feat:企业级鉴权功能实现

Author: chuntaojun

Diff for: .github/workflows/codecov.yaml

@@ -61,13 +61,25 @@ jobs:
         with:
           fetch-depth: 2
 
+      - uses: shogo82148/actions-setup-mysql@v1
+        with:
+          mysql-version: "5.7"
+          auto-start: true
+          my-cnf: |
+            innodb_log_file_size=256MB
+            innodb_buffer_pool_size=512MB
+            max_allowed_packet=16MB
+            max_connections=50
+            local_infile=1
+          root-password: root
+
+
       - name: Initialize database
         env:
           MYSQL_DB_USER: root
           MYSQL_DB_PWD: root
           MYSQL_DATABASE: polaris_server
         run: |
-          sudo systemctl start mysql.service
           mysql -e 'CREATE DATABASE ${{ env.MYSQL_DATABASE }};' -u${{ env.MYSQL_DB_USER }} -p${{ env.MYSQL_DB_PWD }}
           mysql -e "ALTER USER '${{ env.MYSQL_DB_USER }}'@'localhost' IDENTIFIED WITH mysql_native_password BY 'root';"  -u${{ env.MYSQL_DB_USER }} -p${{ env.MYSQL_DB_PWD }}
 

Diff for: .golangci.yml

@@ -167,7 +167,7 @@ linters-settings:
         disabled: false
       - name: max-public-structs
         severity: warning
-        disabled: false
+        disabled: true
         arguments: [35]
       - name: indent-error-flow
         severity: warning
@@ -281,7 +281,7 @@ linters-settings:
   govet:
     # Report about shadowed variables.
     # Default: false
-    check-shadowing: true
+    shadow: false
     # Settings per analyzer.
     settings:
       # Analyzer name, run `go tool vet help` to see all analyzers.

Diff for: admin/api.go

@@ -25,6 +25,7 @@ import (
 
 	"github.com/polarismesh/polaris/common/model"
 	"github.com/polarismesh/polaris/common/model/admin"
+	authcommon "github.com/polarismesh/polaris/common/model/auth"
 )
 
 // AdminOperateServer Maintain related operation
@@ -55,4 +56,6 @@ type AdminOperateServer interface {
 	GetCMDBInfo(ctx context.Context) ([]model.LocationView, error)
 	// InitMainUser
 	InitMainUser(ctx context.Context, user apisecurity.User) error
+	// GetServerFunctions Get server functions
+	GetServerFunctions(ctx context.Context) []authcommon.ServerFunctionGroup
 }

Diff for: admin/config.go

@@ -23,7 +23,8 @@ import (
 
 // Config maintain configuration
 type Config struct {
-	Jobs []job.JobConfig `yaml:"jobs"`
+	Jobs         []job.JobConfig `yaml:"jobs"`
+	Interceptors []string        `yaml:"-"`
 }
 
 func DefaultConfig() *Config {

Diff for: admin/default.go

@@ -20,21 +20,32 @@ package admin
 import (
 	"context"
 	"errors"
+	"fmt"
 
 	"github.com/polarismesh/polaris/admin/job"
-	"github.com/polarismesh/polaris/auth"
 	"github.com/polarismesh/polaris/cache"
 	"github.com/polarismesh/polaris/service"
 	"github.com/polarismesh/polaris/service/healthcheck"
 	"github.com/polarismesh/polaris/store"
 )
 
 var (
-	server         AdminOperateServer
-	maintainServer = &Server{}
-	finishInit     bool
+	server               AdminOperateServer
+	maintainServer       = &Server{}
+	finishInit           bool
+	serverProxyFactories = map[string]ServerProxyFactory{}
 )
 
+type ServerProxyFactory func(ctx context.Context, pre AdminOperateServer) (AdminOperateServer, error)
+
+func RegisterServerProxy(name string, factor ServerProxyFactory) error {
+	if _, ok := serverProxyFactories[name]; ok {
+		return fmt.Errorf("duplicate ServerProxyFactory, name(%s)", name)
+	}
+	serverProxyFactories[name] = factor
+	return nil
+}
+
 // Initialize 初始化
 func Initialize(ctx context.Context, cfg *Config, namingService service.DiscoverServer,
 	healthCheckServer *healthcheck.Server, cacheMgn *cache.CacheManager, storage store.Store) error {
@@ -43,40 +54,49 @@ func Initialize(ctx context.Context, cfg *Config, namingService service.Discover
 		return nil
 	}
 
-	err := initialize(ctx, cfg, namingService, healthCheckServer, cacheMgn, storage)
+	proxySvr, actualSvr, err := InitServer(ctx, cfg, namingService, healthCheckServer, cacheMgn, storage)
 	if err != nil {
 		return err
 	}
 
+	server = proxySvr
+	maintainServer = actualSvr
 	finishInit = true
 	return nil
 }
 
-func initialize(_ context.Context, cfg *Config, namingService service.DiscoverServer,
-	healthCheckServer *healthcheck.Server, cacheMgn *cache.CacheManager, storage store.Store) error {
+func InitServer(ctx context.Context, cfg *Config, namingService service.DiscoverServer,
+	healthCheckServer *healthcheck.Server, cacheMgn *cache.CacheManager, storage store.Store) (AdminOperateServer, *Server, error) {
 
-	userMgn, err := auth.GetUserServer()
-	if err != nil {
-		return err
-	}
+	actualSvr := new(Server)
 
-	strategyMgn, err := auth.GetStrategyServer()
-	if err != nil {
-		return err
-	}
-
-	maintainServer.namingServer = namingService
-	maintainServer.healthCheckServer = healthCheckServer
-	maintainServer.cacheMgn = cacheMgn
-	maintainServer.storage = storage
+	actualSvr.namingServer = namingService
+	actualSvr.healthCheckServer = healthCheckServer
+	actualSvr.cacheMgn = cacheMgn
+	actualSvr.storage = storage
 
 	maintainJobs := job.NewMaintainJobs(namingService, cacheMgn, storage)
 	if err := maintainJobs.StartMaintianJobs(cfg.Jobs); err != nil {
-		return err
+		return nil, nil, err
 	}
 
-	server = newServerAuthAbility(maintainServer, userMgn, strategyMgn)
-	return nil
+	var proxySvr AdminOperateServer
+	proxySvr = actualSvr
+	order := GetChainOrder()
+	for i := range order {
+		factory, exist := serverProxyFactories[order[i]]
+		if !exist {
+			return nil, nil, fmt.Errorf("name(%s) not exist in serverProxyFactories", order[i])
+		}
+
+		afterSvr, err := factory(ctx, proxySvr)
+		if err != nil {
+			return nil, nil, err
+		}
+		proxySvr = afterSvr
+	}
+
+	return proxySvr, actualSvr, nil
 }
 
 // GetServer 获取已经初始化好的Server

Diff for: admin/interceptor/auth/log.go

@@ -0,0 +1,24 @@
+/**
+ * Tencent is pleased to support the open source community by making Polaris available.
+ *
+ * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved.
+ *
+ * Licensed under the BSD 3-Clause License (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * https://opensource.org/licenses/BSD-3-Clause
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed
+ * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+ * CONDITIONS OF ANY KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations under the License.
+ */
+
+package auth
+
+import (
+	commonlog "github.com/polarismesh/polaris/common/log"
+)
+
+var log = commonlog.GetScopeOrDefaultByName(commonlog.AuthLoggerName)