feat:support nacos-address server endpoints

polarismesh · Jun 13, 2024 · f2d9fbd · f2d9fbd
1 parent c2c80b6
commit f2d9fbd
Show file tree

Hide file tree

Showing 13 changed files with 164 additions and 55 deletions.
diff --git a/apiserver/httpserver/utils/handler_test.go b/apiserver/httpserver/utils/handler_test.go
@@ -19,7 +19,6 @@ package utils
 
 import (
 	"fmt"
-	"github.com/stretchr/testify/assert"
 	"net/http"
 	"net/http/httptest"
 	"strings"
@@ -28,6 +27,7 @@ import (
 	"github.com/emicklei/go-restful/v3"
 	"github.com/golang/protobuf/ptypes/wrappers"
 	apimodel "github.com/polarismesh/specification/source/go/api/v1/model"
+	"github.com/stretchr/testify/assert"
 
 	"github.com/polarismesh/polaris/apiserver/httpserver/i18n"
 	api "github.com/polarismesh/polaris/common/api/v1"

diff --git a/auth/user/helper.go b/auth/user/helper.go
@@ -21,9 +21,10 @@ import (
 	"context"
 	"errors"
 
-	"github.com/polarismesh/polaris/common/utils"
 	apisecurity "github.com/polarismesh/specification/source/go/api/v1/security"
 	"go.uber.org/zap"
+
+	"github.com/polarismesh/polaris/common/utils"
 )
 
 var (
@@ -98,7 +99,11 @@ func (helper *DefaultUserHelper) GetUser(ctx context.Context, user *apisecurity.
 
 func (helper *DefaultUserHelper) GetUserByID(ctx context.Context, id string) *apisecurity.User {
 	cacheMgr := helper.svr.cacheMgr
-	return cacheMgr.User().GetUserByID(id).ToSpec()
+	saveUser := cacheMgr.User().GetUserByID(id)
+	if saveUser == nil {
+		saveUser, _ = helper.svr.storage.GetUser(id)
+	}
+	return saveUser.ToSpec()
 }
 
 // GetGroup 查询用户组信息

diff --git a/auth/user/inteceptor/auth/server.go b/auth/user/inteceptor/auth/server.go
@@ -102,6 +102,9 @@ func (svr *Server) UpdateUser(ctx context.Context, user *apisecurity.User) *apis
 	}
 	helper := svr.GetUserHelper()
 	targetUser := helper.GetUserByID(ctx, user.GetId().GetValue())
+	if targetUser == nil {
+		return api.NewAuthResponse(apimodel.Code_NotFoundUser)
+	}
 	if !checkUserViewPermission(ctx, targetUser) {
 		return api.NewAuthResponse(apimodel.Code_NotAllowedAccess)
 	}
@@ -116,6 +119,9 @@ func (svr *Server) UpdateUserPassword(ctx context.Context, req *apisecurity.Modi
 	}
 	helper := svr.GetUserHelper()
 	targetUser := helper.GetUserByID(ctx, req.GetId().GetValue())
+	if targetUser == nil {
+		return api.NewAuthResponse(apimodel.Code_NotFoundUser)
+	}
 	if !checkUserViewPermission(ctx, targetUser) {
 		return api.NewAuthResponse(apimodel.Code_NotAllowedAccess)
 	}
@@ -130,6 +136,18 @@ func (svr *Server) DeleteUsers(ctx context.Context, users []*apisecurity.User) *
 		api.Collect(resp, rsp)
 		return resp
 	}
+	for i := range users {
+		user := users[i]
+		helper := svr.GetUserHelper()
+		targetUser := helper.GetUserByID(ctx, user.GetId().GetValue())
+		// 已经删除的用户没必要在删除一次
+		if targetUser == nil {
+			continue
+		}
+		if !checkUserViewPermission(ctx, targetUser) {
+			return api.NewAuthBatchWriteResponse(apimodel.Code_NotAllowedAccess)
+		}
+	}
 	return svr.nextSvr.DeleteUsers(ctx, users)
 }
 
