参数验证

Gopkg.toml

@@ -76,3 +76,7 @@
 [[constraint]]
   name = "github.com/dgrijalva/jwt-go"
   version = "3.2.0"
+
+[[constraint]]
+  name = "gopkg.in/go-playground/validator.v9"
+  version = "9.28.0"

cmd/k8s-webshell.go

@@ -13,12 +13,10 @@ func main() {
 	//ginpprof.Wrapper(ginServer)
 	utils.Logger.Info("Current ENV: ", os.Getenv("env"))
 	utils.Logger.Info("Start k8s-webshell on Port: ", setting.HTTPPort)
-	err := ginServer.RunTLS(":" + setting.HTTPPort, setting.SslCertificate, setting.SslCertificateKey)
-	//err := ginServer.Run(":" + setting.HTTPPort)
+	err := ginServer.RunTLS(":"+setting.HTTPPort, setting.SslCertificate, setting.SslCertificateKey)
 
 	if err != nil {
 		utils.Logger.Fatal("Gin  Start err", err)
 	}
 
-
 }

configs/devconfig.yaml

@@ -8,5 +8,4 @@ server:
   ssl_certificate: /Users/finup/GoglandProjects/src/k8s-webshell/configs/inside_finup.crt
   ssl_certificate_key: /Users/finup/GoglandProjects/src/k8s-webshell/configs/inside_finup.key
   jwt_secret: YouGuess
-  username: admin
-  password: 123
+  secret_key: richie

doc/demo/client/index.html

@@ -39,7 +39,7 @@
         var containerName = document.getElementById("containerName").value
         // 连接websocket
         // ws = new WebSocket("wss://k8s-webshell.finupgroup.com:7777/api/ws?" + "podNs=" + podNs + "&podName=" + podName + "&containerName=" + containerName + "&token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6ImFkbWluIiwiUGFzc3dvcmQiOiIxMjMiLCJleHAiOjE1NTQxMTgxMjUsImlzcyI6Ims4cy13ZWJzaGVsbCJ9.Dss1g9ZMflB_x0vkaK9GhRHYSZf2xek9VpfUeZaThL");
-        ws = new WebSocket("wss://k8s-webshell.finupgroup.com:7777/api/ws?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6ImFkbWluIiwiUGFzc3dvcmQiOiIxMjMiLCJwb2ROcyI6InJpY2hpZSIsInBvZE5hbWUiOiJteS1uZ2lueC1mOTk5NWJkYjYtanRyNWsiLCJjb250YWluZXJOYW1lIjoibXktbmdpbngiLCJleHAiOjE1NTQxMjg1MDMsImlzcyI6Ims4cy13ZWJzaGVsbCJ9.TDVjldy9P9XY_3BbSWGfHdHpDipSMblTqZ7LCcsDM-U");
+        ws = new WebSocket("wss://k8s-webshell.finupgroup.com:7777/api/ws?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzZWNyZXRrZXkiOiJyaWNoaWUiLCJQYWFzVXNlciI6InpodXJ1aXFpbmciLCJwb2ROcyI6InJpY2hpZSIsInBvZE5hbWUiOiJteS1uZ2lueC1mOTk5NWJkYjYtanRyNWsiLCJjb250YWluZXJOYW1lIjoibXktbmdpbngiLCJleHAiOjE1NTQyOTUwODksImlzcyI6Ims4cy13ZWJzaGVsbCJ9.P_5TQmpf29rcIDHPAiSmVMyvgyKIu8XWYLVqEOP7QRU");
         ws.onopen = function(event) {
             // ws.send(JSON.stringify({'podNs':podNs, 'podName':podName, 'containerName':containerName, 'token':'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6ImFkbWluIiwiUGFzc3dvcmQiOiIxMjMiLCJleHAiOjE1NTQxMjI2MjQsImlzcyI6Ims4cy13ZWJzaGVsbCJ9.93CNsR7QeifmnV-MmPOYqp9n1jNaceLfyWujDSSFdMM'}))
             console.log("onopen")

doc/deploy/k8s/k8s-webshell-deployment.yaml

@@ -30,5 +30,6 @@ spec:
             - name: WEBSHELL_SERVER_INCLUSTER
               value: "true"
 
+
           ports:
             - containerPort: 7777

docker-compose.yaml

@@ -32,6 +32,10 @@ services:
       - WEBSHELL_SERVER_PORT=7777
       - WEBSHELL_SERVER_KUBECONFIG=/data/admin.conf
       - WEBSHELL_SERVER_INCLUSTER=false
+      - WEBSHELL_SERVER_JWT_SECRET=Youguess
+      - WEBSHELL_SERVER_SECRET_KEY=ERkyNK2Q
+      - WEBSHELL_SERVER_SSL_CERTIFICATE=/data/inside_finup.crt
+      - WEBSHELL_SERVER_SSL_CERTIFICATE_KEY=/data/inside_finup.key
     volumes:
       - ./configs/admin.conf:/data/admin.conf
     command: ["./k8s-webshell"]    

middleware/jwt/jwt.go

@@ -1,7 +1,6 @@
 package jwt
 
 import (
-	"fmt"
 	"github.com/gin-gonic/gin"
 	"k8s-webshell/pkg/e"
 	"k8s-webshell/pkg/utils"
@@ -17,11 +16,10 @@ func JWT() gin.HandlerFunc {
 		code = e.SUCCESS
 		token := c.Query("token")
 		if token == "" {
-			fmt.Println("token is empty")
+
 			code = e.INVALID_PARAMS
 		} else {
 			claims, err := utils.ParseToken(token)
-			fmt.Println("container name", claims.ContainerName)
 
 			if err != nil {
 				code = e.ERROR_AUTH_CHECK_TOKEN_FAIL
@@ -31,6 +29,7 @@ func JWT() gin.HandlerFunc {
 			c.Set("podNs", claims.PodNs)
 			c.Set("podName", claims.PodName)
 			c.Set("containerName", claims.ContainerName)
+			c.Set("paasUser", claims.PaasUser)
 
