From 1876e6b6f4aeaffd9bb9c5e057f2d411d1da4a4d Mon Sep 17 00:00:00 2001 From: huanghongbo-hhb Date: Mon, 8 Jun 2026 13:04:53 +0800 Subject: [PATCH 01/12] fix: prevent credential leaks in proxy and error responses Signed-off-by: huanghongbo-hhb --- .../aslan/core/system/handler/proxy.go | 9 +- pkg/tool/errors/errors.go | 4 +- pkg/tool/errors/sanitize.go | 102 ++++++++++++++++++ 3 files changed, 108 insertions(+), 7 deletions(-) create mode 100644 pkg/tool/errors/sanitize.go diff --git a/pkg/microservice/aslan/core/system/handler/proxy.go b/pkg/microservice/aslan/core/system/handler/proxy.go index c2274c8bd0..7ec6f8fa5a 100644 --- a/pkg/microservice/aslan/core/system/handler/proxy.go +++ b/pkg/microservice/aslan/core/system/handler/proxy.go @@ -68,12 +68,11 @@ func ListProxies(c *gin.Context) { return } - // TODO: Authroization leaks // authorization checks - //if !ctx.Resources.IsSystemAdmin { - // ctx.UnAuthorized = true - // return - //} + if !ctx.Resources.IsSystemAdmin { + ctx.UnAuthorized = true + return + } ctx.Resp, ctx.RespErr = service.ListProxies(ctx.Logger) } diff --git a/pkg/tool/errors/errors.go b/pkg/tool/errors/errors.go index 9f3bd0c9a8..77f1a91435 100644 --- a/pkg/tool/errors/errors.go +++ b/pkg/tool/errors/errors.go @@ -137,7 +137,7 @@ func ErrorMessage(err error) (code int, message map[string]interface{}) { "type": "error", "message": v.Message(), "code": v.Code(), - "description": v.Desc(), + "description": sanitizeSensitiveInfo(v.Desc()), "extra": v.Extra(), } } @@ -146,6 +146,6 @@ func ErrorMessage(err error) (code int, message map[string]interface{}) { return internalErr.Code(), map[string]interface{}{ "message": internalErr.Error(), "code": internalErr.Code(), - "description": err.Error(), + "description": sanitizeSensitiveInfo(err.Error()), } } diff --git a/pkg/tool/errors/sanitize.go b/pkg/tool/errors/sanitize.go new file mode 100644 index 0000000000..fe8fab46f0 --- /dev/null +++ b/pkg/tool/errors/sanitize.go @@ -0,0 +1,102 @@ +package errors + +import ( + "net/url" + "regexp" + "strings" +) + +var ( + urlCandidatePattern = regexp.MustCompile(`https?://[^\s",]+`) + authorizationHeaderPattern = regexp.MustCompile(`(?i)(authorization[:=]\s*(?:basic|bearer)\s+)[^,\s"]+`) + sensitiveQueryKeys = map[string]struct{}{ + "username": {}, + "user_name": {}, + "password": {}, + "passwd": {}, + "pwd": {}, + "token": {}, + "access_token": {}, + "refresh_token": {}, + "access_key": {}, + "access_key_id": {}, + "access_key_secret": {}, + "secret": {}, + "client_secret": {}, + "private_access_token": {}, + } +) + +func sanitizeSensitiveInfo(text string) string { + if text == "" { + return text + } + + text = sanitizeURLsInText(text) + text = authorizationHeaderPattern.ReplaceAllString(text, `${1}***`) + + return text +} + +func sanitizeURLsInText(text string) string { + return urlCandidatePattern.ReplaceAllStringFunc(text, sanitizeURLString) +} + +func sanitizeURLString(raw string) string { + raw = sanitizeURLUserInfo(raw) + raw = sanitizeURLQuery(raw) + return raw +} + +func sanitizeURLUserInfo(raw string) string { + parsed, err := url.Parse(raw) + if err != nil || parsed.User == nil { + return raw + } + + schemeIdx := strings.Index(raw, "://") + if schemeIdx < 0 { + return raw + } + + userInfoStart := schemeIdx + 3 + atOffset := strings.Index(raw[userInfoStart:], "@") + if atOffset < 0 { + return raw + } + + replacement := "***" + if _, hasPassword := parsed.User.Password(); hasPassword { + replacement = "***:***" + } + + userInfoEnd := userInfoStart + atOffset + return raw[:userInfoStart] + replacement + raw[userInfoEnd:] +} + +func sanitizeURLQuery(raw string) string { + queryStart := strings.Index(raw, "?") + if queryStart < 0 { + return raw + } + + queryEnd := len(raw) + if fragmentStart := strings.Index(raw[queryStart+1:], "#"); fragmentStart >= 0 { + queryEnd = queryStart + 1 + fragmentStart + } + + queryParts := strings.Split(raw[queryStart+1:queryEnd], "&") + for i, part := range queryParts { + key, _, found := strings.Cut(part, "=") + if _, ok := sensitiveQueryKeys[strings.ToLower(key)]; !ok { + continue + } + if found { + queryParts[i] = key + "=***" + } else { + queryParts[i] = key + } + } + + return raw[:queryStart+1] + strings.Join(queryParts, "&") + raw[queryEnd:] +} From 