From 956ad4a07ec993704f439b11f3237c7e02cf8752 Mon Sep 17 00:00:00 2001
From: zacYL <100330102+zacYL@users.noreply.github.com>
Date: Fri, 10 Jan 2025 18:01:09 +0800
Subject: [PATCH] =?UTF-8?q?feat:=20=E7=AE=A1=E7=90=86=E5=91=98=E7=94=A8?=
 =?UTF-8?q?=E6=88=B7=E6=9F=A5=E8=AF=A2=E4=BB=8E=E7=BC=93=E5=AD=98=E8=AF=BB?=
 =?UTF-8?q?=E5=8F=96=20#2831?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* feat: 管理员用户查询从缓存读取 #2831

* feat: 调整缓存时间到2min #2831
---
 .../bkrepo/auth/api/ServiceUserClient.kt      |  4 ++++
 .../service/ServiceUserController.kt          |  4 ++++
 .../com/tencent/bkrepo/auth/dao/UserDao.kt    |  5 +++++
 .../bkrepo/auth/service/UserService.kt        |  2 ++
 .../auth/service/local/UserServiceImpl.kt     |  4 ++++
 .../metadata/permission/PermissionManager.kt  | 22 ++++++++++++++++++-
 .../security/http/core/HttpAuthProperties.kt  |  6 ++++-
 7 files changed, 45 insertions(+), 2 deletions(-)

diff --git a/src/backend/auth/api-auth/src/main/kotlin/com/tencent/bkrepo/auth/api/ServiceUserClient.kt b/src/backend/auth/api-auth/src/main/kotlin/com/tencent/bkrepo/auth/api/ServiceUserClient.kt
index 8da50928fa..58f9a258e6 100644
--- a/src/backend/auth/api-auth/src/main/kotlin/com/tencent/bkrepo/auth/api/ServiceUserClient.kt
+++ b/src/backend/auth/api-auth/src/main/kotlin/com/tencent/bkrepo/auth/api/ServiceUserClient.kt
@@ -109,4 +109,8 @@ interface ServiceUserClient {
     fun userTokenById(
         @PathVariable uid: String
     ): Response<List<String>>
+
+    @ApiOperation("获取admin用户")
+    @GetMapping("/admin/users")
+    fun listAdminUsers(): Response<List<String>>
 }
diff --git a/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/controller/service/ServiceUserController.kt b/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/controller/service/ServiceUserController.kt
index e5e34829d7..1b2fff4ff2 100644
--- a/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/controller/service/ServiceUserController.kt
+++ b/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/controller/service/ServiceUserController.kt
@@ -93,4 +93,8 @@ class ServiceUserController @Autowired constructor(
     override fun userTokenById(uid: String): Response<List<String>> {
         return ResponseBuilder.success(userService.listValidToken(uid).map { it.id })
     }
+
+    override fun listAdminUsers(): Response<List<String>> {
+        return ResponseBuilder.success(userService.listAdminUsers())
+    }
 }
diff --git a/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/dao/UserDao.kt b/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/dao/UserDao.kt
index 4a4d379b88..03c883df73 100644
--- a/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/dao/UserDao.kt
+++ b/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/dao/UserDao.kt
@@ -155,4 +155,9 @@ class UserDao : SimpleMongoDao<TUser>() {
         return this.findOne(query)
     }
 
+    fun findAllAdminUsers(): List<TUser> {
+        val query = Query(Criteria.where(TUser::admin.name).`is`(true))
+        return this.find(query)
+    }
+
 }
\ No newline at end of file
diff --git a/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/service/UserService.kt b/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/service/UserService.kt
index 55edc70202..ca84d5edb2 100644
--- a/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/service/UserService.kt
+++ b/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/service/UserService.kt
@@ -96,4 +96,6 @@ interface UserService {
     fun validateEntityUser(userId: String): Boolean
 
     fun getRelatedUserById(userId: String): List<UserInfo>
+
+    fun listAdminUsers(): List<String>
 }
diff --git a/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/service/local/UserServiceImpl.kt b/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/service/local/UserServiceImpl.kt
index 59bb0ec346..172900c4ae 100644
--- a/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/service/local/UserServiceImpl.kt
+++ b/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/service/local/UserServiceImpl.kt
@@ -399,6 +399,10 @@ class UserServiceImpl constructor(
         return userDao.getUserByAsstUser(userId).map { UserRequestUtil.convToUserInfo(it) }
     }
 
