Merge branch 'main' of https://github.com/ideal-world/bios

Author: ljl

Cargo.toml

@@ -76,10 +76,10 @@ tardis = { version = "0.1.0-rc.15" }
 #   "ext-redis",
 #   "ext-axum",
 # ] }
-spacegate-shell = { git = "https://github.com/ideal-world/spacegate.git", branch = "master", features = [
+spacegate-shell = { git = "https://github.com/ideal-world/spacegate.git", branch = "dev", features = [
   "cache",
   "k8s",
-  # "ext-redis",
+  "ext-axum",
 ] }
 
-spacegate-plugin = { git = "https://github.com/ideal-world/spacegate.git", branch = "master" }
+spacegate-plugin = { git = "https://github.com/ideal-world/spacegate.git", branch = "dev" }

backend/gateways/spacegate-plugins/Cargo.toml

@@ -16,7 +16,12 @@ schema = ["spacegate-plugin/schema"]
 [dependencies]
 serde.workspace = true
 lazy_static.workspace = true
-spacegate-shell = { workspace = true, features = ["cache", "k8s", "ext-redis"] }
+spacegate-shell = { workspace = true, features = [
+  "cache",
+  "k8s",
+  "ext-redis",
+  "ext-axum",
+] }
 spacegate-plugin = { workspace = true, features = ["schema"], optional = true }
 
 bios-sdk-invoke = { path = "../../../frontend/sdks/invoke", features = [

backend/gateways/spacegate-plugins/src/lib.rs

@@ -9,8 +9,8 @@ mod plugin;
 
 pub const PACKAGE_NAME: &str = "spacegate_lib";
 use plugin::op_redis_publisher;
-use spacegate_shell::plugin::SgPluginRepository;
-pub fn register_lib_plugins(repo: &SgPluginRepository) {
+use spacegate_shell::plugin::PluginRepository;
+pub fn register_lib_plugins(repo: &PluginRepository) {
     repo.register::<ip_time::IpTimePlugin>();
     repo.register::<anti_replay::AntiReplayPlugin>();
     repo.register::<anti_xss::AntiXssPlugin>();

backend/gateways/spacegate-plugins/src/plugin/anti_replay.rs

@@ -2,11 +2,11 @@ use std::sync::Arc;
 use std::time::Duration;
 
 use serde::{Deserialize, Serialize};
+use spacegate_shell::ext_redis::{redis::AsyncCommands, RedisClient};
 use spacegate_shell::hyper::{Request, Response, StatusCode};
 use spacegate_shell::kernel::extension::PeerAddr;
 use spacegate_shell::kernel::helper_layers::function::Inner;
 use spacegate_shell::plugin::{Plugin, PluginError};
-use spacegate_shell::spacegate_ext_redis::{redis::AsyncCommands, RedisClient};
 use spacegate_shell::{BoxError, SgBody, SgRequestExt, SgResponseExt};
 
 use tardis::serde_json;
@@ -15,7 +15,7 @@ use tardis::{basic::result::TardisResult, tokio};
 #[cfg(feature = "schema")]
 use spacegate_plugin::schemars;
 #[cfg(feature = "schema")]
-spacegate_plugin::schema!(AntiReplayPlugin, SgFilterAntiReplay);
+spacegate_plugin::schema!(AntiReplayPlugin, AntiReplayPlugin);
 #[derive(Serialize, Deserialize, Clone)]
 #[cfg_attr(feature = "schema", derive(schemars::JsonSchema))]
 #[serde(default)]
@@ -81,6 +81,13 @@ async fn get_status(md5: &str, cache_key: &str, cache_client: &RedisClient) -> T
 
 impl Plugin for AntiReplayPlugin {
     const CODE: &'static str = "anti-replay";
+
+    fn meta() -> spacegate_plugin::PluginMetaData {
+        spacegate_plugin::plugin_meta!(
+            description: "Anti-replay plugin for Spacegate. It can prevent replay attacks by checking the MD5 hash of the request."
+        )
+    }
+
     fn create(plugin_config: spacegate_shell::plugin::PluginConfig) -> Result<Self, BoxError> {
         let config: AntiReplayPlugin = serde_json::from_value(plugin_config.spec)?;
         Ok(config)

