From 741229dc9249d8a83b35480aad4bf7e38daf867d Mon Sep 17 00:00:00 2001
From: iSecloud <869820505@qq.com>
Date: Mon, 27 Nov 2023 20:29:51 +0800
Subject: [PATCH] =?UTF-8?q?fix(backend):=20db=5Fcloud=5Ftoken=E5=A2=9E?=
 =?UTF-8?q?=E5=8A=A0=E7=BC=93=E5=AD=98=20#2157?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 dbm-ui/backend/db_proxy/constants.py          |  3 ++
 dbm-ui/backend/db_proxy/views/serialiers.py   | 38 ++++++++++++-------
 .../db_services/dbresource/handlers.py        |  2 +-
 .../db_services/mysql/cluster/handlers.py     | 11 +++++-
 helm-charts/bk-dbm/Chart.yaml                 |  4 +-
 helm-charts/bk-dbm/charts/dbpriv/Chart.yaml   |  2 +-
 6 files changed, 41 insertions(+), 19 deletions(-)

diff --git a/dbm-ui/backend/db_proxy/constants.py b/dbm-ui/backend/db_proxy/constants.py
index 633076342a..b976cb3b76 100644
--- a/dbm-ui/backend/db_proxy/constants.py
+++ b/dbm-ui/backend/db_proxy/constants.py
@@ -17,7 +17,10 @@
 
 NGINX_PUSH_TARGET_PATH = "/usr/local/bkdb/nginx-portable/conf/cluster_service/"
 
+# 缓存inst_id和nginx id，用于回调job，默认缓存时间5min
 JOB_INSTANCE_EXPIRE_TIME = 5 * 60
+# 定义token过期时间1天，防止废弃的token复用
+DB_CLOUD_TOKEN_EXPIRE_TIME = 1 * 24 * 60 * 60
 
 
 class ExtensionType(str, StructuredEnum):
diff --git a/dbm-ui/backend/db_proxy/views/serialiers.py b/dbm-ui/backend/db_proxy/views/serialiers.py
index d6596ad481..6609386a98 100644
--- a/dbm-ui/backend/db_proxy/views/serialiers.py
+++ b/dbm-ui/backend/db_proxy/views/serialiers.py
@@ -17,6 +17,8 @@
 from backend.core.encrypt.constants import AsymmetricCipherConfigType
 from backend.core.encrypt.exceptions import RSADecryptException
 from backend.core.encrypt.handlers import AsymmetricHandler
+from backend.db_proxy.constants import DB_CLOUD_TOKEN_EXPIRE_TIME
+from backend.utils.redis import RedisConn
 
 logger = logging.getLogger("root")
 
@@ -29,6 +31,21 @@ class BaseProxyPassSerialier(serializers.Serializer):
     db_cloud_token = serializers.CharField(help_text=_("调用的校验token"), required=False)
     bk_cloud_id = serializers.IntegerField(help_text=_("请求服务所属的云区域ID"), required=False)
 
+    @classmethod
+    def verify_token(cls, db_cloud_token, bk_cloud_id):
+        try:
+            token = AsymmetricHandler.decrypt(name=AsymmetricCipherConfigType.PROXYPASS.value, content=db_cloud_token)
+        except RSADecryptException:
+            raise serializers.ValidationError(_("token:{}解密失败，请检查token是否合法").format(db_cloud_token))
+        except KeyError:
+            raise serializers.ValidationError(_("token:{}不存在，请传入校验token").format(db_cloud_token))
+
+        token_cloud_id = int(token.split("_")[0])
+        if token_cloud_id != int(bk_cloud_id):
+            raise serializers.ValidationError(
+                _("解析的云区域ID{}与请求参数的云区域ID{}不相同，请检查token是否合法").format(token_cloud_id, bk_cloud_id)
+            )
+
     def validate(self, attrs):
         request = self.context["request"]
 
@@ -40,20 +57,13 @@ def validate(self, attrs):
         if getattr(request, "internal_call", None):
             return attrs
 
-        try:
-            token = AsymmetricHandler.decrypt(
-                name=AsymmetricCipherConfigType.PROXYPASS.value, content=attrs["db_cloud_token"]
-            )
-        except RSADecryptException:
-            raise serializers.ValidationError(_("token:{}解密失败，请检查token是否合法").format(attrs["db_cloud_token"]))
-        except KeyError:
-            raise serializers.ValidationError(_("token:{}不存在，请传入校验token").format(attrs["db_cloud_token"]))
-
-        token_cloud_id = int(token.split("_")[0])
-        if token_cloud_id != int(attrs["bk_cloud_id"]):
-            raise serializers.ValidationError(
-                _("解析的云区域ID{}与请求参数的云区域ID{}不相同，请检查token是否合法").format(token_cloud_id, attrs["bk_cloud_id"])
-            )
+        # 解密/或拿到缓存ID
+        db_cloud_token, bk_cloud_id = attrs["db_cloud_token"], attrs["bk_cloud_id"]
+        cache_key = f"cache_db_cloud_token_{bk_cloud_id}"
+        cache_db_cloud_token = RedisConn.get(cache_key)
+        if db_cloud_token != cache_db_cloud_token:
+            self.verify_token(db_cloud_token, bk_cloud_id)
+            RedisConn.set(cache_key, db_cloud_token, DB_CLOUD_TOKEN_EXPIRE_TIME)
 
