DNS服务支持密钥管理

2025-11-03 12:20:27 +08:00 · 2021-07-25 09:43:47 +08:00
parent 31308b5b56
commit 11e6e128b0
6 changed files with 1485 additions and 3 deletions
--- a/pkg/dnsconfigs/ns_key_algorithms.go
+++ b/pkg/dnsconfigs/ns_key_algorithms.go
@@ -0,0 +1,69 @@
+// Copyright 2021 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
+
+package dnsconfigs
+
+type KeyAlgorithmType = string
+
+const (
+	KeyAlgorithmTypeHmacSHA1   KeyAlgorithmType = "hmac-sha1."
+	KeyAlgorithmTypeHmacSHA224 KeyAlgorithmType = "hmac-sha224."
+	KeyAlgorithmTypeHmacSHA256 KeyAlgorithmType = "hmac-sha256."
+	KeyAlgorithmTypeHmacSHA384 KeyAlgorithmType = "hmac-sha384."
+	KeyAlgorithmTypeHmacSHA512 KeyAlgorithmType = "hmac-sha512."
+)
+
+type KeyAlgorithmDefinition struct {
+	Name string `json:"name"`
+	Code string `json:"code"`
+}
+
+func FindAllKeyAlgorithmTypes() []*KeyAlgorithmDefinition {
+	return []*KeyAlgorithmDefinition{
+		{
+			Name: "HmacSHA1",
+			Code: KeyAlgorithmTypeHmacSHA1,
+		},
+		{
+			Name: "HmacSHA224",
+			Code: KeyAlgorithmTypeHmacSHA224,
+		},
+		{
+			Name: "HmacSHA256",
+			Code: KeyAlgorithmTypeHmacSHA256,
+		},
+		{
+			Name: "HmacSHA384",
+			Code: KeyAlgorithmTypeHmacSHA384,
+		},
+		{
+			Name: "HmacSHA512",
+			Code: KeyAlgorithmTypeHmacSHA512,
+		},
+	}
+}
+
+func FindKeyAlgorithmTypeName(algoType KeyAlgorithmType) string {
+	for _, def := range FindAllKeyAlgorithmTypes() {
+		if def.Code == algoType {
+			return def.Name
+		}
+	}
+	return ""
+}
+
+type NSKeySecretType = string
+
+const (
+	NSKeySecretTypeClear  NSKeySecretType = "clear"
+	NSKeySecretTypeBase64 NSKeySecretType = "base64"
+)
+
+func FindKeySecretTypeName(secretType NSKeySecretType) string {
+	switch secretType {
+	case NSKeySecretTypeClear:
+		return "明文"
+	case NSKeySecretTypeBase64:
+		return "BASE64"
+	}
+	return ""
+}
--- a/pkg/dnsconfigs/ns_node_config.go
+++ b/pkg/dnsconfigs/ns_node_config.go
@@ -5,9 +5,10 @@ package dnsconfigs
 import "fmt"

 type NSNodeConfig struct {
-	Id           int64         `json:"id"`
-	ClusterId    int64         `json:"clusterId"`
-	AccessLogRef *AccessLogRef `json:"accessLogRef"`
+	Id           int64         `yaml:"id" json:"id"`
+	NodeId       string        `yaml:"nodeId" json:"nodeId"`
+	ClusterId    int64         `yaml:"clusterId" json:"clusterId"`
+	AccessLogRef *AccessLogRef `yaml:"accessLogRef" json:"accessLogRef"`

 	paddedId string
 }
--- a/pkg/rpc/pb/model_ns_key.pb.go
+++ b/pkg/rpc/pb/model_ns_key.pb.go
@@ -0,0 +1,194 @@
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.25.0
+// 	protoc        v3.12.3
+// source: models/model_ns_key.proto
+
+package pb
+
+import (
+	proto "github.com/golang/protobuf/proto"
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	reflect "reflect"
+	sync "sync"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+// This is a compile-time assertion that a sufficiently up-to-date version
+// of the legacy proto package is being used.
