Skip to content

Abnormal token status #3043

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 9 commits into from
May 16, 2025
Merged

Abnormal token status #3043

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
e226245
feat(sql_manage): add exception status code field to exception audit …
LordofAvernus May 15, 2025
29cada5
feat(storage): Add a method to get active audit plans based on projec…
LordofAvernus May 15, 2025
95cd776
fix(instance_audit_plan): Add token non-empty condition in query to a…
LordofAvernus May 15, 2025
faf4c44
refactor(instance_audit_plan): refactor the audit plan token generati…
LordofAvernus May 15, 2025
caffa99
gen swag
LordofAvernus May 15, 2025
fc46b1f
feat: add token exp
LordofAvernus May 15, 2025
64fa7c7
gen swag
LordofAvernus May 15, 2025
ed24982
refactor: optimization generate token
LordofAvernus May 16, 2025
41bf5a0
gen swag
LordofAvernus May 16, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion sqle/api/app.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -257,7 +257,7 @@ func StartApi(net *gracenet.Net, exitChan chan struct{}, config *config.SqleOpti
v1ProjectOpRouter.DELETE("/:project_name/instance_audit_plans/:instance_audit_plan_id/", v1.DeleteInstanceAuditPlan)
v1ProjectOpRouter.PUT("/:project_name/instance_audit_plans/:instance_audit_plan_id/", v1.UpdateInstanceAuditPlan)
v1ProjectOpRouter.PATCH("/:project_name/instance_audit_plans/:instance_audit_plan_id/", v1.UpdateInstanceAuditPlanStatus)
v1ProjectOpRouter.PATCH("/:project_name/instance_audit_plans/:instance_audit_plan_id/token", v1.GenerateAuditPlanToken)
v1ProjectOpRouter.PATCH("/:project_name/instance_audit_plans/:instance_audit_plan_id/token", v1.RefreshAuditPlanToken)

// audit plan; 智能扫描任务
v1ProjectOpRouter.DELETE("/:project_name/instance_audit_plans/:instance_audit_plan_id/audit_plans/:audit_plan_id/", v1.DeleteAuditPlanById)
Expand Down
95 changes: 79 additions & 16 deletions sqle/api/controller/v1/instance_audit_plan.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -199,9 +199,9 @@ func CreateInstanceAuditPlan(c echo.Context) error {
if err != nil {
return controller.JSONBaseErrorReq(c, err)
}

// generate token , 生成ID后根据ID生成token
if err := generateAndUpdateAuditPlanToken(ap, tokenExpire); err != nil {
err = HandleAuditPlanToken(ap.GetIDStr())
if err != nil {
return controller.JSONBaseErrorReq(c, err)
}

Expand All @@ -214,18 +214,60 @@ func CreateInstanceAuditPlan(c echo.Context) error {
})
}

func generateAndUpdateAuditPlanToken(ap *model.InstanceAuditPlan, tokenExpire time.Duration) error {
t, err := dmsCommonJwt.GenJwtToken(dmsCommonJwt.WithExpiredTime(tokenExpire), dmsCommonJwt.WithAuditPlanName(utils.Md5(ap.GetIDStr())))
if err != nil {
return errors.New(errors.DataConflict, err)
}
err = model.GetStorage().UpdateInstanceAuditPlanByID(ap.ID, map[string]interface{}{"token": t})
func HandleAuditPlanToken(instanceAuditPlanID string) error {
s := model.GetStorage()

ap, exist, err := s.GetInstanceAuditPlanDetail(instanceAuditPlanID)
if err != nil {
return err
}
if !exist {
return errors.NewInstanceAuditPlanNotExistErr()
}

return UpdateInstanceAuditPlanToken(ap, tokenExpire)
}

func UpdateInstanceAuditPlanToken(ap *model.InstanceAuditPlan, tokenExpire time.Duration) error {
// 存在scanner依赖的任务类型时候,重新生成token
needGenerate := HasScannerTypeSubPlans(ap)
// 当前token是否为为空
currentTokenEmpty := ap.Token == ""

var token string
var err error
if needGenerate {
token, err = newAuditPlanToken(ap, tokenExpire)
if err != nil {
return errors.New(errors.DataConflict, err)
}
}

