Skip to content

Commit

Permalink
feat: 实现远程部署令牌、推送、接收、应用功能;
Browse files Browse the repository at this point in the history
  • Loading branch information
@maslow
maslow committed Aug 7, 2021
1 parent 281cf28 commit afeb9ec
Show file tree
Hide file tree
Showing 9 changed files with 358 additions and 7 deletions.
10 changes: 8 additions & 2 deletions packages/devops-server/http/deploy.http
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,8 +13,14 @@ Content-Type: application/json
}


### 部署访问策略
### 创建部署令牌

POST {{base_url}}/deploy/policy
POST {{base_url}}/deploy/create-token
Content-Type: application/json;charset=UTF-8
Authorization: Bearer {{token}}

{
"permissions": ["policy", "function"],
"expire": 1,
"source": "test"
}
20 changes: 20 additions & 0 deletions packages/devops-server/http/publish.http
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@

@token={{login.response.body.$.data.access_token}}

### 管理员登陆
# @name login

POST {{base_url}}/admin/login HTTP/1.1
Content-Type: application/json

{
"username": "{{sys_admin}}",
"password": "{{sys_password}}"
}


### 发布访问策略

POST {{base_url}}/publish/policy
Content-Type: application/json;charset=UTF-8
Authorization: Bearer {{token}}
13 changes: 13 additions & 0 deletions packages/devops-server/init/sys-permissions.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,4 +47,17 @@ exports.permissions = [
{ name: 'publish.policy', label: '发布数据访问策略'},
{ name: 'publish.function', label: '发布云函数' },
{ name: 'publish.trigger', label: '发布触发器' },

{ name: 'deploy_target.read', label: '读取部署目标' },
{ name: 'deploy_target.edit', label: '编辑部署目标' },
{ name: 'deploy_target.create', label: '添加部署目标' },
{ name: 'deploy_target.delete', label: '删除部署目标' },

{ name: 'deploy_request.read', label: '读取部署请求' },
{ name: 'deploy_request.edit', label: '编辑部署请求' },
{ name: 'deploy_request.create', label: '添加部署请求' },
{ name: 'deploy_request.delete', label: '删除部署请求' },
{ name: 'deploy_request.apply', label: '应用部署请求' },

{ name: 'deploy.create_token', label: '创建部署令牌' }
]
56 changes: 55 additions & 1 deletion packages/devops-server/src/api/function.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,8 @@
import { Constants } from "../constants"
import { Globals } from "../lib/globals"
import { compileTs2js } from 'cloud-function-engine/dist/utils'

import { CloudFunctionStruct } from "cloud-function-engine"
import * as assert from 'assert'
const db = Globals.sys_db

/**
Expand Down Expand Up @@ -79,3 +80,56 @@ function compileFunction(func: any) {
func.compiledCode = compileTs2js(func.code)
return func
}

/**
* 部署云函数
* 应用远程推送过来的部署请求
*/
export async function deployFunctions(functions: CloudFunctionStruct[]) {
assert.ok(functions)
assert.ok(functions instanceof Array)
const logger = Globals.logger

const accessor = Globals.sys_accessor

const data = functions
const session = accessor.conn.startSession()

try {
await session.withTransaction(async () => {
for (const func of data) {
await _deployOneFunction(func)
}
})
} catch (error) {
logger.error(error)
throw error
} finally {
await session.endSession()
}
}

async function _deployOneFunction(func: CloudFunctionStruct) {
const db = Globals.sys_accessor.db
const r = await db.collection('__functions').findOne({ name: func.name })

const data = {
...func
}

delete data['_id']

// if exists function
if (r) {
const ret = await db.collection('__functions').updateOne({ _id: r._id }, {
$set: data
})

assert(ret.matchedCount, `deploy: update function ${func.name} occurred error`)
return
}

// if new function
const ret = await db.collection('__functions').insertOne(data as any)
assert(ret.insertedId, `deploy: add function ${func.name} occurred error`)
}
62 changes: 58 additions & 4 deletions packages/devops-server/src/api/rules.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,21 +38,75 @@ export async function getAccessPolicy(category: string): Promise<any> {
*/
export async function publishAccessPolicy() {
const logger = Globals.logger

const app_accessor = Globals.app_accessor
const ret = await Globals.sys_accessor.db.collection('__policies').find().toArray()
const session = app_accessor.conn.startSession()

try {
await session.withTransaction(async () => {
const _db = app_accessor.db
const app_coll = _db.collection(Constants.policy_collection);
await app_coll.deleteMany({});
await app_coll.insertMany(ret);
const app_coll = _db.collection(Constants.policy_collection)
await app_coll.deleteMany({})
await app_coll.insertMany(ret)
})
} catch (error) {
logger.error(error)
} finally {
await session.endSession()
}
}


/**
* 部署访问策略
* 应用远程推送过来的部署请求
*/
export async function deployPolicies(policies) {
assert.ok(policies)
assert.ok(policies instanceof Array)
const logger = Globals.logger

const accessor = Globals.sys_accessor

const data = policies
const session = accessor.conn.startSession()

try {
await session.withTransaction(async () => {
for (const item of data) {
await _deployOnePolicy(item)
}
})
} catch (error) {
logger.error(error)
throw error
} finally {
await session.endSession()
}
}

async function _deployOnePolicy(policy: any) {
const db = Globals.sys_accessor.db
const r = await db.collection('__policies').findOne({ name: policy.name })

const data = {
...policy
}

delete data['_id']

// if exists
if (r) {
const ret = await db.collection('__policies').updateOne({ _id: r._id }, {
$set: data
})

assert(ret.matchedCount, `deploy: update policy ${policy.name} occurred error`)
return
}

// if new
const ret = await db.collection('__policies').insertOne(data as any)
assert(ret.insertedId, `deploy: add policy ${policy.name} occurred error`)
}
8 changes: 8 additions & 0 deletions packages/devops-server/src/index.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,14 @@ const logger = Globals.logger
const server = express()
server.use(express.json())

// 服务端开放跨域
server.all('*', function (_req, res, next) {
res.header('Access-Control-Allow-Origin', '*')
res.header('Access-Control-Allow-Headers', 'Authorization, Content-Type')
res.header('Access-Control-Allow-Methods', '*')
next()
})

// 解析 Bearer Token
server.use(function (req, _res, next) {
const token = splitBearerToken(req.headers['authorization'] ?? '')
Expand Down
Loading

0 comments on commit afeb9ec

Please sign in to comment.