节点组合配置时服务间可以共用证书数据

2025-11-07 23:30:25 +08:00 · 2023-03-18 22:15:13 +08:00
parent 786747b718
commit dab1a86d09
20 changed files with 840 additions and 694 deletions
--- a/build/rpc.json
+++ b/build/rpc.json
@@ -16946,7 +16946,7 @@
    },
    {
      "name": "FindCurrentNodeConfigRequest",
-      "code": "message FindCurrentNodeConfigRequest {\n\t// 由于登录信息中已经包含了节点信息，所以这里不需要nodeId\n\tint64 version = 1;\n\tbool compress = 2; // 是否压缩\n\tint64 nodeTaskVersion = 3; // 通知任务版本\n}",
+      "code": "message FindCurrentNodeConfigRequest {\n\t// 由于登录信息中已经包含了节点信息，所以这里不需要nodeId\n\tint64 version = 1;\n\tbool compress = 2; // 是否压缩\n\tint64 nodeTaskVersion = 3; // 通知任务版本\n\tbool useDataMap = 4; // 是否使用公共的数据集\n}",
      "doc": "组合单个节点配置"
    },
    {
--- a/pkg/nodeconfigs/node_config.go
+++ b/pkg/nodeconfigs/node_config.go
@@ -2,6 +2,7 @@ package nodeconfigs

 import (
 	"bytes"
+	"context"
 	"crypto/sha256"
 	"encoding/base64"
 	"encoding/json"
@@ -44,6 +45,7 @@ type NodeConfig struct {
 	GroupId      int64                         `yaml:"groupId" json:"groupId"`
 	RegionId     int64                         `yaml:"regionId" json:"regionId"`
 	OCSPVersion  int64                         `yaml:"ocspVersion" json:"ocspVersion"`
+	DataMap      *shared.DataMap               `yaml:"dataMap" json:"dataMap"`

 	// 性能
 	MaxCPU       int32                                 `yaml:"maxCPU" json:"maxCPU"`
@@ -209,7 +211,13 @@ func CloneNodeConfig(nodeConfig *NodeConfig) (*NodeConfig, error) {
 }

 // Init 初始化
-func (this *NodeConfig) Init() (err error, serverErrors []*ServerError) {
+func (this *NodeConfig) Init(ctx context.Context) (err error, serverErrors []*ServerError) {
+	// 设置Context
+	if ctx == nil {
+		ctx = context.Background()
+	}
+	ctx = context.WithValue(ctx, "DataMap", this.DataMap)
+
 	this.secretHash = fmt.Sprintf("%x", sha256.Sum256([]byte(this.NodeId+"@"+this.Secret)))
 	this.paddedId = fmt.Sprintf("%08d", this.Id)

@@ -221,7 +229,7 @@ func (this *NodeConfig) Init() (err error, serverErrors []*ServerError) {
 		}

 		// 初始化
-		errs := server.Init()
+		errs := server.Init(ctx)
 		if len(errs) > 0 {
 			// 这里不返回错误，而是继续往下，防止单个服务错误而影响其他服务
 			for _, serverErr := range errs {
--- a/pkg/rpc/pb/service_node.pb.go
+++ b/pkg/rpc/pb/service_node.pb.go
--- a/pkg/rpc/protos/service_node.proto
+++ b/pkg/rpc/protos/service_node.proto
@@ -291,6 +291,7 @@ message FindCurrentNodeConfigRequest {
 	int64 version = 1;
 	bool compress = 2; // 是否压缩
 	int64 nodeTaskVersion = 3; // 通知任务版本
+	bool useDataMap = 4; // 是否使用公共的数据集
 }