         attrs.pop("db_cloud_token")
         return attrs
diff --git a/dbm-ui/backend/db_services/dbresource/handlers.py b/dbm-ui/backend/db_services/dbresource/handlers.py
index c30499690a..3aacb15ee4 100644
--- a/dbm-ui/backend/db_services/dbresource/handlers.py
+++ b/dbm-ui/backend/db_services/dbresource/handlers.py
@@ -222,7 +222,7 @@ def spec_resource_count(cls, bk_biz_id: int, bk_cloud_id: int, spec_ids: List[in
             for spec in specs
         ]
         spec_count_params = {
-            "bk_biz_id": bk_biz_id,
+            "for_biz_id": bk_biz_id,
             "resource_type": resource_type,
             "bk_cloud_id": bk_cloud_id,
             "details": spec_count_details,
diff --git a/dbm-ui/backend/db_services/mysql/cluster/handlers.py b/dbm-ui/backend/db_services/mysql/cluster/handlers.py
index 50f20759d1..7b7a9a85d7 100644
--- a/dbm-ui/backend/db_services/mysql/cluster/handlers.py
+++ b/dbm-ui/backend/db_services/mysql/cluster/handlers.py
@@ -8,6 +8,7 @@
 an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
 specific language governing permissions and limitations under the License.
 """
+import copy
 import itertools
 import operator
 from collections import defaultdict
@@ -28,7 +29,7 @@
     TenDBClusterSpiderRole,
 )
 from backend.db_meta.exceptions import InstanceNotExistException
-from backend.db_meta.models import Cluster, DBModule, ProxyInstance, StorageInstance
+from backend.db_meta.models import Cluster, DBModule, ProxyInstance, StorageInstance, TenDBClusterSpiderExt
 from backend.db_meta.models.machine import Machine
 from backend.db_services.mysql.dataclass import ClusterFilter, DBInstance
 
@@ -165,6 +166,11 @@ def _fill_spider_instance_info(_cluster: Cluster, _cluster_info: Dict):
                     for role in TenDBClusterSpiderRole.get_values()
                 }
             )
+            # 增加spider_ctl角色信息
+            _cluster_info["spider_ctl"] = copy.deepcopy(_cluster_info["spider_master"])
+            for instance in _cluster_info["spider_ctl"]:
+                instance["port"] = instance["admin_port"]
+                instance["instance_address"] = f"{instance['ip']}:{instance['port']}"
 
         filter_conditions = Q()
         for cluster_filter in cluster_filters:
@@ -189,6 +195,9 @@ def _fill_spider_instance_info(_cluster: Cluster, _cluster_info: Dict):
                 cluster.storageinstance_set.all().count() + cluster.proxyinstance_set.all().count()
             )
             if cluster.cluster_type == ClusterType.TenDBCluster:
+                cluster_info["instance_count"] += cluster.proxyinstance_set.filter(
+                    tendbclusterspiderext__spider_role=TenDBClusterSpiderRole.SPIDER_MASTER
+                ).count()
                 _fill_spider_instance_info(cluster, cluster_info)
             else:
                 _fill_mysql_instance_info(cluster, cluster_info)
diff --git a/helm-charts/bk-dbm/Chart.yaml b/helm-charts/bk-dbm/Chart.yaml
index e7825c269a..b52830ecb6 100644
--- a/helm-charts/bk-dbm/Chart.yaml
+++ b/helm-charts/bk-dbm/Chart.yaml
@@ -79,5 +79,5 @@ dependencies:
 description: A Helm chart for bkdbm
 name: bk-dbm
 type: application
-version: 1.3.0-alpha.5
-appVersion: 1.3.0-alpha.5
+version: 1.3.0-alpha.6
+appVersion: 1.3.0-alpha.6
diff --git a/helm-charts/bk-dbm/charts/dbpriv/Chart.yaml b/helm-charts/bk-dbm/charts/dbpriv/Chart.yaml
index 38d7f0780e..e325822342 100644
--- a/helm-charts/bk-dbm/charts/dbpriv/Chart.yaml
+++ b/helm-charts/bk-dbm/charts/dbpriv/Chart.yaml
@@ -3,4 +3,4 @@ name: dbpriv
 description: A Helm chart for dbpriv
 type: application
 version: 0.1.31
-appVersion: 0.0.1-alpha.167
+appVersion: 0.0.1-alpha.170