6b620c207c893b6c310efab755319bfa78531684 Mon Sep 17 00:00:00 2001 From: huanghongbo-hhb Date: Mon, 8 Jun 2026 13:55:26 +0800 Subject: [PATCH 02/12] fix: tighten error sanitization edge cases Signed-off-by: huanghongbo-hhb --- pkg/tool/errors/sanitize.go | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/pkg/tool/errors/sanitize.go b/pkg/tool/errors/sanitize.go index fe8fab46f0..2bfca1d2a0 100644 --- a/pkg/tool/errors/sanitize.go +++ b/pkg/tool/errors/sanitize.go @@ -7,7 +7,7 @@ import ( ) var ( - urlCandidatePattern = regexp.MustCompile(`https?://[^\s",]+`) + urlCandidatePattern = regexp.MustCompile(`https?://[^\s",<>()\[\]{}]+`) authorizationHeaderPattern = regexp.MustCompile(`(?i)(authorization[:=]\s*(?:basic|bearer)\s+)[^,\s"]+`) sensitiveQueryKeys = map[string]struct{}{ "username": {}, @@ -88,7 +88,11 @@ func sanitizeURLQuery(raw string) string { queryParts := strings.Split(raw[queryStart+1:queryEnd], "&") for i, part := range queryParts { key, _, found := strings.Cut(part, "=") - if _, ok := sensitiveQueryKeys[strings.ToLower(key)]; !ok { + decodedKey, err := url.QueryUnescape(key) + if err != nil { + decodedKey = key + } + if _, ok := sensitiveQueryKeys[strings.ToLower(decodedKey)]; !ok { continue } if found { From d717b64badef3b91f97c7a597120b94ec46dd14d Mon Sep 17 00:00:00 2001 From: huanghongbo-hhb Date: Mon, 8 Jun 2026 14:02:49 +0800 Subject: [PATCH 03/12] test: cover error sanitization behavior Signed-off-by: huanghongbo-hhb --- pkg/tool/errors/errors_test.go | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/pkg/tool/errors/errors_test.go b/pkg/tool/errors/errors_test.go index 7d3ac3dd68..e019932632 100644 --- a/pkg/tool/errors/errors_test.go +++ b/pkg/tool/errors/errors_test.go @@ -27,10 +27,11 @@ func TestErrors(t *testing.T) { httpErr := NewHTTPError(400, "testErr", "error description") assert.Equal(400, httpErr.Code()) - assert.Equal("testErr", httpErr.Error()) + assert.Equal("testErr: error description", httpErr.Error()) assert.Equal("error description", httpErr.Desc()) httpErr.AddDesc("error description updated") + assert.Equal("testErr: error description updated", httpErr.Error()) assert.Equal("error description updated", httpErr.Desc()) err2 := NewWithDesc(httpErr, "new error with desc") @@ -50,6 +51,21 @@ func TestErrors(t *testing.T) { code, message := ErrorMessage(httpErr) assert.Equal(400, code) assert.Equal(400, message["code"]) - assert.Equal(httpErr.Error(), message["message"]) + assert.Equal("error", message["type"]) + assert.Equal(httpErr.Message(), message["message"]) assert.Equal(httpErr.Desc(), message["description"]) } + +func TestSanitizeSensitiveInfoKeepsWrappedURLDelimiters(t *testing.T) { + assert := assert.New(t) + + input := `(https://example.com?token=secret)` + assert.Equal(`(https://example.com?token=***)`, sanitizeSensitiveInfo(input)) +} + +func TestSanitizeSensitiveInfoRedactsEncodedSensitiveQueryKeys(t *testing.T) { + assert := assert.New(t) + + input := `https://example.com?%70%61%73%73%77%6f%72%64=secret&username=demo` + assert.Equal(`https://example.com?%70%61%73%73%77%6f%72%64=***&username=***`, sanitizeSensitiveInfo(input)) +} From ef0273d2c887c928e6d0c759e973f80df7021f66 Mon Sep 17 00:00:00 2001 From: huanghongbo-hhb Date: Mon, 8 Jun 2026 14:27:52 +0800 Subject: [PATCH 04/12] feat: humanize nacos error messages Signed-off-by: huanghongbo-hhb --- .../aslan/core/common/service/nacos.go | 7 -- .../workflow/controller/job/job_nacos.go | 10 +-- pkg/tool/nacos/error_humanizer.go | 70 +++++++++++++++++++ pkg/tool/nacos/nacos1_client.go | 14 ++-- pkg/tool/nacos/nacos3_client.go | 22 +++--- 5 files changed, 93 insertions(+), 30 deletions(-) create mode 100644 pkg/tool/nacos/error_humanizer.go diff --git a/pkg/microservice/aslan/core/common/service/nacos.go b/pkg/microservice/aslan/core/common/service/nacos.go index 3a81445255..b045a03cfe 100644 --- a/pkg/microservice/aslan/core/common/service/nacos.go +++ b/pkg/microservice/aslan/core/common/service/nacos.go @@ -30,13 +30,11 @@ import ( func ListNacosNamespace(nacosID string, log *zap.SugaredLogger) ([]*types.NacosNamespace, error) { client, err := GetNacosClient(nacosID) if err != nil { - err = errors.Wrap(err, "fail to get nacos