 message FindCurrentNodeConfigResponse {
--- a/pkg/serverconfigs/follow_protocol_config.go
+++ b/pkg/serverconfigs/follow_protocol_config.go
@@ -0,0 +1,28 @@
+// Copyright 2023 Liuxiangchao iwind.liu@gmail.com. All rights reserved. Official site: https://goedge.cn .
+
+package serverconfigs
+
+// FollowProtocolConfig 协议跟随配置
+type FollowProtocolConfig struct {
+	IsPrior bool `yaml:"isPrior" json:"isPrior"` // 是否覆盖父级配置
+	IsOn    bool `yaml:"isOn" json:"isOn"`       // 是否启用
+	HTTP    struct {
+		Port       int  `yaml:"port" json:"port"`             // 端口
+		FollowPort bool `yaml:"followPort" json:"followPort"` // 跟随端口
+	} `yaml:"http" json:"http"` // HTTP配置
+	HTTPS struct {
+		Port       int  `yaml:"port" json:"port"`             // 端口
+		FollowPort bool `yaml:"followPort" json:"followPort"` // 跟随端口
+	} `yaml:"https" json:"https"` // HTTPS配置
+}
+
+func NewFollowProtocolConfig() *FollowProtocolConfig {
+	var p = &FollowProtocolConfig{}
+	p.HTTP.FollowPort = true
+	p.HTTPS.FollowPort = true
+	return p
+}
+
+func (this *FollowProtocolConfig) Init() error {
+	return nil
+}
--- a/pkg/serverconfigs/http_location_config.go
+++ b/pkg/serverconfigs/http_location_config.go
@@ -1,6 +1,7 @@
 package serverconfigs

 import (
+	"context"
 	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/shared"
 	"regexp"
 	"strconv"
@@ -32,14 +33,14 @@ type HTTPLocationConfig struct {
 	reverse         bool           // 是否翻转规则，比如非前缀，非路径
 }

-func (this *HTTPLocationConfig) Init() error {
+func (this *HTTPLocationConfig) Init(ctx context.Context) error {
 	err := this.ExtractPattern()
 	if err != nil {
 		return err
 	}

 	if this.Web != nil {
-		err := this.Web.Init()
+		err := this.Web.Init(ctx)
 		if err != nil {
 			return err
 		}
@@ -53,7 +54,7 @@ func (this *HTTPLocationConfig) Init() error {
 	}

 	if this.ReverseProxy != nil {
-		err := this.ReverseProxy.Init()
+		err := this.ReverseProxy.Init(ctx)
 		if err != nil {
 			return err
 		}
@@ -61,7 +62,7 @@ func (this *HTTPLocationConfig) Init() error {

 	// Children
 	for _, child := range this.Children {
-		err := child.Init()
+		err := child.Init(ctx)
 		if err != nil {
 			return err
 		}
--- a/pkg/serverconfigs/http_web_config.go
+++ b/pkg/serverconfigs/http_web_config.go
@@ -1,6 +1,7 @@
 package serverconfigs

 import (
+	"context"
 	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
 	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/shared"
 )
@@ -54,7 +55,7 @@ type HTTPWebConfig struct {
 	CC  *HTTPCCConfig `yaml:"cc" json:"cc"`
 }

-func (this *HTTPWebConfig) Init() error {
+func (this *HTTPWebConfig) Init(ctx context.Context) error {
 	// root
 	if this.Root != nil {
 		err := this.Root.Init()
@@ -66,7 +67,7 @@ func (this *HTTPWebConfig) Init() error {
 	// 路径规则
 	if len(this.Locations) > 0 {
 		for _, location := range this.Locations {
-			err := location.Init()
+			err := location.Init(ctx)
 			if err != nil {
 				return err
 			}
--- a/pkg/serverconfigs/origin_config.go
+++ b/pkg/serverconfigs/origin_config.go
@@ -1,6 +1,7 @@
 package serverconfigs

 import (
+	"context"
 	"fmt"
 	"github.com/TeaOSLab/EdgeCommon/pkg/configutils"
 	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/shared"
@@ -34,6 +35,7 @@ type OriginConfig struct {
 	RequestURI     string                `yaml:"requestURI" json:"requestURI"`         // 转发后的请求URI TODO
 	RequestHost    string                `yaml:"requestHost" json:"requestHost"`       // 自定义主机名
 	FollowPort     bool                  `yaml:"followPort" json:"followPort"`         // 端口跟随
+	FollowProtocol *FollowProtocolConfig `yaml:"followProtocol" json:"followProtocol"` // 协议跟随 TODO

