feature: API 网关鉴权方案调整 (closed #308)

TencentBlueKing · Jan 15, 2024 · 57b515c · 57b515c
1 parent 4f09924
commit 57b515c
Showing 1 changed file with 27 additions and 2 deletions.
diff --git a/apps/api/base.py b/apps/api/base.py
@@ -25,14 +25,30 @@
 
 from apps.exceptions import ApiResultError, ApiRequestError, AppBaseException, ApiError
 from apps.utils import remove_auth_args
-from apps.utils.local import get_request
+from apps.utils.local import get_request, get_request_username
 from apps.utils.time_handler import timestamp_to_datetime
 from .exception import DataAPIException
 from .utils.params import add_esb_info_before_request
 
 logger = logging.getLogger("component")
 
 
+API_AUTH_KEYS = ["bk_app_code", "bk_app_secret", "bk_username", "bk_token", "access_token", "bk_ticket"]
+
+
+def get_request_api_headers(params) -> str:
+    """
+    获取api网关鉴权认证请求头
+    """
+    api_headers = {
+        "bk_app_code": settings.APP_CODE,
+        "bk_app_secret": settings.SECRET_KEY,
+        "bk_username": get_request_username(),
+    }
+    api_headers.update(params)
+    return json.dumps(api_headers)
+
+
 class DataResponse(object):
     """response for data api request"""
 
@@ -255,7 +271,8 @@ def _send_request(self, params, headers, use_admin=False):
                 response_result = raw_response.json()
             except AttributeError:
                 error_message = "data api response not json format url->[{}] content->[{}]".format(
-                    self.url, raw_response.text,
+                    self.url,
+                    raw_response.text,
                 )
                 logger.exception(error_message)
 
@@ -394,6 +411,14 @@ def _send(self, params: Dict, headers: Dict, use_admin: bool = False):
         if self.method_override is not None:
             session.headers.update({"X-METHOD-OVERRIDE": self.method_override})
 
+        # headers 增加api认证数据
+        api_auth_params = {}
+        for auth_key in API_AUTH_KEYS:
+            auth_value = params.get(auth_key)
+            if auth_value:
+                api_auth_params[auth_key] = auth_value
+        session.headers.update({"X-Bkapi-Authorization": get_request_api_headers(api_auth_params)})
+
         url = self.build_actual_url(params)
         # 发出请求并返回结果
         non_file_data, file_data = self._split_file_data(params)