@@ -406,7 +424,8 @@ func checkUserViewPermission(ctx context.Context, user *apisecurity.User) bool {
 			zap.Any("user", user), zap.String("owner", user.GetOwner().GetValue()), zap.String("operator", userId))
 		return true
 	}
-
+	log.Warn("check user view permission", utils.RequestID(ctx),
+		zap.Any("user", user), zap.String("owner", user.GetOwner().GetValue()), zap.String("operator", userId))
 	return false
 }
 

diff --git a/auth/user/user_test.go b/auth/user/user_test.go
@@ -394,7 +394,7 @@ func Test_server_UpdateUser(t *testing.T) {
 			Comment: &wrappers.StringValue{Value: "update owner account info"},
 		}
 
-		userTest.storage.EXPECT().GetUser(gomock.Any()).Return(userTest.users[2], nil)
+		userTest.storage.EXPECT().GetUser(gomock.Any()).Return(userTest.users[2], nil).AnyTimes()
 
 		reqCtx := context.WithValue(context.Background(), utils.ContextAuthTokenKey, userTest.users[1].Token)
 		resp := userTest.svr.UpdateUser(reqCtx, req)
@@ -562,7 +562,7 @@ func Test_server_UpdateUserPassword(t *testing.T) {
 			NewPassword: &wrappers.StringValue{Value: "users[2].Password"},
 		}
 
-		userTest.storage.EXPECT().GetUser(gomock.Any()).Return(userTest.users[2], nil)
+		userTest.storage.EXPECT().GetUser(gomock.Any()).Return(userTest.users[2], nil).AnyTimes()
 
 		reqCtx := context.WithValue(context.Background(), utils.ContextAuthTokenKey, userTest.users[1].Token)
 		resp := userTest.svr.UpdateUserPassword(reqCtx, req)
@@ -605,7 +605,7 @@ func Test_server_DeleteUser(t *testing.T) {
 
 		reqCtx := context.WithValue(context.Background(), utils.ContextAuthTokenKey, userTest.users[0].Token)
 		resp := userTest.svr.DeleteUsers(reqCtx, []*apisecurity.User{
-			&apisecurity.User{
+			{
 				Id: utils.NewStringValue(uid),
 			},
 		})
@@ -623,7 +623,7 @@ func Test_server_DeleteUser(t *testing.T) {
 
 		reqCtx := context.WithValue(context.Background(), utils.ContextAuthTokenKey, userTest.users[0].Token)
 		resp := userTest.svr.DeleteUsers(reqCtx, []*apisecurity.User{
-			&apisecurity.User{
+			{
 				Id: utils.NewStringValue(userTest.users[1].ID),
 			},
 		})
@@ -805,7 +805,7 @@ func Test_server_RefreshUserToken(t *testing.T) {
 
 	t.Run("主账户刷新别的主账户的Token", func(t *testing.T) {
 		reqCtx := context.WithValue(context.Background(), utils.ContextAuthTokenKey, userTest.ownerOne.Token)
-		userTest.storage.EXPECT().GetUser(gomock.Any()).Return(userTest.ownerTwo, nil)
+		userTest.storage.EXPECT().GetUser(gomock.Any()).Return(userTest.ownerTwo, nil).AnyTimes()
 		resp := userTest.svr.ResetUserToken(reqCtx, &apisecurity.User{
 			Id: utils.NewStringValue(userTest.ownerTwo.ID),
 		})
@@ -815,7 +815,7 @@ func Test_server_RefreshUserToken(t *testing.T) {
 
 	t.Run("主账户刷新不属于自己子账户的Token", func(t *testing.T) {
 		reqCtx := context.WithValue(context.Background(), utils.ContextAuthTokenKey, userTest.ownerOne.Token)
-		userTest.storage.EXPECT().GetUser(gomock.Any()).Return(userTest.newUsers[1], nil)
+		userTest.storage.EXPECT().GetUser(gomock.Any()).Return(userTest.newUsers[1], nil).AnyTimes()
 		resp := userTest.svr.ResetUserToken(reqCtx, &apisecurity.User{
 			Id: utils.NewStringValue(userTest.newUsers[1].ID),
 		})
@@ -872,7 +872,7 @@ func Test_server_UpdateUserToken(t *testing.T) {
 
 		t.Logf("operator-id : %s, user-two-owner : %s", userTest.ownerOne.ID, userTest.ownerTwo.ID)
 
