refactor: 添加一些性能优化 & 新插件

conf/app.json → conf/app.example.json

@@ -1,17 +1,27 @@
 {
   "appName": "codo-gateway",
-  "env": "prod",
+  "env": "test",
   "etcd": {
     "http_host": "http://127.0.0.1:2379",
-    "data_prefix": "/codo/gw/"
+    "data_prefix": "/my/gw/"
   },
   "jwt_auth": {
     "key": "auth_key",
-    "token_secret": "yxLxQ0jGtmAhRT4RMMxRrXf"
+    "token_secret": "xxxxxx"
   },
   "codo_rbac": {
     "key": "auth_key",
-    "token_secret": "yxLxQ0jGtmAhRT4RMMxRrXf"
+    "token_secret": "xxxxxx"
+  },
+  "sso2internal": {
+    "sso_token_secret":  "xxxxxx",
+    "sso_jwt_key": "sso_token",
+    "internal_token_secret":  "xxxxxx",
+    "internal_jwt_key": "auth_key"
+  },
+  "mfa": {
+    "mfa_secret":  "xxxxxx",
+    "mfa_key": "mfa_key"
   },
   "plugins": [
     "default_plugin",
@@ -25,35 +35,38 @@
     "limit-req",
     "referer-restriction",
     "ip-restriction",
-    "cors_plugin"
+    "cors_plugin",
+    "sso2internal"
   ],
   "plugins_config": {
     "redis-logger": {
       "host": "127.0.0.1",
       "port": 6379,
-      "auth_pwd": "PuiJUnyKCSLhhRT4RMMxR",
-      "db": 11,
+      "auth_pwd": "1234567",
+      "db": 1,
       "alive_time": 604800,
       "channel": "gw",
       "full_log": "no"
     }
   },
   "admin": {
-    "jwt_secret": "yxLxQ0jGtmAhRT4RMMxRrXf",
+    "jwt_secret": "xxxxxx",
     "account": {
       "admin": {
         "password": "tainiubile",
         "info": {
-          "roles": ["admin"],
+          "roles": [
+            "admin"
+          ],
           "introduction": "I am a super administrator",
-          "avatar": "https://wpimg.wallstcn.com/f778738c-e4f8-4870-b634-56703b4acafe.gif",
+          "avatar": "https://xxx.com/1.gif",
           "name": "管理员"
         }
       }
     }
   },
   "tokens": {
-    "e09d6153f1c15395144794GtmAhRT4": {
+    "xxx": {
       "desc": "系统默认 api token"
     }
   }

conf/common/proxy.conf

@@ -1,3 +1,4 @@
+resolver 8.8.8.8;
 proxy_http_version 1.1;
 proxy_set_header Upgrade $http_upgrade;
 proxy_set_header Connection "upgrade";

conf/nginx.conf

@@ -2,12 +2,12 @@
 
 pid logs/nginx.pid;
 # 开发时可以设置成 debug
-error_log   logs/error.log error;
+error_log   logs/error.log info;
 
 master_process on;
 
 # 生产环境设置成 auto
-worker_processes 4;
+worker_processes 2;
 
 # 最大文件描述符数量
 worker_rlimit_nofile 20240;

conf/servers/gateway.conf

@@ -34,14 +34,22 @@ server {
     location / {
         include common/proxy.conf;
         set $target_service_name '';
-        set $origin_uri $uri;
+        set $origin_uri $request_uri;
+        # set $origin_uri $uri;
+        set $proxy_path '';
+        set $biz_schema 'http';
+        set $biz_domain 'backend_server';
         lua_code_cache on;
         rewrite_by_lua_block {
             local app = require("app")
             app.http_rewrite()
         }
         include common/phase.conf;
-        proxy_pass http://backend_server;
+
+        proxy_ssl_name $biz_domain;
+        proxy_ssl_server_name on;
+        proxy_ssl_session_reuse off;
+        proxy_pass $biz_schema://backend_server$proxy_path;
     }
 
     location @grpc_pass {

deps/share/lua/5.1/resty/etcd/utils.lua

@@ -84,12 +84,18 @@ end
 local ngx_log = ngx.log
 local ngx_ERR = ngx.ERR
 local ngx_INFO = ngx.INFO
+local ngx_DEBUG = ngx.DEBUG
 local function log_error(...)
     return ngx_log(ngx_ERR, ...)
 end
 _M.log_error = log_error
 
 
+local function log_debug( ... )
+    return ngx_log(ngx_DEBUG, ...)
+end
+_M.log_debug = log_debug
+
 local function log_info( ... )
     return ngx_log(ngx_INFO, ...)
 end

deps/share/lua/5.1/resty/etcd/v3.lua

@@ -31,7 +31,7 @@ local mt = { __index = _M }
 local refresh_jwt_token
 
 local function _request_uri(self, method, uri, opts, timeout, ignore_auth)
-    utils.log_info("v3 request uri: ", uri, ", timeout: ", timeout)
+    utils.log_debug("v3 request uri: ", uri, ", timeout: ", timeout)
 
     local body
     if opts and opts.body and tab_nkeys(opts.body) > 0 then
@@ -230,12 +230,12 @@ function refresh_jwt_token(self, timeout)
         end
 
         if self.last_refresh_jwt_err then
-            utils.log_info("v3 refresh jwt last err: ", self.last_refresh_jwt_err)
+            utils.log_debug("v3 refresh jwt last err: ", self.last_refresh_jwt_err)
             return nil, self.last_refresh_jwt_err
         end
 
