# devcloud **Repository Path**: DanShangCao/devcloud ## Basic Information - **Project Name**: devcloud - **Description**: No description available - **Primary Language**: Go - **License**: Apache-2.0 - **Default Branch**: master - **Homepage**: None - **GVP Project**: No ## Statistics - **Stars**: 0 - **Forks**: 0 - **Created**: 2024-01-10 - **Last Updated**: 2024-01-10 ## Categories & Tags **Categories**: Uncategorized **Tags**: None ## README # 微服务架构的CI CD平台 带着写个简化版本 微服务公共服务: + mcenter:用户与权限中心 + maudit: 审计中心 平台开发类型的业务: + cmdb: 资源中心(业务服务) 解读为主: + mpaas: 基于k8s job 的ci/cd项目 (业务服务) 存业务类型: + vblog 这种类型的服务 ## 环境搭建 注意: 代码版本,github上的版本会迭代, 把当前讲的版本放到 go11的仓库里面, 当前的master版本 ``` commit 4cc7fc0bf8ec7faa13bb67be16ecd7d3bd4db056 (HEAD -> master, origin/master, origin/HEAD) Author: yumaojun03 <18108053819@163.com> Date: Fri Jul 14 16:32:19 2023 +0800 更新mcube ``` 依赖的安装: ``` $ cd mcenter go mod tidy ``` 添加程序配置: mcenter/etc/config.toml, 注意MongoDB需要提前准备好 ```toml [app] name = "mcenter" key = "this is your app key" [app.http] host = "127.0.0.1" port = "8010" [app.grpc] host = "127.0.0.1" port = "18010" [mongodb] endpoints = ["127.0.0.1:27017"] username = "mcenter" password = "123456" database = "mcenter" [log] level = "debug" format = "text" to = "stdout" [jaeger] endpoint = "http://localhost:14268/api/traces" ``` 程序初始化,核心是初始化Admin账号 ```sh $ make init 2023-07-23 16:31:34 INFO [INIT] cmd/root.go:112 log level: debug ? 请输入公司(组织)名称: 基础设施服务中心 ? 请输入管理员用户名称: admin ? 请输入管理员密码: ? 再次输入管理员密码: 初始化域: default [成功] 初始化系统管理员: admin [成功] 初始化空间: default [成功] 初始化空间: system [成功] 初始化角色: admin [成功] 初始化角色: visitor [成功] 初始化服务: maudit [成功] 初始化服务: mpaas [成功] 初始化服务: moperator [成功] 初始化服务: cmdb [成功] 初始化系统配置: v1 [成功] ``` 启动服务: ``` make run ``` 如果想要查看Trace相关链路: ``` docker run -d --name jaeger \ -e COLLECTOR_ZIPKIN_HOST_PORT=:9411 \ -e COLLECTOR_OTLP_ENABLED=true \ -p 6831:6831/udp \ -p 6832:6832/udp \ -p 5778:5778 \ -p 16686:16686 \ -p 4317:4317 \ -p 4318:4318 \ -p 14250:14250 \ -p 14268:14268 \ -p 14269:14269 \ -p 9411:9411 \ jaegertracing/all-in-one:1.45 ``` 访问: http://localhost:16686 查看UI界面 ## 演示 1. Token登录 ```sh curl --location 'http://localhost:8010/mcenter/api/v1/token' \ --header 'Authorization: bearer QGYYwe5gjhx73slPhnlhXP1Z' \ --header 'Content-Type: application/json' \ --header 'Cookie: mcenter.access_token=caki5opHBmMz6lkZuy2RMdro' \ --data '{ "username": "admin", "password": "123456" }' ``` ```json { "platform": "WEB", "access_token": "caki5opHBmMz6lkZuy2RMdro", "refresh_token": "elwI7WigKNz1f1rdr0brpqt0YXbKStif", "issue_at": 1690101571, "access_expired_at": 3600, "refresh_expired_at": 14400, "user_type": "SUPPER", "domain": "default", "username": "admin", "user_id": "admin@default", "grant_type": "PASSWORD", "type": "BEARER", "namespace": "default", "is_namespace_manager": false, "status": { "is_block": false, "block_type": "REFRESH_TOKEN_EXPIRED", "block_at": 0, "block_reason": "" }, "location": { "ip_location": { "remote_ip": "127.0.0.1", "city_id": 0, "country": "", "region": "", "province": "", "city": "", "isp": "" }, "user_agent": { "os": "", "platform": "", "engine_name": "", "engine_version": "", "browser_name": "PostmanRuntime", "browser_version": "7.32.3" } } } ``` 2. Token校验 ```sh curl --location 'http://localhost:8010/mcenter/api/v1/token' \ --header 'Cookie: mcenter.access_token=caki5opHBmMz6lkZuy2RMdro' ``` ```json { "platform": "WEB", "access_token": "caki5opHBmMz6lkZuy2RMdro", "refresh_token": "", "issue_at": 1690101571, "access_expired_at": 3600, "refresh_expired_at": 14400, "user_type": "SUPPER", "domain": "default", "username": "admin", "user_id": "admin@default", "grant_type": "PASSWORD", "type": "BEARER", "namespace": "default", "is_namespace_manager": false, "status": { "is_block": false, "block_type": "REFRESH_TOKEN_EXPIRED", "block_at": 0, "block_reason": "" }, "location": { "ip_location": { "remote_ip": "127.0.0.1", "city_id": 0, "country": "", "region": "", "province": "", "city": "", "isp": "" }, "user_agent": { "os": "", "platform": "", "engine_name": "", "engine_version": "", "browser_name": "PostmanRuntime", "browser_version": "7.32.3" } } } ``` 2. 基于飞书的认证对接 2.1 创建飞书应用(企业/个人) 2.2 获取应用的api Id 和 REDIRECT_URI 2.3 构造出一个 登录页面出来, 通过这个页面来获取用户认证成功后的Code ```sh https://petstore.swagger.io/?code=e16kdf80d0d24eed9a3a98d2be896391&state=STATE ``` 2.4 使用Code环境一个飞书Token 调用接口获取Token: https://open.feishu.cn/document/common-capabilities/sso/api/get-access_token 调用接口查询用户信息: https://open.feishu.cn/document/common-capabilities/sso/api/get-user-info 同步创建本地账号 ## API 文档介绍 swagger-go 通过注释来生成 api 文档: // @resp :xxx // @returns xxx restful-go 采用路由装饰来生成API文档, 只针对go-restful 这个框架的方案 1. 为路由添加API文档 ```json ws.Route(ws.POST("/").To(h.IssueToken). Doc("颁发令牌"). Reads(token.IssueTokenRequest{}). Writes(token.Token{}). Returns(200, "OK", token.Token{})) ``` 2. 怎么把这些装饰信息 提取出来生成swagger api需要的数据结构 我们需要找到Router提取出所有的 api文档 restfulspec "github.com/emicklei/go-restful-openapi/v2" 这个库是配套用于抽取restful 接口描述信息 通过配置restfulspec 的配置文件, ```go config := restfulspec.Config{ // 哪些web service 才生成API 文档 WebServices: restful.RegisteredWebServices(), // api docs 的接口的地址是多少 http://127.0.0.1:8010/apidocs.json APIPath: apiDocPath, // swagger对象的其他信息 PostBuildSwaggerObjectHandler: docs, DefinitionNameHandler: func(name string) string { if name == "state" || name == "sizeCache" || name == "unknownFields" { return "" } return name }, } ``` 除去接口之外的,比如 服务名称, 联系人,license 版本, 这些通过 传入Swagger对象来进行赋值 ```go func Docs(swo *spec.Swagger) { swo.Info = &spec.Info{ InfoProps: spec.InfoProps{ Title: "注册中心", Description: "Resource for managing Service Instances", Contact: &spec.ContactInfo{ ContactInfoProps: spec.ContactInfoProps{ Name: "john", Email: "john@doe.rp", URL: "http://johndoe.org", }, }, License: &spec.License{ LicenseProps: spec.LicenseProps{ Name: "MIT", URL: "http://mit.org", }, }, Version: version.Short(), }, } } ``` ```go // API Doc // Optionally, you can install the Swagger Service which provides a nice Web UI on your REST API // You need to download the Swagger HTML5 assets and change the FilePath location in the config below. // Open http://localhost:8080/apidocs/?url=http://localhost:8080/apidocs.json // http.Handle("/apidocs/", http.StripPrefix("/apidocs/", http.FileServer(http.Dir("/Users/emicklei/Projects/swagger-ui/dist")))) s.r.Add(apidoc.APIDocs(s.apiDocPath, swagger.Docs)) s.l.Infof("Swagger API Doc访问地址: http://%s%s", s.c.App.HTTP.Addr(), s.apiDocPath) ``` 最终通过http://127.0.0.1:8010/apidocs.json 对外进行暴露 ## 使用方向: 1. 只听设计理念, 在具体项目中进行2次设计 2. 摘取部分模块 做核心, 其他的部分自己简化(根据情况抄一部分代码) 3. 完全基于mcenter大招微服务体系, 直接对接mcenter服务, 做少量开发 ## 代码解读: 认证流程 1. 令牌颁发: + token 模块: 管理Token的颁发 + user 模块: 用户管理 + domain 模块: 租户管理 ————————————————