fizzgate/fizz-gateway-node
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

MD5 sign timestamp validation and remove log4j2 kafka

Browse Source
This commit is contained in:
hongqiaowei
2022-07-14 17:08:16 +08:00
parent 93faf3bed6
commit 6726250980
9 changed files with 29 additions and 166 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
fizz-bootstrap/pom.xml
View File

@@ -85,18 +85,6 @@
<groupId>io.netty</groupId> <groupId>io.netty</groupId>
<artifactId>netty-tcnative-classes</artifactId> <artifactId>netty-tcnative-classes</artifactId>
<version>${netty-tcnative.version}</version> <version>${netty-tcnative.version}</version>
</dependency>
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-layout-template-json</artifactId>
<version>${log4j2.version}</version>
</dependency>
<dependency>
<groupId>org.apache.kafka</groupId>
<artifactId>kafka-clients</artifactId>
<version>2.0.1</version>
</dependency>--> </dependency>-->
</dependencies> </dependencies>

38
fizz-bootstrap/src/main/resources/log4j2-kafka.json
View File

@@ -1,38 +0,0 @@
{
"logTime": {
"$resolver": "timestamp",
"epoch": {
"unit": "millis",
"rounded": true
}
},
"logLevel": {
"$resolver": "level",
"field": "name"
},
"logMsg": {
"$resolver": "message",
"stringified": true
},
"thread": {
"$resolver": "thread",
"field": "name"
},
"loggerName": {
"$resolver": "logger",
"field": "name"
},
"thrown": {
"message": {
"$resolver": "exception",
"field": "message"
},
"extendedStackTrace": {
"$resolver": "exception",
"field": "stackTrace",
"stackTrace": {
"stringified": true
}
}
}
}

29
fizz-bootstrap/src/main/resources/log4j2-spring.xml
View File

@@ -4,7 +4,6 @@
<properties> <properties>
<property name="APP_NAME">fizz-bootstrap</property> <property name="APP_NAME">fizz-bootstrap</property>
<property name="LOG_DIR">${sys:APP_ROOT_DIR}/log</property> <property name="LOG_DIR">${sys:APP_ROOT_DIR}/log</property>
<!--<property name="KAFKA_SERVER">1.1.1.1:9092</property>-->
</properties> </properties>
<Appenders> <Appenders>
<Console name="Console" target="SYSTEM_OUT"> <Console name="Console" target="SYSTEM_OUT">
@@ -21,37 +20,13 @@
</Policies> </Policies>
<DefaultRolloverStrategy max="50"/> <DefaultRolloverStrategy max="50"/>
</RollingRandomAccessFile>--> </RollingRandomAccessFile>-->
<!--<Kafka name="KafkaAppender4biz" topic="fizz-bootstrap" syncSend="false">
<JsonTemplateLayout eventTemplateUri="classpath:log4j2-kafka.json">
<EventTemplateAdditionalField key="traceId" value="$${ctx:traceId}"/>
</JsonTemplateLayout>
<Property name="bootstrap.servers">${KAFKA_SERVER}</Property>
</Kafka>
<Kafka name="KafkaAppender4monitor" topic="fizz-bootstrap-monitor" syncSend="false">
<PatternLayout pattern="%m"/>
<Property name="bootstrap.servers">${KAFKA_SERVER}</Property>
</Kafka>
<Kafka name="KafkaAppender4stat" topic="fizz-bootstrap-stat" syncSend="false">
<PatternLayout pattern="%m"/>
<Property name="bootstrap.servers">${KAFKA_SERVER}</Property>
</Kafka>
<Kafka name="KafkaAppender4flow" topic="fizz-bootstrap-flow" syncSend="false">
<PatternLayout pattern="%m"/>
<Property name="bootstrap.servers">${KAFKA_SERVER}</Property>
</Kafka>
<Kafka name="KafkaAppender4callback" topic="fizz-bootstrap-callback" syncSend="false">
<PatternLayout pattern="%m"/>
<Property name="bootstrap.servers">${KAFKA_SERVER}</Property>
</Kafka>-->
</Appenders> </Appenders>
<Loggers> <Loggers>
<Root level="warn" includeLocation="false"> <Root level="warn" includeLocation="false">
<AppenderRef ref="Console"/> <AppenderRef ref="Console"/>
<AppenderRef ref="LogSend"/> <AppenderRef ref="LogSend"/>
<!--<AppenderRef ref="RollingFile"/>--> <!--<AppenderRef ref="RollingFile"/>-->
<!--<AppenderRef ref="KafkaAppender4biz"/>-->
</Root> </Root>
<Logger name="org.apache.kafka" level="info" includeLocation="false"/>
<!-- suppress the warn 'No URLs will be polled as dynamic configuration sources.' --> <!-- suppress the warn 'No URLs will be polled as dynamic configuration sources.' -->
<logger name="com.netflix.config.sources.URLConfigurationSource" level="ERROR" includeLocation="false"/> <logger name="com.netflix.config.sources.URLConfigurationSource" level="ERROR" includeLocation="false"/>
<Logger name="we" level="info" includeLocation="false" additivity="false"> <Logger name="we" level="info" includeLocation="false" additivity="false">
@@ -60,19 +35,15 @@
</Logger> </Logger>
<Logger name="monitor" level="info" includeLocation="false" additivity="false"> <Logger name="monitor" level="info" includeLocation="false" additivity="false">
<AppenderRef ref="Console"/> <AppenderRef ref="Console"/>
<!--<AppenderRef ref="KafkaAppender4monitor"/>-->
</Logger> </Logger>
<Logger name="stat" level="info" includeLocation="false" additivity="false"> <Logger name="stat" level="info" includeLocation="false" additivity="false">
<AppenderRef ref="Console"/> <AppenderRef ref="Console"/>
<!--<AppenderRef ref="KafkaAppender4stat"/>-->
</Logger> </Logger>
<Logger name="flow" level="info" includeLocation="false" additivity="false"> <Logger name="flow" level="info" includeLocation="false" additivity="false">
<AppenderRef ref="Console"/> <AppenderRef ref="Console"/>
<!--<AppenderRef ref="KafkaAppender4flow"/>-->
</Logger> </Logger>
<Logger name="callback" level="info" includeLocation="false" additivity="false"> <Logger name="callback" level="info" includeLocation="false" additivity="false">
<AppenderRef ref="Console"/> <AppenderRef ref="Console"/>
<!--<AppenderRef ref="KafkaAppender4callback"/>-->
</Logger> </Logger>
</Loggers> </Loggers>
</Configuration> </Configuration>

