[feat] 1. 增加自定义签名实现，可选配置项

xingwang.liu · xingwang.liu · commit 93b8dd443a71 · 2020-12-16T16:04:31.000+08:00
diff --git a/README.md b/README.md
@@ -26,6 +26,7 @@ go get -u github.com/shima-park/agollo
 * 客户端SLB
 * 提供Viper配置库的apollo插件
 * 支持通过 ACCESSKEY_SECRET 来实现 client 安全访问
+* 支持自定义签名认证
 
 ## 示例
 
diff --git a/apollo.go b/apollo.go
@@ -0,0 +1,59 @@
+package agollo
+
+import (
+	"encoding/json"
+)
+
+// https://github.com/ctripcorp/apollo/wiki/%E5%85%B6%E5%AE%83%E8%AF%AD%E8%A8%80%E5%AE%A2%E6%88%B7%E7%AB%AF%E6%8E%A5%E5%85%A5%E6%8C%87%E5%8D%97
+type ApolloClient interface {
+	Apply(opts ...ApolloClientOption)
+
+	Notifications(configServerURL, appID, clusterName string, notifications []Notification) (int, []Notification, error)
+
+	// 该接口会直接从数据库中获取配置，可以配合配置推送通知实现实时更新配置。
+	GetConfigsFromNonCache(configServerURL, appID, cluster, namespace string, opts ...NotificationsOption) (int, *Config, error)
+
+	// 该接口会从缓存中获取配置，适合频率较高的配置拉取请求，如简单的每30秒轮询一次配置。
+	GetConfigsFromCache(configServerURL, appID, cluster, namespace string) (Configurations, error)
+
+	// 该接口从MetaServer获取ConfigServer列表
+	GetConfigServers(metaServerURL, appID string) (int, []ConfigServer, error)
+}
+
+type Notifications []Notification
+
+func (n Notifications) String() string {
+	bytes, _ := json.Marshal(n)
+	return string(bytes)
+}
+
+type Notification struct {
+	NamespaceName  string `json:"namespaceName"`  // namespaceName: "application",
+	NotificationID int    `json:"notificationId"` // notificationId: 107
+}
+
+type NotificationsOptions struct {
+	ReleaseKey string
+}
+
+type NotificationsOption func(*NotificationsOptions)
+
+func ReleaseKey(releaseKey string) NotificationsOption {
+	return func(o *NotificationsOptions) {
+		o.ReleaseKey = releaseKey
+	}
+}
+
+type Config struct {
+	AppID          string         `json:"appId"`          // appId: "AppTest",
+	Cluster        string         `json:"cluster"`        // cluster: "default",
+	NamespaceName  string         `json:"namespaceName"`  // namespaceName: "TEST.Namespace1",
+	Configurations Configurations `json:"configurations"` // configurations: {Name: "Foo"},
+	ReleaseKey     string         `json:"releaseKey"`     // releaseKey: "20181017110222-5ce3b2da895720e8"
+}
+
+type ConfigServer struct {
+	AppName     string `json:"appName"`
+	InstanceID  string `json:"instanceId"`
+	HomePageURL string `json:"homepageUrl"`
+}
diff --git a/apollo_client.go b/apollo_client.go
@@ -1,111 +1,36 @@
 package agollo
 
 import (
-	"crypto/hmac"
-	"crypto/sha1"
-	"encoding/base64"
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
 	"net"
 	"net/http"
 	"net/url"
+	"os"
 	"time"
 )
 
 var (
 	defaultClientTimeout = 90 * time.Second
 )
 
-// https://github.com/ctripcorp/apollo/wiki/%E5%85%B6%E5%AE%83%E8%AF%AD%E8%A8%80%E5%AE%A2%E6%88%B7%E7%AB%AF%E6%8E%A5%E5%85%A5%E6%8C%87%E5%8D%97
-type ApolloClient interface {
-	Apply(opts ...ApolloClientOption)
-
-	Notifications(configServerURL, appID, clusterName string, notifications []Notification) (int, []Notification, error)
-
-	// 该接口会直接从数据库中获取配置，可以配合配置推送通知实现实时更新配置。
-	GetConfigsFromNonCache(configServerURL, appID, cluster, namespace string, opts ...NotificationsOption) (int, *Config, error)
-
-	// 该接口会从缓存中获取配置，适合频率较高的配置拉取请求，如简单的每30秒轮询一次配置。
-	GetConfigsFromCache(configServerURL, appID, cluster, namespace string) (Configurations, error)
-
-	// 该接口从MetaServer获取ConfigServer列表
-	GetConfigServers(metaServerURL, appID string) (int, []ConfigServer, error)
-}
-
-type Notifications []Notification
-
-func (n Notifications) String() string {
-	bytes, _ := json.Marshal(n)
-	return string(bytes)
-}
-
-type Notification struct {
-	NamespaceName  string `json:"namespaceName"`  // namespaceName: "application",
-	NotificationID int    `json:"notificationId"` // notificationId: 107
-}
-
-type NotificationsOptions struct {
-	ReleaseKey string
-}
-
-type NotificationsOption func(*NotificationsOptions)
-
-func ReleaseKey(releaseKey string) NotificationsOption {
-	return func(o *NotificationsOptions) {
-		o.ReleaseKey = releaseKey
-	}
-}
-
-type Config struct {
-	AppID          string         `json:"appId"`          // appId: "AppTest",
-	Cluster        string         `json:"cluster"`        // cluster: "default",
-	NamespaceName  string         `json:"namespaceName"`  // namespaceName: "TEST.Namespace1",
-	Configurations Configurations `json:"configurations"` // configurations: {Name: "Foo"},
-	ReleaseKey     string         `json:"releaseKey"`     // releaseKey: "20181017110222-5ce3b2da895720e8"
-}
-
-type ConfigServer struct {
-	AppName     string `json:"appName"`
-	InstanceID  string `json:"instanceId"`
-	HomePageURL string `json:"homepageUrl"`
-}
+const (
+	// ENV_APOLLO_ACCESS_KEY 默认从环境变量中读取Apollo的AccessKey
+	// 会被显示传入的AccessKey所覆盖
+	ENV_APOLLO_ACCESS_KEY = "APOLLO_ACCESS_KEY"
+)
 
