From 1ff6d295fd2021e0843aa88b596e4225a01e4612 Mon Sep 17 00:00:00 2001
From: srako <wangchangsheng@shhzcj.com>
Date: Wed, 8 Nov 2023 17:24:50 +0800
Subject: [PATCH 1/2] =?UTF-8?q?=E6=94=AF=E6=8C=81=E9=98=BF=E9=87=8C?=
 =?UTF-8?q?=E4=BA=91=E5=BE=AE=E6=9C=8D=E5=8A=A1=E5=BC=95=E6=93=8EMSE?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 composer.json                                 |  9 +--
 src/Provider/AbstractProvider.php             | 20 +++---
 src/Traits/Authentication.php                 | 71 +++++++++++++++++--
 .../plugin/workbunny/webman-nacos/app.php     |  8 ++-
 .../plugin/workbunny/webman-nacos/channel.php |  8 ++-
 5 files changed, 92 insertions(+), 24 deletions(-)

diff --git a/composer.json b/composer.json
index 2ab69cf..14c7fc3 100644
--- a/composer.json
+++ b/composer.json
@@ -1,5 +1,5 @@
 {
-  "name": "workbunny/webman-nacos",
+  "name": "srako/webman-nacos",
   "type": "library",
   "license": "MIT",
   "description": "Webman plugin workbunny/webman-nacos",
@@ -11,8 +11,8 @@
     }
   ],
   "support": {
-    "issues": "https://github.com/workbunny/webman-nacos/issues",
-    "source": "https://github.com/workbunny/webman-nacos"
+    "issues": "https://github.com/srako/webman-nacos/issues",
+    "source": "https://github.com/srako/webman-nacos"
   },
   "require": {
     "php": ">=7.4",
@@ -20,7 +20,8 @@
     "guzzlehttp/promises": "^1.5",
     "guzzlehttp/guzzle": "^7.4",
     "workerman/http-client": "^1.0",
-    "monolog/monolog": "^2.8"
+    "monolog/monolog": "^2.8",
+    "ext-mbstring": "*"
   },
   "require-dev": {
     "workerman/webman-framework": "^1.3.0",
diff --git a/src/Provider/AbstractProvider.php b/src/Provider/AbstractProvider.php
index cbd63d0..4c2b7d2 100644
--- a/src/Provider/AbstractProvider.php
+++ b/src/Provider/AbstractProvider.php
@@ -61,6 +61,12 @@ abstract class AbstractProvider
     /** @var string|null  */
     protected ?string $password = null;
 
+    /** @var string|null  */
+    protected ?string $accessKeyId = null;
+
+    /** @var string|null  */
+    protected ?string $accessKeySecret = null;
+
     /**
      * AbstractProvider constructor.
      * @param NacosClient $client
@@ -76,6 +82,8 @@ public function __construct(NacosClient $client, ?array $config = null)
         isset($config['port']) && $this->port = (int) $config['port'];
         isset($config['username']) && $this->username = (string) $config['username'];
         isset($config['password']) && $this->password = (string) $config['password'];
+        isset($config['access_key_id']) && $this->accessKeyId = (string) $config['access_key_id'];
+        isset($config['access_key_secret']) && $this->accessKeySecret = (string) $config['access_key_secret'];
     }
 
     /**
@@ -138,9 +146,7 @@ public function httpClientAsync(): AsyncClient
     public function request(string $method, string $uri, array $options = [])
     {
         try {
-            if($token = $this->issueToken()){
-                $options[RequestOptions::QUERY]['accessToken'] = $token;
-            }
+            $this->issueToken($options);
             $response = $this->httpClient()->request($method, $uri, $options);
         } catch (RequestException $exception) {
             if ($exception->hasResponse()) {
@@ -164,9 +170,7 @@ public function request(string $method, string $uri, array $options = [])
     public function requestAsync(string $method, string $uri, array $options = [])
     {
         try {
-            if($token = $this->issueToken()){
-                $options[RequestOptions::QUERY]['accessToken'] = $token;
-            }
+            $this->issueToken($options);
             return $this->httpClient()->requestAsync($method, $uri, $options);
         } catch (RequestException $exception) {
             if ($exception->hasResponse()) {
@@ -196,9 +200,7 @@ public function requestAsyncUseEventLoop(string $method, string $uri, array $opt
     {
         try {
             # 同步阻塞获取token
-            if($token = $this->issueToken()){
-                $options[RequestOptions::QUERY]['accessToken'] = $token;
-            }
+            $this->issueToken($options);
             $queryString = http_build_query($options[RequestOptions::QUERY] ?? []);
             $headers = array_merge($options[RequestOptions::HEADERS] ?? [], [
                 'Connection' => 'keep-alive'
diff --git a/src/Traits/Authentication.php b/src/Traits/Authentication.php
index 1a80290..03e797f 100644
--- a/src/Traits/Authentication.php
+++ b/src/Traits/Authentication.php
@@ -14,6 +14,7 @@
 namespace Workbunny\WebmanNacos\Traits;
 
 use GuzzleHttp\Exception\GuzzleException;
+use GuzzleHttp\RequestOptions;
 
 /**
  * Trait Authentication
@@ -33,17 +34,17 @@ trait Authentication
 
     /**
      * 获取token
-     * @return string|null
+     * @return void
      * @throws GuzzleException
      */
-    public function issueToken(): ?string
+    public function issueToken(array &$options = [])
     {
         if ($this->username === null || $this->password === null) {
-            return null;
+            $this->mseAuth($options);
+            return;
         }
-
         if (!$this->isExpired()) {
-            return $this->accessToken;
+            return;
         }
 