10
fizz-common/pom.xml
View File

@@ -17,16 +17,6 @@
</properties> </properties>
<dependencies> <dependencies>
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-layout-template-json</artifactId>
</dependency>
<dependency>
<groupId>org.apache.kafka</groupId>
<artifactId>kafka-clients</artifactId>
</dependency>
<dependency> <dependency>
<groupId>org.openjdk.jol</groupId> <groupId>org.openjdk.jol</groupId>
<artifactId>jol-core</artifactId> <artifactId>jol-core</artifactId>

7
fizz-core/src/main/java/we/config/SystemConfig.java
View File

@@ -76,6 +76,13 @@ public class SystemConfig {
private boolean aggregateTestAuth = false; private boolean aggregateTestAuth = false;
@Value("${fizz.md5sign-timestamp-timeliness:300}")
private int fizzMD5signTimestampTimeliness = 300; // unit: sec
public int fizzMD5signTimestampTimeliness() {
return fizzMD5signTimestampTimeliness;
}
@Value("${route-timeout:0}") @Value("${route-timeout:0}")
private long routeTimeout = 0; private long routeTimeout = 0;

26
fizz-core/src/main/java/we/plugin/auth/ApiConfigService.java
View File

@@ -40,6 +40,7 @@ import we.util.*;
import javax.annotation.PostConstruct; import javax.annotation.PostConstruct;
import javax.annotation.Resource; import javax.annotation.Resource;
import java.time.LocalDateTime;
import java.util.*; import java.util.*;
import java.util.concurrent.TimeUnit; import java.util.concurrent.TimeUnit;
import java.util.function.Supplier; import java.util.function.Supplier;
@@ -515,20 +516,27 @@ public class ApiConfigService implements ApplicationListener<ContextRefreshedEve
if (StringUtils.isAnyBlank(timestamp, sign)) { if (StringUtils.isAnyBlank(timestamp, sign)) {
r.code = Result.FAIL; r.code = Result.FAIL;
r.msg = a.app + " not present timestamp " + timestamp + " or sign " + sign; r.msg = a.app + " not present timestamp " + timestamp + " or sign " + sign;
} else if (validate(a.app, timestamp, a.secretkey, sign)) {
} else { } else {
long ts = Long.parseLong(timestamp);
LocalDateTime now = LocalDateTime.now();
long timeliness = systemConfig.fizzMD5signTimestampTimeliness();
long start = DateTimeUtils.toMillis(now.minusSeconds(timeliness));
long end = DateTimeUtils.toMillis(now.plusSeconds(timeliness));
if (start <= ts && ts <= end) {
StringBuilder b = ThreadContext.getStringBuilder();
b.append(a.app) .append(Consts.S.UNDER_LINE)
.append(timestamp).append(Consts.S.UNDER_LINE)
.append(a.secretkey);
if (!sign.equalsIgnoreCase(DigestUtils.md532(b.toString()))) {
r.code = Result.FAIL; r.code = Result.FAIL;
r.msg = a.app + " sign " + sign + " invalid"; r.msg = a.app + " sign " + sign + " invalid";
} }
return Mono.just(r); } else {
r.code = Result.FAIL;
r.msg = a.app + " timestamp " + timestamp + " invalid";
} }
}
private boolean validate(String app, String timestamp, String secretKey, String sign) { return Mono.just(r);
StringBuilder b = ThreadContext.getStringBuilder();
b.append(app) .append(Consts.S.UNDER_LINE)
.append(timestamp).append(Consts.S.UNDER_LINE)
.append(secretKey);
return sign.equalsIgnoreCase(DigestUtils.md532(b.toString()));
} }
private Mono<Result<ApiConfig>> authSecretKey(App a, String sign, Result<ApiConfig> r) { private Mono<Result<ApiConfig>> authSecretKey(App a, String sign, Result<ApiConfig> r) {

