V1.x develop support naming ak (#518)

* support naming ak
nacos-group · Sep 19, 2022 · 0b9b305 · 0b9b305
1 parent 56bbfcf
commit 0b9b305
Show file tree

Hide file tree

Showing 3 changed files with 57 additions and 18 deletions.
diff --git a/clients/config_client/config_proxy.go b/clients/config_client/config_proxy.go
@@ -57,8 +57,8 @@ func (cp *ConfigProxy) GetConfigProxy(param vo.ConfigParam, tenant, accessKey, s
 	}
 
 	var headers = map[string]string{}
-	headers["accessKey"] = accessKey
-	headers["secretKey"] = secretKey
+	headers[constant.KEY_ACCESS_KEY] = accessKey
+	headers[constant.KEY_SECRET_KEY] = secretKey
 
 	result, err := cp.nacosServer.ReqConfigApi(constant.CONFIG_PATH, params, headers, http.MethodGet, cp.clientConfig.TimeoutMs)
 	return result, err

diff --git a/clients/naming_client/naming_proxy.go b/clients/naming_client/naming_proxy.go
@@ -66,7 +66,7 @@ func (proxy *NamingProxy) RegisterInstance(serviceName string, groupName string,
 	params["healthy"] = strconv.FormatBool(instance.Healthy)
 	params["metadata"] = util.ToJsonString(instance.Metadata)
 	params["ephemeral"] = strconv.FormatBool(instance.Ephemeral)
-	return proxy.nacosServer.ReqApi(constant.SERVICE_PATH, params, http.MethodPost)
+	return proxy.nacosServer.ReqApi(constant.SERVICE_PATH, params, http.MethodPost, proxy.getSecurityMap())
 }
 
 func (proxy *NamingProxy) DeregisterInstance(serviceName string, ip string, port uint64, clusterName string, ephemeral bool) (string, error) {
@@ -79,7 +79,7 @@ func (proxy *NamingProxy) DeregisterInstance(serviceName string, ip string, port
 	params["ip"] = ip
 	params["port"] = strconv.Itoa(int(port))
 	params["ephemeral"] = strconv.FormatBool(ephemeral)
-	return proxy.nacosServer.ReqApi(constant.SERVICE_PATH, params, http.MethodDelete)
+	return proxy.nacosServer.ReqApi(constant.SERVICE_PATH, params, http.MethodDelete, proxy.getSecurityMap())
 }
 
 func (proxy *NamingProxy) UpdateInstance(serviceName string, ip string, port uint64, clusterName string, ephemeral bool, weight float64, enable bool, metadata map[string]string) (string, error) {
@@ -95,7 +95,7 @@ func (proxy *NamingProxy) UpdateInstance(serviceName string, ip string, port uin
 	params["weight"] = strconv.FormatFloat(weight, 'f', -1, 64)
 	params["enable"] = strconv.FormatBool(enable)
 	params["metadata"] = util.ToJsonString(metadata)
-	return proxy.nacosServer.ReqApi(constant.SERVICE_PATH, params, http.MethodPut)
+	return proxy.nacosServer.ReqApi(constant.SERVICE_PATH, params, http.MethodPut, proxy.getSecurityMap())
 }
 
 func (proxy *NamingProxy) SendBeat(info *model.BeatInfo) (int64, error) {
@@ -107,7 +107,7 @@ func (proxy *NamingProxy) SendBeat(info *model.BeatInfo) (int64, error) {
 	params["serviceName"] = info.ServiceName
 	params["beat"] = util.ToJsonString(info)
 	api := constant.SERVICE_BASE_PATH + "/instance/beat"
-	result, err := proxy.nacosServer.ReqApi(api, params, http.MethodPut)
+	result, err := proxy.nacosServer.ReqApi(api, params, http.MethodPut, proxy.getSecurityMap())
 	if err != nil {
 		return 0, err
 	}
@@ -138,7 +138,7 @@ func (proxy *NamingProxy) GetServiceList(pageNo int, pageSize int, groupName str
 	}
 