         -- something unexpected happened, try again
-        utils.log_info("v3 try auth after waiting, timeout: ", timeout)
+        utils.log_debug("v3 try auth after waiting, timeout: ", timeout)
     end
 
     self.last_refresh_jwt_err = nil
@@ -331,7 +331,7 @@ local function set(self, key, val, attr)
     -- get
     if res.status < 300  then
         -- TODO(optimize): delay json encode
-        utils.log_info("v3 set body: ", encode_json(res.body))
+        utils.log_debug("v3 set body: ", encode_json(res.body))
     end
 
     return res
@@ -560,7 +560,7 @@ local function request_chunk(self, method, scheme, host, port, path, opts, timeo
         query   = query,
         headers = headers,
     })
-    utils.log_info("http request method: ", method, " path: ", path,
+    utils.log_debug("http request method: ", method, " path: ", path,
              " body: ", body, " query: ", query)
 
     if not res then

deps/share/lua/5.1/resty/radixtree.lua

@@ -164,7 +164,17 @@ end
 
     local ngx_log = ngx.log
     local ngx_INFO = ngx.INFO
+    local ngx_DEBUG = ngx.DEBUG
     local ngx_ERR = ngx.ERR
+
+local function log_debug(...)
+    if cur_level and ngx_DEBUG > cur_level then
+        return
+    end
+
+    return ngx_log(ngx_DEBUG, ...)
+end
+
 local function log_info(...)
     if cur_level and ngx_INFO > cur_level then
         return
@@ -229,7 +239,7 @@ local function insert_route(self, opts)
     self.match_data[self.match_data_index] = {opts}
 
     radix.radix_tree_insert(self.tree, path, #path, self.match_data_index)
-    log_info("insert route path: ", path, " dataprt: ", self.match_data_index)
+    log_debug("insert route path: ", path, " dataprt: ", self.match_data_index)
     return true
 end
 
@@ -340,7 +350,7 @@ function pre_insert_route(self, path, route)
         route_opts.path = path
     end
 
-    log_info("path: ", route_opts.path, " operator: ", route_opts.path_op)
+    log_debug("path: ", route_opts.path, " operator: ", route_opts.path_op)
 
     route_opts.metadata = route.metadata
     route_opts.handler  = route.handler
@@ -472,7 +482,7 @@ local function compare_param(req_path, route, opts)
     end
 
     local pat, names = fetch_pat(route.path_org)
-    log_info("pcre pat: ", pat)
+    log_debug("pcre pat: ", pat)
     if #names == 0 then
         return true
     end
@@ -517,15 +527,15 @@ local function match_route_opts(route, opts, args)
     if matcher_ins then
         local ok, err = matcher_ins:match(opts.remote_addr)
         if err then
-            log_info("failed to match ip: ", err)
+            log_debug("failed to match ip: ", err)
             return false
         end
         if not ok then
             return false
         end
     end
 
-    -- log_info("route.hosts: ", type(route.hosts))
+    -- log_debug("route.hosts: ", type(route.hosts))
     if route.hosts then
         local matched = false
 
@@ -548,7 +558,7 @@ local function match_route_opts(route, opts, args)
             end
         end
 
-        log_info("hosts match: ", matched)
+        log_debug("hosts match: ", matched)
         if not matched then
             return false
         end
@@ -597,8 +607,8 @@ local function _match_from_routes(routes, path, opts, args)
     local opts_matched_exists = (opts.matched ~= nil)
     for _, route in ipairs(routes) do
         if match_route_opts(route, opts, args) then
-            -- log_info("matched route: ", require("cjson").encode(route))
-            -- log_info("matched path: ", path)
+            -- log_debug("matched route: ", require("cjson").encode(route))
+            -- log_debug("matched path: ", path)
             if compare_param(path, route, opts) then
                 if opts_matched_exists then
                     opts.matched._path = route.path_org

docker-compose.yml

@@ -1,15 +1,8 @@
-version: '3.8'
+version: '3.3'
 services:
-    gateway:
-        image: tianmen2_image:latest
-        restart: unless-stopped
-        volumes:
-            - /data/gw/logs/:/usr/local/openresty/nginx/logs/
-            - /sys/fs/cgroup:/sys/fs/cgroup
-        ports:
-            - "8886:8888"
-            - "11006:11000"
-        networks:
-            - mynetwork
-networks:
-    mynetwork:
+  gateway:
+    restart: unless-stopped
+    build: .
+    ports:
+      - "8888:8888"
+      - "11000:11000"

gateway/admin/init.lua

@@ -72,13 +72,13 @@ local function check_api_token()
     end
     local tokens = config_get("tokens")
     if not tokens then
-        log.info("no api token settings")
+        log.debug("no api token settings")
         return false
     end
     if not tokens[token] then
         return false
     end
-    log.info("api token auth: ", token)
+    log.debug("api token auth: ", token)
     return true
 end
 
@@ -159,8 +159,7 @@ function _M.init_worker()
         mapping(res.apis)
     end
     router = radixtree.new(req_mapping)
-    log.info("admin init")
-
+    log.debug("admin init")
 end
 
 function _M.http_admin()

gateway/app/config.lua

@@ -50,13 +50,18 @@ function _M.get_jwt_auth()
     return get("jwt_auth")
 end
 
+function _M.get_sso2internal()
+    return get("sso2internal")
+end
+
+function _M.get_mfa()
+    return get("mfa")
+end
+
 function _M.get_codo_rbac()
     return get("codo_rbac")
 end
 
-function _M.get_auth_rbac()
-    return get("auth_rbac")
-end
 
 function _M.get_plugins_config(plugin_name)
     local _plugins_config = get("plugins_config")