// 1. 添加token: 存在scanner类型任务并且原本token为空
// 2. 删除token: 不存在scanner类型任务并且原本token不为空
if needGenerate == currentTokenEmpty {
return model.GetStorage().UpdateInstanceAuditPlanByID(ap.ID, map[string]interface{}{"token": token})
}
return nil
}

func HasScannerTypeSubPlans(ap *model.InstanceAuditPlan) bool {
supportedTypes := auditplan.GetSupportedScannerAuditPlanType()
for _, plan := range ap.AuditPlans {
if _, ok := supportedTypes[plan.Type]; ok {
return true
}
}
return false
}

func newAuditPlanToken(ap *model.InstanceAuditPlan, tokenExpire time.Duration) (string, error) {
return dmsCommonJwt.GenJwtToken(
dmsCommonJwt.WithExpiredTime(tokenExpire),
dmsCommonJwt.WithAuditPlanName(utils.Md5(ap.GetIDStr())),
)
}

// @Summary 删除实例扫描任务
// @Description delete instance audit plan
// @Id deleteInstanceAuditPlanV1
Expand Down Expand Up @@ -385,6 +427,10 @@ func UpdateInstanceAuditPlan(c echo.Context) error {
if err != nil {
return controller.JSONBaseErrorReq(c, err)
}
err = HandleAuditPlanToken(instanceAuditPlanID)
if err != nil {
return controller.JSONBaseErrorReq(c, err)
}
return controller.JSONBaseErrorReq(c, nil)
}

Expand Down Expand Up @@ -760,6 +806,10 @@ func DeleteAuditPlanById(c echo.Context) error {
if err != nil {
return controller.JSONBaseErrorReq(c, err)
}
err = HandleAuditPlanToken(instanceAuditPlanID)
if err != nil {
return controller.JSONBaseErrorReq(c, err)
}
return controller.JSONBaseErrorReq(c, nil)
}

Expand Down Expand Up @@ -1298,22 +1348,22 @@ func AuditPlanTriggerSqlAudit(c echo.Context) error {
return controller.JSONBaseErrorReq(c, nil)
}

type GenerateAuditPlanTokenReqV1 struct {
type RefreshAuditPlanTokenReqV1 struct {
ExpiresInDays *int `json:"expires_in_days"`
}

// @Summary 生成扫描任务token
// @Description generate audit plan token
// @Id generateAuditPlanTokenV1
// @Summary 重置扫描任务token
// @Description refresh audit plan token
// @Id refreshAuditPlanTokenV1
// @Tags instance_audit_plan
// @Security ApiKeyAuth
// @param audit_plan body v1.GenerateAuditPlanTokenReqV1 false "update instance audit plan token"
// @param audit_plan body v1.RefreshAuditPlanTokenReqV1 false "update instance audit plan token"
// @Param project_name path string true "project name"
// @Param instance_audit_plan_id path string true "instance audit plan id"
// @Success 200 {object} controller.BaseRes
// @router /v1/projects/{project_name}/instance_audit_plans/{instance_audit_plan_id}/token [patch]
func GenerateAuditPlanToken(c echo.Context) error {
req := new(GenerateAuditPlanTokenReqV1)
func RefreshAuditPlanToken(c echo.Context) error {
req := new(RefreshAuditPlanTokenReqV1)
if err := controller.BindAndValidateReq(c, req); err != nil {
return controller.JSONBaseErrorReq(c, err)
}
Expand All @@ -1338,9 +1388,22 @@ func GenerateAuditPlanToken(c echo.Context) error {
expireDuration = time.Duration(expiresInDays) * 24 * time.Hour
}
}
err = generateAndUpdateAuditPlanToken(instanceAuditPlan, expireDuration)

err = RefreshInstanceAuditPlanToken(instanceAuditPlan, expireDuration)
if err != nil {
return controller.JSONBaseErrorReq(c, err)
}
return controller.JSONBaseErrorReq(c, nil)
}

func RefreshInstanceAuditPlanToken(ap *model.InstanceAuditPlan, tokenExpire time.Duration) error {
var token string
var err error
if HasScannerTypeSubPlans(ap) {
token, err = newAuditPlanToken(ap, tokenExpire)
if err != nil {
return errors.New(errors.DataConflict, err)
}
}
return model.GetStorage().UpdateInstanceAuditPlanByID(ap.ID, map[string]interface{}{"token": token})
}
2 changes: 2 additions & 0 deletions sqle/api/controller/v1/sql_manage.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -547,6 +547,8 @@ type GetAbnormalAuditPlanInstancesResp struct {
type AbnormalAuditPlanInstance struct {
InstanceName string `json:"instance_name" example:"MySQL"`
InstanceAuditPlanID uint `json:"instance_audit_plan_id"`
AbnormalStatusCode uint `json:"abnormal_status_code"`
TokenEXP int64 `json:"token_exp" example:"1747129752"`
}

