Merge remote-tracking branch 'upstream/2.x' into test-os-2.x

wangliang181230 · Nov 30, 2023 · af82725 · af82725
2 parents ef61c29 + fb6b20e
commit af82725
Show file tree

Hide file tree

Showing 4 changed files with 42 additions and 39 deletions.
diff --git a/changes/en-us/2.x.md b/changes/en-us/2.x.md
@@ -16,6 +16,8 @@ Add changes here for all PR submitted to the 2.x branch.
 - [[#6089](https://github.com/seata/seata/pull/6089)] modify the semantics of RaftServerFactory and remove unnecessary singleton
 - [[#4473](https://github.com/seata/seata/pull/4473)] rm appdata size limit
 - [[#6071](https://github.com/seata/seata/pull/6071)] add git infos to jars
+- [[#6042](https://github.com/seata/seata/pull/6042)] add secure authentication to interfaces in ClusterController
+- [[#6091](https://github.com/seata/seata/pull/6091)] Optimizing the method of obtaining the tc address during raft authentication
 
 
 ### security:
@@ -36,5 +38,6 @@ Thanks to these contributors for their code commits. Please report an unintended
 - [funky-eyes](https://github.com/funky-eyes)
 - [Bughue](https://github.com/Bughue)
 - [wangliang181230](https://github.com/wangliang181230)
+- [ggbocoder](https://github.com/ggbocoder)
 
 Also, we receive many valuable issues, questions and advices from our community. Thanks for you all.
diff --git a/changes/zh-cn/2.x.md b/changes/zh-cn/2.x.md
@@ -16,6 +16,8 @@
 - [[#6089](https://github.com/seata/seata/pull/6089)] 修改RaftServerFactory语义并删除不必要的单例构建
 - [[#4473](https://github.com/seata/seata/pull/4473)] rm appdata大小限制
 - [[#6071](https://github.com/seata/seata/pull/6071)] 添加git信息到JAR包中
+- [[#6042](https://github.com/seata/seata/pull/6042)] 增加raft模式鉴权机制
+- [[#6091](https://github.com/seata/seata/pull/6091)] 优化raft鉴权时获取tc地址的方式
 
 
 ### security:
@@ -36,5 +38,6 @@
 - [funky-eyes](https://github.com/funky-eyes)
 - [Bughue](https://github.com/Bughue)
 - [wangliang181230](https://github.com/wangliang181230)
+- [ggbocoder](https://github.com/ggbocoder)
 
 同时，我们收到了社区反馈的很多有价值的issue和建议，非常感谢大家。
diff --git a/...iscovery-raft/src/main/java/io/seata/discovery/registry/raft/RaftRegistryServiceImpl.java b/...iscovery-raft/src/main/java/io/seata/discovery/registry/raft/RaftRegistryServiceImpl.java
@@ -121,11 +121,6 @@ public class RaftRegistryServiceImpl implements RegistryService<ConfigChangeList
     }
 
     private RaftRegistryServiceImpl() {
-        try {
-            refreshToken();
-        } catch (RetryableException e) {
-            throw new RuntimeException("Init fetch token failed!", e);
-        }
     }
 
     /**
@@ -306,9 +301,9 @@ private static boolean watch() {
             String tcAddress = queryHttpAddress(clusterName, group);
             try {
                 if (isTokenExpired()) {
-                    refreshToken();
+                    refreshToken(tcAddress);
                 }
-                if (!StringUtils.isNotBlank(jwtToken)) {
+                if (StringUtils.isNotBlank(jwtToken)) {
                     header.put(AUTHORIZATION_HEADER, jwtToken);
                 }
                 try (CloseableHttpResponse response =
@@ -370,7 +365,7 @@ private static void acquireClusterMetaData(String clusterName, String group) thr
         Map<String, String> header = new HashMap<>();
         header.put(HTTP.CONTENT_TYPE, ContentType.APPLICATION_FORM_URLENCODED.getMimeType());
         if (isTokenExpired()) {
-            refreshToken();
+            refreshToken(tcAddress);
         }
         if (StringUtils.isNotBlank(jwtToken)) {
             header.put(AUTHORIZATION_HEADER, jwtToken);
@@ -407,43 +402,38 @@ private static void acquireClusterMetaData(String clusterName, String group) thr
         }
     }
 
