Merge pull request #17 from srako/pr

阿里云微服务引擎Nacos鉴权支持
workbunny · Nov 10, 2023 · 64701cd · 64701cd
2 parents 64e5bb3 + 3d4f6b5
commit 64701cd
Show file tree

Hide file tree

Showing 5 changed files with 89 additions and 21 deletions.
diff --git a/composer.json b/composer.json
@@ -20,7 +20,8 @@
     "guzzlehttp/promises": "^1.5",
     "guzzlehttp/guzzle": "^7.4",
     "workerman/http-client": "^1.0",
-    "monolog/monolog": "^2.8"
+    "monolog/monolog": "^2.8",
+    "ext-mbstring": "*"
   },
   "require-dev": {
     "workerman/webman-framework": "^1.3.0",

diff --git a/src/Provider/AbstractProvider.php b/src/Provider/AbstractProvider.php
@@ -61,6 +61,12 @@ abstract class AbstractProvider
     /** @var string|null  */
     protected ?string $password = null;
 
+    /** @var string|null  */
+    protected ?string $accessKeyId = null;
+
+    /** @var string|null  */
+    protected ?string $accessKeySecret = null;
+
     /**
      * AbstractProvider constructor.
      * @param NacosClient $client
@@ -76,6 +82,8 @@ public function __construct(NacosClient $client, ?array $config = null)
         isset($config['port']) && $this->port = (int) $config['port'];
         isset($config['username']) && $this->username = (string) $config['username'];
         isset($config['password']) && $this->password = (string) $config['password'];
+        isset($config['access_key_id']) && $this->accessKeyId = (string) $config['access_key_id'];
+        isset($config['access_key_secret']) && $this->accessKeySecret = (string) $config['access_key_secret'];
     }
 
     /**
@@ -138,9 +146,7 @@ public function httpClientAsync(): AsyncClient
     public function request(string $method, string $uri, array $options = [])
     {
         try {
-            if($token = $this->issueToken()){
-                $options[RequestOptions::QUERY]['accessToken'] = $token;
-            }
+            $this->issueToken($options);
             $response = $this->httpClient()->request($method, $uri, $options);
         } catch (RequestException $exception) {
             if ($exception->hasResponse()) {
@@ -164,9 +170,7 @@ public function request(string $method, string $uri, array $options = [])
     public function requestAsync(string $method, string $uri, array $options = [])
     {
         try {
-            if($token = $this->issueToken()){
-                $options[RequestOptions::QUERY]['accessToken'] = $token;
-            }
+            $this->issueToken($options);
             return $this->httpClient()->requestAsync($method, $uri, $options);
         } catch (RequestException $exception) {
             if ($exception->hasResponse()) {
@@ -196,9 +200,7 @@ public function requestAsyncUseEventLoop(string $method, string $uri, array $opt
     {
         try {
             # 同步阻塞获取token
-            if($token = $this->issueToken()){
-                $options[RequestOptions::QUERY]['accessToken'] = $token;
-            }
+            $this->issueToken($options);
             $queryString = http_build_query($options[RequestOptions::QUERY] ?? []);
             $headers = array_merge($options[RequestOptions::HEADERS] ?? [], [
                 'Connection' => 'keep-alive'

diff --git a/src/Traits/Authentication.php b/src/Traits/Authentication.php
@@ -14,6 +14,7 @@
 namespace Workbunny\WebmanNacos\Traits;
 
 use GuzzleHttp\Exception\GuzzleException;
+use GuzzleHttp\RequestOptions;
 
 /**
  * Trait Authentication
@@ -33,17 +34,17 @@ trait Authentication
 
     /**
      * 获取token
-     * @return string|null
+     * @return void
      * @throws GuzzleException
      */
-    public function issueToken(): ?string
+    public function issueToken(array &$options = [])
     {
         if ($this->username === null || $this->password === null) {
-            return null;
+            $this->mseAuth($options);
+            return;
         }
-
         if (!$this->isExpired()) {
-            return $this->accessToken;
+            return;
         }
 
