Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: 管理员用户查询从缓存读取 #2831 #2907

Merged
merged 2 commits into from
Jan 10, 2025
Merged

feat: 管理员用户查询从缓存读取 #2831 #2907

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
5f76560
feat: 管理员用户查询从缓存读取 #2831
zacYL Jan 7, 2025
8ecd3bd
feat: 调整缓存时间到2min #2831
zacYL Jan 9, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions src/backend/auth/api-auth/src/main/kotlin/com/tencent/bkrepo/auth/api/ServiceUserClient.kt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -109,4 +109,8 @@ interface ServiceUserClient {
fun userTokenById(
@PathVariable uid: String
): Response<List<String>>

@ApiOperation("获取admin用户")
@GetMapping("/admin/users")
fun listAdminUsers(): Response<List<String>>
}
4 changes: 4 additions & 0 deletions ...-auth/src/main/kotlin/com/tencent/bkrepo/auth/controller/service/ServiceUserController.kt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -93,4 +93,8 @@ class ServiceUserController @Autowired constructor(
override fun userTokenById(uid: String): Response<List<String>> {
return ResponseBuilder.success(userService.listValidToken(uid).map { it.id })
}

override fun listAdminUsers(): Response<List<String>> {
return ResponseBuilder.success(userService.listAdminUsers())
}
}
5 changes: 5 additions & 0 deletions src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/dao/UserDao.kt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -155,4 +155,9 @@ class UserDao : SimpleMongoDao<TUser>() {
return this.findOne(query)
}

fun findAllAdminUsers(): List<TUser> {
val query = Query(Criteria.where(TUser::admin.name).`is`(true))
return this.find(query)
}

}
2 changes: 2 additions & 0 deletions src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/service/UserService.kt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -96,4 +96,6 @@ interface UserService {
fun validateEntityUser(userId: String): Boolean

fun getRelatedUserById(userId: String): List<UserInfo>

fun listAdminUsers(): List<String>
}
4 changes: 4 additions & 0 deletions ...nd/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/service/local/UserServiceImpl.kt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -399,6 +399,10 @@ class UserServiceImpl constructor(
return userDao.getUserByAsstUser(userId).map { UserRequestUtil.convToUserInfo(it) }
}

override fun listAdminUsers(): List<String> {
return userDao.findAllAdminUsers().map { it.userId }
}

companion object {
private val logger = LoggerFactory.getLogger(UserServiceImpl::class.java)
}
Expand Down
22 changes: 21 additions & 1 deletion ...ervice/src/main/kotlin/com/tencent/bkrepo/common/metadata/permission/PermissionManager.kt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -104,6 +104,16 @@ open class PermissionManager(
CacheBuilder.newBuilder().maximumSize(1).expireAfterWrite(30L, TimeUnit.MINUTES).build(cacheLoader)
}


private val adminUsersCache: LoadingCache<String, List<String>> by lazy {
val cacheLoader = object : CacheLoader<String, List<String>>() {
override fun load(userType: String): List<String> {
return userResource.listAdminUsers().data ?: emptyList()
}
}
CacheBuilder.newBuilder().maximumSize(1).expireAfterWrite(2, TimeUnit.MINUTES).build(cacheLoader)
}

/**
* 校验项目权限
* @param action 动作
Expand Down Expand Up @@ -557,7 +567,16 @@ open class PermissionManager(
* 判断是否为管理员
*/
open fun isAdminUser(userId: String): Boolean {
return userResource.userInfoById(userId).data?.admin == true
return if (!httpAuthProperties.adminCacheEnabled) {
userResource.userInfoById(userId).data?.admin == true
} else {
try {
adminUsersCache.get(ADMIN_USER).contains(userId)
} catch (e: Exception) {
logger.warn("search admin user cache error: ${e.message}")
userResource.userInfoById(userId).data?.admin == true
}
}
}


Expand All @@ -575,6 +594,7 @@ open class PermissionManager(
private const val METADATA = "metadata"
private const val NODES = "nodes"
private const val PACKAGE_NAME_PREFIX = "com.tencent.bkrepo"
private const val ADMIN_USER = "admin"

/**
* 检查是否为匿名用户,如果是匿名用户则返回401并提示登录
Expand Down
6 changes: 5 additions & 1 deletion ...curity/src/main/kotlin/com/tencent/bkrepo/common/security/http/core/HttpAuthProperties.kt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,5 +38,9 @@ data class HttpAuthProperties(
/**
* 是否开启认证
*/
var enabled: Boolean = true
var enabled: Boolean = true,
/**
* 是否禁用管理员缓存
*/
var adminCacheEnabled: Boolean = true,
)
Loading