Skip to content

Commit

Permalink
Merge pull request TencentBlueKing#1248 from felixncheng/issue_1247
Browse files Browse the repository at this point in the history
feat: fs-server支持token刷新 TencentBlueKing#1247
  • Loading branch information
owenlxu authored Oct 12, 2023
2 parents 643583f + 0df35f0 commit bfb5c53
Show file tree
Hide file tree
Showing 3 changed files with 26 additions and 6 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,7 @@ class RouteConfiguration(
before(RouteConfiguration::initArtifactContext)
filter(permissionFilterFunction::filter)
POST("/login/{projectId}/{repoName}", loginHandler::login)
POST("/token/refresh/{projectId}/{repoName}", loginHandler::refresh)

"/service/block".nest {
GET("/list$DEFAULT_MAPPING_URI", fsNodeHandler::listBlocks)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -44,9 +44,12 @@ class PermissionFilterFunction(private val securityManager: SecurityManager) : C
private val matcher = AntPathMatcher()
override suspend fun filter(
request: ServerRequest,
next: suspend (ServerRequest) -> ServerResponse
next: suspend (ServerRequest) -> ServerResponse,
): ServerResponse {
if (request.path().startsWith("/login") || request.path().startsWith("/service")) {
if (request.path().startsWith("/login") ||
request.path().startsWith("/service") ||
request.path().startsWith("/token")
) {
return next(request)
}
val action = request.getAction()
Expand Down Expand Up @@ -92,7 +95,7 @@ class PermissionFilterFunction(private val securityManager: SecurityManager) : C
"/node/delete/**",
"/node/mkdir/**",
"/node/set-length/**",
"/block/**"
"/block/**",
)
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ import org.springframework.web.reactive.function.server.ServerResponse
class LoginHandler(
private val permissionService: PermissionService,
private val securityManager: SecurityManager,
private val rAuthClient: RAuthClient
private val rAuthClient: RAuthClient,
) {

/**
Expand All @@ -70,7 +70,11 @@ class LoginHandler(
if (tokenRes.data != true) {
throw AuthenticationException()
}
val token = createToken(projectId, repoName, username)
return ReactiveResponseBuilder.success(token)
}

private suspend fun createToken(projectId: String, repoName: String, username: String): String {
val claims = mutableMapOf(JWT_CLAIMS_REPOSITORY to "$projectId/$repoName")
val writePermit = permissionService.checkPermission(projectId, repoName, PermissionAction.WRITE, username)
if (writePermit) {
Expand All @@ -83,8 +87,20 @@ class LoginHandler(
}
val token = securityManager.generateToken(
subject = username,
claims = claims
claims = claims,
)
return ReactiveResponseBuilder.success(token)
return token
}

suspend fun refresh(request: ServerRequest): ServerResponse {
val token = request.headers().header(HttpHeaders.AUTHORIZATION).firstOrNull().orEmpty()
val jws = securityManager.validateToken(token)
val claims = jws.body
val username = claims.subject
val parts = claims[JWT_CLAIMS_REPOSITORY].toString().split("/")
val projectId = parts[0]
val repoName = parts[1]
val newToken = createToken(projectId, repoName, username)
return ReactiveResponseBuilder.success(newToken)
}
}

0 comments on commit bfb5c53

Please sign in to comment.