         $result = $this->handleResponse(
@@ -52,8 +53,7 @@ public function issueToken(): ?string
 
         $this->accessToken = $result['accessToken'];
         $this->expireTime = $result['tokenTtl'] + time();
-
-        return $this->accessToken;
+        $options[RequestOptions::QUERY]['accessToken'] = $this->accessToken;
     }
 
     /**
@@ -67,4 +67,61 @@ protected function isExpired(): bool
         }
         return true;
     }
+
+    /**
+     * 阿里云微服务引擎MSE鉴权
+     * @param array $options
+     * @return void
+     */
+    protected function mseAuth(array &$options = [])
+    {
+        if ($this->accessKeyId === null || $this->accessKeySecret === null) {
+            return;
+        }
+
+        $paramsToSign = $options[RequestOptions::QUERY] ?? $options[RequestOptions::FORM_PARAMS] ?? [];
+
+        $signStr = '';
+        $millisecondTs = (int)(microtime(true) * 1000);
+
+
+        // config signature
+        if (isset($paramsToSign['tenant'])&&$paramsToSign['tenant']) {
+            $signStr .= $paramsToSign['tenant'] . '+';
+        }
+        if (isset($paramsToSign['group'])&&$paramsToSign['group']) {
+            $signStr .= $paramsToSign['group'] . '+';
+        }
+        $signStr .= $millisecondTs;
+
+
+        // naming signature
+        if (isset($paramsToSign['serviceName'])) {
+            $signStr = $millisecondTs;
+            if (mb_strpos($paramsToSign['serviceName'], '@@') !== false
+                || !isset($paramsToSign['groupName'])
+                || $paramsToSign['groupName'] == '') {
+                $signStr .= '@@' . $paramsToSign['serviceName'];
+            } else {
+                $signStr .= '@@' . $paramsToSign['groupName'] . '@@' . $paramsToSign['serviceName'];
+            }
+        }
+
+        // 签名
+        $signature = base64_encode(hash_hmac('sha1', $signStr, $this->accessKeySecret, true));
+
+        // config增加header
+        $options[RequestOptions::HEADERS] = [
+                'timeStamp' => $millisecondTs,
+                'Spas-AccessKey' => $this->accessKeyId,
+                'Spas-Signature' => $signature,
+            ] + ($options[RequestOptions::HEADERS] ?? []);
+
+        // naming增加query
+        $options[RequestOptions::QUERY] = [
+                'data' => $signStr,
+                'ak' => $this->accessKeyId,
+                'signature' => $signature,
+            ] + ($options[RequestOptions::QUERY] ?? []);
+    }
 }
diff --git a/src/config/plugin/workbunny/webman-nacos/app.php b/src/config/plugin/workbunny/webman-nacos/app.php
@@ -4,8 +4,12 @@
 
     'host' => '127.0.0.1',
     'port' => 8848,
-    'username' => '',
-    'password' => '',
+    'username' => null,
+    'password' => null,
+
+    // 阿里云微服务引擎MSE
+    'access_key_id' => null,
+    'access_key_secret' => null,
 
     /** 长轮询等待时长 毫秒 @desc 当长轮询间隔不存在时，该项作为默认值使用，其余时间则不生效 */
     'long_pulling_timeout'  => 30000,

diff --git a/src/config/plugin/workbunny/webman-nacos/channel.php b/src/config/plugin/workbunny/webman-nacos/channel.php
@@ -3,7 +3,11 @@
     'default' => [
         'host' => '127.0.0.1',
         'port' => 8848,
-        'username' => '',
-        'password' => '',
+        'username' => null,
+        'password' => null,
+
+        // 阿里云微服务引擎MSE
+        'access_key_id' => null,
+        'access_key_secret' => null,
     ],
 ];