refactor: move authentication data to header X-Bkapi-Authorization (T…

…encentBlueKing#141)
piglei · Mar 21, 2024 · b2fafff · b2fafff
1 parent 4447306
commit b2fafff
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 5 deletions.
diff --git a/sdks/bkpaas-auth/CHANGES.md b/sdks/bkpaas-auth/CHANGES.md
@@ -1,5 +1,8 @@
 # 版本历史
 
+## 2.0.7
+- 将认证信息标准化到请求头 X-Bkapi-Authorization 中
+
 ## 2.0.6
 - TokenRequestBackend.request_username 支持国际化
 

diff --git a/sdks/bkpaas-auth/bkpaas_auth/core/services.py b/sdks/bkpaas-auth/bkpaas_auth/core/services.py
@@ -1,4 +1,5 @@
 # -*- coding: utf-8 -*-
+import json
 import logging
 from typing import Dict
 
@@ -11,6 +12,7 @@
 from bkpaas_auth.core.user_info import BkUserInfo, RtxUserInfo
 from bkpaas_auth.utils import scrub_data
 
+
 logger = logging.getLogger(__name__)
 
 
@@ -38,14 +40,18 @@ def _get_and_cache_user_info(cache_key, user_params, response_ok_checker):
     if cached_result:
         return cached_result
 
-    params = dict(user_params, **get_app_credentials())
-    is_success, result = http_get(conf.TOKEN_USER_INFO_ENDPOINT, params=params)
+    is_success, result = http_get(
+        conf.TOKEN_USER_INFO_ENDPOINT,
+        headers={
+            "X-Bkapi-Authorization": json.dumps(dict(user_params, **get_app_credentials())),
+        },
+    )
     if not is_success:
         raise ServiceError('Unable to get user info')
 
     if not response_ok_checker(result):
         logger.error(
-            f'Get user info fail, url: {conf.TOKEN_USER_INFO_ENDPOINT}, params: {scrub_data(params)}'
+            f'Get user info fail, url: {conf.TOKEN_USER_INFO_ENDPOINT}, params: {scrub_data(user_params)}'
             f', response: {result}',
         )
         return

diff --git a/sdks/bkpaas-auth/bkpaas_auth/core/token.py b/sdks/bkpaas-auth/bkpaas_auth/core/token.py
@@ -2,6 +2,7 @@
 """Access token for blueking
 """
 import datetime
+import json
 import logging
 
 from django.utils.timezone import now
@@ -32,9 +33,11 @@ def request_username(self, **credentials):
         """Get username through credentials"""
         is_success, resp = http_get(
             bkauth_settings.USER_COOKIE_VERIFY_URL,
-            params=dict(credentials, **get_app_credentials()),
             timeout=10,
-            headers={'blueking-language': get_language()},
+            headers={
+                'blueking-language': get_language(),
+                "X-Bkapi-Authorization": json.dumps(dict(credentials, **get_app_credentials())),
+            },
         )
         if not is_success:
             raise ServiceError('unable to fetch token services')