backend/gateways/spacegate-plugins/src/plugin/anti_xss.rs

@@ -20,7 +20,8 @@ macro_rules! append_value {
 use spacegate_plugin::schemars;
 use tardis::serde_json;
 #[cfg(feature = "schema")]
-spacegate_plugin::schema!(AntiXssPlugin, SgFilterAntiXSS);
+spacegate_plugin::schema!(AntiXssPlugin, CSPConfig);
+
 #[derive(Default, Serialize, Deserialize)]
 #[cfg_attr(feature = "schema", derive(schemars::JsonSchema))]
 #[serde(default)]
@@ -157,6 +158,13 @@ pub struct AntiXssPlugin {
 
 impl Plugin for AntiXssPlugin {
     const CODE: &'static str = "anti-xss";
+
+    fn meta() -> spacegate_plugin::PluginMetaData {
+        spacegate_plugin::plugin_meta!(
+            description: "Anti XSS plugin"
+        )
+    }
+
     fn create(plugin_config: spacegate_shell::plugin::PluginConfig) -> Result<Self, BoxError> {
         let config: AntiXssConfig = serde_json::from_value(plugin_config.spec)?;
         let header = header::HeaderValue::from_str(&config.csp_config.to_string_header_value())?;

backend/gateways/spacegate-plugins/src/plugin/audit_log.rs

@@ -39,7 +39,7 @@ pub const CODE: &str = "audit_log";
 #[cfg(feature = "schema")]
 use spacegate_plugin::schemars;
 #[cfg(feature = "schema")]
-spacegate_plugin::schema!(AuditLogPlugin, SgFilterAuditLog);
+spacegate_plugin::schema!(AuditLogPlugin, AuditLogPlugin);
 
 #[derive(Serialize, Deserialize, Clone)]
 #[cfg_attr(feature = "schema", derive(schemars::JsonSchema))]
@@ -260,9 +260,14 @@ impl Default for AuditLogPlugin {
 }
 
 impl Plugin for AuditLogPlugin {
-    // type MakeLayer = SgFilterAuditLog;
     const CODE: &'static str = CODE;
 
+    fn meta() -> spacegate_plugin::PluginMetaData {
+        spacegate_plugin::plugin_meta!(
+            description: "Audit log for spacegate, it's base on spi-log"
+        )
+    }
+
     fn create(config: spacegate_shell::plugin::PluginConfig) -> Result<Self, BoxError> {
         let mut plugin: AuditLogPlugin = serde_json::from_value(config.spec.clone()).map_err(|e| -> BoxError { format!("[Plugin.AuditLog] deserialize error:{e}").into() })?;
         plugin.init()?;

backend/gateways/spacegate-plugins/src/plugin/auth.rs

@@ -536,7 +536,13 @@ fn headermap_to_hashmap(old_headers: &HeaderMap<HeaderValue>) -> TardisResult<Ha
 
 impl Plugin for AuthPlugin {
     const CODE: &'static str = CODE;
-    // type MakeLayer = SgPluginAuth;
+
+    fn meta() -> spacegate_plugin::PluginMetaData {
+        spacegate_plugin::plugin_meta!(
+            description: "Auth plugin for spacegate, it is used to authenticate the request"
+        )
+    }
+
     fn create(plugin_config: PluginConfig) -> Result<Self, BoxError> {
         let config: SgPluginAuthConfig = serde_json::from_value(plugin_config.spec.clone())?;
         let plugin: AuthPlugin = config.clone().into();

