From 88bb4613143f1f7200b53619409931a49a68ee6e Mon Sep 17 00:00:00 2001 From: Qian Deng Date: Wed, 19 Sep 2018 10:17:07 +0800 Subject: [PATCH] Reactor backend api for authrization 1. Change backend api 2. Change frontend api 3. Change the proxy config file Signed-off-by: Qian Deng --- make/common/templates/nginx/nginx.http.conf | 17 +++++++++-- make/common/templates/nginx/nginx.https.conf | 17 +++++++++-- src/core/controllers/controllers_test.go | 30 +++++++++---------- src/core/router.go | 12 ++++---- .../password-setting.service.ts | 4 +-- .../app/account/sign-in/sign-in.service.ts | 2 +- src/portal/src/app/shared/session.service.ts | 8 ++--- tests/userlogintest.sh | 6 ++-- 8 files changed, 60 insertions(+), 36 deletions(-) diff --git a/make/common/templates/nginx/nginx.http.conf b/make/common/templates/nginx/nginx.http.conf index 6f79f33d8..c3aa6fb70 100644 --- a/make/common/templates/nginx/nginx.http.conf +++ b/make/common/templates/nginx/nginx.http.conf @@ -46,6 +46,19 @@ http { proxy_request_buffering off; } + location /c/ { + proxy_pass http://core/c/; + proxy_set_header Host $$host; + proxy_set_header X-Real-IP $$remote_addr; + proxy_set_header X-Forwarded-For $$proxy_add_x_forwarded_for; + + # When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings. + proxy_set_header X-Forwarded-Proto $$scheme; + + proxy_buffering off; + proxy_request_buffering off; + } + location /api/ { proxy_pass http://core/api/; proxy_set_header Host $$host; @@ -59,8 +72,8 @@ http { proxy_request_buffering off; } - location ~ ^/(login|log_out|sendEmail|language|reset|userExists|reset_password|chartrepo) { - proxy_pass http://core/; + location /chartrepo/ { + proxy_pass http://core/chartrepo/; proxy_set_header Host $$host; proxy_set_header X-Real-IP $$remote_addr; proxy_set_header X-Forwarded-For $$proxy_add_x_forwarded_for; diff --git a/make/common/templates/nginx/nginx.https.conf b/make/common/templates/nginx/nginx.https.conf index b8ea1dc5f..971d2fb83 100644 --- a/make/common/templates/nginx/nginx.https.conf +++ b/make/common/templates/nginx/nginx.https.conf @@ -65,6 +65,19 @@ http { proxy_buffering off; proxy_request_buffering off; } + + location /c/ { + proxy_pass http://core/c/; + proxy_set_header Host $$host; + proxy_set_header X-Real-IP $$remote_addr; + proxy_set_header X-Forwarded-For $$proxy_add_x_forwarded_for; + + # When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings. + proxy_set_header X-Forwarded-Proto $$scheme; + + proxy_buffering off; + proxy_request_buffering off; + } location /api/ { proxy_pass http://core/api/; @@ -79,8 +92,8 @@ http { proxy_request_buffering off; } - location ~ ^/(login|log_out|sendEmail|language|reset|userExists|reset_password|chartrepo) { - proxy_pass http://core; + location /chartrepo/ { + proxy_pass http://core/chartrepo/; proxy_set_header Host $$host; proxy_set_header X-Real-IP $$remote_addr; proxy_set_header X-Forwarded-For $$proxy_add_x_forwarded_for; diff --git a/src/core/controllers/controllers_test.go b/src/core/controllers/controllers_test.go index b845afe7b..e2f88cccd 100644 --- a/src/core/controllers/controllers_test.go +++ b/src/core/controllers/controllers_test.go @@ -58,11 +58,11 @@ func