Skip to content

Commit

Permalink
[ISSUE #537] Fix naming http client authentication. (#538)
Browse files Browse the repository at this point in the history
  • Loading branch information
pixystone authored Nov 21, 2022
1 parent a13f6f2 commit 61c06ae
Show file tree
Hide file tree
Showing 4 changed files with 137 additions and 7 deletions.
2 changes: 1 addition & 1 deletion clients/naming_client/naming_http/beat_reactor.go
Original file line number Diff line number Diff line change
Expand Up @@ -144,7 +144,7 @@ func (br *BeatReactor) SendBeat(info *model.BeatInfo) (int64, error) {
params["serviceName"] = info.ServiceName
params["beat"] = util.ToJsonString(info)
api := constant.SERVICE_BASE_PATH + "/instance/beat"
result, err := br.nacosServer.ReqApi(api, params, http.MethodPut)
result, err := br.nacosServer.ReqApi(api, params, http.MethodPut, br.clientCfg)
if err != nil {
return 0, err
}
Expand Down
10 changes: 5 additions & 5 deletions clients/naming_client/naming_http/naming_http_proxy.go
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,7 @@ func (proxy *NamingHttpProxy) RegisterInstance(serviceName string, groupName str
params["healthy"] = strconv.FormatBool(instance.Healthy)
params["metadata"] = util.ToJsonString(instance.Metadata)
params["ephemeral"] = strconv.FormatBool(instance.Ephemeral)
_, err := proxy.nacosServer.ReqApi(constant.SERVICE_PATH, params, http.MethodPost)
_, err := proxy.nacosServer.ReqApi(constant.SERVICE_PATH, params, http.MethodPost, proxy.clientConfig)
if err != nil {
return false, err
}
Expand Down Expand Up @@ -110,7 +110,7 @@ func (proxy *NamingHttpProxy) DeregisterInstance(serviceName string, groupName s
params["ip"] = instance.Ip
params["port"] = strconv.Itoa(int(instance.Port))
params["ephemeral"] = strconv.FormatBool(instance.Ephemeral)
_, err := proxy.nacosServer.ReqApi(constant.SERVICE_PATH, params, http.MethodDelete)
_, err := proxy.nacosServer.ReqApi(constant.SERVICE_PATH, params, http.MethodDelete, proxy.clientConfig)
if err != nil {
return false, err
}
Expand Down Expand Up @@ -138,7 +138,7 @@ func (proxy *NamingHttpProxy) GetServiceList(pageNo uint32, pageSize uint32, gro
serviceList := model.ServiceList{}

api := constant.SERVICE_BASE_PATH + "/service/list"
result, err := proxy.nacosServer.ReqApi(api, params, http.MethodGet)
result, err := proxy.nacosServer.ReqApi(api, params, http.MethodGet, proxy.clientConfig)
if err != nil {
return serviceList, err
}
Expand All @@ -165,7 +165,7 @@ func (proxy *NamingHttpProxy) GetServiceList(pageNo uint32, pageSize uint32, gro
// ServerHealthy ...
func (proxy *NamingHttpProxy) ServerHealthy() bool {
api := constant.SERVICE_BASE_PATH + "/operator/metrics"
result, err := proxy.nacosServer.ReqApi(api, map[string]string{}, http.MethodGet)
result, err := proxy.nacosServer.ReqApi(api, map[string]string{}, http.MethodGet, proxy.clientConfig)
if err != nil {
logger.Errorf("namespaceId:[%s] sending server healthy failed!,result:%s error:%+v", proxy.clientConfig.NamespaceId, result, err)
return false
Expand All @@ -192,7 +192,7 @@ func (proxy *NamingHttpProxy) QueryInstancesOfService(serviceName, groupName, cl
param["healthyOnly"] = strconv.FormatBool(healthyOnly)
param["clientIP"] = util.LocalIP()
api := constant.SERVICE_PATH + "/list"
result, err := proxy.nacosServer.ReqApi(api, param, http.MethodGet)
result, err := proxy.nacosServer.ReqApi(api, param, http.MethodGet, proxy.clientConfig)
if err != nil {
return nil, err
}
Expand Down
23 changes: 22 additions & 1 deletion common/nacos_server/nacos_server.go
Original file line number Diff line number Diff line change
Expand Up @@ -226,13 +226,14 @@ func (server *NacosServer) ReqConfigApi(api string, params map[string]string, he
return "", errors.Wrapf(err, "retry %d times request failed!", constant.REQUEST_DOMAIN_RETRY_TIME)
}

func (server *NacosServer) ReqApi(api string, params map[string]string, method string) (string, error) {
func (server *NacosServer) ReqApi(api string, params map[string]string, method string, config constant.ClientConfig) (string, error) {
srvs := server.serverList
if srvs == nil || len(srvs) == 0 {
return "", errors.New("server list is empty")
}

server.InjectSecurityInfo(params)
server.InjectSignForNamingHttp(params, config)

