in pkg/resource.go [109:232]
func (ds *SlsDatasource) gotoSLS(w http.ResponseWriter, r *http.Request) {
response := map[string]interface{}{
"message": "",
"err": "",
"url": "",
// "policy": "",
}
config, err := LoadSettings(httpadapter.PluginConfigFromContext(r.Context()))
if err != nil {
http.Error(w, err.Error(), http.StatusBadRequest)
return
}
ak := config.AccessKeyId
sk := config.AccessKeySecret
arn := config.RoleArn
prj := config.Project
logstore := config.LogStore
body, err := ioutil.ReadAll(r.Body)
if err != nil {
http.Error(w, err.Error(), http.StatusBadRequest)
return
}
// 解析request JSON 数据
var data Data
if err := json.Unmarshal(body, &data); err != nil {
http.Error(w, err.Error(), http.StatusBadRequest)
return
}
logstoreType := "/logsearch/"
if data.Type == "metricsql" || data.Type == "metricstore" {
logstoreType = "/metric/"
}
if data.Logstore != "" {
logstore = data.Logstore
}
pattern := `^acs:ram::\d+:role\/[^\/]+$`
regex, err := regexp.Compile(pattern)
if err != nil {
return
}
normalJump := false
if len(arn) == 0 {
normalJump = true
} else {
if !regex.MatchString(arn) {
response["err"] = "regexCheckError"
response["message"] = "roleArn 不符合格式,请检查。"
normalJump = true
}
}
if !normalJump {
roleName := strings.Split(arn, "/")[1]
_, err2 := roleCheck(ak, sk, roleName)
if err2 != nil {
response["err"] = "roleCheckError"
response["message"] = err2.Error()
// http.Error(w, err2.Error(), http.StatusBadRequest)
// return
normalJump = true
}
// response["policy"] = p
}
if !normalJump {
client := NewClient(ak, sk, arn, "default")
stsResp, err := client.AssumeRole(900)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
log.DefaultLogger.Error(err.Error())
// response["err"] = err.Error()
// response["message"] = err.Error()
// w.Header().Set("Content-Type", "application/json")
// w.WriteHeader(http.StatusInternalServerError)
// json.NewEncoder(w).Encode(response)
return
}
id := stsResp.Credentials.AccessKeyId
secret := stsResp.Credentials.AccessKeySecret
token := stsResp.Credentials.SecurityToken
// 使用STS Token换取控制台Signin Token
SigninResp, err := getSigninToken(id, secret, token)
if err != nil {
panic(err)
}
signinToken := SigninResp.SigninToken
// 生成登录链接
loginUrl := "http://www.aliyun.com"
// destination := "http://sls4service.console.aliyun.com"
destination := "http://sls4service.console.aliyun.com/lognext/project/" + prj + logstoreType + logstore + "?isShare=true&hideTopbar=true&hideSidebar=true&ignoreTabLocalStorage=true&" + data.Encoding
url, err := genSigninUrl(signinToken, loginUrl, destination)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
log.DefaultLogger.Error(err.Error())
return
}
response["url"] = url
w.Header().Set("Content-Type", "application/json")
w.WriteHeader(http.StatusOK)
json.NewEncoder(w).Encode(response)
log.DefaultLogger.Debug("Goto SLS with STS success.", url)
return
}
url := "https://sls.console.aliyun.com/lognext/project/" + prj + logstoreType + logstore + "?" + data.Encoding
response["url"] = url
w.Header().Set("Content-Type", "application/json")
w.WriteHeader(http.StatusOK)
json.NewEncoder(w).Encode(response)
log.DefaultLogger.Debug("Goto SLS with Normal jump success.", url)
}