backend/gateways/spacegate-plugins/src/plugin/ip_time.rs

@@ -99,6 +99,13 @@ impl IpTimePlugin {
 }
 impl Plugin for IpTimePlugin {
     const CODE: &'static str = CODE;
+
+    fn meta() -> spacegate_plugin::PluginMetaData {
+        spacegate_plugin::plugin_meta!(
+            description: "Block/Allow IP by time rule"
+        )
+    }
+
     fn create(config: spacegate_shell::plugin::PluginConfig) -> Result<Self, BoxError> {
         let ip_time_config: SgFilterIpTimeConfig = serde_json::from_value(config.spec.clone())?;
         let plugin: IpTimePlugin = ip_time_config.into();
@@ -116,9 +123,4 @@ impl Plugin for IpTimePlugin {
         }
         Ok(inner.call(req).await)
     }
-    // fn create(_: Option<String>, value: JsonValue) -> Result<Self::MakeLayer, BoxError> {
-    //     let config: SgFilterIpTimeConfig = serde_json::from_value(value)?;
-    //     let filter: SgFilterIpTime = config.into();
-    //     Ok(filter)
-    // }
 }

backend/gateways/spacegate-plugins/src/plugin/op_redis_publisher.rs

@@ -42,12 +42,17 @@ pub struct RedisPublisherPlugin {
 impl Plugin for RedisPublisherPlugin {
     const CODE: &'static str = "op_redis_publisher";
 
+    fn meta() -> spacegate_plugin::PluginMetaData {
+        spacegate_plugin::plugin_meta!(
+            description: "Build for open platform, and it depend on plugin audit-log"
+        )
+    }
+
     fn create(config: PluginConfig) -> Result<Self, BoxError> {
-        let id = config.none_mono_id();
         let layer_config = serde_json::from_value::<RedisPublisherConfig>(config.spec.clone())?;
 
         Ok(Self {
-            key: id.redis_prefix(),
+            key: config.id.redis_prefix(),
             jsonpath_inst: if let Ok(jsonpath_inst) = JsonPathInst::from_str(&layer_config.success_json_path).map_err(|e| log::error!("[Plugin.AuditLog] invalid json path:{e}")) {
                 Some(jsonpath_inst)
             } else {

backend/gateways/spacegate-plugins/src/plugin/rewrite_ns_b_ip.rs

@@ -12,6 +12,8 @@ use std::net::IpAddr;
 use std::str::FromStr;
 use std::sync::Arc;
 
+#[cfg(feature = "schema")]
+use spacegate_plugin::schemars;
 use tardis::{log, serde_json};
 
 /// Kube available only!
@@ -66,6 +68,13 @@ impl Default for RewriteNsConfig {
 
 impl Plugin for RewriteNsPlugin {
     const CODE: &'static str = "rewrite-ns";
+
+    fn meta() -> spacegate_plugin::PluginMetaData {
+        spacegate_plugin::plugin_meta!(
+            description: "Rewrite namespace for request.Kubernetes available only!"
+        )
+    }
+
     fn create(plugin_config: PluginConfig) -> Result<Self, spacegate_shell::BoxError> {
         let config: RewriteNsConfig = serde_json::from_value(plugin_config.spec)?;
         let ip_list: Vec<IpNet> = config
@@ -119,6 +128,7 @@ impl RewriteNsPlugin {
 mod test {
 
     use http::{Method, Request, Uri, Version};
+    use spacegate_plugin::{PluginInstanceId, PluginInstanceName};
     use spacegate_shell::{
         config::K8sServiceData,
         extension::k8s_service::K8sService,
@@ -133,9 +143,11 @@ mod test {
     #[tokio::test]
     async fn test() {
         let plugin = RewriteNsPlugin::create(PluginConfig {
-            code: "rewrite-ns".into(),
+            id: PluginInstanceId {
+                code: "rewrite-ns".into(),
+                name: PluginInstanceName::mono(),
+            },
             spec: json!({"ip_list":["198.168.1.0/24"],"target_ns":"target"}),
-            name: None,
         })
         .unwrap();
 

backend/services/spacegate/Cargo.toml

@@ -19,7 +19,7 @@ spacegate-shell = { workspace = true, features = [
   "k8s",
   "plugin-all",
   "ext-redis",
-  # "ext-axum",
+  "ext-axum",
   "cache",
 ] }
 tardis = { workspace = true }