 	api := constant.SERVICE_BASE_PATH + "/service/list"
-	result, err := proxy.nacosServer.ReqApi(api, params, http.MethodGet)
+	result, err := proxy.nacosServer.ReqApi(api, params, http.MethodGet, proxy.getSecurityMap())
 	if err != nil {
 		return nil, err
 	}
@@ -165,7 +165,7 @@ func (proxy *NamingProxy) GetServiceList(pageNo int, pageSize int, groupName str
 
 func (proxy *NamingProxy) ServerHealthy() bool {
 	api := constant.SERVICE_BASE_PATH + "/operator/metrics"
-	result, err := proxy.nacosServer.ReqApi(api, map[string]string{}, http.MethodGet)
+	result, err := proxy.nacosServer.ReqApi(api, map[string]string{}, http.MethodGet, proxy.getSecurityMap())
 	if err != nil {
 		logger.Errorf("namespaceId:[%s] sending server healthy failed!,result:%s error:%+v", proxy.clientConfig.NamespaceId, result, err)
 		return false
@@ -191,7 +191,7 @@ func (proxy *NamingProxy) QueryList(serviceName string, clusters string, udpPort
 	param["healthyOnly"] = strconv.FormatBool(healthyOnly)
 	param["clientIP"] = util.LocalIP()
 	api := constant.SERVICE_PATH + "/list"
-	return proxy.nacosServer.ReqApi(api, param, http.MethodGet)
+	return proxy.nacosServer.ReqApi(api, param, http.MethodGet, proxy.getSecurityMap())
 }
 
 func (proxy *NamingProxy) GetAllServiceInfoList(namespace, groupName string, pageNo, pageSize uint32) (string, error) {
@@ -201,5 +201,14 @@ func (proxy *NamingProxy) GetAllServiceInfoList(namespace, groupName string, pag
 	param["pageNo"] = strconv.Itoa(int(pageNo))
 	param["pageSize"] = strconv.Itoa(int(pageSize))
 	api := constant.SERVICE_INFO_PATH + "/list"
-	return proxy.nacosServer.ReqApi(api, param, http.MethodGet)
+	return proxy.nacosServer.ReqApi(api, param, http.MethodGet, proxy.getSecurityMap())
+}
+
+func (proxy *NamingProxy) getSecurityMap() map[string]string {
+	result := make(map[string]string, 2)
+	if len(proxy.clientConfig.AccessKey) != 0 && len(proxy.clientConfig.SecretKey) != 0 {
+		result[constant.KEY_ACCESS_KEY] = proxy.clientConfig.AccessKey
+		result[constant.KEY_SECRET_KEY] = proxy.clientConfig.SecretKey
+	}
+	return result
 }
diff --git a/common/nacos_server/nacos_server.go b/common/nacos_server/nacos_server.go
@@ -132,14 +132,19 @@ func (server *NacosServer) callConfigServer(api string, params map[string]string
 	}
 }
 
-func (server *NacosServer) callServer(api string, params map[string]string, method string, curServer string, contextPath string) (result string, err error) {
+func (server *NacosServer) callServer(api string, params map[string]string, header map[string]string, method string, curServer string, contextPath string) (result string, err error) {
 	if contextPath == "" {
 		contextPath = constant.WEB_CONTEXT
 	}
 
 	url := curServer + contextPath + api
 
-	headers := map[string][]string{}
+	headers := make(map[string][]string, len(header))
+	for k, v := range header {
+		if k != constant.KEY_SECRET_KEY {
+			headers[k] = []string{v}
+		}
+	}
 	headers["Client-Version"] = []string{constant.CLIENT_VERSION}
 	headers["User-Agent"] = []string{constant.CLIENT_VERSION}
 	//headers["Accept-Encoding"] = []string{"gzip,deflate,sdch"}
@@ -209,7 +214,7 @@ func (server *NacosServer) ReqConfigApi(api string, params map[string]string, he
 	}
 }
 
