feat: 管理员用户查询从缓存读取 #2831

* feat: 管理员用户查询从缓存读取 #2831 * feat: 调整缓存时间到2min #2831
TencentBlueKing · Jan 10, 2025 · 956ad4a · 956ad4a
1 parent 355a402
commit 956ad4a
Show file tree

Hide file tree

Showing 7 changed files with 45 additions and 2 deletions.
diff --git a/src/backend/auth/api-auth/src/main/kotlin/com/tencent/bkrepo/auth/api/ServiceUserClient.kt b/src/backend/auth/api-auth/src/main/kotlin/com/tencent/bkrepo/auth/api/ServiceUserClient.kt
@@ -109,4 +109,8 @@ interface ServiceUserClient {
     fun userTokenById(
         @PathVariable uid: String
     ): Response<List<String>>
+
+    @ApiOperation("获取admin用户")
+    @GetMapping("/admin/users")
+    fun listAdminUsers(): Response<List<String>>
 }
diff --git a/...-auth/src/main/kotlin/com/tencent/bkrepo/auth/controller/service/ServiceUserController.kt b/...-auth/src/main/kotlin/com/tencent/bkrepo/auth/controller/service/ServiceUserController.kt
@@ -93,4 +93,8 @@ class ServiceUserController @Autowired constructor(
     override fun userTokenById(uid: String): Response<List<String>> {
         return ResponseBuilder.success(userService.listValidToken(uid).map { it.id })
     }
+
+    override fun listAdminUsers(): Response<List<String>> {
+        return ResponseBuilder.success(userService.listAdminUsers())
+    }
 }
diff --git a/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/dao/UserDao.kt b/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/dao/UserDao.kt
@@ -155,4 +155,9 @@ class UserDao : SimpleMongoDao<TUser>() {
         return this.findOne(query)
     }
 
+    fun findAllAdminUsers(): List<TUser> {
+        val query = Query(Criteria.where(TUser::admin.name).`is`(true))
+        return this.find(query)
+    }
+
 }
diff --git a/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/service/UserService.kt b/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/service/UserService.kt
@@ -96,4 +96,6 @@ interface UserService {
     fun validateEntityUser(userId: String): Boolean
 
     fun getRelatedUserById(userId: String): List<UserInfo>
+
+    fun listAdminUsers(): List<String>
 }
diff --git a/...nd/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/service/local/UserServiceImpl.kt b/...nd/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/service/local/UserServiceImpl.kt
@@ -399,6 +399,10 @@ class UserServiceImpl constructor(
         return userDao.getUserByAsstUser(userId).map { UserRequestUtil.convToUserInfo(it) }
     }
 
+    override fun listAdminUsers(): List<String> {
+        return userDao.findAllAdminUsers().map { it.userId }
+    }
+
     companion object {
         private val logger = LoggerFactory.getLogger(UserServiceImpl::class.java)
     }

diff --git a/...ervice/src/main/kotlin/com/tencent/bkrepo/common/metadata/permission/PermissionManager.kt b/...ervice/src/main/kotlin/com/tencent/bkrepo/common/metadata/permission/PermissionManager.kt
@@ -104,6 +104,16 @@ open class PermissionManager(
         CacheBuilder.newBuilder().maximumSize(1).expireAfterWrite(30L, TimeUnit.MINUTES).build(cacheLoader)
     }
 
+
+    private val adminUsersCache: LoadingCache<String, List<String>> by lazy {
+        val cacheLoader = object : CacheLoader<String, List<String>>() {
+            override fun load(userType: String): List<String> {
+                return userResource.listAdminUsers().data ?: emptyList()
+            }
+        }
+        CacheBuilder.newBuilder().maximumSize(1).expireAfterWrite(2, TimeUnit.MINUTES).build(cacheLoader)
+    }
+
     /**
      * 校验项目权限
      * @param action 动作
@@ -557,7 +567,16 @@ open class PermissionManager(
      * 判断是否为管理员
      */
     open fun isAdminUser(userId: String): Boolean {
-        return userResource.userInfoById(userId).data?.admin == true
+        return if (!httpAuthProperties.adminCacheEnabled) {
+            userResource.userInfoById(userId).data?.admin == true
+        } else {
+            try {
+                adminUsersCache.get(ADMIN_USER).contains(userId)
+            } catch (e: Exception) {
+                logger.warn("search admin user cache error: ${e.message}")
+                userResource.userInfoById(userId).data?.admin == true
+            }
+        }
     }
 
 
@@ -575,6 +594,7 @@ open class PermissionManager(
         private const val METADATA = "metadata"
         private const val NODES = "nodes"
         private const val PACKAGE_NAME_PREFIX = "com.tencent.bkrepo"
+        private const val ADMIN_USER = "admin"
 
         /**
          * 检查是否为匿名用户，如果是匿名用户则返回401并提示登录

diff --git a/...curity/src/main/kotlin/com/tencent/bkrepo/common/security/http/core/HttpAuthProperties.kt b/...curity/src/main/kotlin/com/tencent/bkrepo/common/security/http/core/HttpAuthProperties.kt
@@ -38,5 +38,9 @@ data class HttpAuthProperties(
     /**
      * 是否开启认证
      */
-    var enabled: Boolean = true
+    var enabled: Boolean = true,
+    /**
+     * 是否禁用管理员缓存
+     */
+    var adminCacheEnabled: Boolean = true,
 )