init() { beego.Router("/", &IndexController{}) - beego.Router("/login", &CommonController{}, "post:Login") - beego.Router("/log_out", &CommonController{}, "get:LogOut") - beego.Router("/reset", &CommonController{}, "post:ResetPassword") - beego.Router("/userExists", &CommonController{}, "post:UserExists") - beego.Router("/sendEmail", &CommonController{}, "get:SendResetEmail") + beego.Router("/c/login", &CommonController{}, "post:Login") + beego.Router("/c/log_out", &CommonController{}, "get:LogOut") + beego.Router("/c/reset", &CommonController{}, "post:ResetPassword") + beego.Router("/c/userExists", &CommonController{}, "post:UserExists") + beego.Router("/c/sendEmail", &CommonController{}, "get:SendResetEmail") beego.Router("/v2/*", &RegistryProxy{}, "*:Handle") } @@ -143,31 +143,31 @@ func TestAll(t *testing.T) { // v.Set("principal", "admin") // v.Add("password", "Harbor12345") - r, _ := http.NewRequest("POST", "/login", nil) + r, _ := http.NewRequest("POST", "/c/login", nil) w := httptest.NewRecorder() beego.BeeApp.Handlers.ServeHTTP(w, r) - assert.Equal(int(401), w.Code, "'/login' httpStatusCode should be 401") + assert.Equal(int(401), w.Code, "'/c/login' httpStatusCode should be 401") - r, _ = http.NewRequest("GET", "/log_out", nil) + r, _ = http.NewRequest("GET", "/c/log_out", nil) w = httptest.NewRecorder() beego.BeeApp.Handlers.ServeHTTP(w, r) - assert.Equal(int(200), w.Code, "'/log_out' httpStatusCode should be 200") + assert.Equal(int(200), w.Code, "'/c/log_out' httpStatusCode should be 200") assert.Equal(true, strings.Contains(fmt.Sprintf("%s", w.Body), ""), "http respond should be empty") - r, _ = http.NewRequest("POST", "/reset", nil) + r, _ = http.NewRequest("POST", "/c/reset", nil) w = httptest.NewRecorder() beego.BeeApp.Handlers.ServeHTTP(w, r) - assert.Equal(int(400), w.Code, "'/reset' httpStatusCode should be 400") + assert.Equal(int(400), w.Code, "'/c/reset' httpStatusCode should be 400") - r, _ = http.NewRequest("POST", "/userExists", nil) + r, _ = http.NewRequest("POST", "/c/userExists", nil) w = httptest.NewRecorder() beego.BeeApp.Handlers.ServeHTTP(w, r) - assert.Equal(int(500), w.Code, "'/userExists' httpStatusCode should be 500") + assert.Equal(int(500), w.Code, "'/c/userExists' httpStatusCode should be 500") - r, _ = http.NewRequest("GET", "/sendEmail", nil) + r, _ = http.NewRequest("GET", "/c/sendEmail", nil) w = httptest.NewRecorder() beego.BeeApp.Handlers.ServeHTTP(w, r) - assert.Equal(int(400), w.Code, "'/sendEmail' httpStatusCode should be 400") + assert.Equal(int(400), w.Code, "'/c/sendEmail' httpStatusCode should be 400") r, _ = http.NewRequest("GET", "/v2/", nil) w = httptest.NewRecorder() diff --git a/src/core/router.go b/src/core/router.go index 12e7e9b27..a12f49364 100644 --- a/src/core/router.go +++ b/src/core/router.go @@ -29,16 +29,14 @@ import ( func initRouters() { - beego.Router("/reset_password", &controllers.IndexController{}) - // standalone if !config.WithAdmiral() { // Controller API: - beego.Router("/login", &controllers.CommonController{}, "post:Login") - beego.Router("/log_out", &controllers.CommonController{}, "get:LogOut") - beego.Router("/reset", &controllers.CommonController{}, "post:ResetPassword") - beego.Router("/userExists", &controllers.CommonController{}, "post:UserExists") - beego.Router("/sendEmail", &controllers.CommonController{}, "get:SendResetEmail") + beego.Router("/c/login", &controllers.CommonController{}, "post:Login") + beego.Router("/c/log_out", &controllers.CommonController{}, "get:LogOut") + beego.Router("/c/reset", &controllers.CommonController{}, "post:ResetPassword") + beego.Router("/c/userExists", &controllers.CommonController{}, "post:UserExists") + beego.Router("/c/sendEmail", &controllers.CommonController{}, "get:SendResetEmail") // API: beego.Router("/api/projects/:pid([0-9]+)/members/?:pmid([0-9]+)", &api.ProjectMemberAPI{}) diff --git a/src/portal/src/app/account/password-setting/password-setting.service.ts b/src/portal/src/app/account/password-setting/password-setting.service.ts index a4e5ab36f..1af287b50 100644 --- a/src/portal/src/app/account/password-setting/password-setting.service.ts +++ b/src/portal/src/app/account/password-setting/password-setting.service.ts @@ -19,8 +19,8 @@ import { PasswordSetting } from './password-setting'; import {HTTP_FORM_OPTIONS, HTTP_JSON_OPTIONS, HTTP_GET_OPTIONS} from "../../shared/shared.utils"; const passwordChangeEndpoint = "/api/users/:user_id/password"; -const sendEmailEndpoint = "/sendEmail"; -const resetPasswordEndpoint = "/reset"; +const sendEmailEndpoint = "/c/sendEmail"; +const resetPasswordEndpoint = "/c/reset"; @Injectable() export class PasswordSettingService { diff --git a/src/portal/src/app/account/sign-in/sign-in.service.ts b/src/portal/src/app/account/sign-in/sign-in.service.ts index 2dbf01d31..bcd5975d6 100644 --- a/src/portal/src/app/account/sign-in/sign-in.service.ts +++ b/src/portal/src/app/account/sign-in/sign-in.service.ts @@ -18,7 +18,7 @@ import 'rxjs/add/operator/toPromise'; import { SignInCredential } from '../../shared/sign-in-credential'; import {HTTP_FORM_OPTIONS} from "../../shared/shared.utils"; -const signInUrl = '/login'; +const signInUrl = '/c/login'; /** * * Define a service to provide sign in methods diff --git a/src/portal/src/app/shared/session.service.ts b/src/portal/src/app/shared/session.service.ts index 9d7557e97..7e9fe880f 100644 --- a/src/portal/src/app/shared/session.service.ts +++ b/src/portal/src/app/shared/session.service.ts @@ -22,13 +22,13 @@ import { SignInCredential } from './sign-in-credential'; import { enLang } from '../shared/shared.const'; import {HTTP_FORM_OPTIONS, HTTP_JSON_OPTIONS, HTTP_GET_OPTIONS} from "./shared.utils"; -const signInUrl = '/login'; +const signInUrl = '/c/login'; const currentUserEndpint = "/api/users/current"; -const signOffEndpoint = "/log_out"; +const signOffEndpoint = "/c/log_out"; const accountEndpoint = "/api/users/:id"; const langEndpoint = "/language"; -const userExistsEndpoint = "/userExists"; -const renameAdminEndpoint = 'api/internal/renameadmin'; +const userExistsEndpoint = "/c/userExists"; +const renameAdminEndpoint = '/api/internal/renameadmin'; const langMap = { "zh": "zh-CN", "en": "en-US" diff --git a/tests/userlogintest.sh b/tests/userlogintest.sh index 65effa495..b81b25347 100755 --- a/tests/userlogintest.sh +++ b/tests/userlogintest.sh @@ -2,8 +2,8 @@ set +e -STATUS_LOGIN=$(curl --insecure -w '%{http_code}' -d "principal=$1&password=$2" https://localhost/login) -if [ $STATUS_LOGIN -eq 200 ]; then +STATUS_LOGIN=$(curl --insecure -w '%{http_code}' -d "principal=$1&password=$2" https://localhost/c/login) +if [ $STATUS_LOGIN -eq 200 ]; then echo "Login Harbor success." else echo "Login Harbor fail." @@ -11,7 +11,7 @@ else fi -STATUS_LOGOUT=$(curl --insecure -s -o /dev/null -w '%{http_code}' https://localhost/log_out) +STATUS_LOGOUT=$(curl --insecure -s -o /dev/null -w '%{http_code}' https://localhost/c/log_out) if [ $STATUS_LOGOUT -eq 200 ]; then echo "Logout Harbor success." else