client") log.Error(err) return []*types.NacosNamespace{}, err } resp, err := client.ListNamespaces() if err != nil { - err = errors.Wrap(err, "fail to list nacos namespace") log.Error(err) return []*types.NacosNamespace{}, err } @@ -46,13 +44,11 @@ func ListNacosNamespace(nacosID string, log *zap.SugaredLogger) ([]*types.NacosN func ListNacosConfig(nacosID, namespaceID, groupName string, log *zap.SugaredLogger) ([]*types.NacosConfig, error) { client, err := GetNacosClient(nacosID) if err != nil { - err = errors.Wrap(err, "fail to get nacos client") log.Error(err) return []*types.NacosConfig{}, err } namespaces, err := client.ListNamespaces() if err != nil { - err = errors.Wrap(err, "fail to list nacos namespaces") log.Error(err) return nil, err } @@ -67,7 +63,6 @@ func ListNacosConfig(nacosID, namespaceID, groupName string, log *zap.SugaredLog resp, err := client.ListConfigs(namespaceID, groupName) if err != nil { - err = errors.Wrap(err, "fail to list nacos config") log.Error(err) return []*types.NacosConfig{}, err } @@ -82,14 +77,12 @@ func ListNacosConfig(nacosID, namespaceID, groupName string, log *zap.SugaredLog func ListNacosGroup(nacosID, namespaceID, keyword string, log *zap.SugaredLogger) ([]*types.NacosDataID, error) { client, err := GetNacosClient(nacosID) if err != nil { - err = errors.Wrap(err, "fail to get nacos client") log.Error(err) return []*types.NacosDataID{}, err } resp, err := client.ListGroups(namespaceID, keyword) if err != nil { - err = errors.Wrap(err, "fail to list nacos config") log.Error(err) return []*types.NacosDataID{}, err } diff --git a/pkg/microservice/aslan/core/workflow/service/workflow/controller/job/job_nacos.go b/pkg/microservice/aslan/core/workflow/service/workflow/controller/job/job_nacos.go index 4fc2960e84..3f23da4db3 100644 --- a/pkg/microservice/aslan/core/workflow/service/workflow/controller/job/job_nacos.go +++ b/pkg/microservice/aslan/core/workflow/service/workflow/controller/job/job_nacos.go @@ -117,12 +117,12 @@ func (j NacosJobController) Update(useUserInput bool, ticket *commonmodels.Appro nacosConfigs, err := commonservice.ListNacosConfig(j.jobSpec.NacosID, j.jobSpec.NamespaceID, j.jobSpec.GroupName, log.SugaredLogger()) if err != nil { - return fmt.Errorf("fail to list nacos config: %w", err) + return err } namespaces, err := commonservice.ListNacosNamespace(j.jobSpec.NacosID, log.SugaredLogger()) if err != nil { - return fmt.Errorf("failed to list nacos namespace") + return err } namespaceName := "" @@ -169,12 +169,12 @@ func (j NacosJobController) Update(useUserInput bool, ticket *commonmodels.Appro func (j NacosJobController) SetOptions(ticket *commonmodels.ApprovalTicket) error { nacosConfigs, err := commonservice.ListNacosConfig(j.jobSpec.NacosID, j.jobSpec.NamespaceID, j.jobSpec.GroupName, log.SugaredLogger()) if err != nil { - return fmt.Errorf("fail to list nacos config: %w", err) + return err } namespaces, err := commonservice.ListNacosNamespace(j.jobSpec.NacosID, log.SugaredLogger()) if err != nil { - return fmt.Errorf("failed to list nacos namespace") + return err } namespaceName := "" @@ -226,7 +226,7 @@ func (j NacosJobController) ToTask(taskID int64) ([]*commonmodels.JobTask, error } client, err := commonservice.GetNacosClient(j.jobSpec.NacosID) if err != nil { - return nil, fmt.Errorf("get nacos client error: %v", err) + return nil, err } namespaces, err := client.ListNamespaces() if err != nil { diff --git a/pkg/tool/nacos/error_humanizer.go b/pkg/tool/nacos/error_humanizer.go new file mode 100644 index 0000000000..f45e52983b --- /dev/null +++ b/pkg/tool/nacos/error_humanizer.go @@ -0,0 +1,70 @@ +package nacos + +import ( + "fmt" + "net/url" + "strings" +) + +func humanizeNacosError(operation, serverAddr string, err error) error { + if err == nil { + return nil + } + + raw := strings.ToLower(err.Error()) + addr := displayNacosAddress(serverAddr) + + switch { + case strings.Contains(raw, "parse nacos server address failed"), + strings.Contains(raw, "missing protocol scheme"), + strings.Contains(raw, "invalid uri"): + return fmt.Errorf("%s失败:Nacos 地址格式不正确,请检查地址配置", operation) + case strings.Contains(raw, "no such host"): + return fmt.Errorf("%s失败:无法解析 Nacos 地址 %s,请检查地址是否填写正确", operation, addr) + case