Merge pull request #228 from WeBankPartners/dev

Dev

artifacts-corepy/artifacts_corepy/common/utils.py

@@ -6,21 +6,23 @@
 本模块提供项目配置文件的差异化变量解析
 
 """
+import base64
+import binascii
 import contextlib
+import functools
 import io
 import logging
 import os.path
 import re
 import shutil
 import tempfile
 import time
-import requests
-import functools
 from collections import Mapping, MutableMapping
 
+import requests
+from artifacts_corepy.common import exceptions
 from talos.core import config
 from talos.core import exceptions as base_ex
-from artifacts_corepy.common import exceptions
 from talos.utils import http
 
 try:
@@ -238,4 +240,17 @@ def delete(url, **kwargs):
     def put(url, **kwargs):
         resp = requests.put(url, **kwargs)
         resp.raise_for_status()
-        return RestfulJson.get_response_json(resp)
+        return RestfulJson.get_response_json(resp)
+
+
+def b64decode_key(key):
+    new_key = key
+    max_padding = 3
+    while max_padding > 0:
+        try:
+            return base64.b64decode(new_key)
+        except binascii.Error as e:
+            new_key += '='
+            max_padding -= 1
+            if max_padding <= 0:
+                raise e

artifacts-corepy/artifacts_corepy/middlewares/auth.py

@@ -2,29 +2,15 @@
 
 from __future__ import absolute_import
 
-import base64
-import binascii
 import jwt
 import jwt.exceptions
+from artifacts_corepy.common import utils
 from talos.core import config
 from talos.core import exceptions as base_ex
 
 CONF = config.CONF
 
 
-def decode_key(key):
-    new_key = key
-    max_padding = 3
-    while max_padding > 0:
-        try:
-            return base64.b64decode(new_key)
-        except binascii.Error as e:
-            new_key += '='
-            max_padding -= 1
-            if max_padding <= 0:
-                raise e
-
-
 class JWTAuth(object):
     """中间件，提供JWT Token信息解析"""
     def process_request(self, req, resp):
@@ -37,7 +23,7 @@ def process_request(self, req, resp):
             if secret:
                 verify_token = True
             try:
-                token_info = jwt.decode(token, key=decode_key(secret), verify=verify_token)
+                token_info = jwt.decode(token, key=utils.b64decode_key(secret), verify=verify_token)
                 req.auth_user = token_info['sub']
             except jwt.exceptions.ExpiredSignatureError as e:
                 raise base_ex.AuthError()

artifacts-corepy/artifacts_corepy/server/wsgi_server.py

@@ -10,17 +10,17 @@
 from __future__ import absolute_import
 
 import base64
+import json
 import os
 import os.path
-import json
+
+from artifacts_corepy.common import utils as plugin_utils
+from artifacts_corepy.middlewares import auth
 from Crypto import Random
 from Crypto.Cipher import PKCS1_v1_5 as Cipher_pkcs1_v1_5
 from Crypto.PublicKey import RSA
+from talos.core import config, utils
 from talos.server import base
-from talos.core import utils
-from talos.core import config
-
-from artifacts_corepy.middlewares import auth
 
 # @config.intercept('db_password', 'other_password')
 # def get_password(value, origin_value):
@@ -32,14 +32,14 @@
 #     # 演示使用不安全的base64，请使用你认为安全的算法进行处理
 #     return base64.b64decode(origin_value)
 
-RAS_KEY_PATH = '/certs/ras_key'
+RSA_KEY_PATH = '/certs/rsa_key'
 
 
-def decrypt_ras(secret_key, encrypt_text):
+def decrypt_rsa(secret_key, encrypt_text):
     rsakey = RSA.importKey(secret_key)
     cipher = Cipher_pkcs1_v1_5.new(rsakey)
     random_generator = Random.new().read
-    text = cipher.decrypt(base64.b64decode(encrypt_text), random_generator)
+    text = cipher.decrypt(plugin_utils.b64decode_key(encrypt_text), random_generator)
     return text.decode('utf-8')
 
 
@@ -56,10 +56,10 @@ def get_env_value(value, origin_value):
         env_name = value[len(prefix):]
         new_value = os.getenv(env_name, default='')
         if new_value.startswith(encrypt_prefix):
-            certs_path = RAS_KEY_PATH
+            certs_path = RSA_KEY_PATH
             if os.path.exists(certs_path) and os.path.isfile(certs_path):
                 with open(certs_path) as f:
-                    new_value = decrypt_ras(f.read(), new_value)
+                    new_value = decrypt_rsa(f.read(), new_value[len(encrypt_prefix):])
             else:
                 raise ValueError('keys with "RSA@", but rsa_key file not exists')
         return new_value
@@ -85,4 +85,4 @@ def error_serializer(req, resp, exception):
                                      conf_dir=os.environ.get('ARTIFACTS_COREPY_CONF_DIR',
                                                              '/etc/artifacts_corepy/artifacts_corepy.conf.d'),
                                      middlewares=[auth.JWTAuth()])
-application.set_error_serializer(error_serializer)
+application.set_error_serializer(error_serializer)

register.xml

@@ -63,6 +63,7 @@
         ARTIFACTS_NEXUS_PASSWORD={{NEXUS_PASSWORD}},ARTIFACTS_NEXUS_REPOSITORY={{NEXUS_REPOSITORY}},
         WECUBE_S3_ACCESS_KEY={{S3_ACCESS_KEY}},WECUBE_S3_SECRET_KEY={{S3_SECRET_KEY}},
         WECUBE_GATEWAY_URL={{GATEWAY_URL}},WECUBE_JWT_SIGNING_KEY={{JWT_SIGNING_KEY}}"/>
+        <s3 bucketName="wecube-artifacts"/>
     </resourceDependencies>
 
     <!-- 7.插件列表 - 描述插件包中单个插件的输入和输出 -->