+const _ = proto.ProtoPackageIsVersion4
+
+// NS密钥
+type NSKey struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Id         int64  `protobuf:"varint,1,opt,name=id,proto3" json:"id,omitempty"`
+	IsOn       bool   `protobuf:"varint,2,opt,name=isOn,proto3" json:"isOn,omitempty"`
+	Name       string `protobuf:"bytes,3,opt,name=name,proto3" json:"name,omitempty"`
+	Algo       string `protobuf:"bytes,4,opt,name=algo,proto3" json:"algo,omitempty"`
+	Secret     string `protobuf:"bytes,5,opt,name=secret,proto3" json:"secret,omitempty"`
+	SecretType string `protobuf:"bytes,6,opt,name=secretType,proto3" json:"secretType,omitempty"`
+}
+
+func (x *NSKey) Reset() {
+	*x = NSKey{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_models_model_ns_key_proto_msgTypes[0]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *NSKey) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*NSKey) ProtoMessage() {}
+
+func (x *NSKey) ProtoReflect() protoreflect.Message {
+	mi := &file_models_model_ns_key_proto_msgTypes[0]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use NSKey.ProtoReflect.Descriptor instead.
+func (*NSKey) Descriptor() ([]byte, []int) {
+	return file_models_model_ns_key_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *NSKey) GetId() int64 {
+	if x != nil {
+		return x.Id
+	}
+	return 0
+}
+
+func (x *NSKey) GetIsOn() bool {
+	if x != nil {
+		return x.IsOn
+	}
+	return false
+}
+
+func (x *NSKey) GetName() string {
+	if x != nil {
+		return x.Name
+	}
+	return ""
+}
+
+func (x *NSKey) GetAlgo() string {
+	if x != nil {
+		return x.Algo
+	}
+	return ""
+}
+
+func (x *NSKey) GetSecret() string {
+	if x != nil {
+		return x.Secret
+	}
+	return ""
+}
+
+func (x *NSKey) GetSecretType() string {
+	if x != nil {
+		return x.SecretType
+	}
+	return ""
+}
+
+var File_models_model_ns_key_proto protoreflect.FileDescriptor
+
+var file_models_model_ns_key_proto_rawDesc = []byte{
+	0x0a, 0x19, 0x6d, 0x6f, 0x64, 0x65, 0x6c, 0x73, 0x2f, 0x6d, 0x6f, 0x64, 0x65, 0x6c, 0x5f, 0x6e,
+	0x73, 0x5f, 0x6b, 0x65, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x02, 0x70, 0x62, 0x22,
+	0x8b, 0x01, 0x0a, 0x05, 0x4e, 0x53, 0x4b, 0x65, 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18,
+	0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x02, 0x69, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x69, 0x73, 0x4f,
+	0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x04, 0x69, 0x73, 0x4f, 0x6e, 0x12, 0x12, 0x0a,
+	0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d,
+	0x65, 0x12, 0x12, 0x0a, 0x04, 0x61, 0x6c, 0x67, 0x6f, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52,
+	0x04, 0x61, 0x6c, 0x67, 0x6f, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x18,
+	0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x12, 0x1e, 0x0a,
+	0x0a, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x54, 0x79, 0x70, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28,
+	0x09, 0x52, 0x0a, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x54, 0x79, 0x70, 0x65, 0x42, 0x06, 0x5a,
+	0x04, 0x2e, 0x2f, 0x70, 0x62, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+}
+
+var (
+	file_models_model_ns_key_proto_rawDescOnce sync.Once
+	file_models_model_ns_key_proto_rawDescData = file_models_model_ns_key_proto_rawDesc
+)
+
+func file_models_model_ns_key_proto_rawDescGZIP() []byte {
+	file_models_model_ns_key_proto_rawDescOnce.Do(func() {
+		file_models_model_ns_key_proto_rawDescData = protoimpl.X.CompressGZIP(file_models_model_ns_key_proto_rawDescData)
+	})
+	return file_models_model_ns_key_proto_rawDescData
