if proxyData.ApaasToken != apaasToken {
+		c.JSON(403, "invalid Authorization Token")
+		return
+	}
+
 	//proxyData.ReqUrl = "https://apaas3.wodcloud.com/iam/login/#/login"
 	if proxyData.SecondLevel != 1 {
 		res := model.WebRes{}
@@ -86,6 +103,17 @@ func Proxy(c *gin.Context) {
 		c.JSON(200, res)
 		return
 	}*/
+
+	switch proxyData.ReqAuthMthod {
+	case 0: //  注册的服务无鉴权
+		c.Request.Header.Del("Authorization")
+	case 1: //  注册的服务通过静态token鉴权
+		c.Request.Header.Set(proxyData.ReqAuthTokenName, proxyData.ReqAuthToken)
+	case 2: //  注册的服务通过动态token鉴权
+		// 透传apaasToken
+		break
+	}
+
 	fmt.Println("判断是否为静态文件")
 	//如果是静态文件
 	if CheckStaticFile(c.Request.URL.Path) {

src/model/response.go

+/*
+ * @Descripttion:
+ * @Author: Zhang YaSong
+ * @version:
+ * @Date: 2022-03-22 15:50:26
+ * @LastEditors: Zhang YaSong
+ * @LastEditTime: 2022-03-22 15:52:03
+ */
 package model
 
 import "time"
@@ -29,6 +37,10 @@ type ProxyData struct {
 	ApiId            int64     `json:"api_id"`             //接口ID
 	RequestStartTime string    `json:"request_start_time"` // 申请使用开始时间
 	RequestEndTime   string    `json:"request_end_time"`   // 申请使用结束时间
+	ApaasToken       string    `json:"apaas_token"`        // apaas校验token
+	ReqAuthMthod     int64     `json:"req_auth_mthod"`     // 0 注册的服务无鉴权，1 注册的服务通过静态token鉴权 2 注册的服务通过动态token鉴权
+	ReqAuthToken     string    `json:"req_auth_token"`
+	ReqAuthTokenName string    `json:"req_auth_token_name"`
 }
 
 type WebRes struct {

src/service/field.go

@@ -475,7 +475,7 @@ func GetRealPath(applyId, apiId string) (model.ProxyData, error) {
 	var res model.ProxyData
 	apiid := cast.ToInt64(apiId)
 	if apiid == 0 {
-		has, err := db.NewSession().Select("ssc.sensituve_word,sa.service_id,sa.id as apply_id, s.req_url,sa.request_count,sa.duration,sa.duration_unit,sa.spcs_type,sa.spcs_count,sa.res_fields,s.data_service_type1,s.data_service_type2 ,s.data_service_type3,sa.second_level,sa.service_end_time,s.req_name,s.state as service_state,sa.pay_status,sa.user_id as apply_user_id,s.user_id  as service_user_id,s.organization as service_oid,sa.apply_oid,sa.request_start_time,sa.request_end_time").
+		has, err := db.NewSession().Select("ssc.sensituve_word,sa.service_id,sa.id as apply_id, s.req_url,sa.request_count,sa.duration,sa.duration_unit,sa.spcs_type,sa.spcs_count,sa.res_fields,s.data_service_type1,s.data_service_type2 ,s.data_service_type3,sa.second_level,sa.service_end_time,s.req_name,s.state as service_state,sa.pay_status,sa.user_id as apply_user_id,s.user_id  as service_user_id,s.organization as service_oid,sa.apply_oid,sa.request_start_time,sa.request_end_time,s.req_auth_token,s.req_auth_token_name,sa.apaas_token,s.req_auth_mthod").
 			Table("service_apply").Alias("sa").Join("inner", []string{"service", "s"}, "sa.service_id=s.id").Join("left", []string{"service_safe_config", "ssc"}, "ssc.service_id=sa.service_id").Where("s.is_deleted =0 and sa.is_deleted =0  and s.state in(1,3) and sa.uuid=?", applyId).Get(&res)
 		if err != nil {
 			log.Println(err)
@@ -484,7 +484,7 @@ func GetRealPath(applyId, apiId string) (model.ProxyData, error) {
 			return model.ProxyData{}, errors.New(`未找到发布的服务！`)
 		}
 	} else {
-		has, err := db.NewSession().Select("ssc.sensituve_word,sre.id as api_id,sa.service_id,sa.id as apply_id,sre.req_url,sa.request_count,sa.duration,sa.duration_unit,sa.spcs_type,sa.spcs_count,sa.res_fields,s.data_service_type1,s.data_service_type2 ,s.data_service_type3,sa.second_level,sa.service_end_time,sre.req_name,s.state as service_state,sa.pay_status,sa.user_id as apply_user_id,s.user_id  as service_user_id,s.organization as service_oid,sa.apply_oid,sa.request_start_time,sa.request_end_time").
+		has, err := db.NewSession().Select("ssc.sensituve_word,sre.id as api_id,sa.service_id,sa.id as apply_id,sre.req_url,sa.request_count,sa.duration,sa.duration_unit,sa.spcs_type,sa.spcs_count,sa.res_fields,s.data_service_type1,s.data_service_type2 ,s.data_service_type3,sa.second_level,sa.service_end_time,sre.req_name,s.state as service_state,sa.pay_status,sa.user_id as apply_user_id,s.user_id  as service_user_id,s.organization as service_oid,sa.apply_oid,sa.request_start_time,sa.request_end_time,s.req_auth_token,s.req_auth_token_name,sa.apaas_token,s.req_auth_mthod").
 			Table("service_apply").Alias("sa").Join("inner", []string{"service", "s"}, "sa.service_id=s.id").Join("inner", []string{"service_req_extend", "sre"}, "sre.service_id = sa.service_id and sre.id =?", apiid).Join("left", []string{"service_safe_config", "ssc"}, "ssc.service_id=sa.service_id").Where("s.is_deleted =0 and sa.is_deleted =0  and s.state in(1,3) and sa.uuid=?", applyId).Get(&res)
 		if err != nil {
 			log.Println(err)