-func (server *NacosServer) ReqApi(api string, params map[string]string, method string) (string, error) {
+func (server *NacosServer) ReqApi(api string, params map[string]string, method string, security map[string]string) (string, error) {
 	srvs := server.serverList
 	if srvs == nil || len(srvs) == 0 {
 		return "", errors.New("server list is empty")
@@ -219,25 +224,25 @@ func (server *NacosServer) ReqApi(api string, params map[string]string, method s
 		err    error
 	)
 	injectSecurityInfo(server, params)
-
+	signHeader := getSignHeadersForNaming(params, security)
 	//only one server,retry request when error
 	if len(srvs) == 1 {
 		for i := 0; i < constant.REQUEST_DOMAIN_RETRY_TIME; i++ {
-			result, err = server.callServer(api, params, method, getAddress(srvs[0]), srvs[0].ContextPath)
+			result, err = server.callServer(api, params, signHeader, method, getAddress(srvs[0]), srvs[0].ContextPath)
 			if err == nil {
 				return result, nil
 			}
-			logger.Errorf("api<%s>,method:<%s>, params:<%s>, call domain error:<%+v> , result:<%s>", api, method, util.ToJsonString(params), err, result)
+			logger.Errorf("api<%s>,method:<%s>, params:<%s>, header:<%s>, call domain error:<%+v> , result:<%s>", api, method, util.ToJsonString(params), util.ToJsonString(signHeader), err, result)
 		}
 	} else {
 		index := rand.Intn(len(srvs))
 		for i := 1; i <= len(srvs); i++ {
 			curServer := srvs[index]
-			result, err = server.callServer(api, params, method, getAddress(curServer), curServer.ContextPath)
+			result, err = server.callServer(api, params, signHeader, method, getAddress(curServer), curServer.ContextPath)
 			if err == nil {
 				return result, nil
 			}
-			logger.Errorf("api<%s>,method:<%s>, params:<%s>, call domain error:<%+v> , result:<%s>", api, method, util.ToJsonString(params), err, result)
+			logger.Errorf("api<%s>,method:<%s>, params:<%s>, header:<%s>, call domain error:<%+v> , result:<%s>", api, method, util.ToJsonString(params), util.ToJsonString(signHeader), err, result)
 			index = (index + i) % len(srvs)
 		}
 	}
@@ -348,6 +353,31 @@ func getSignHeaders(params map[string]string, newHeaders map[string]string) map[
 	return headers
 }
 
+func getSignHeadersForNaming(params map[string]string, newHeaders map[string]string) map[string]string {
+	accessKey, containAk := newHeaders[constant.KEY_ACCESS_KEY]
+	secretKey, containSk := newHeaders[constant.KEY_SECRET_KEY]
+	result := map[string]string{}
+	if !containAk || !containSk {
+		return result
+	}
+	var signData string
+	timeStamp := strconv.FormatInt(time.Now().UnixNano()/1e6, 10)
+	if serviceName, ok := params["serviceName"]; ok {
+		if groupName, containGroup := params["groupName"]; strings.Contains(serviceName, constant.SERVICE_INFO_SPLITER) ||
+			!containGroup {
+			signData = timeStamp + constant.SERVICE_INFO_SPLITER + serviceName
+		} else {
+			signData = timeStamp + constant.SERVICE_INFO_SPLITER + util.GetGroupName(serviceName, groupName)
+		}
+	} else {
+		signData = timeStamp
+	}
+	result["signature"] = signWithhmacSHA1Encrypt(signData, secretKey)
+	result["ak"] = accessKey
+	result["data"] = signData
+	return result
+}
+
 func signWithhmacSHA1Encrypt(encryptText, encryptKey string) string {
 	//hmac ,use sha1
 	key := []byte(encryptKey)