+    override fun listAdminUsers(): List<String> {
+        return userDao.findAllAdminUsers().map { it.userId }
+    }
+
     companion object {
         private val logger = LoggerFactory.getLogger(UserServiceImpl::class.java)
     }
diff --git a/src/backend/common/common-metadata/metadata-service/src/main/kotlin/com/tencent/bkrepo/common/metadata/permission/PermissionManager.kt b/src/backend/common/common-metadata/metadata-service/src/main/kotlin/com/tencent/bkrepo/common/metadata/permission/PermissionManager.kt
index 36fef6d4b7..d4046fdee7 100644
--- a/src/backend/common/common-metadata/metadata-service/src/main/kotlin/com/tencent/bkrepo/common/metadata/permission/PermissionManager.kt
+++ b/src/backend/common/common-metadata/metadata-service/src/main/kotlin/com/tencent/bkrepo/common/metadata/permission/PermissionManager.kt
@@ -104,6 +104,16 @@ open class PermissionManager(
         CacheBuilder.newBuilder().maximumSize(1).expireAfterWrite(30L, TimeUnit.MINUTES).build(cacheLoader)
     }
 
+
+    private val adminUsersCache: LoadingCache<String, List<String>> by lazy {
+        val cacheLoader = object : CacheLoader<String, List<String>>() {
+            override fun load(userType: String): List<String> {
+                return userResource.listAdminUsers().data ?: emptyList()
+            }
+        }
+        CacheBuilder.newBuilder().maximumSize(1).expireAfterWrite(2, TimeUnit.MINUTES).build(cacheLoader)
+    }
+
     /**
      * 校验项目权限
      * @param action 动作
@@ -557,7 +567,16 @@ open class PermissionManager(
      * 判断是否为管理员
      */
     open fun isAdminUser(userId: String): Boolean {
-        return userResource.userInfoById(userId).data?.admin == true
+        return if (!httpAuthProperties.adminCacheEnabled) {
+            userResource.userInfoById(userId).data?.admin == true
+        } else {
+            try {
+                adminUsersCache.get(ADMIN_USER).contains(userId)
+            } catch (e: Exception) {
+                logger.warn("search admin user cache error: ${e.message}")
+                userResource.userInfoById(userId).data?.admin == true
+            }
+        }
     }
 
 
@@ -575,6 +594,7 @@ open class PermissionManager(
         private const val METADATA = "metadata"
         private const val NODES = "nodes"
         private const val PACKAGE_NAME_PREFIX = "com.tencent.bkrepo"
+        private const val ADMIN_USER = "admin"
 
         /**
          * 检查是否为匿名用户，如果是匿名用户则返回401并提示登录
diff --git a/src/backend/common/common-security/src/main/kotlin/com/tencent/bkrepo/common/security/http/core/HttpAuthProperties.kt b/src/backend/common/common-security/src/main/kotlin/com/tencent/bkrepo/common/security/http/core/HttpAuthProperties.kt
index 2dbb95f47b..7ac5ece230 100644
--- a/src/backend/common/common-security/src/main/kotlin/com/tencent/bkrepo/common/security/http/core/HttpAuthProperties.kt
+++ b/src/backend/common/common-security/src/main/kotlin/com/tencent/bkrepo/common/security/http/core/HttpAuthProperties.kt
@@ -38,5 +38,9 @@ data class HttpAuthProperties(
     /**
      * 是否开启认证
      */
-    var enabled: Boolean = true
+    var enabled: Boolean = true,
+    /**
+     * 是否禁用管理员缓存
+     */
+    var adminCacheEnabled: Boolean = true,
 )