backend/services/spacegate/src/main.rs

@@ -1,6 +1,6 @@
 use serde::Deserialize;
 use spacegate_plugins::register_lib_plugins;
-use spacegate_shell::plugin::SgPluginRepository;
+use spacegate_shell::plugin::PluginRepository;
 use spacegate_shell::BoxError;
 use tardis::basic::tracing::TardisTracing;
 use tardis::tokio;
@@ -25,14 +25,9 @@ fn main() -> Result<(), BoxError> {
     }
     let rt = builder.build().expect("fail to build runtime");
     let namespaces = std::env::args().nth(1).or(config.spacegate_ns);
-    register_lib_plugins(SgPluginRepository::global());
+    register_lib_plugins(PluginRepository::global());
     rt.block_on(async move {
         let local_set = tokio::task::LocalSet::new();
-        local_set
-            .run_until(async move {
-                let join_handle = spacegate_shell::startup_k8s(namespaces.as_deref()).await.expect("fail to start spacegate");
-                join_handle.await.expect("join handle error")
-            })
-            .await
+        local_set.run_until(async move { spacegate_shell::startup_k8s(namespaces.as_deref()).await }).await
     })
 }

backend/spi/spi-conf/src/serv.rs

@@ -166,7 +166,8 @@ pub async fn register(req: RegisterRequest, funs: &TardisFunsInst, ctx: &TardisC
     // add a cert
     let ext = json!({
         "owner": ctx.owner,
-        "own_paths": ctx.own_paths
+        "own_paths": ctx.own_paths,
+        "ak": ctx.ak
     })
     .to_string();
     let mut add_cert_req = RbumCertAddReq {
@@ -228,8 +229,10 @@ pub async fn auth(ak: &str, sk: &str, funs: &TardisFunsInst) -> TardisResult<Tar
     let ext: serde_json::Value = serde_json::from_str(&cert.ext).map_err(|_| funs.err().internal_error("spi-conf", "auth", "invalid ext", "500-conf-invalid-cert-ext"))?;
     let owner = ext.get("owner").and_then(serde_json::Value::as_str).unwrap_or_default();
     let own_paths = ext.get("own_paths").and_then(serde_json::Value::as_str).unwrap_or_default();
+    let ak = ext.get("ak").and_then(serde_json::Value::as_str).unwrap_or_default();
     ctx.owner = owner.to_owned();
     ctx.own_paths = own_paths.to_owned();
+    ctx.ak = ak.to_owned();
     Ok(ctx)
 }
 

backend/spi/spi-conf/src/serv/pg/conf_pg_config_serv.rs

@@ -74,7 +74,7 @@ pub async fn get_config(descriptor: &mut ConfigDescriptor, _funs: &TardisFunsIns
     let qry_result = conn
         .query_one(
             &format!(
-                r#"SELECT (content, md5) FROM {table_name} cc
+                r#"SELECT "content", "md5" FROM {table_name} cc
 WHERE cc.namespace_id=$1 AND cc.grp=$2 AND cc.data_id=$3
 	"#,
             ),

backend/spi/spi-conf/tests/spi_conf_api_test.rs

@@ -31,7 +31,7 @@ async fn spi_conf_namespace_test() -> TardisResult<()> {
     let mut client = TestHttpClient::new("https://127.0.0.1:8080/spi-conf".to_string());
     client.set_auth(&TardisContext {
         own_paths: "t1/app001".to_string(),
-        ak: "".to_string(),
+        ak: "app001".to_string(),
         roles: vec![],
         groups: vec![],
         owner: "app001".to_string(),

