@next-core/brick-container 2.98.23 → 2.99.0

package/dist/preview.html

@@ -1 +1 @@
-<!doctype html><html lang="zh-CN" data-theme="light" data-mode="default"><head><meta charset="utf-8"/><base href="<!--# echo var='base_href' default='/' -->"/><script>window.DEVELOPER_PREVIEW = true;</script><link href="preview.5fb551513edc8051ce6c.css" rel="stylesheet"></head><body><div id="preview-root"><div id="main-mount-point"></div><div id="bg-mount-point" style="display: none"></div><div id="portal-mount-point"></div></div><script src="dll.90ef3f2c.js"></script><script src="polyfill.3e88f145a0893497373b.js"></script><script src="preview.3d1b49a405ab0a4ae5f6.js"></script></body></html>
+<!doctype html><html lang="zh-CN" data-theme="light" data-mode="default"><head><meta charset="utf-8"/><base href="<!--# echo var='base_href' default='/' -->"/><script>window.DEVELOPER_PREVIEW = true;</script><link href="preview.5fb551513edc8051ce6c.css" rel="stylesheet"></head><body><div id="preview-root"><div id="main-mount-point"></div><div id="bg-mount-point" style="display: none"></div><div id="portal-mount-point"></div></div><script src="dll.42523c4f.js"></script><script src="polyfill.3e88f145a0893497373b.js"></script><script src="preview.793b87ea20dd67a8a1e7.js"></script></body></html>

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@next-core/brick-container",
-  "version": "2.98.23",
+  "version": "2.99.0",
   "description": "Brick Container Server",
   "homepage": "https://github.com/easyops-cn/next-core/tree/master/packages/brick-container",
   "license": "GPL-3.0",
@@ -73,5 +73,5 @@
     "webpack-dev-server": "^4.11.1",
     "webpack-merge": "^5.8.0"
   },
-  "gitHead": "20369431686b418451a68783182d56514970f61f"
+  "gitHead": "dd3c7ae18c87b52d96c60732ff7f957dfd46862e"
 }

package/serve/getEnv.js

@@ -2,6 +2,7 @@ const fs = require("fs");
 const path = require("path");
 const meow = require("meow");
 const chalk = require("chalk");
+const yaml = require("js-yaml");
 const { getEasyopsConfig } = require("@next-core/repo-config");
 const {
   getNamesOfMicroApps,
@@ -163,6 +164,9 @@ module.exports = (runtimeFlags) => {
       useSkywalkingAnalysis: {
         type: "string",
       },
+      proxyConfig: {
+        type: "string",
+      },
     };
     const cli = meow(
       `
@@ -201,6 +205,7 @@ module.exports = (runtimeFlags) => {
         --help                    Show help message
         --version                 Show brick container version
         --use-skywalking-analysis Use skywalking analysis
+        --proxy-config            Specify custom proxy config file path (defaults to "dev.proxy.yaml" in project root)
       `,
       {
         flags: flagOptions,
@@ -247,6 +252,37 @@ module.exports = (runtimeFlags) => {
   );
   const appConfig = (devConfig && devConfig.appConfig) || {};
 
+  function getLocalProxies() {
+    const customPath = flags.proxyConfig;
+    const proxyConfigPath = customPath
+      ? path.resolve(customPath)
+      : path.join(rootDir, "dev.proxy.yaml");
+    if (fs.existsSync(proxyConfigPath)) {
+      console.log(chalk.cyan("proxy config:"), proxyConfigPath);
+      let content;
+      try {
+        content = yaml.safeLoad(fs.readFileSync(proxyConfigPath, "utf8"));
+      } catch (e) {
+        console.error(
+          chalk.red("Failed to parse proxy config:"),
+          proxyConfigPath,
+          e.message
+        );
+        return {};
+      }
+      if (!content) return {};
+      if (content.proxies) {
+        return content;
+      }
+      return { proxies: content };
+    }
+    if (customPath) {
+      console.error(chalk.red("proxy config not found:"), proxyConfigPath);
+    }
+    return {};
+  }
+  const localProxies = getLocalProxies();
+
   const { usePublicScope, standalone: confStandalone } =
     getEasyopsConfig(nextRepoDir);
 
@@ -412,6 +448,7 @@ module.exports = (runtimeFlags) => {
     publicCdn: flags.publicCdn,
     asCdn: flags.asCdn,
     useSkywalkingAnalysis,
+    localProxies,
     isWebpackServe,
   };
 
@@ -482,6 +519,22 @@ module.exports = (runtimeFlags) => {
     console.log("local templates:", env.localTemplates);
   }
 