 	RequestHeaderPolicyRef  *shared.HTTPHeaderPolicyRef `yaml:"requestHeaderPolicyRef" json:"requestHeaderPolicyRef"`   // 请求Header
 	RequestHeaderPolicy     *shared.HTTPHeaderPolicy    `yaml:"requestHeaderPolicy" json:"requestHeaderPolicy"`         // 请求Header策略
@@ -71,7 +73,7 @@ type OriginConfig struct {
 }

 // Init 校验
-func (this *OriginConfig) Init() error {
+func (this *OriginConfig) Init(ctx context.Context) error {
 	this.IsOk = true

 	// URL
@@ -91,7 +93,7 @@ func (this *OriginConfig) Init() error {

 	// 证书
 	if this.Cert != nil {
-		err := this.Cert.Init()
+		err := this.Cert.Init(ctx)
 		if err != nil {
 			return err
 		}
@@ -161,6 +163,14 @@ func (this *OriginConfig) Init() error {
 		}
 	}

+	// follow protocol
+	if this.FollowProtocol != nil {
+		err := this.FollowProtocol.Init()
+		if err != nil {
+			return err
+		}
+	}
+
 	return nil
 }

--- a/pkg/serverconfigs/origin_config_test.go
+++ b/pkg/serverconfigs/origin_config_test.go
@@ -7,7 +7,7 @@ func TestOriginConfig_UniqueKey(t *testing.T) {
 		Id:      1,
 		Version: 101,
 	}
-	err := origin.Init()
+	err := origin.Init(nil)
 	if err != nil {
 		t.Fatal(err)
 	}
--- a/pkg/serverconfigs/protocol_https_config.go
+++ b/pkg/serverconfigs/protocol_https_config.go
@@ -1,6 +1,7 @@
 package serverconfigs

 import (
+	"context"
 	"encoding/json"
 	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/sslconfigs"
 )
@@ -25,14 +26,14 @@ type HTTPSProtocolConfig struct {
 }

 // Init 初始化
-func (this *HTTPSProtocolConfig) Init() error {
+func (this *HTTPSProtocolConfig) Init(ctx context.Context) error {
 	err := this.InitBase()
 	if err != nil {
 		return err
 	}

 	if this.SSLPolicy != nil {
-		err := this.SSLPolicy.Init()
+		err := this.SSLPolicy.Init(ctx)
 		if err != nil {
 			return err
 		}
--- a/pkg/serverconfigs/protocol_tls_config.go
+++ b/pkg/serverconfigs/protocol_tls_config.go
@@ -1,6 +1,7 @@
 package serverconfigs

 import (
+	"context"
 	"encoding/json"
 	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/sslconfigs"
 )
@@ -25,14 +26,14 @@ type TLSProtocolConfig struct {
 }

 // Init 初始化
-func (this *TLSProtocolConfig) Init() error {
+func (this *TLSProtocolConfig) Init(ctx context.Context) error {
 	err := this.InitBase()
 	if err != nil {
 		return err
 	}

 	if this.SSLPolicy != nil {
-		err := this.SSLPolicy.Init()
+		err := this.SSLPolicy.Init(ctx)
 		if err != nil {
 			return err
 		}
--- a/pkg/serverconfigs/reverse_proxy_config.go
+++ b/pkg/serverconfigs/reverse_proxy_config.go
@@ -1,6 +1,7 @@
 package serverconfigs

 import (
+	"context"
 	"github.com/TeaOSLab/EdgeCommon/pkg/configutils"
 	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/shared"
 	"github.com/iwind/TeaGo/lists"
@@ -44,6 +45,7 @@ type ReverseProxyConfig struct {

 	ProxyProtocol   *ProxyProtocolConfig  `yaml:"proxyProtocol" json:"proxyProtocol"`     // PROXY Protocol
 	FollowRedirects bool                  `yaml:"followRedirects" json:"followRedirects"` // 回源跟随
+	FollowProtocol  *FollowProtocolConfig `yaml:"followProtocol" json:"followProtocol"`   // 协议跟随 TODO

 	requestHostHasVariables bool
 	requestURIHasVariables  bool
@@ -60,7 +62,7 @@ type ReverseProxyConfig struct {
 }

 // Init 初始化
-func (this *ReverseProxyConfig) Init() error {
+func (this *ReverseProxyConfig) Init(ctx context.Context) error {
 	this.requestHostHasVariables = configutils.HasVariables(this.RequestHost)
 	this.requestURIHasVariables = configutils.HasVariables(this.RequestURI)