backend/spi/spi-conf/tests/spi_conf_listener_test.rs

@@ -49,7 +49,7 @@ async fn spi_conf_namespace_test() -> TardisResult<()> {
     log::info!("username: {username}, password: {password}");
     client.set_auth(&TardisContext {
         own_paths: "t1/app001".to_string(),
-        ak: "".to_string(),
+        ak: "app001".to_string(),
         roles: vec![],
         groups: vec![],
         owner: "app001".to_string(),
@@ -119,7 +119,7 @@ pub async fn test_listener(client: &mut TestHttpClient) -> TardisResult<()> {
     let update_counter = Arc::new(AtomicUsize::new(0));
     let ctx_raw = Arc::new(TardisContext {
         own_paths: "t1/app001".to_string(),
-        ak: "".to_string(),
+        ak: "app001".to_string(),
         roles: vec![],
         groups: vec![],
         owner: "app001".to_string(),

backend/spi/spi-conf/tests/spi_conf_nacos_compatible_test.rs

@@ -22,7 +22,7 @@ const SCHEMA: &str = "https";
 async fn spi_conf_namespace_test() -> TardisResult<()> {
     std::env::set_var(
         "RUST_LOG",
-        "info,tardis=debug,spi_conf_listener_test=debug,sqlx=off,sea_orm=off,bios_spi_conf=DEBUG,poem_grpc=TRACE,tonic=TRACE",
+        "info,tardis=debug,spi_conf_listener_test=debug,sqlx=off,sea_orm=debug,bios_spi_conf=DEBUG,poem_grpc=TRACE,tonic=TRACE",
     );
     std::env::set_var("PROFILE", "nacos");
     let docker = testcontainers::clients::Cli::default();
@@ -51,7 +51,7 @@ async fn spi_conf_namespace_test() -> TardisResult<()> {
     log::info!("username: {username}, password: {password}");
     client.set_auth(&TardisContext {
         own_paths: "t1/app001".to_string(),
-        ak: "".to_string(),
+        ak: "app001".to_string(),
         roles: vec![],
         groups: vec![],
         owner: "app001".to_string(),
@@ -71,7 +71,7 @@ async fn test_tardis_compatibility(_test_client: &TestHttpClient) -> TardisResul
     let config = TardisFuns::fw_config();
     let ctx = TardisContext {
         own_paths: "t1/app001".to_string(),
-        ak: "".to_string(),
+        ak: "app001".to_string(),
         roles: vec![],
         groups: vec![],
         owner: "app001".to_string(),
@@ -196,7 +196,7 @@ async fn test_tardis_compatibility(_test_client: &TestHttpClient) -> TardisResul
     let _resp = nacos_client
         .publish_config(
             &NacosConfigDescriptor::new("hc-db.yaml", "hc", &(Default::default())),
-            &mut std::fs::File::open("tests/config/test-prod.yaml").expect("fail to open"),
+            &mut std::fs::File::open("tests/config/conf-nacos.toml").expect("fail to open"),
         )
         .await
         .expect("publish failed");

backend/spi/spi-conf/tests/spi_conf_test_common.rs

@@ -14,7 +14,6 @@ use testcontainers_modules::redis::Redis;
 pub struct Holder<'d> {
     pub pg: Container<'d, GenericImage>,
     pub redis: Container<'d, Redis>,
-    pub mq: Container<'d, GenericImage>,
 }
 
 #[allow(dead_code)]
@@ -27,14 +26,9 @@ pub async fn init_tardis(docker: &Cli) -> TardisResult<Holder> {
     let port = redis_container.get_host_port_ipv4(6379);
     let url = format!("redis://127.0.0.1:{port}/0");
     std::env::set_var("TARDIS_FW.CACHE.URL", url);
-    let mq_container = TardisTestContainer::rabbit_custom(docker);
-    let port = mq_container.get_host_port_ipv4(5672);
-    let url = format!("amqp://guest:guest@127.0.0.1:{port}/%2f");
-    std::env::set_var("TARDIS_FW.MQ.URL", url);
     let holder = Holder {
         pg: reldb_container,
         redis: redis_container,
-        mq: mq_container,
     };
     TardisFuns::init(Some("tests/config")).await?;
     bios_basic::rbum::rbum_initializer::init(DOMAIN_CODE, RbumConfig::default()).await?;