//only one server,retry request when error
var err error
Expand Down Expand Up @@ -336,6 +337,26 @@ func (server *NacosServer) InjectSecurityInfo(param map[string]string) {
}
}

func (server *NacosServer) InjectSignForNamingHttp(param map[string]string, clientConfig constant.ClientConfig) {
if clientConfig.AccessKey == "" || clientConfig.SecretKey == "" {
return
}
var signData string
timeStamp := strconv.FormatInt(time.Now().UnixNano()/1e6, 10)
if serviceName, hasServiceName := param["serviceName"]; hasServiceName {
if groupName, hasGroup := param["groupName"]; strings.Contains(serviceName, constant.SERVICE_INFO_SPLITER) || !hasGroup || groupName == "" {
signData = timeStamp + constant.SERVICE_INFO_SPLITER + serviceName
} else {
signData = timeStamp + constant.SERVICE_INFO_SPLITER + util.GetGroupName(serviceName, groupName)
}
} else {
signData = timeStamp
}
param["signature"] = signWithhmacSHA1Encrypt(signData, clientConfig.SecretKey)
param["ak"] = clientConfig.AccessKey
param["data"] = signData
}

func (server *NacosServer) InjectSign(request rpc_request.IRequest, param map[string]string, clientConfig constant.ClientConfig) {
if clientConfig.AccessKey == "" || clientConfig.SecretKey == "" {
return
Expand Down
109 changes: 109 additions & 0 deletions common/nacos_server/nacos_server_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,8 @@
package nacos_server

import (
"context"
"github.com/nacos-group/nacos-sdk-go/v2/common/http_agent"
"testing"

"github.com/nacos-group/nacos-sdk-go/v2/common/constant"
Expand Down Expand Up @@ -46,3 +48,110 @@ func Test_getAddressWithoutScheme(t *testing.T) {
assert.Equal(t, "https://console.nacos.io:80", getAddress(serverConfigTest))

}

func buildNacosServer(clientConfig constant.ClientConfig) (*NacosServer, error) {
return NewNacosServer(context.Background(),
[]constant.ServerConfig{*constant.NewServerConfig("http://console.nacos.io", 80)},
clientConfig,
&http_agent.HttpAgent{},
1000,
"")
}

func TestNacosServer_InjectSignForNamingHttp_NoAk(t *testing.T) {
clientConfig := constant.ClientConfig{
AccessKey: "123",
SecretKey: "321",
}
server, err := buildNacosServer(clientConfig)
if err != nil {
t.FailNow()
}

param := make(map[string]string)
param["serviceName"] = "s-0"
param["groupName"] = "g-0"
server.InjectSignForNamingHttp(param, constant.ClientConfig{})
assert.Empty(t, param["ak"])
assert.Empty(t, param["data"])
assert.Empty(t, param["signature"])
}

func TestNacosServer_InjectSignForNamingHttp_WithGroup(t *testing.T) {
clientConfig := constant.ClientConfig{
AccessKey: "123",
SecretKey: "321",
}
server, err := buildNacosServer(clientConfig)
if err != nil {
t.FailNow()
}

param := make(map[string]string)
param["serviceName"] = "s-0"
param["groupName"] = "g-0"
server.InjectSignForNamingHttp(param, clientConfig)
assert.Equal(t, "123", param["ak"])
assert.Contains(t, param["data"], "@@g-0@@s-0")
_, has := param["signature"]
assert.True(t, has)
}

func TestNacosServer_InjectSignForNamingHttp_WithoutGroup(t *testing.T) {
clientConfig := constant.ClientConfig{
AccessKey: "123",
SecretKey: "321",
}
server, err := buildNacosServer(clientConfig)
if err != nil {
t.FailNow()
}

param := make(map[string]string)
param["serviceName"] = "s-0"
server.InjectSignForNamingHttp(param, clientConfig)
assert.Equal(t, "123", param["ak"])
assert.NotContains(t, param["data"], "@@g-0@@s-0")
assert.Contains(t, param["data"], "@@s-0")
_, has := param["signature"]
assert.True(t, has)
}

func TestNacosServer_InjectSignForNamingHttp_WithoutServiceName(t *testing.T) {
clientConfig := constant.ClientConfig{
AccessKey: "123",
SecretKey: "321",
}
server, err := buildNacosServer(clientConfig)
if err != nil {
t.FailNow()
}

param := make(map[string]string)
param["groupName"] = "g-0"
server.InjectSignForNamingHttp(param, clientConfig)
assert.Equal(t, "123", param["ak"])
assert.NotContains(t, param["data"], "@@")
assert.Regexp(t, "\\d+", param["data"])
_, has := param["signature"]
assert.True(t, has)
}

func TestNacosServer_InjectSignForNamingHttp_WithoutServiceNameAndGroup(t *testing.T) {
clientConfig := constant.ClientConfig{
AccessKey: "123",
SecretKey: "321",
}
server, err := buildNacosServer(clientConfig)
if err != nil {
t.FailNow()
}

param := make(map[string]string)
server.InjectSignForNamingHttp(param, clientConfig)
assert.Equal(t, "123", param["ak"])
assert.NotContains(t, param["data"], "@@")
assert.Regexp(t, "\\d+", param["data"])
_, has := param["signature"]
assert.True(t, has)
}

0 comments on commit 61c06ae

Please sign in to comment.