Skip to content

Commit

Permalink
feat: 支持校验devx token #2223
Browse files Browse the repository at this point in the history
* feat: 支持校验devx token #2223

* feat: 支持校验devx token #2223
  • Loading branch information
yaoxuwan authored Nov 1, 2024
1 parent d906c89 commit 4f902ea
Show file tree
Hide file tree
Showing 6 changed files with 125 additions and 5 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -131,4 +131,16 @@ data class DevXProperties(
* 应用devX拦截器的接口
*/
var includePatterns: List<String> = emptyList(),

/**
* 校验devx token接口url
*/
var validateTokenUrl: String = "",

/**
* 校验devx token接口的认证token
*/
var authToken: String = "",


)
Original file line number Diff line number Diff line change
Expand Up @@ -29,5 +29,6 @@ package com.tencent.bkrepo.fs.server.pojo

data class DevxLoginResponse(
val projectId: String,
val token: String
val token: String,
val workspaceName: String
)
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@ import com.tencent.bkrepo.auth.pojo.user.CreateUserRequest
import com.tencent.bkrepo.auth.pojo.user.CreateUserToProjectRequest
import com.tencent.bkrepo.common.api.constant.BASIC_AUTH_PREFIX
import com.tencent.bkrepo.common.api.constant.HttpHeaders
import com.tencent.bkrepo.common.api.constant.StringPool
import com.tencent.bkrepo.common.api.util.BasicAuthUtils
import com.tencent.bkrepo.common.artifact.constant.PROJECT_ID
import com.tencent.bkrepo.common.artifact.constant.REPO_NAME
Expand All @@ -42,6 +43,7 @@ import com.tencent.bkrepo.fs.server.constant.JWT_CLAIMS_PERMIT
import com.tencent.bkrepo.fs.server.constant.JWT_CLAIMS_REPOSITORY
import com.tencent.bkrepo.fs.server.context.ReactiveArtifactContextHolder
import com.tencent.bkrepo.fs.server.pojo.DevxLoginResponse
import com.tencent.bkrepo.fs.server.request.DevxLoginRequest
import com.tencent.bkrepo.fs.server.request.IoaLoginRequest
import com.tencent.bkrepo.fs.server.service.PermissionService
import com.tencent.bkrepo.fs.server.utils.DevxWorkspaceUtils
Expand Down Expand Up @@ -86,11 +88,20 @@ class LoginHandler(
}

suspend fun devxLogin(request: ServerRequest): ServerResponse {
val workspace = DevxWorkspaceUtils.getWorkspace().awaitSingleOrNull() ?: throw AuthenticationException()
val devxToken = request.bodyToMono(DevxLoginRequest::class.java).awaitSingleOrNull()?.token
val repoName = request.pathVariable(REPO_NAME)
val userId = createUser(workspace)
val token = createToken(workspace.projectId, repoName, userId)
val response = DevxLoginResponse(workspace.projectId, token)
val response = if (devxToken.isNullOrEmpty()) {
val workspace = DevxWorkspaceUtils.getWorkspace().awaitSingleOrNull() ?: throw AuthenticationException()
val userId = createUser(workspace)
val token = createToken(workspace.projectId, repoName, userId)
DevxLoginResponse(workspace.projectId, token, StringPool.EMPTY)
} else {
val devxTokenInfo = DevxWorkspaceUtils.validateToken(devxToken).awaitSingle()
createUser(devxTokenInfo.userId)
val token = createToken(devxTokenInfo.projectId, repoName, devxTokenInfo.userId)
DevxLoginResponse(devxTokenInfo.projectId, token, devxTokenInfo.workspaceName)
}

return ReactiveResponseBuilder.success(response)
}

Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
/*
* Tencent is pleased to support the open source community by making BK-CI 蓝鲸持续集成平台 available.
*
* Copyright (C) 2024 THL A29 Limited, a Tencent company. All rights reserved.
*
* BK-CI 蓝鲸持续集成平台 is licensed under the MIT license.
*
* A copy of the MIT License is included in this file.
*
*
* Terms of the MIT License:
* ---------------------------------------------------
* Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated
* documentation files (the "Software"), to deal in the Software without restriction, including without limitation the
* rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
* permit persons to whom the Software is furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all copies or substantial portions of
* the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
* LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
* NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
* WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/