strings.Contains(raw, "certificate signed by unknown authority"): + return fmt.Errorf("%s失败:HTTPS 证书校验失败,请检查 Nacos 服务证书是否受信任", operation) + case strings.Contains(raw, "x509:"): + return fmt.Errorf("%s失败:HTTPS 证书校验失败,请检查 Nacos 服务证书配置是否正确", operation) + case strings.Contains(raw, "connection refused"): + return fmt.Errorf("%s失败:连接被拒绝,请检查服务地址、端口或 Nacos 服务状态", operation) + case strings.Contains(raw, "i/o timeout"), + strings.Contains(raw, "context deadline exceeded"), + strings.Contains(raw, "client.timeout exceeded"): + return fmt.Errorf("%s失败:连接超时,请检查网络连通性或 Nacos 服务状态", operation) + case containsNacosAuthError(raw): + return fmt.Errorf("%s失败:用户名或密码错误,或当前账号无权限访问 Nacos", operation) + default: + return fmt.Errorf("%s失败:请检查 Nacos 地址、账号密码和服务状态", operation) + } +} + +func containsNacosAuthError(raw string) bool { + for _, keyword := range []string{ + "401", + "403", + "unauthorized", + "forbidden", + "unknown user", + "user not found", + "invalid password", + "password error", + "access denied", + "permission denied", + "login failed", + } { + if strings.Contains(raw, keyword) { + return true + } + } + + return false +} + +func displayNacosAddress(serverAddr string) string { + parsed, err := url.Parse(serverAddr) + if err == nil && parsed.Host != "" { + return parsed.Host + } + + return serverAddr +} diff --git a/pkg/tool/nacos/nacos1_client.go b/pkg/tool/nacos/nacos1_client.go index 3428fb39d7..895128b132 100644 --- a/pkg/tool/nacos/nacos1_client.go +++ b/pkg/tool/nacos/nacos1_client.go @@ -75,7 +75,7 @@ const ( func NewNacos1Client(serverAddr, userName, password string) (*NacosClient, error) { host, err := url.Parse(serverAddr) if err != nil { - return nil, errors.Wrap(err, "parse nacos server address failed") + return nil, humanizeNacosError("Nacos 连接", serverAddr, errors.Wrap(err, "parse nacos server address failed")) } // add default context path if host.Path == "" { @@ -88,10 +88,10 @@ func NewNacos1Client(serverAddr, userName, password string) (*NacosClient, error SetResult(&result). Post(loginURL) if err != nil { - return nil, errors.Wrap(err, "login nacos failed") + return nil, humanizeNacosError("Nacos 连接", serverAddr, errors.Wrap(err, "login nacos failed")) } if !resp.IsSuccess() { - return nil, fmt.Errorf("login nacos failed: %s", resp.String()) + return nil, humanizeNacosError("Nacos 连接", serverAddr, fmt.Errorf("login nacos failed: %s", resp.String())) } c := httpclient.New( @@ -126,7 +126,7 @@ func (c *NacosClient) ListNamespaces() ([]*types.NacosNamespace, error) { url := "/v1/console/namespaces" res := &nacosNamespaceResp{} if _, err := c.Client.Get(url, httpclient.SetResult(res)); err != nil { - return nil, errors.Wrap(err, "list nacos namespace failed") + return nil, humanizeNacosError("获取 Nacos 命名空间", c.serverAddr, errors.Wrap(err, "list nacos namespace failed")) } resp := []*types.NacosNamespace{} for _, namespace := range res.Data { @@ -161,7 +161,7 @@ func (c *NacosClient) ListGroups(namespaceID, keyword string) ([]*types.NacosDat "accessToken": c.token, }) if _, err := c.Client.Get(url, params, httpclient.SetResult(res)); err != nil { - return nil, errors.Wrap(err, "list nacos config failed") + return nil, humanizeNacosError("获取 Nacos 配置分组", c.serverAddr, errors.Wrap(err, "list nacos config failed")) } for _, conf := range res.PageItems { if groupSet.Has(conf.Group) { @@ -203,7 +203,7 @@ func (c *NacosClient) ListConfigs(namespaceID, groupName string) ([]*types.Nacos "accessToken": c.token, }) if _, err := c.Client.Get(url, params, httpclient.SetResult(res)); err != nil { - return nil, errors.Wrap(err, "list nacos config failed") + return nil, humanizeNacosError("获取 Nacos 配置", c.serverAddr, errors.Wrap(err, "list nacos config failed")) } for _, conf := range res.PageItems { nacosID := types.NacosDataID{ @@ -279,7 +279,7 @@ func (c *NacosClient) UpdateConfig(dataID, group, namespaceID, content, format s "accessToken": c.token, } if _, err := c.Client.Post(path, httpclient.SetFormData(formValues)); err != nil { - return errors.Wrap(err, "update nacos config failed") + return humanizeNacosError("更新 Nacos 配置", c.serverAddr, errors.Wrap(err, "update nacos config failed")) } return nil } diff --git a/pkg/tool/nacos/nacos3_client.go b/pkg/tool/nacos/nacos3_client.go