// GetAbnormalInstanceAuditPlans get the instance of audit plan execution abnormal
Expand Down
38 changes: 26 additions & 12 deletions sqle/docs/docs.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3843,19 +3843,19 @@ var doc = `{
"ApiKeyAuth": []
}
],
"description": "generate audit plan token",
"description": "refresh audit plan token",
"tags": [
"instance_audit_plan"
],
"summary": "生成扫描任务token",
"operationId": "generateAuditPlanTokenV1",
"summary": "重置扫描任务token",
"operationId": "refreshAuditPlanTokenV1",
"parameters": [
{
"description": "update instance audit plan token",
"name": "audit_plan",
"in": "body",
"schema": {
"$ref": "#/definitions/v1.GenerateAuditPlanTokenReqV1"
"$ref": "#/definitions/v1.RefreshAuditPlanTokenReqV1"
}
},
{
Expand Down Expand Up @@ -12363,12 +12363,19 @@ var doc = `{
"v1.AbnormalAuditPlanInstance": {
"type": "object",
"properties": {
"abnormal_status_code": {
"type": "integer"
},
"instance_audit_plan_id": {
"type": "integer"
},
"instance_name": {
"type": "string",
"example": "MySQL"
},
"token_exp": {
"type": "integer",
"example": 1747129752
}
}
},
Expand Down Expand Up @@ -14514,14 +14521,6 @@ var doc = `{
}
}
},
"v1.GenerateAuditPlanTokenReqV1": {
"type": "object",
"properties": {
"expires_in_days": {
"type": "integer"
}
}
},
"v1.GetAbnormalAuditPlanInstancesResp": {
"type": "object",
"properties": {
Expand Down Expand Up @@ -16992,6 +16991,10 @@ var doc = `{
"last_collection_time": {
"type": "string"
},
"token_exp": {
"type": "integer",
"example": 1747129752
},
"total_sql_nums": {
"type": "integer"
},
Expand Down Expand Up @@ -17826,6 +17829,14 @@ var doc = `{
}
}
},
"v1.RefreshAuditPlanTokenReqV1": {
"type": "object",
"properties": {
"expires_in_days": {
"type": "integer"
}
}
},
"v1.RejectWorkflowReqV1": {
"type": "object",
"properties": {
Expand Down Expand Up @@ -18224,6 +18235,9 @@ var doc = `{
"type": {
"type": "string",
"example": "全局配置"
},
"version": {
"type": "integer"
}
}
},
Expand Down
38 changes: 26 additions & 12 deletions sqle/docs/swagger.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3827,19 +3827,19 @@
"ApiKeyAuth": []
}
],
"description": "generate audit plan token",
"description": "refresh audit plan token",
"tags": [
"instance_audit_plan"
],
"summary": "生成扫描任务token",
"operationId": "generateAuditPlanTokenV1",
"summary": "重置扫描任务token",
"operationId": "refreshAuditPlanTokenV1",
"parameters": [
{
"description": "update instance audit plan token",
"name": "audit_plan",
"in": "body",
"schema": {
"$ref": "#/definitions/v1.GenerateAuditPlanTokenReqV1"
"$ref": "#/definitions/v1.RefreshAuditPlanTokenReqV1"
}
},
{
Expand Down Expand Up @@ -12347,12 +12347,19 @@
"v1.AbnormalAuditPlanInstance": {
"type": "object",
"properties": {
"abnormal_status_code": {
"type": "integer"
},
"instance_audit_plan_id": {
"type": "integer"
},
"instance_name": {
"type": "string",
"example": "MySQL"
},
"token_exp": {
"type": "integer",
"example": 1747129752
}
}
},
Expand Down Expand Up @@ -14498,14 +14505,6 @@
}
}
},
"v1.GenerateAuditPlanTokenReqV1": {
"type": "object",
"properties": {
"expires_in_days": {
"type": "integer"
}
}
},
"v1.GetAbnormalAuditPlanInstancesResp": {
"type": "object",
"properties": {
Expand Down Expand Up @@ -16976,6 +16975,10 @@
"last_collection_time": {
"type": "string"
},
"token_exp": {
"type": "integer",
"example": 1747129752
},
"total_sql_nums": {
"type": "integer"
},
Expand Down Expand Up @@ -17810,6 +17813,14 @@
}
}
},
"v1.RefreshAuditPlanTokenReqV1": {
"type": "object",
"properties": {
"expires_in_days": {
"type": "integer"
}
}
},
"v1.RejectWorkflowReqV1": {
"type": "object",
"properties": {
Expand Down Expand Up @@ -18208,6 +18219,9 @@
"type": {
"type": "string",
"example": "全局配置"
},
"version": {
"type": "integer"
}
}
},
Expand Down
Loading
Loading