38
fizz-core/src/test/resources/log4j2-kafka.json
View File

@@ -1,38 +0,0 @@
{
"logTime": {
"$resolver": "timestamp",
"epoch": {
"unit": "millis",
"rounded": true
}
},
"logLevel": {
"$resolver": "level",
"field": "name"
},
"logMsg": {
"$resolver": "message",
"stringified": true
},
"thread": {
"$resolver": "thread",
"field": "name"
},
"loggerName": {
"$resolver": "logger",
"field": "name"
},
"thrown": {
"message": {
"$resolver": "exception",
"field": "message"
},
"extendedStackTrace": {
"$resolver": "exception",
"field": "stackTrace",
"stackTrace": {
"stringified": true
}
}
}
}

13
fizz-core/src/test/resources/log4j2-test.xml
View File

@@ -8,26 +8,13 @@
<Console name="Console" target="SYSTEM_OUT"> <Console name="Console" target="SYSTEM_OUT">
<PatternLayout pattern="%d{yyyy-MM-dd HH:mm:ss.SSS} [%t] %level %logger{36} - %msg%n"/> <PatternLayout pattern="%d{yyyy-MM-dd HH:mm:ss.SSS} [%t] %level %logger{36} - %msg%n"/>
</Console> </Console>
<!--<Kafka name="KafkaAppender4biz" topic="log-zt-fizz-core" syncSend="false">
<JsonTemplateLayout eventTemplateUri="classpath:log4j2-kafka.json">
<EventTemplateAdditionalField key="traceId" value="$${ctx:traceId}"/>
</JsonTemplateLayout>
<Property name="bootstrap.servers">1.1.1.1:9092</Property>
</Kafka>
<Kafka name="KafkaAppender4monitor" topic="log-zt-fizz-core-monitor" syncSend="false">
<PatternLayout pattern="%m"/>
<Property name="bootstrap.servers">1.1.1.1:9092</Property>
</Kafka>-->
</Appenders> </Appenders>
<Loggers> <Loggers>
<Root level="warn"> <Root level="warn">
<AppenderRef ref="Console"/> <AppenderRef ref="Console"/>
<!--<AppenderRef ref="KafkaAppender4biz"/>-->
</Root> </Root>
<Logger name="org.apache.kafka" level="info"/>
<Logger name="monitor" level="warn" additivity="false"> <Logger name="monitor" level="warn" additivity="false">
<AppenderRef ref="Console"/> <AppenderRef ref="Console"/>
<!--<AppenderRef ref="KafkaAppender4monitor"/>-->
</Logger> </Logger>
<Logger name="we" level="debug"/> <Logger name="we" level="debug"/>
</Loggers> </Loggers>

12
pom.xml
View File

@@ -70,18 +70,6 @@
<dependencyManagement> <dependencyManagement>
<dependencies> <dependencies>
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-layout-template-json</artifactId>
<version>${log4j2.version}</version>
</dependency>
<dependency>
<groupId>org.apache.kafka</groupId>
<artifactId>kafka-clients</artifactId>
<version>2.0.1</version>
</dependency>
<dependency> <dependency>
<groupId>org.openjdk.jol</groupId> <groupId>org.openjdk.jol</groupId>
<artifactId>jol-core</artifactId> <artifactId>jol-core</artifactId>