This is an automated email from the ASF dual-hosted git repository.
tianxiaoliang pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/servicecomb-kie.git
The following commit(s) were added to refs/heads/master by this push:
new b0f1119 decrypt the mongo uri when init (#178)
b0f1119 is described below
commit b0f11192264a41e4fdf37369dfc551fd7719a0f3
Author: little-cui <[email protected]>
AuthorDate: Tue Apr 13 14:29:04 2021 +0800
decrypt the mongo uri when init (#178)
---
pkg/cipherutil/cipher_util.go | 16 ++++++++++++++++
pkg/cipherutil/cipher_util_test.go | 15 +++++++++++++++
server/service/mongo/session/session.go | 13 +++++--------
3 files changed, 36 insertions(+), 8 deletions(-)
diff --git a/pkg/cipherutil/cipher_util.go b/pkg/cipherutil/cipher_util.go
new file mode 100644
index 0000000..b1cbc19
--- /dev/null
+++ b/pkg/cipherutil/cipher_util.go
@@ -0,0 +1,16 @@
+package cipherutil
+
+import (
+ "github.com/go-chassis/go-chassis/v2/security/cipher"
+ "github.com/go-chassis/openlog"
+)
+
+// TryDecrypt return the src when decrypt failed
+func TryDecrypt(src string) string {
+ res, err := cipher.Decrypt(src)
+ if err != nil {
+ openlog.Info("cipher fallback: " + err.Error())
+ res = src
+ }
+ return res
+}
diff --git a/pkg/cipherutil/cipher_util_test.go
b/pkg/cipherutil/cipher_util_test.go
new file mode 100644
index 0000000..332f67e
--- /dev/null
+++ b/pkg/cipherutil/cipher_util_test.go
@@ -0,0 +1,15 @@
+package cipherutil_test
+
+import (
+ "testing"
+
+ "github.com/apache/servicecomb-kie/pkg/cipherutil"
+ _ "github.com/apache/servicecomb-kie/test"
+ "github.com/stretchr/testify/assert"
+)
+
+func TestTryDecrypt(t *testing.T) {
+ t.Run("try decrypt failed, should return src", func(t *testing.T) {
+ assert.Equal(t, "abc", cipherutil.TryDecrypt("abc"))
+ })
+}
diff --git a/server/service/mongo/session/session.go
b/server/service/mongo/session/session.go
index 1248cdc..a5e5b0b 100644
--- a/server/service/mongo/session/session.go
+++ b/server/service/mongo/session/session.go
@@ -24,8 +24,8 @@ import (
"crypto/x509"
"errors"
"fmt"
+ "github.com/apache/servicecomb-kie/pkg/cipherutil"
"github.com/apache/servicecomb-kie/pkg/model"
- "github.com/go-chassis/go-chassis/v2/security/cipher"
"github.com/go-chassis/openlog"
"go.mongodb.org/mongo-driver/bson"
"go.mongodb.org/mongo-driver/bson/bsoncodec"
@@ -106,7 +106,8 @@ func Init() error {
RegisterEncoder(reflect.TypeOf(model.LabelDoc{}), sc).
RegisterEncoder(reflect.TypeOf(model.KVDoc{}), sc).
Build()
- clientOps :=
[]*options.ClientOptions{options.Client().ApplyURI(config.GetDB().URI)}
+ uri := cipherutil.TryDecrypt(config.GetDB().URI)
+ clientOps :=
[]*options.ClientOptions{options.Client().ApplyURI(uri)}
if config.GetDB().SSLEnabled {
if config.GetDB().RootCA == "" {
err = ErrRootCAMissing
@@ -226,15 +227,11 @@ func OpenSession() *mgo.Session {
openlog.Fatal("invalid timeout :" + err.Error())
}
}
- uri, err = cipher.Decrypt(config.GetDB().URI)
- if err != nil {
- openlog.Info("cipher fallback: " + err.Error())
- uri = config.GetDB().URI
- }
+ uri = cipherutil.TryDecrypt(config.GetDB().URI)
session, err := mgo.DialWithTimeout(uri, timeout)
if err != nil {
openlog.Warn("can not dial db, retry once:" + err.Error())
- session, err = mgo.DialWithTimeout(config.GetDB().URI, timeout)
+ session, err = mgo.DialWithTimeout(uri, timeout)
if err != nil {
openlog.Fatal("can not dial db:" + err.Error())
}