+}
+
+var file_models_model_ns_key_proto_msgTypes = make([]protoimpl.MessageInfo, 1)
+var file_models_model_ns_key_proto_goTypes = []interface{}{
+	(*NSKey)(nil), // 0: pb.NSKey
+}
+var file_models_model_ns_key_proto_depIdxs = []int32{
+	0, // [0:0] is the sub-list for method output_type
+	0, // [0:0] is the sub-list for method input_type
+	0, // [0:0] is the sub-list for extension type_name
+	0, // [0:0] is the sub-list for extension extendee
+	0, // [0:0] is the sub-list for field type_name
+}
+
+func init() { file_models_model_ns_key_proto_init() }
+func file_models_model_ns_key_proto_init() {
+	if File_models_model_ns_key_proto != nil {
+		return
+	}
+	if !protoimpl.UnsafeEnabled {
+		file_models_model_ns_key_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*NSKey); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+	}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: file_models_model_ns_key_proto_rawDesc,
+			NumEnums:      0,
+			NumMessages:   1,
+			NumExtensions: 0,
+			NumServices:   0,
+		},
+		GoTypes:           file_models_model_ns_key_proto_goTypes,
+		DependencyIndexes: file_models_model_ns_key_proto_depIdxs,
+		MessageInfos:      file_models_model_ns_key_proto_msgTypes,
+	}.Build()
+	File_models_model_ns_key_proto = out.File
+	file_models_model_ns_key_proto_rawDesc = nil
+	file_models_model_ns_key_proto_goTypes = nil
+	file_models_model_ns_key_proto_depIdxs = nil
+}
--- a/pkg/rpc/pb/service_ns_key.pb.go
+++ b/pkg/rpc/pb/service_ns_key.pb.go
--- a/pkg/rpc/protos/models/model_ns_key.proto
+++ b/pkg/rpc/protos/models/model_ns_key.proto
@@ -0,0 +1,14 @@
+syntax = "proto3";
+option go_package = "./pb";
+
+package pb;
+
+// NS密钥
+message NSKey {
+	int64 id =1;
+	bool isOn = 2;
+	string name = 3;
+	string algo = 4;
+	string secret = 5;
+	string secretType = 6;
+}
--- a/pkg/rpc/protos/service_ns_key.proto
+++ b/pkg/rpc/protos/service_ns_key.proto
@@ -0,0 +1,84 @@
+syntax = "proto3";
+option go_package = "./pb";
+
+package pb;
+
+import "models/rpc_messages.proto";
+import "models/model_ns_key.proto";
+
+// NS密钥相关服务
+service NSKeyService {
+	// 创建密钥
+	rpc createNSKey (CreateNSKeyRequest) returns (CreateNSKeyResponse);
+
+	// 修改密钥
+	rpc updateNSKey (UpdateNSKeyRequest) returns (RPCSuccess);
+
+	// 删除密钥
+	rpc deleteNSKey (DeleteNSKeyRequest) returns (RPCSuccess);
+
+	// 查找单个密钥
+	rpc findEnabledNSKey (FindEnabledNSKeyRequest) returns (FindEnabledNSKeyResponse);
+
+	// 计算密钥数量
+	rpc countAllEnabledNSKeys (CountAllEnabledNSKeysRequest) returns (RPCCountResponse);
+
+	// 列出单页密钥
+	rpc listEnabledNSKeys (ListEnabledNSKeysRequest) returns (ListEnabledNSKeysResponse);
+}
+
+// 创建密钥
+message CreateNSKeyRequest {
+	int64 nsDomainId = 1;
+	int64 nsZoneId = 2;
+	string name = 3;
+	string algo = 4;
+	string secret = 5;
+	string secretType = 6;
+}
+
+message CreateNSKeyResponse {
+	int64 nsKeyId = 1;
+}
+
+// 修改密钥
+message UpdateNSKeyRequest {
+	int64 nsKeyId = 1;
+	string name = 2;
+	string algo = 3;
+	string secret = 4;
+	string secretType = 5;
+	bool isOn = 6;
+}
+
+// 删除密钥
+message DeleteNSKeyRequest {
+	int64 nsKeyId = 1;
+}
+
+// 查找单个密钥
+message FindEnabledNSKeyRequest {
+	int64 nsKeyId = 1;
+}
+
+message FindEnabledNSKeyResponse {
+	NSKey nsKey = 1;
+}
+
+// 计算密钥数量
+message CountAllEnabledNSKeysRequest {
+	int64 nsDomainId = 1;
+	int64 nsZoneId = 2;
+}
+
+// 列出单页密钥
+message ListEnabledNSKeysRequest {
+	int64 nsDomainId = 1;
+	int64 nsZoneId = 2;
+	int64 offset = 3;
+	int64 size = 4;
+}
+
+message ListEnabledNSKeysResponse {
+	repeated NSKey nsKeys = 1;
+}