package com.tencent.bkrepo.fs.server.request

data class DevxLoginRequest(
val token: String?
)
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
/*
* Tencent is pleased to support the open source community by making BK-CI 蓝鲸持续集成平台 available.
*
* Copyright (C) 2024 THL A29 Limited, a Tencent company. All rights reserved.
*
* BK-CI 蓝鲸持续集成平台 is licensed under the MIT license.
*
* A copy of the MIT License is included in this file.
*
*
* Terms of the MIT License:
* ---------------------------------------------------
* Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated
* documentation files (the "Software"), to deal in the Software without restriction, including without limitation the
* rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
* permit persons to whom the Software is furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all copies or substantial portions of
* the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
* LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
* NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
* WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/

package com.tencent.bkrepo.fs.server.response

data class DevxTokenInfo(
val userId: String,
val projectId: String,
val workspaceName: String
)
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,8 @@ package com.tencent.bkrepo.fs.server.utils
import com.github.benmanes.caffeine.cache.AsyncLoadingCache
import com.github.benmanes.caffeine.cache.Caffeine
import com.google.common.util.concurrent.ThreadFactoryBuilder
import com.tencent.bkrepo.common.api.exception.ErrorCodeException
import com.tencent.bkrepo.common.api.message.CommonMessageCode
import com.tencent.bkrepo.common.api.util.toJsonString
import com.tencent.bkrepo.common.security.interceptor.devx.ApiAuth
import com.tencent.bkrepo.common.security.interceptor.devx.DevXCvmWorkspace
Expand All @@ -38,8 +40,12 @@ import com.tencent.bkrepo.common.security.interceptor.devx.DevXWorkSpace
import com.tencent.bkrepo.common.security.interceptor.devx.PageResponse
import com.tencent.bkrepo.common.security.interceptor.devx.QueryResponse
import com.tencent.bkrepo.fs.server.context.ReactiveRequestContextHolder
import com.tencent.bkrepo.fs.server.response.DevxTokenInfo
import com.tencent.devops.api.pojo.Response
import kotlinx.coroutines.Dispatchers
import kotlinx.coroutines.reactor.awaitSingle
import kotlinx.coroutines.reactor.mono
import kotlinx.coroutines.withContext
import org.slf4j.LoggerFactory
import org.springframework.core.ParameterizedTypeReference
import org.springframework.http.HttpStatus
Expand All @@ -53,6 +59,7 @@ import reactor.netty.http.client.HttpClient
import reactor.netty.http.client.PrematureCloseException
import reactor.netty.resources.ConnectionProvider
import reactor.util.retry.RetryBackoffSpec
import java.net.URLDecoder
import java.time.Duration
import java.util.concurrent.Executors

Expand Down Expand Up @@ -170,6 +177,29 @@ class DevxWorkspaceUtils(
}
}

suspend fun validateToken(devxToken: String): Mono<DevxTokenInfo> {
val token = withContext(Dispatchers.IO) {
URLDecoder.decode(devxToken, Charsets.UTF_8.name())
}
return httpClient
.get()
.uri("${devXProperties.validateTokenUrl}?dToken=$token")
.header("X-DEVOPS-BK-TOKEN", devXProperties.authToken)
.exchangeToMono {
mono { parseDevxTokenInfo(it) }
}
}

private suspend fun parseDevxTokenInfo(response: ClientResponse): DevxTokenInfo {
return if (response.statusCode() != HttpStatus.OK) {
val errorMsg = response.awaitBody<String>()
logger.error("${response.statusCode()} $errorMsg")
throw ErrorCodeException(CommonMessageCode.RESOURCE_EXPIRED, "token")
} else {
response.awaitBody<Response<DevxTokenInfo>>().data!!
}
}

private fun <T, R> WebClient.RequestHeadersSpec<*>.doRequest(
type: ParameterizedTypeReference<QueryResponse<T>>,
handler: (res: QueryResponse<T>?) -> R
Expand Down

0 comments on commit 4f902ea

Please sign in to comment.