feat: 提供备份数据http接口，以支持通过外部定时脚本发起定时备份功能; #172

heqingpan · heqingpan · commit 516472baaaa7 · 2024-11-18T01:08:01.000+08:00
diff --git a/README.md b/README.md
@@ -184,6 +184,7 @@ k8s支持使用 [helm](https://github.com/nacos-group/r-nacos/tree/master/deploy
 |RNACOS_ENABLE_OPEN_API_AUTH|是否对openapi开启鉴权；（注：nacos切换到r-nacos过程中不要开启鉴权）|false|true|0.5.8|
 |RNACOS_API_LOGIN_TIMEOUT|open api鉴权有效时长，单位为秒；(注：从不鉴权到开启鉴权，需要间隔对应时长以保证客户端token能更新生效)|一小时,3600秒|3600|0.5.8|
 |RNACOS_CLUSTER_TOKEN|集群间的通信请求校验token，空表示不开启校验，设置后只有相同token的节点间才可通讯|空字符串|1234567890abcdefg|0.5.8|
+|RNACOS_BACKUP_TOKEN|数据备份接口请求校验token，空或长度小于32位表示不开启备份接口|空字符串|1234567890abcdefg1234567890abcdefg|0.6.6|
 |RNACOS_INIT_ADMIN_USERNAME|初始化管理员用户名，只在主节点第一次启动时生效|admin|rnacos|0.5.11|
 |RNACOS_INIT_ADMIN_PASSWORD|初始化管理员密码，只在主节点第一次启动时生效|admin|rnacos123456|0.5.11|
 |RNACOS_ENABLE_METRICS|是否开启监控指标功能|true|true|0.5.13|
diff --git a/doc/conf/.env.example b/doc/conf/.env.example
@@ -56,6 +56,9 @@ RNACOS_ENABLE_NO_AUTH_CONSOLE=false
 #集群间的通信请求校验token，空表示不开启校验，设置后只有相同token的节点间才可通讯;默认为字符串
 #RNACOS_CLUSTER_TOKEN=bbd8b0b391254e00ae1a7c8ac6ed5f82
 
+#数据备份接口请求校验token，空或长度小于32位表示不开启备份接口
+#RNACOS_BACKUP_TOKEN=
+
 # 初始化管理员用户名，只在主节点第一次启动时生效，默认值：admin
 RNACOS_INIT_ADMIN_USERNAME=admin
 
diff --git a/src/common/mod.rs b/src/common/mod.rs
@@ -78,6 +78,7 @@ pub struct AppSysConfig {
     pub openapi_login_one_minute_limit: u32,
     pub openapi_enable_auth: bool,
     pub cluster_token: Arc<String>,
+    pub backup_token: Arc<String>,
     pub init_admin_username: String,
     pub init_admin_password: String,
     pub metrics_enable: bool,
@@ -165,6 +166,12 @@ impl AppSysConfig {
         let cluster_token = std::env::var("RNACOS_CLUSTER_TOKEN")
             .map(Arc::new)
             .unwrap_or(constant::EMPTY_ARC_STRING.clone());
+        let mut backup_token = std::env::var("RNACOS_BACKUP_TOKEN")
+            .map(Arc::new)
+            .unwrap_or(constant::EMPTY_ARC_STRING.clone());
+        if backup_token.len() < 32 {
+            backup_token = constant::EMPTY_ARC_STRING.clone();
+        }
         let init_admin_username =
             StringUtils::map_not_empty(std::env::var("RNACOS_INIT_ADMIN_USERNAME").ok())
                 .unwrap_or("admin".to_owned());
@@ -236,6 +243,7 @@ impl AppSysConfig {
             gmt_fixed_offset_hours,
             openapi_enable_auth,
             cluster_token,
+            backup_token,
             init_admin_username,
             init_admin_password,
             metrics_enable,
diff --git a/src/console/transfer_api.rs b/src/console/transfer_api.rs
@@ -13,9 +13,7 @@ use std::sync::Arc;
 use tokio::fs::OpenOptions;
 use tokio::io::{AsyncReadExt, AsyncSeekExt};
 
-pub async fn download_transfer_file(
-    app_share_data: web::Data<Arc<AppShareData>>,
-) -> impl Responder {
+pub async fn download_transfer_file(app_share_data: web::Data<Arc<AppShareData>>) -> HttpResponse {
     if let Ok(Ok(TransferManagerResponse::BackupFile(temp_file))) = app_share_data
         .transfer_writer_manager
         .send(TransferManagerAsyncRequest::Backup(
diff --git a/src/openapi/backup.rs b/src/openapi/backup.rs
@@ -0,0 +1,27 @@
+use crate::common::appdata::AppShareData;
+use crate::console::transfer_api::download_transfer_file;
+use actix_web::{web, HttpResponse, Responder};
+use serde::{Deserialize, Serialize};
+use std::sync::Arc;
+
+#[derive(Debug, Deserialize, Serialize)]
+pub struct BackupParam {
+    pub token: Arc<String>,
+}
+
+pub async fn backup(
+    app_share_data: web::Data<Arc<AppShareData>>,
+    web::Query(params): web::Query<BackupParam>,
+) -> impl Responder {
+    if app_share_data.sys_config.backup_token.is_empty() {
+        HttpResponse::InternalServerError().body("backup api is not open")
+    } else if params.token.as_str() != app_share_data.sys_config.backup_token.as_str() {
+        HttpResponse::InternalServerError().body("backup token is not matched")
+    } else {
+        download_transfer_file(app_share_data).await
+    }
+}
+
+pub fn backup_config(config: &mut web::ServiceConfig) {
+    config.service(web::resource("/rnacos/backup").route(web::get().to(backup)));
+}
diff --git a/src/openapi/mod.rs b/src/openapi/mod.rs
@@ -4,6 +4,7 @@ use crate::common::AppSysConfig;
 use crate::openapi::constant::NACOS_PREFIX;
 
 pub(crate) mod auth;
+pub(crate) mod backup;
 pub(crate) mod config;
 mod constant;
 pub(crate) mod health;
diff --git a/src/web_config.rs b/src/web_config.rs
@@ -6,6 +6,7 @@ use rnacos_web_dist_wrap::get_embedded_file;
 use crate::common::AppSysConfig;
 use crate::console::api::{console_api_config_v1, console_api_config_v2};
 use crate::openapi::auth::{login_config, mock_token};
+use crate::openapi::backup::backup_config;
 use crate::openapi::health::health_config;
 use crate::openapi::metrics::metrics_config;
 use crate::openapi::{openapi_config, v1::console as nacos_console};
@@ -85,6 +86,7 @@ async fn disable_no_auth_console_index() -> impl Responder {
 pub fn app_config(conf_data: AppSysConfig) -> impl FnOnce(&mut ServiceConfig) {
     move |config: &mut ServiceConfig| {
         if !conf_data.enable_no_auth_console || conf_data.openapi_enable_auth {
+            backup_config(config);
             config
                 .service(web::resource("/").route(web::get().to(disable_no_auth_console_index)))
                 .service(
@@ -107,6 +109,7 @@ pub fn app_config(conf_data: AppSysConfig) -> impl FnOnce(&mut ServiceConfig) {
             nacos_console_api_config(config);
             config.configure(openapi_config(conf_data));
         } else {
+            backup_config(config);
             login_config(config);
             metrics_config(config);
             health_config(config);