+  if (
+    env.localProxies.proxies &&
+    Object.keys(env.localProxies.proxies).length > 0
+  ) {
+    console.log();
+    console.log("local proxies:", env.localProxies.proxies);
+    if (env.localProxies.auth) {
+      console.log(
+        "local proxy auth: appId=%s, org=%s, user=%s",
+        env.localProxies.auth.appId || "api_gateway",
+        env.localProxies.auth.org,
+        env.localProxies.auth.user
+      );
+    }
+  }
+
   console.log();
   console.log(
     chalk.bold.cyan("mode:"),

package/serve/liveReload.js

@@ -4,7 +4,6 @@ const { throttle } = require("lodash");
 const { getPatternsToWatch } = require("./utils");
 
 module.exports = function liveReload(env) {
-  // 建立 websocket 连接支持自动刷新
   if (env.liveReload) {
     const wss = new WebSocket.Server({ port: env.wsPort });
 

package/serve/localProxy.js

@@ -0,0 +1,76 @@
+const { createProxyMiddleware } = require("http-proxy-middleware");
+const { escapeRegExp } = require("lodash");
+const chalk = require("chalk");
+const { getToken } = require("./tokenManager");
+
+function setupLocalProxies(app, env) {
+  const config = env.localProxies;
+  if (!config || !config.proxies || Object.keys(config.proxies).length === 0) {
+    return;
+  }
+
+  const { proxies, auth } = config;
+  const org = auth && auth.org;
+  const user = auth && auth.user;
+  const serverUrl = env.server;
+
+  // 预热 token，避免首次请求 401
+  if (auth && !auth.token) {
+    getToken(serverUrl, auth).catch((e) =>
+      console.error(
+        chalk.red("[local-proxy]"),
+        "Token pre-warm failed:",
+        e.message
+      )
+    );
+  }
+
+  for (const [pathPattern, target] of Object.entries(proxies)) {
+    const gatewayPath = pathPattern.startsWith("/")
+      ? pathPattern
+      : `/api/gateway/${pathPattern}`;
+    const fullPath = `${env.baseHref}${gatewayPath.slice(1)}`;
+
+    const proxy = createProxyMiddleware({
+      target,
+      secure: false,
+      changeOrigin: true,
+      logLevel: "debug",
+      pathRewrite: { [`^${escapeRegExp(fullPath)}`]: "" },
+      onProxyReq: (proxyReq) => {
+        if (org && !proxyReq.getHeader("org")) {
+          proxyReq.setHeader("org", String(org));
+        }
+        if (user && !proxyReq.getHeader("user")) {
+          proxyReq.setHeader("user", user);
+        }
+      },
+    });
+
+    app.use(fullPath, async (req, res, next) => {
+      console.log(
+        chalk.cyan("[local-proxy]"),
+        chalk.green(pathPattern) + chalk.white(":"),
+        chalk.yellow(req.method),
+        chalk.white(req.url)
+      );
+      if (auth) {
+        try {
+          const token = await getToken(serverUrl, auth);
+          if (token) {
+            req.headers["authorization"] = `Bearer ${token}`;
+          }
+        } catch (e) {
+          console.error(
+            chalk.red("[local-proxy]"),
+            "Failed to get token:",
+            e.message
+          );
+        }
+      }
+      proxy(req, res, next);
+    });
+  }
+}
+
+module.exports = { setupLocalProxies };

package/serve/serve.js

@@ -11,6 +11,7 @@ const serveLocal = require("./serveLocal");
 const getProxies = require("./getProxies");
 const { getIndexHtml, distDir, getRawIndexHtml } = require("./getIndexHtml");
 const liveReload = require("./liveReload");
+const { setupLocalProxies } = require("./localProxy");
 
 module.exports = function serve(runtimeFlags) {
   const env = getEnv(runtimeFlags);
@@ -86,6 +87,9 @@ module.exports = function serve(runtimeFlags) {
     app.use(`${env.baseHref}:appId/-/core/`, express.static(distDir));
   }
 
+  // Register local service proxies before default proxies.
+  setupLocalProxies(app, env);
+
   // Using proxies.
   const proxies = getProxies(env, getRawIndexHtml);
   if (proxies) {