 type Doer interface {
 	Do(*http.Request) (*http.Response, error)
 }
 
 type apolloClient struct {
-	Doer       Doer
-	IP         string
-	ConfigType string // 默认properties不需要在namespace后加后缀名，其他情况例如application.json {xml,yml,yaml,json,...}
-	AccessKey  string
-}
-
-type ApolloClientOption func(*apolloClient)
-
-func WithDoer(d Doer) ApolloClientOption {
-	return func(a *apolloClient) {
-		a.Doer = d
-	}
-}
-
-func WithIP(ip string) ApolloClientOption {
-	return func(a *apolloClient) {
-		a.IP = ip
-	}
-}
-
-func WithConfigType(configType string) ApolloClientOption {
-	return func(a *apolloClient) {
-		a.ConfigType = configType
-	}
-}
-
-func WithAccessKey(accessKey string) ApolloClientOption {
-	return func(a *apolloClient) {
-		a.AccessKey = accessKey
-	}
+	Doer          Doer
+	IP            string
+	ConfigType    string // 默认properties不需要在namespace后加后缀名，其他情况例如application.json {xml,yml,yaml,json,...}
+	AccessKey     string
+	SignatureFunc SignatureFunc
 }
 
 func NewApolloClient(opts ...ApolloClientOption) ApolloClient {
@@ -115,46 +40,15 @@ func NewApolloClient(opts ...ApolloClientOption) ApolloClient {
 		Doer: &http.Client{
 			Timeout: defaultClientTimeout, // Notifications由于服务端会hold住请求60秒，所以请确保客户端访问服务端的超时时间要大于60秒。
 		},
+		AccessKey:     os.Getenv(ENV_APOLLO_ACCESS_KEY),
+		SignatureFunc: DefaultSignatureFunc,
 	}
 
 	c.Apply(opts...)
 
 	return c
 }
 
-const (
-	AUTHORIZATION_FORMAT      = "Apollo %s:%s"
-	DELIMITER                 = "\n"
-	HTTP_HEADER_AUTHORIZATION = "Authorization"
-	HTTP_HEADER_TIMESTAMP     = "Timestamp"
-)
-
-func signature(timestamp, url, accessKey string) string {
-
-	stringToSign := timestamp + DELIMITER + url
-
-	key := []byte(accessKey)
-	mac := hmac.New(sha1.New, key)
-	_, _ = mac.Write([]byte(stringToSign))
-	return base64.StdEncoding.EncodeToString(mac.Sum(nil))
-}
-
-func (c *apolloClient) httpHeader(appID, uri string) map[string]string {
-
-	headers := map[string]string{}
-	if "" == c.AccessKey {
-		return headers
-	}
-
-	timestamp := fmt.Sprintf("%v", time.Now().UnixNano()/int64(time.Millisecond))
-	signature := signature(timestamp, uri, c.AccessKey)
-
-	headers[HTTP_HEADER_AUTHORIZATION] = fmt.Sprintf(AUTHORIZATION_FORMAT, appID, signature)
-	headers[HTTP_HEADER_TIMESTAMP] = timestamp
-
-	return headers
-}
-
 func (c *apolloClient) Apply(opts ...ApolloClientOption) {
 	for _, opt := range opts {
 		opt(c)
@@ -170,7 +64,13 @@ func (c *apolloClient) Notifications(configServerURL, appID, cluster string, not
 	)
 	apiURL := fmt.Sprintf("%s%s", configServerURL, requestURI)
 
-	headers := c.httpHeader(appID, requestURI)
+	headers := c.SignatureFunc(&SignatureContext{
+		ConfigServerURL: configServerURL,
+		RequestURI:      requestURI,
+		AccessKey:       c.AccessKey,
+		AppID:           appID,
+		Cluster:         cluster,
+	})
 	status, err = c.do("GET", apiURL, headers, &result)
 	return
 }
@@ -191,7 +91,13 @@ func (c *apolloClient) GetConfigsFromNonCache(configServerURL, appID, cluster, n
 	)
 	apiURL := fmt.Sprintf("%s%s", configServerURL, requestURI)
 