@@ -171,7 +173,7 @@ func (this *ReverseProxyConfig) Init() error {
 			}

 			// 初始化
-			err := origin.Init()
+			err := origin.Init(ctx)
 			if err != nil {
 				return err
 			}
@@ -205,6 +207,14 @@ func (this *ReverseProxyConfig) Init() error {
 		}
 	}

+	// follow protocol
+	if this.FollowProtocol != nil {
+		err := this.FollowProtocol.Init()
+		if err != nil {
+			return err
+		}
+	}
+
 	return nil
 }

--- a/pkg/serverconfigs/reverse_proxy_config_test.go
+++ b/pkg/serverconfigs/reverse_proxy_config_test.go
@@ -30,7 +30,7 @@ func TestReverseProxyConfig_Init(t *testing.T) {
 		Addr: &NetworkAddressConfig{Host: "127.0.0.4"},
 		IsOn: true,
 	})
-	err := config.Init()
+	err := config.Init(nil)
 	if err != nil {
 		t.Fatal(err)
 	}
--- a/pkg/serverconfigs/server_config.go
+++ b/pkg/serverconfigs/server_config.go
@@ -1,6 +1,7 @@
 package serverconfigs

 import (
+	"context"
 	"encoding/json"
 	"errors"
 	"github.com/TeaOSLab/EdgeCommon/pkg/configutils"
@@ -80,7 +81,7 @@ func NewServerConfig() *ServerConfig {
 	return &ServerConfig{}
 }

-func (this *ServerConfig) Init() (results []error) {
+func (this *ServerConfig) Init(ctx context.Context) (results []error) {
 	if this.isInitialized {
 		return
 	}
@@ -193,7 +194,7 @@ func (this *ServerConfig) Init() (results []error) {
 	}

 	if this.HTTPS != nil {
-		err := this.HTTPS.Init()
+		err := this.HTTPS.Init(ctx)
 		if err != nil {
 			results = append(results, err)
 		}
@@ -207,7 +208,7 @@ func (this *ServerConfig) Init() (results []error) {
 	}

 	if this.TLS != nil {
-		err := this.TLS.Init()
+		err := this.TLS.Init(ctx)
 		if err != nil {
 			results = append(results, err)
 		}
@@ -235,14 +236,14 @@ func (this *ServerConfig) Init() (results []error) {
 	}

 	if this.ReverseProxy != nil {
-		err := this.ReverseProxy.Init()
+		err := this.ReverseProxy.Init(ctx)
 		if err != nil {
 			results = append(results, err)
 		}
 	}

 	if this.Web != nil {
-		err := this.Web.Init()
+		err := this.Web.Init(ctx)
 		if err != nil {
 			results = append(results, err)
 		}
--- a/pkg/serverconfigs/server_config_test.go
+++ b/pkg/serverconfigs/server_config_test.go
@@ -65,7 +65,7 @@ func TestServerConfig_Protocols(t *testing.T) {
 				},
 			},
 		}}
-		err := server.Init()
+		err := server.Init(nil)
 		if err != nil {
 			t.Fatal(err)
 		}
--- a/pkg/serverconfigs/shared/data_map.go
+++ b/pkg/serverconfigs/shared/data_map.go
@@ -0,0 +1,37 @@
+// Copyright 2023 Liuxiangchao iwind.liu@gmail.com. All rights reserved. Official site: https://goedge.cn .
+
+package shared
+
+import (
+	"bytes"
+	"crypto/md5"
+	"fmt"
+)
+
+var dataMapPrefix = []byte("GOEDGE_DATA_MAP:")
+
+// DataMap 二进制数据共享Map
+// 用来减少相同数据占用的空间和内存
+type DataMap struct {
+	Map map[string][]byte
+}
+
+// NewDataMap 构建对象
+func NewDataMap() *DataMap {
+	return &DataMap{Map: map[string][]byte{}}
+}
+
+// Put 放入数据
+func (this *DataMap) Put(data []byte) (keyData []byte) {
+	var key = string(dataMapPrefix) + fmt.Sprintf("%x", md5.Sum(data))
+	this.Map[key] = data
+	return []byte(key)
+}
+
+// Read 读取数据
+func (this *DataMap) Read(key []byte) []byte {
+	if bytes.HasPrefix(key, dataMapPrefix) {
+		return this.Map[string(key)]
+	}
+	return key
+}
--- a/pkg/serverconfigs/shared/data_map_test.go
+++ b/pkg/serverconfigs/shared/data_map_test.go
@@ -0,0 +1,17 @@
+// Copyright 2023 Liuxiangchao iwind.liu@gmail.com. All rights reserved. Official site: https://goedge.cn .
+
+package shared_test
+
+import (
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/shared"
+	"testing"
+)
+
+func TestNewDataMap(t *testing.T) {
+	var m = shared.NewDataMap()
+	t.Log("data:", m.Read([]byte("e10adc3949ba59abbe56e057f20f883e")))
+	var key = m.Put([]byte("123456"))
+	t.Log("keyData:", key)
+	t.Log("keyString:", string(key))
+	t.Log("data:", string(m.Read(key)))
+}
--- a/pkg/serverconfigs/sslconfigs/ssl_cert_config.go
+++ b/pkg/serverconfigs/sslconfigs/ssl_cert_config.go
@@ -1,12 +1,15 @@
 package sslconfigs