         $result = $this->handleResponse(
@@ -52,8 +53,7 @@ public function issueToken(): ?string
 
         $this->accessToken = $result['accessToken'];
         $this->expireTime = $result['tokenTtl'] + time();
-
-        return $this->accessToken;
+        $options[RequestOptions::QUERY]['accessToken'] = $this->accessToken;
     }
 
     /**
@@ -67,4 +67,61 @@ protected function isExpired(): bool
         }
         return true;
     }
+
+    /**
+     * 阿里云微服务引擎MSE鉴权
+     * @param array $options
+     * @return void
+     */
+    protected function mseAuth(array &$options = [])
+    {
+        if ($this->accessKeyId === null || $this->accessKeySecret === null) {
+            return;
+        }
+
+        $paramsToSign = $options[RequestOptions::QUERY] ?? $options[RequestOptions::FORM_PARAMS] ?? [];
+
+        $signStr = '';
+        $millisecondTs = (int)(microtime(true) * 1000);
+
+
+        // config signature
+        if (isset($paramsToSign['tenant'])&&$paramsToSign['tenant']) {
+            $signStr .= $paramsToSign['tenant'] . '+';
+        }
+        if (isset($paramsToSign['group'])&&$paramsToSign['group']) {
+            $signStr .= $paramsToSign['group'] . '+';
+        }
+        $signStr .= $millisecondTs;
+
+
+        // naming signature
+        if (isset($paramsToSign['serviceName'])) {
+            $signStr = $millisecondTs;
+            if (mb_strpos($paramsToSign['serviceName'], '@@') !== false
+                || !isset($paramsToSign['groupName'])
+                || $paramsToSign['groupName'] == '') {
+                $signStr .= '@@' . $paramsToSign['serviceName'];
+            } else {
+                $signStr .= '@@' . $paramsToSign['groupName'] . '@@' . $paramsToSign['serviceName'];
+            }
+        }
+
+        // 签名
+        $signature = base64_encode(hash_hmac('sha1', $signStr, $this->accessKeySecret, true));
+
+        // config增加header
+        $options[RequestOptions::HEADERS] = [
+                'timeStamp' => $millisecondTs,
+                'Spas-AccessKey' => $this->accessKeyId,
+                'Spas-Signature' => $signature,
+            ] + ($options[RequestOptions::HEADERS] ?? []);
+
+        // naming增加query
+        $options[RequestOptions::QUERY] = [
+                'data' => $signStr,
+                'ak' => $this->accessKeyId,
+                'signature' => $signature,
+            ] + ($options[RequestOptions::QUERY] ?? []);
+    }
 }
diff --git a/src/config/plugin/workbunny/webman-nacos/app.php b/src/config/plugin/workbunny/webman-nacos/app.php
index 839e045..94033f4 100644
--- a/src/config/plugin/workbunny/webman-nacos/app.php
+++ b/src/config/plugin/workbunny/webman-nacos/app.php
@@ -4,8 +4,12 @@
 
     'host' => '127.0.0.1',
     'port' => 8848,
-    'username' => '',
-    'password' => '',
+    'username' => null,
+    'password' => null,
+
+    // 阿里云微服务引擎MSE
+    'access_key_id' => null,
+    'access_key_secret' => null,
 
     /** 长轮询等待时长 毫秒 @desc 当长轮询间隔不存在时，该项作为默认值使用，其余时间则不生效 */
     'long_pulling_timeout'  => 30000,
diff --git a/src/config/plugin/workbunny/webman-nacos/channel.php b/src/config/plugin/workbunny/webman-nacos/channel.php
index eaedf51..62f73e7 100644
--- a/src/config/plugin/workbunny/webman-nacos/channel.php
+++ b/src/config/plugin/workbunny/webman-nacos/channel.php
@@ -3,7 +3,11 @@
     'default' => [
         'host' => '127.0.0.1',
         'port' => 8848,
-        'username' => '',
-        'password' => '',
+        'username' => null,
+        'password' => null,
+
+        // 阿里云微服务引擎MSE
+        'access_key_id' => null,
+        'access_key_secret' => null,
     ],
 ];
\ No newline at end of file

From 3d4f6b5fddd381880f639170c52d23031df4e689 Mon Sep 17 00:00:00 2001
From: srako <wangchangsheng@shhzcj.com>
Date: Thu, 9 Nov 2023 18:14:06 +0800
Subject: [PATCH 2/2] =?UTF-8?q?=E6=94=AF=E6=8C=81=E9=98=BF=E9=87=8C?=
 =?UTF-8?q?=E4=BA=91=E5=BE=AE=E6=9C=8D=E5=8A=A1=E5=BC=95=E6=93=8EMSE,pull?=
 =?UTF-8?q?=20request?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 composer.json | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/composer.json b/composer.json
index 14c7fc3..7f196a0 100644
--- a/composer.json
+++ b/composer.json
@@ -1,5 +1,5 @@
 {
-  "name": "srako/webman-nacos",
+  "name": "workbunny/webman-nacos",
   "type": "library",
   "license": "MIT",
   "description": "Webman plugin workbunny/webman-nacos",
@@ -11,8 +11,8 @@
     }
   ],
   "support": {
-    "issues": "https://github.com/srako/webman-nacos/issues",
-    "source": "https://github.com/srako/webman-nacos"
+    "issues": "https://github.com/workbunny/webman-nacos/issues",
+    "source": "https://github.com/workbunny/webman-nacos"
   },
   "require": {
     "php": ">=7.4",