-	headers := c.httpHeader(appID, requestURI)
+	headers := c.SignatureFunc(&SignatureContext{
+		ConfigServerURL: configServerURL,
+		RequestURI:      requestURI,
+		AccessKey:       c.AccessKey,
+		AppID:           appID,
+		Cluster:         cluster,
+	})
 	config = new(Config)
 	status, err = c.do("GET", apiURL, headers, config)
 	return
@@ -208,7 +114,13 @@ func (c *apolloClient) GetConfigsFromCache(configServerURL, appID, cluster, name
 	)
 	apiURL := fmt.Sprintf("%s%s", configServerURL, requestURI)
 
-	headers := c.httpHeader(appID, requestURI)
+	headers := c.SignatureFunc(&SignatureContext{
+		ConfigServerURL: configServerURL,
+		RequestURI:      requestURI,
+		AccessKey:       c.AccessKey,
+		AppID:           appID,
+		Cluster:         cluster,
+	})
 	config = make(Configurations)
 	_, err = c.do("GET", apiURL, headers, config)
 	return
@@ -219,7 +131,13 @@ func (c *apolloClient) GetConfigServers(metaServerURL, appID string) (int, []Con
 	requestURI := fmt.Sprintf("/services/config?id=%s&appId=%s", c.IP, appID)
 	apiURL := fmt.Sprintf("%s%s", metaServerURL, requestURI)
 
-	headers := c.httpHeader(appID, requestURI)
+	headers := c.SignatureFunc(&SignatureContext{
+		ConfigServerURL: metaServerURL,
+		RequestURI:      requestURI,
+		AccessKey:       c.AccessKey,
+		AppID:           appID,
+		Cluster:         "",
+	})
 	var cfs []ConfigServer
 	status, err := c.do("GET", apiURL, headers, &cfs)
 	return status, cfs, err
diff --git a/apollo_client_options.go b/apollo_client_options.go
@@ -0,0 +1,33 @@
+package agollo
+
+type ApolloClientOption func(*apolloClient)
+
+func WithDoer(d Doer) ApolloClientOption {
+	return func(a *apolloClient) {
+		a.Doer = d
+	}
+}
+
+func WithIP(ip string) ApolloClientOption {
+	return func(a *apolloClient) {
+		a.IP = ip
+	}
+}
+
+func WithConfigType(configType string) ApolloClientOption {
+	return func(a *apolloClient) {
+		a.ConfigType = configType
+	}
+}
+
+func WithAccessKey(accessKey string) ApolloClientOption {
+	return func(a *apolloClient) {
+		a.AccessKey = accessKey
+	}
+}
+
+func WithSignatureFunc(sf SignatureFunc) ApolloClientOption {
+	return func(a *apolloClient) {
+		a.SignatureFunc = sf
+	}
+}
diff --git a/apollo_client_signature.go b/apollo_client_signature.go
@@ -0,0 +1,54 @@
+package agollo
+
+import (
+	"crypto/hmac"
+	"crypto/sha1"
+	"encoding/base64"
+	"fmt"
+	"time"
+)
+
+const (
+	AUTHORIZATION_FORMAT      = "Apollo %s:%s"
+	DELIMITER                 = "\n"
+	HTTP_HEADER_AUTHORIZATION = "Authorization"
+	HTTP_HEADER_TIMESTAMP     = "Timestamp"
+)
+
+type Header map[string]string
+
+type SignatureContext struct {
+	ConfigServerURL string // 当前访问配置使用的apollo config server的url
+	AccessKey       string // 服务启动时缓存的access key
+	AppID           string // appid
+	RequestURI      string // 请求的uri，domain之后的路径
+	Cluster         string // 请求的集群，默认情况下: default，请求GetConfigServers接口时为""
+}
+
+type SignatureFunc func(ctx *SignatureContext) Header
+
+func DefaultSignatureFunc(ctx *SignatureContext) Header {
+
+	headers := map[string]string{}
+	if "" == ctx.AccessKey {
+		return headers
+	}
+
+	timestamp := fmt.Sprintf("%v", time.Now().UnixNano()/int64(time.Millisecond))
+	signature := signature(timestamp, ctx.RequestURI, ctx.AccessKey)
+
+	headers[HTTP_HEADER_AUTHORIZATION] = fmt.Sprintf(AUTHORIZATION_FORMAT, ctx.AppID, signature)
+	headers[HTTP_HEADER_TIMESTAMP] = timestamp
+
+	return headers
+}
+
+func signature(timestamp, url, accessKey string) string {
+
+	stringToSign := timestamp + DELIMITER + url
+
+	key := []byte(accessKey)
+	mac := hmac.New(sha1.New, key)
+	_, _ = mac.Write([]byte(stringToSign))
+	return base64.StdEncoding.EncodeToString(mac.Sum(nil))
+}
diff --git a/examples/sample/main.go b/examples/sample/main.go