 		}
 
@@ -44,8 +43,6 @@ func JWT() gin.HandlerFunc {
 			return
 		}
 
-		utils.Logger.Info("jwt next")
-		fmt.Println("next>>>>")
 		c.Next()
 	}
 }

pkg/api/auth.go

@@ -1,30 +1,52 @@
 package api
 
 import (
+	"fmt"
 	"github.com/gin-gonic/gin"
 	"k8s-webshell/pkg/e"
 	"k8s-webshell/pkg/setting"
 	"k8s-webshell/pkg/utils"
 	"net/http"
 )
 
-type auth struct {
-	Username string
-	Password string
+type apiAuthInfo struct {
+	SecretKey     string `from:"secretKey" binding:"required"`
+	PaasUser      string `from:"paasUser" binding:"required"`
+	PodNs         string `from:"rpodNs" binding:"required"`
+	PodName       string `from:"podName" binding:"required"`
+	ContainerName string `from:"containerName" binding:"required"`
 }
 
-
 func GetAuth(c *gin.Context) {
-	username := c.Query("username")
-	password := c.Query("password")
-	podNs := c.Query("podNs")
-	podName := c.Query("podName")
-	containerName := c.Query("containerName")
+
+	var apiAuth apiAuthInfo
 	data := make(map[string]interface{})
 	code := e.INVALID_PARAMS
 
-	if username == setting.UserName && password == setting.PassWord {
-		token, err := utils.GenerateToken(username, password, podNs, podName, containerName)
+	if c.Bind(&apiAuth) != nil {
+		utils.Logger.Info("解析json失败")
+
+		c.JSON(http.StatusBadRequest, gin.H{
+			"code": code,
+			"msg":  e.GetMsg(code),
+			"data": data,
+		})
+		return
+	}
+	fmt.Println(">>>", apiAuth.SecretKey,
+		apiAuth.SecretKey,
+		apiAuth.PaasUser,
+		apiAuth.PodNs,
+		apiAuth.PodName,
+		apiAuth.ContainerName)
+
+	if apiAuth.SecretKey == setting.SecretKey {
+		token, err := utils.GenerateToken(
+			apiAuth.SecretKey,
+			apiAuth.PaasUser,
+			apiAuth.PodNs,
+			apiAuth.PodName,
+			apiAuth.ContainerName)
 		if err != nil {
 			code = e.ERROR_AUTH_TOKEN
 		} else {

pkg/setting/setting.go

@@ -20,8 +20,8 @@ var (
 	SslCertificateKey string
 	JwtSecret         string
 
-	UserName string
-	PassWord string
+	SecretKey string
+
 )
 
 type Config struct {
@@ -83,7 +83,7 @@ func (config *Config) LoadServer() {
 	SslCertificate = config.vp.GetString("server.ssl_certificate")
 	SslCertificateKey = config.vp.GetString("server.ssl_certificate_key")
 	JwtSecret = config.vp.GetString("server.jwt_secret")
-	UserName = config.vp.GetString("server.username")
-	PassWord = config.vp.GetString("server.password")
+	SecretKey = config.vp.GetString("server.secret_key")
+
 
 }

pkg/utils/jwt.go

@@ -10,22 +10,22 @@ import (
 var jwtSecret = []byte(setting.JwtSecret)
 
 type Claims struct {
-	Username      string `json:"username"`
-	Password      string `json:"password`
+	SecretKey     string `json:"secretkey"`
+	PaasUser      string `json:"paasuser`
 	PodNs         string `json:"podNs"`
 	PodName       string `json:"podName"`
 	ContainerName string `json:"containerName"`
 
 	jwt.StandardClaims
 }
 
-func GenerateToken(username, password, podNs, podName, containerName string) (string, error) {
+func GenerateToken(secretKey, paasUser, podNs, podName, containerName string) (string, error) {
 	nowTime := time.Now()
 	expireTime := nowTime.Add(3 * time.Hour)
 
 	claims := Claims{
-		username,
-		password,
+		secretKey,
+		paasUser,
 		podNs,
 		podName,
 		containerName,

routers/router.go

@@ -17,7 +17,7 @@ func InitRouter() *gin.Engine {
 	gin.SetMode(setting.RunMode)
 	route.Use(utils.GinRus(utils.Logger, time.RFC3339, false))
 	route.Use(gin.Recovery())
-	route.GET("/auth", api.GetAuth)
+	route.POST("/auth", api.GetAuth)
 	apiV1 := route.Group("/api")
 	apiV1.Use(jwt.JWT())
 	{