-    private static void refreshToken() throws RetryableException {
+    private static void refreshToken(String tcAddress) throws RetryableException {
         // if username and password is not in config , return
         if (StringUtils.isBlank(USERNAME) || StringUtils.isBlank(PASSWORD)) {
             return;
         }
-        String raftClusterAddress = CONFIG.getConfig(getRaftAddrFileKey());
         // get token and set it in cache
-        if (StringUtils.isNotBlank(raftClusterAddress)) {
-            String[] tcAddressList = raftClusterAddress.split(",");
-            String tcAddress = tcAddressList[0];
-            Map<String, String> param = new HashMap<>();
-            param.put(PRO_USERNAME_KEY, USERNAME);
-            param.put(PRO_PASSWORD_KEY, PASSWORD);
-            Map<String, String> header = new HashMap<>();
-            header.put(HTTP.CONTENT_TYPE, ContentType.APPLICATION_JSON.getMimeType());
-            String response = null;
-            tokenTimeStamp = System.currentTimeMillis();
-            try (CloseableHttpResponse httpResponse =
-                     HttpClientUtil.doPost("http://" + tcAddress + "/api/v1/auth/login", param, header, 1000)) {
-                if (httpResponse != null) {
-                    if (httpResponse.getStatusLine().getStatusCode() == HttpStatus.SC_OK) {
-                        response = EntityUtils.toString(httpResponse.getEntity(), StandardCharsets.UTF_8);
-                        JsonNode jsonNode = OBJECT_MAPPER.readTree(response);
-                        String codeStatus = jsonNode.get("code").asText();
-                        if (!StringUtils.equals(codeStatus, "200")) {
-                            //authorized failed,throw exception to kill process
-                            throw new AuthenticationFailedException("Authentication failed! you should configure the correct username and password.");
-                        }
-                        jwtToken = jsonNode.get("data").asText();
-                    } else {
+        Map<String, String> param = new HashMap<>();
+        param.put(PRO_USERNAME_KEY, USERNAME);
+        param.put(PRO_PASSWORD_KEY, PASSWORD);
+        Map<String, String> header = new HashMap<>();
+        header.put(HTTP.CONTENT_TYPE, ContentType.APPLICATION_JSON.getMimeType());
+        String response = null;
+        tokenTimeStamp = System.currentTimeMillis();
+        try (CloseableHttpResponse httpResponse =
+                 HttpClientUtil.doPost("http://" + tcAddress + "/api/v1/auth/login", param, header, 1000)) {
+            if (httpResponse != null) {
+                if (httpResponse.getStatusLine().getStatusCode() == HttpStatus.SC_OK) {
+                    response = EntityUtils.toString(httpResponse.getEntity(), StandardCharsets.UTF_8);
+                    JsonNode jsonNode = OBJECT_MAPPER.readTree(response);
+                    String codeStatus = jsonNode.get("code").asText();
+                    if (!StringUtils.equals(codeStatus, "200")) {
                         //authorized failed,throw exception to kill process
                         throw new AuthenticationFailedException("Authentication failed! you should configure the correct username and password.");
                     }
+                    jwtToken = jsonNode.get("data").asText();
+                } else {
+                    //authorized failed,throw exception to kill process
+                    throw new AuthenticationFailedException("Authentication failed! you should configure the correct username and password.");
                 }
-            } catch (IOException e) {
-                throw new RetryableException(e.getMessage(), e);
             }
+        } catch (IOException e) {
+            throw new RetryableException(e.getMessage(), e);
         }
     }
 
@@ -471,6 +461,12 @@ public List<InetSocketAddress> lookup(String key) throws Exception {
                     return null;
                 }
                 INIT_ADDRESSES.put(clusterName, list);
+                // init jwt token
+                try {
+                    refreshToken(queryHttpAddress(clusterName, key));
+                } catch (Exception e) {
+                    throw new RuntimeException("Init fetch token failed!", e);
+                }
                 // Refresh the metadata by initializing the address
                 acquireClusterMetaDataByClusterName(clusterName);
                 startQueryMetadata();

diff --git a/...very-raft/src/test/java/io/seata/discovery/registry/raft/RaftRegistryServiceImplTest.java b/...very-raft/src/test/java/io/seata/discovery/registry/raft/RaftRegistryServiceImplTest.java
@@ -59,6 +59,7 @@ public static void beforeClass() {
     public static void adAfterClass() throws Exception {
         System.clearProperty("service.vgroupMapping.tx");
     }
+
     /**
      * test whether throws exception when login failed
      */
@@ -81,9 +82,9 @@ public void testLoginFailed() throws IOException, NoSuchMethodException {
                 .thenReturn(mockResponse);
 
             // Use reflection to access and invoke the private method
-            Method refreshTokenMethod = RaftRegistryServiceImpl.class.getDeclaredMethod("refreshToken");
+            Method refreshTokenMethod = RaftRegistryServiceImpl.class.getDeclaredMethod("refreshToken", String.class);
             refreshTokenMethod.setAccessible(true);
-            assertThrows(Exception.class, () -> refreshTokenMethod.invoke(null));
+            assertThrows(Exception.class, () -> refreshTokenMethod.invoke(RaftRegistryServiceImpl.getInstance(), "127.0.0.1:8092"));
 
         }
     }
@@ -111,9 +112,9 @@ public void testRefreshTokenSuccess() throws IOException, NoSuchMethodException,
                 .thenReturn(mockResponse);
 
 
-            Method refreshTokenMethod = RaftRegistryServiceImpl.class.getDeclaredMethod("refreshToken");
+            Method refreshTokenMethod = RaftRegistryServiceImpl.class.getDeclaredMethod("refreshToken", String.class);
             refreshTokenMethod.setAccessible(true);
-            refreshTokenMethod.invoke(null);
+            refreshTokenMethod.invoke(RaftRegistryServiceImpl.getInstance(), "127.0.0.1:8092");
             Field jwtTokenField = RaftRegistryServiceImpl.class.getDeclaredField("jwtToken");
             jwtTokenField.setAccessible(true);
             String jwtTokenAct = (String) jwtTokenField.get(null);