 import (
+	"context"
 	"crypto/tls"
 	"crypto/x509"
 	"encoding/pem"
 	"errors"
 	"github.com/TeaOSLab/EdgeCommon/pkg/configutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/shared"
 	"github.com/iwind/TeaGo/lists"
+	"reflect"
 	"strconv"
 	"time"
 )
@@ -41,7 +44,23 @@ type SSLCertConfig struct {
 }

 // Init 校验
-func (this *SSLCertConfig) Init() error {
+func (this *SSLCertConfig) Init(ctx context.Context) error {
+	// 从ctx中读取数据
+	if ctx != nil {
+		var dataMapOne = ctx.Value("DataMap")
+		if dataMapOne != nil && !reflect.ValueOf(dataMapOne).IsNil() {
+			dataMap, ok := dataMapOne.(*shared.DataMap)
+			if !ok {
+				return errors.New("SSLCertConfig.init(): invalid 'DataMap' in context")
+			}
+			if dataMap != nil { // 再次检查是否为nil
+				this.KeyData = dataMap.Read(this.KeyData)
+				this.CertData = dataMap.Read(this.CertData)
+				this.OCSP = dataMap.Read(this.OCSP)
+			}
+		}
+	}
+
 	var commonNames []string // 发行组织
 	var dnsNames []string    // 域名

--- a/pkg/serverconfigs/sslconfigs/ssl_policy.go
+++ b/pkg/serverconfigs/sslconfigs/ssl_policy.go
@@ -2,6 +2,7 @@ package sslconfigs

 import (
 	"bytes"
+	"context"
 	"crypto/tls"
 	"crypto/x509"
 	"github.com/TeaOSLab/EdgeCommon/pkg/configutils"
@@ -48,13 +49,13 @@ type SSLPolicy struct {
 }

 // Init 校验配置
-func (this *SSLPolicy) Init() error {
+func (this *SSLPolicy) Init(ctx context.Context) error {
 	this.nameMapping = map[string]*tls.Certificate{}

 	// certs
 	var certs = []tls.Certificate{}
 	for _, cert := range this.Certs {
-		err := cert.Init()
+		err := cert.Init(ctx)
 		if err != nil {
 			return err
 		}
@@ -74,7 +75,7 @@ func (this *SSLPolicy) Init() error {
 	this.clientCAPool = x509.NewCertPool()

 	for _, cert := range this.ClientCACerts {
-		err := cert.Init()
+		err := cert.Init(ctx)
 		if err != nil {
 			return err
 		}
--- a/pkg/serverconfigs/sslconfigs/ssl_policy_test.go
+++ b/pkg/serverconfigs/sslconfigs/ssl_policy_test.go
@@ -120,7 +120,7 @@ Z3NIV2eNt6YBwkC69DzdazXT
 		OCSPExpiresAt: nowTime + 2,
 	})

-	err := policy.Init()
+	err := policy.Init(nil)
 	if err != nil {
 		t.Fatal(err)
 	}