package/serve/tokenManager.js

@@ -0,0 +1,224 @@
+const crypto = require("crypto");
+const https = require("https");
+const http = require("http");
+const { URL } = require("url");
+const chalk = require("chalk");
+
+const TOKEN_CACHE_TTL = 1800 * 1000;
+const CREDENTIALS_CACHE_TTL = 3600 * 1000;
+const DEFAULT_APP_ID = "api_gateway";
+const GATEWAY_INNER_PORT = 8107;
+const GATEWAY_SERVICE_PATH = "/api/gateway/user_service.apikey";
+
+const _tokenCache = {};
+const _credentialsCache = {};
+
+function generateSignature(
+  method,
+  urlPath,
+  query,
+  contentType,
+  clientId,
+  secret,
+  timestamp
+) {
+  const keyList = Object.keys(query)
+    .filter((k) => k !== "signature")
+    .sort();
+
+  const queryParts = [];
+  for (const key of keyList) {
+    const val = query[key];
+    if (Array.isArray(val)) {
+      for (const v of val) {
+        queryParts.push(`${key}${v}`);
+      }
+    } else {
+      queryParts.push(`${key}${val}`);
+    }
+  }
+
+  const data = [
+    method,
+    urlPath,
+    queryParts.join(""),
+    contentType,
+    clientId,
+    secret,
+    timestamp,
+  ].join("\n");
+  return crypto.createHmac("sha256", secret).update(data).digest("hex");
+}
+
+function httpRequest(fullUrl, options, body) {
+  return new Promise((resolve, reject) => {
+    const parsed = new URL(fullUrl);
+    const mod = parsed.protocol === "https:" ? https : http;
+
+    if (body) {
+      options.headers = options.headers || {};
+      options.headers["Content-Length"] = Buffer.byteLength(body);
+    }
+
+    const req = mod.request(
+      fullUrl,
+      { ...options, timeout: 30000 },
+      (res) => {
+        let data = "";
+        res.on("data", (chunk) => (data += chunk));
+        res.on("end", () => {
+          if (res.statusCode !== 200) {
+            return reject(new Error(`HTTP ${res.statusCode}: ${data}`));
+          }
+          try {
+            resolve(JSON.parse(data));
+          } catch (e) {
+            reject(new Error(`JSON parse error: ${e.message}`));
+          }
+        });
+      }
+    );
+    req.on("error", (e) => reject(new Error(`network error: ${e.message}`)));
+    req.on("timeout", () => {
+      req.destroy();
+      reject(new Error("request timeout"));
+    });
+    req.end(body || undefined);
+  });
+}
+
+function getInnerGatewayUrl(serverUrl) {
+  const parsed = new URL(serverUrl);
+  return `http://${parsed.hostname}:${GATEWAY_INNER_PORT}${GATEWAY_SERVICE_PATH}`;
+}
+
+async function createServerApiKey(serverUrl, clientId) {
+  const cacheKey = `${serverUrl}:${clientId}`;
+  const now = Date.now();
+  if (
+    _credentialsCache[cacheKey] &&
+    now < _credentialsCache[cacheKey].expireAt
+  ) {
+    return _credentialsCache[cacheKey].value;
+  }
+
+  const timestamp = String(Math.floor(now / 1000));
+  const servicePath = "/api/v1/apikey/server";
+  const signature = generateSignature(
+    "POST",
+    servicePath,
+    {},
+    "application/json",
+    clientId,
+    clientId,
+    timestamp
+  );
+
+  const baseUrl = getInnerGatewayUrl(serverUrl);
+  const fullUrl = `${baseUrl}${servicePath}`;
+  console.log(
+    chalk.cyan("[token-manager]"),
+    "Creating server apikey for",
+    clientId,
+    "(via inner port)"
+  );
+
+  const data = await httpRequest(
+    fullUrl,
+    {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        "X-Timestamp": timestamp,
+      },
+    },
+    JSON.stringify({ clientId, signature })
+  );
+
+  const secret = data.data?.secret;
+  if (!secret) {
+    throw new Error(
+      `CreateServerApiKey: unexpected response: ${JSON.stringify(data)}`
+    );
+  }
+
+  const value = { clientId, secret };
+  _credentialsCache[cacheKey] = {
+    value,
+    expireAt: now + CREDENTIALS_CACHE_TTL,
+  };
+  return value;
+}
+
+async function requestToken(serverUrl, clientId, secret, user, org) {
+  const timestamp = String(Math.floor(Date.now() / 1000));
+  const servicePath = `/api/v1/apikey/request_token/client_id/${encodeURIComponent(
+    clientId
+  )}`;
+
+  const query = {
+    user: user || "defaultUser",
+    org: org != null ? String(org) : "0",
+  };
+  query.signature = generateSignature(
+    "GET",
+    servicePath,
+    query,
+    "",
+    clientId,
+    secret,
+    timestamp
+  );
+
+  const qs = Object.entries(query)
+    .map(([k, v]) => `${encodeURIComponent(k)}=${encodeURIComponent(v)}`)
+    .join("&");
+
+  const baseUrl = getInnerGatewayUrl(serverUrl);
+  const fullUrl = `${baseUrl}${servicePath}?${qs}`;
+  const data = await httpRequest(fullUrl, {
+    method: "GET",
+    headers: { "X-Timestamp": timestamp },
+  });
+
+  if (data.code !== 0 || !data.data) {
+    throw new Error(
+      `RequestToken: unexpected response: ${JSON.stringify(data)}`
+    );
+  }
+  return data.data.token || "";
+}
+
+async function getToken(serverUrl, auth) {
+  if (auth.token) {
+    return auth.token;
+  }
+
+  const appId = auth.appId || DEFAULT_APP_ID;
+  const clientId = `easyops_server_${appId}`;
+  const cacheKey = `${serverUrl}:${clientId}:${auth.org || ""}:${
+    auth.user || ""
+  }`;
+
+  const now = Date.now();
+  if (_tokenCache[cacheKey] && now < _tokenCache[cacheKey].expireAt) {
+    return _tokenCache[cacheKey].token;
+  }
+
+  const creds = await createServerApiKey(serverUrl, clientId);
+  const token = await requestToken(
+    serverUrl,
+    creds.clientId,
+    creds.secret,
+    auth.user,
+    auth.org
+  );
+  _tokenCache[cacheKey] = { token, expireAt: now + TOKEN_CACHE_TTL };
+  console.log(
+    chalk.green("[token-manager]"),
+    "Token acquired, cached for 30 minutes"
+  );
+  return token;
+}
+
+module.exports = { getToken };