-		userTest.storage.EXPECT().GetUser(gomock.Eq(userTest.ownerTwo.ID)).Return(userTest.ownerTwo, nil)
+		userTest.storage.EXPECT().GetUser(gomock.Eq(userTest.ownerTwo.ID)).Return(userTest.ownerTwo, nil).AnyTimes()
 		resp := userTest.svr.UpdateUserToken(reqCtx, &apisecurity.User{
 			Id: utils.NewStringValue(userTest.ownerTwo.ID),
 		})
@@ -886,7 +886,7 @@ func Test_server_UpdateUserToken(t *testing.T) {
 
 		_ = userTest.cacheMgn.TestUpdate()
 		reqCtx := context.WithValue(context.Background(), utils.ContextAuthTokenKey, userTest.ownerOne.Token)
-		userTest.storage.EXPECT().GetUser(gomock.Eq(userTest.newUsers[3].ID)).Return(userTest.newUsers[3], nil)
+		userTest.storage.EXPECT().GetUser(gomock.Eq(userTest.newUsers[3].ID)).Return(userTest.newUsers[3], nil).AnyTimes()
 		resp := userTest.svr.UpdateUserToken(reqCtx, &apisecurity.User{
 			Id: utils.NewStringValue(userTest.newUsers[3].ID),
 		})

diff --git a/common/utils/common.go b/common/utils/common.go
@@ -587,7 +587,7 @@ func CheckContractInterfaceTetrad(contractId string, source apiservice.Interface
 
 func CalculateContractID(namespace, service, name, protocol, version string) (string, error) {
 	h := sha1.New()
-	str := fmt.Sprintf("%s##%s##%s##%s##%d", namespace, service, name, protocol, version)
+	str := fmt.Sprintf("%s##%s##%s##%s##%s", namespace, service, name, protocol, version)
 
 	if _, err := io.WriteString(h, str); err != nil {
 		return "", err

diff --git a/config/interceptor/paramcheck/config_file_check.go b/config/interceptor/paramcheck/config_file_check.go
@@ -55,8 +55,8 @@ func (s *Server) SearchConfigFile(ctx context.Context,
 		return out
 	}
 	searchFilters := map[string]string{
-		"offset": strconv.Itoa(int(offset)),
-		"limit":  strconv.Itoa(int(limit)),
+		"offset": strconv.FormatInt(int64(offset), 10),
+		"limit":  strconv.FormatInt(int64(limit), 10),
 	}
 	for k, v := range filter {
 		// 无效查询参数自动忽略

diff --git a/config/interceptor/paramcheck/config_file_group_check.go b/config/interceptor/paramcheck/config_file_group_check.go
@@ -49,8 +49,8 @@ func (s *Server) QueryConfigFileGroups(ctx context.Context,
 	}
 
 	searchFilters := map[string]string{
-		"offset": strconv.Itoa(int(offset)),
-		"limit":  strconv.Itoa(int(limit)),
+		"offset": strconv.FormatInt(int64(offset), 10),
+		"limit":  strconv.FormatInt(int64(limit), 10),
 	}
 	for k, v := range filter {
 		if newK, ok := availableSearch["config_file_group"][k]; ok {

diff --git a/config/interceptor/paramcheck/config_file_release_check.go b/config/interceptor/paramcheck/config_file_release_check.go
@@ -107,8 +107,8 @@ func (s *Server) GetConfigFileReleases(ctx context.Context,
 	}
 
 	searchFilters := map[string]string{
-		"offset": strconv.Itoa(int(offset)),
-		"limit":  strconv.Itoa(int(limit)),
+		"offset": strconv.FormatInt(int64(offset), 10),
+		"limit":  strconv.FormatInt(int64(limit), 10),
 	}
 	for k, v := range filters {
 		if nK, ok := availableSearch["config_file_release"][k]; ok {

diff --git a/config/interceptor/paramcheck/config_file_release_history_check.go b/config/interceptor/paramcheck/config_file_release_history_check.go
@@ -38,8 +38,8 @@ func (s *Server) GetConfigFileReleaseHistories(ctx context.Context,
 	}
 
 	searchFilters := map[string]string{
-		"offset": strconv.Itoa(int(offset)),
-		"limit":  strconv.Itoa(int(limit)),
+		"offset": strconv.FormatInt(int64(offset), 10),
+		"limit":  strconv.FormatInt(int64(limit), 10),
 	}
 
 	for k, v := range filter {