feat: ioa票据验证 TencentBlueKing#1460 (TencentBlueKing#1507)

lannoy0523 · Dec 1, 2023 · a21c8a0 · a21c8a0
1 parent ac4ba6d
commit a21c8a0
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 10 deletions.
diff --git a/...nd/fs/boot-fs-server/src/main/kotlin/com/tencent/bkrepo/fs/server/handler/LoginHandler.kt b/...nd/fs/boot-fs-server/src/main/kotlin/com/tencent/bkrepo/fs/server/handler/LoginHandler.kt
@@ -53,6 +53,7 @@ import kotlinx.coroutines.reactor.awaitSingle
 import kotlinx.coroutines.reactor.awaitSingleOrNull
 import org.springframework.web.reactive.function.server.ServerRequest
 import org.springframework.web.reactive.function.server.ServerResponse
+import org.springframework.web.reactive.function.server.bodyValueAndAwait
 
 /**
  * 登录处理器
@@ -105,8 +106,7 @@ class LoginHandler(
     }
 
     suspend fun ioaTicket(request: ServerRequest): ServerResponse {
-        IoaUtils.proxyTicketRequest(request)
-        return ReactiveResponseBuilder.success()
+        return ServerResponse.ok().bodyValueAndAwait(IoaUtils.proxyTicketRequest(request))
     }
 
     private suspend fun createUser(userName: String) {

diff --git a/...boot-fs-server/src/main/kotlin/com/tencent/bkrepo/fs/server/response/IoaTicketResponse.kt b/...boot-fs-server/src/main/kotlin/com/tencent/bkrepo/fs/server/response/IoaTicketResponse.kt
@@ -33,7 +33,7 @@ data class IoaTicketResponse(
     @JsonProperty("Ret")
     val ret: Int,
     @JsonProperty("ExpirationTimeOffset")
-    val expirationTimeOffset: Int,
+    val expirationTimeOffset: Long,
     @JsonProperty("ErrMsg")
     val errMsg: String,
 )
diff --git a/src/backend/fs/boot-fs-server/src/main/kotlin/com/tencent/bkrepo/fs/server/utils/IoaUtils.kt b/src/backend/fs/boot-fs-server/src/main/kotlin/com/tencent/bkrepo/fs/server/utils/IoaUtils.kt
@@ -139,21 +139,22 @@ class IoaUtils(
             }
         }
 
-        suspend fun proxyTicketRequest(request: ServerRequest) {
-            val ioaTicketRequest = request.bodyToMono(IoaTicketRequest::class.java).awaitSingle()
-            val headers = request.headers().asHttpHeaders()
+        suspend fun proxyTicketRequest(request: ServerRequest): IoaTicketResponse {
+            val ioaTicketRequest = request.bodyToMono(String::class.java).awaitSingle()
+            val headers = request.headers().asHttpHeaders().toSingleValueMap().toMutableMap()
+            headers[HttpHeaders.HOST] = ioaProperties.host
             val response = httpClient.post()
                 .uri(ioaProperties.ticketUrl)
-                .headers { it.setAll(headers.toSingleValueMap())}
-                .bodyValue(ioaTicketRequest.toJsonString())
+                .headers { it.setAll(headers) }
+                .bodyValue(ioaTicketRequest)
                 .retrieve()
                 .bodyToMono(String::class.java)
                 .awaitSingle()
             val ioaTicketResponse = response.readJsonString<IoaTicketResponse>()
             if (ioaTicketResponse.ret != 0) {
-                logger.info("ioa ticket check failed with $ioaTicketRequest, $ioaTicketResponse")
-                throw AuthenticationException("Check ticket failed: $ioaTicketResponse")
+                logger.info("ioa ticket check failed with $ioaTicketRequest, $headers, $ioaTicketResponse")
             }
+            return ioaTicketResponse
         }
     }
 }