index 8f75871849..ac87693c50 100644 --- a/pkg/tool/nacos/nacos3_client.go +++ b/pkg/tool/nacos/nacos3_client.go @@ -105,14 +105,14 @@ func NewNacos3Client(serverAddr, userName, password string) (*Nacos3Client, erro SetResult(nacosResp). Post(loginURL) if err != nil { - return nil, errors.Wrap(err, "login nacos failed") + return nil, humanizeNacosError("Nacos 连接", serverAddr, errors.Wrap(err, "login nacos failed")) } if !resp.IsSuccess() { - return nil, fmt.Errorf("login nacos failed: %s", resp.String()) + return nil, humanizeNacosError("Nacos 连接", serverAddr, fmt.Errorf("login nacos failed: %s", resp.String())) } if err := nacosResp.handleError(); err != nil { - return nil, errors.Wrap(err, "login nacos failed") + return nil, humanizeNacosError("Nacos 连接", serverAddr, errors.Wrap(err, "login nacos failed")) } result := nacosLoginResp{} @@ -139,11 +139,11 @@ func (c *Nacos3Client) ListNamespaces() ([]*types.NacosNamespace, error) { nacosResp := &nacos3Resp{} if _, err := c.Client.Get(url, httpclient.SetResult(nacosResp)); err != nil { - return nil, errors.Wrap(err, "list nacos namespace failed") + return nil, humanizeNacosError("获取 Nacos 命名空间", c.serverAddr, errors.Wrap(err, "list nacos namespace failed")) } if err := nacosResp.handleError(); err != nil { - return nil, errors.Wrap(err, "list nacos namespace failed") + return nil, humanizeNacosError("获取 Nacos 命名空间", c.serverAddr, errors.Wrap(err, "list nacos namespace failed")) } res := []*nacos3Namespace{} @@ -174,11 +174,11 @@ func (c *Nacos3Client) ListGroups(namespaceID, keyword string) ([]*types.NacosDa }) if _, err := c.Client.Get(url, params, httpclient.SetResult(nacosResp)); err != nil { - return nil, errors.Wrap(err, "list nacos config failed") + return nil, humanizeNacosError("获取 Nacos 配置分组", c.serverAddr, errors.Wrap(err, "list nacos config failed")) } if err := nacosResp.handleError(); err != nil { - return nil, errors.Wrap(err, "list nacos config failed") + return nil, humanizeNacosError("获取 Nacos 配置分组", c.serverAddr, errors.Wrap(err, "list nacos config failed")) } res := []*nacos3ConfigItem{} @@ -219,11 +219,11 @@ func (c *Nacos3Client) ListConfigs(namespaceID, groupName string) ([]*types.Naco "accessToken": c.token, }) if _, err := c.Client.Get(url, params, httpclient.SetResult(nacosResp)); err != nil { - return nil, errors.Wrap(err, "list nacos config failed") + return nil, humanizeNacosError("获取 Nacos 配置", c.serverAddr, errors.Wrap(err, "list nacos config failed")) } if err := nacosResp.handleError(); err != nil { - return nil, errors.Wrap(err, "list nacos config failed") + return nil, humanizeNacosError("获取 Nacos 配置", c.serverAddr, errors.Wrap(err, "list nacos config failed")) } res := []*nacos3ConfigItem{} @@ -387,11 +387,11 @@ func (c *Nacos3Client) UpdateConfig(dataID, group, namespaceID, content, format nacosResp := &nacos3Resp{} if _, err := c.Client.Post(path, httpclient.SetFormData(formValues), httpclient.SetResult(nacosResp)); err != nil { - return errors.Wrap(err, "update nacos config failed") + return humanizeNacosError("更新 Nacos 配置", c.serverAddr, errors.Wrap(err, "update nacos config failed")) } if err := nacosResp.handleError(); err != nil { - return errors.Wrap(err, "update nacos config failed") + return humanizeNacosError("更新 Nacos 配置", c.serverAddr, errors.Wrap(err, "update nacos config failed")) } return nil From 9df25cc8d06f871454e6bacb8414d33840aeaa46 Mon Sep 17 00:00:00 2001 From: huanghongbo-hhb Date: Mon, 8 Jun 2026 14:43:15 +0800 Subject: [PATCH 05/12] fix: preserve nacos error chain Signed-off-by: huanghongbo-hhb --- .../aslan/core/common/service/nacos.go | 28 ++++++++--- pkg/tool/nacos/error_humanizer.go | 48 ++++++++++++++----- 2 files changed, 58 insertions(+), 18 deletions(-) diff --git a/pkg/microservice/aslan/core/common/service/nacos.go b/pkg/microservice/aslan/core/common/service/nacos.go index b045a03cfe..0754222ea0 100644 --- a/pkg/microservice/aslan/core/common/service/nacos.go +++ b/pkg/microservice/aslan/core/common/service/nacos.go @@ -27,15 +27,29 @@ import ( "github.com/koderover/zadig/v2/pkg/types" ) +func logNacosError(log *zap.SugaredLogger, err error) { + if err == nil { + return + } + + cause := errors.Cause(err) + if cause != nil && cause != err { + log.Errorf("%v, raw error: %v", err, cause) + return + } + + log.Error(err) +} + func ListNacosNamespace(nacosID string, log *zap.SugaredLogger) ([]*types.NacosNamespace, error) { client, err := GetNacosClient(nacosID) if err != nil { - log.Error(err) + logNacosError(log, err) return []*types.NacosNamespace{}, err } resp, err := client.ListNamespaces() if err != nil { - log.Error(err) + logNacosError(log, err) return []*types.NacosNamespace{}, err } return resp, nil @@ -44,12 +58,12 @@ func ListNacosNamespace(nacosID string, log *zap.SugaredLogger) ([]*types.NacosN func ListNacosConfig(nacosID, namespaceID, groupName string, log *zap.SugaredLogger) ([]*types.NacosConfig, error) { client, err := GetNacosClient(nacosID) if err != nil { - log.Error(err) + logNacosError(log, err) return []*types.NacosConfig{}, err } namespaces, err := client.ListNamespaces() if err != nil { - log.Error(err) + logNacosError(log, err) return nil, err } @@ -63,7 +77,7 @@ func ListNacosConfig(nacosID, namespaceID, groupName string, log *zap.SugaredLog resp, err := client.ListConfigs(namespaceID, groupName) if err != nil { - log.Error(err) + logNacosError(log, err) return []*types.NacosConfig{}, err } for _, item := range resp { @@ -77,13 +91,13 @@ func ListNacosConfig(nacosID, namespaceID, groupName string, log *zap.SugaredLog func ListNacosGroup(nacosID, namespaceID, keyword string, log *zap.SugaredLogger) ([]*types.NacosDataID, error) { client, err := GetNacosClient(nacosID) if err != nil { - log.Error(err) + logNacosError(log, err) return []*types.NacosDataID{}, err } resp, err := client.ListGroups(namespaceID, keyword) if err != nil { - log.Error(err) + logNacosError(log, err) return []*types.NacosDataID{}, err } diff --git a/pkg/tool/nacos/error_humanizer.go b/pkg/tool/nacos/error_humanizer.go index f45e52983b..68d77d2a71 100644 --- a/pkg/tool/nacos/error_humanizer.go +++ b/pkg/tool/nacos/error_humanizer.go @@ -3,9 +3,29 @@ package nacos import ( "fmt" "net/url" + "regexp" "strings" ) +var authStatusPattern = regexp.MustCompile(`(^|[^0-9])(401|403)([^0-9]|$)`) + +type HumanizedError struct { + message string + cause error +} + +func (e *HumanizedError) Error() string { + return e.message +} + +func (e *HumanizedError) Unwrap() error { + return e.cause +} + +func (e *HumanizedError) Cause() error { + return e.cause +} + func humanizeNacosError(operation, serverAddr string, err error) error { if err == nil { return nil @@ -13,35 +33,41 @@ func humanizeNacosError(operation, serverAddr string, err error) error { raw := strings.ToLower(err.Error()) addr := displayNacosAddress(serverAddr) + message := fmt.Sprintf("%s失败:请检查 Nacos 地址、账号密码和服务状态", operation) switch { case strings.Contains(raw, "parse nacos server address failed"), strings.Contains(raw, "missing protocol scheme"), strings.Contains(raw, "invalid uri"): - return fmt.Errorf("%s失败:Nacos 地址格式不正确,请检查地址配置", operation) + message = fmt.Sprintf("%s失败:Nacos 地址格式不正确,请检查地址配置", operation) case strings.Contains(raw, "no such host"): - return fmt.Errorf("%s失败:无法解析 Nacos 地址 %s,请检查地址是否填写正确", operation, addr) + message = fmt.Sprintf("%s失败:无法解析 Nacos 地址 %s,请检查地址是否填写正确", operation, addr) case strings.Contains(raw, "certificate signed by unknown authority"): - return fmt.Errorf("%s失败:HTTPS 证书校验失败,请检查 Nacos 服务证书是否受信任", operation) + message = fmt.Sprintf("%s失败:HTTPS 证书校验失败,请检查 Nacos 服务证书是否受信任", operation) case strings.Contains(raw, "x509:"): - return fmt.Errorf("%s失败:HTTPS 证书校验失败,请检查 Nacos 服务证书配置是否正确", operation) + message = fmt.Sprintf("%s失败:HTTPS 证书校验失败,请检查 Nacos 服务证书配置是否正确", operation) case strings.Contains(raw, "connection refused"): - return fmt.Errorf("%s失败:连接被拒绝,请检查服务地址、端口或 Nacos 服务状态", operation) + message = fmt.Sprintf("%s失败:连接被拒绝,请检查服务地址、端口或 Nacos 服务状态", operation) case strings.Contains(raw, "i/o timeout"), strings.Contains(raw, "context deadline exceeded"), strings.Contains(raw, "client.timeout exceeded"): - return fmt.Errorf("%s失败:连接超时,请检查网络连通性或 Nacos 服务状态", operation) + message = fmt.Sprintf("%s失败:连接超时,请检查网络连通性或 Nacos 服务状态", operation) case containsNacosAuthError(raw): - return fmt.Errorf("%s失败:用户名或密码错误,或当前账号无权限访问 Nacos", operation) - default: - return fmt.Errorf("%s失败:请检查 Nacos 地址、账号密码和服务状态", operation) + message = fmt.Sprintf("%s失败:用户名或密码错误,或当前账号无权限访问 Nacos", operation) + } + + return &HumanizedError{ + message: message, + cause: err, } } func containsNacosAuthError(raw string) bool { + if authStatusPattern.MatchString(raw) { + return true + } + for _, keyword := range []string{ - "401", - "403", "unauthorized", "forbidden", "unknown user", From f16c0808323e944829a97e3d0ce8520bec0fee28 Mon Sep 17 00:00:00 2001 From: huanghongbo-hhb Date: Mon, 8 Jun 2026 14:50:52 +0800 Subject: [PATCH 06/12] fix: humanize remaining nacos client paths Signed-off-by: huanghongbo-hhb --- pkg/tool/nacos/error_humanizer.go | 5 +++++ pkg/tool/nacos/nacos1_client.go | 4 ++-- pkg/tool/nacos/nacos3_client.go | 26 +++++++++++++------------- 3 files changed, 20 insertions(+), 15 deletions(-) diff --git a/pkg/tool/nacos/error_humanizer.go b/pkg/tool/nacos/error_humanizer.go index 68d77d2a71..08c7d24cc1 100644 --- a/pkg/tool/nacos/error_humanizer.go +++ b/pkg/tool/nacos/error_humanizer.go @@ -40,6 +40,11 @@ func humanizeNacosError(operation, serverAddr string, err error) error { strings.Contains(raw, "missing protocol scheme"), strings.Contains(raw, "invalid uri"): message = fmt.Sprintf("%s失败:Nacos 地址格式不正确,请检查地址配置", operation) + case strings.Contains(raw, "unmarshal nacos"), + strings.Contains(raw, "unmarshal task error"), + strings.Contains(raw, "cannot unmarshal"), + strings.Contains(raw, "invalid character"): + message = fmt.Sprintf("%s失败:Nacos 返回的数据格式异常,请检查服务版本或响应内容", operation) case strings.Contains(raw, "no such host"): message = fmt.Sprintf("%s失败:无法解析 Nacos 地址 %s,请检查地址是否填写正确", operation, addr) case strings.Contains(raw, "certificate signed by unknown authority"): diff --git a/pkg/tool/nacos/nacos1_client.go b/pkg/tool/nacos/nacos1_client.go index 895128b132..c3d5db7854 100644 --- a/pkg/tool/nacos/nacos1_client.go +++ b/pkg/tool/nacos/nacos1_client.go @@ -234,7 +234,7 @@ func (c *NacosClient) GetConfig(dataID, group, namespaceID string) (*types.Nacos "accessToken": c.token, }) if _, err := c.Client.Get(url, params, httpclient.SetResult(res)); err != nil { - return nil, errors.Wrap(err, "get nacos config failed") + return nil, humanizeNacosError("获取 Nacos 配置详情", c.serverAddr, errors.Wrap(err, "get nacos config failed")) } nacosID := types.NacosDataID{ DataID: res.DataID, @@ -261,7 +261,7 @@ func (c *NacosClient) GetConfigHistory(dataID, group, namespaceID string) ([]*ty res := &nacosConfigHistoryResp{} if _, err := c.Client.Get(url, params, httpclient.SetResult(res)); err != nil { - return nil, errors.Wrap(err, "list nacos config history failed") + return nil, humanizeNacosError("获取 Nacos 配置历史", c.serverAddr, errors.Wrap(err, "list nacos config history failed")) } return res.PageItems, nil diff --git a/pkg/tool/nacos/nacos3_client.go b/pkg/tool/nacos/nacos3_client.go index ac87693c50..36297610e2 100644 --- a/pkg/tool/nacos/nacos3_client.go +++ b/pkg/tool/nacos/nacos3_client.go @@ -117,7 +117,7 @@ func NewNacos3Client(serverAddr, userName, password string) (*Nacos3Client, erro result := nacosLoginResp{} if err := resp.UnmarshalJson(&result); err != nil { - return nil, errors.Wrap(err, "unmarshal nacos login response failed") + return nil, humanizeNacosError("Nacos 连接", serverAddr, errors.Wrap(err, "unmarshal nacos login response failed")) } c := httpclient.New( @@ -148,7 +148,7 @@ func (c *Nacos3Client) ListNamespaces() ([]*types.NacosNamespace, error) { res := []*nacos3Namespace{} if err := IToi(nacosResp.Data, &res); err != nil { - return nil, errors.Wrap(err, "unmarshal nacos namespace response failed") + return nil, humanizeNacosError("获取 Nacos 命名空间", c.serverAddr, errors.Wrap(err, "unmarshal nacos namespace response failed")) } resp := []*types.NacosNamespace{} @@ -183,7 +183,7 @@ func (c *Nacos3Client) ListGroups(namespaceID, keyword string) ([]*types.NacosDa res := []*nacos3ConfigItem{} if err := IToi(nacosResp.Data, &res); err != nil { - return nil, errors.Wrap(err, "unmarshal nacos config response failed") + return nil, humanizeNacosError("获取 Nacos 配置分组", c.serverAddr, errors.Wrap(err, "unmarshal nacos config response failed")) } groupSet := sets.NewString() @@ -228,7 +228,7 @@ func (c *Nacos3Client) ListConfigs(namespaceID, groupName string) ([]*types.Naco res := []*nacos3ConfigItem{} if err := IToi(nacosResp.Data, &res); err != nil { - return nil, errors.Wrap(err, "unmarshal nacos config response failed") + return nil, humanizeNacosError("获取 Nacos 配置", c.serverAddr, errors.Wrap(err, "unmarshal nacos config response failed")) } configs := []*types.NacosConfig{} @@ -261,16 +261,16 @@ func (c *Nacos3Client) GetConfig(dataID, group, namespaceID string) (*types.Naco nacosResp := &nacos3Resp{} if _, err := c.Client.Get(url, params, httpclient.SetResult(nacosResp)); err != nil { - return nil, errors.Wrap(err, "get nacos config failed") + return nil, humanizeNacosError("获取 Nacos 配置详情", c.serverAddr, errors.Wrap(err, "get nacos config failed")) } if err := nacosResp.handleError(); err != nil { - return nil, errors.Wrap(err, "get nacos config failed") + return nil, humanizeNacosError("获取 Nacos 配置详情", c.serverAddr, errors.Wrap(err, "get nacos config failed")) } res := &nacos3Config{} if err := IToi(nacosResp.Data, res); err != nil { - return nil, errors.Wrap(err, "unmarshal nacos config response failed") + return nil, humanizeNacosError("获取 Nacos 配置详情", c.serverAddr, errors.Wrap(err, "unmarshal nacos config response failed")) } nacosID := types.NacosDataID{ @@ -297,16 +297,16 @@ func (c *Nacos3Client) GetConfigHistory(dataID, group, namespaceID string) ([]*t nacosResp := &nacos3Resp{} if _, err := c.Client.Get(url, params, httpclient.SetResult(nacosResp)); err != nil { - return nil, errors.Wrap(err, "list nacos config history failed") + return nil, humanizeNacosError("获取 Nacos 配置历史", c.serverAddr, errors.Wrap(err, "list nacos config history failed")) } if err := nacosResp.handleError(); err != nil { - return nil, errors.Wrap(err, "list nacos config history failed") + return nil, humanizeNacosError("获取 Nacos 配置历史", c.serverAddr, errors.Wrap(err, "list nacos config history failed")) } res := &nacos3ConfigHistoryResp{} if err := IToi(nacosResp.Data, res); err != nil { - return nil, errors.Wrap(err, "unmarshal nacos config history response failed") + return nil, humanizeNacosError("获取 Nacos 配置历史", c.serverAddr, errors.Wrap(err, "unmarshal nacos config history response failed")) } histories := []*types.NacosConfigHistory{} @@ -334,16 +334,16 @@ func (c *Nacos3Client) GetConfigHistory(dataID, group, namespaceID string) ([]*t nacosResp := &nacos3Resp{} if _, err := c.Client.Get(url, params, httpclient.SetResult(nacosResp)); err != nil { - return errors.Wrap(err, "get nacos config history failed") + return humanizeNacosError("获取 Nacos 配置历史详情", c.serverAddr, errors.Wrap(err, "get nacos config history failed")) } if err := nacosResp.handleError(); err != nil { - return errors.Wrap(err, "get nacos config history failed") + return humanizeNacosError("获取 Nacos 配置历史详情", c.serverAddr, errors.Wrap(err, "get nacos config history failed")) } res := &nacos3ConfigHistory{} if err := IToi(nacosResp.Data, res); err != nil { - return errors.Wrap(err, "unmarshal nacos config history response failed") + return humanizeNacosError("获取 Nacos 配置历史详情", c.serverAddr, errors.Wrap(err, "unmarshal nacos config history response failed")) } mu.Lock() From ab1a55072da5a1b606c3ba12c4badfc1ec799f43 Mon Sep 17 00:00:00 2001 From: huanghongbo-hhb Date: Mon, 8 Jun 2026 16:46:10 +0800 Subject: [PATCH 07/12] fix: refine proxy list and nacos job errors Signed-off-by: huanghongbo-hhb --- pkg/microservice/aslan/core/system/handler/proxy.go | 6 ------ pkg/microservice/aslan/core/system/service/proxy.go | 4 ++++ .../service/workflow/controller/job/job_nacos.go | 12 ++++++------ 3 files changed, 10 insertions(+), 12 deletions(-) diff --git a/pkg/microservice/aslan/core/system/handler/proxy.go b/pkg/microservice/aslan/core/system/handler/proxy.go index 7ec6f8fa5a..2679e5d331 100644 --- a/pkg/microservice/aslan/core/system/handler/proxy.go +++ b/pkg/microservice/aslan/core/system/handler/proxy.go @@ -68,12 +68,6 @@ func ListProxies(c *gin.Context) { return } - // authorization checks - if !ctx.Resources.IsSystemAdmin { - ctx.UnAuthorized = true - return - } - ctx.Resp, ctx.RespErr = service.ListProxies(ctx.Logger) } diff --git a/pkg/microservice/aslan/core/system/service/proxy.go b/pkg/microservice/aslan/core/system/service/proxy.go index 01c06c7813..3e85f79bdd 100644 --- a/pkg/microservice/aslan/core/system/service/proxy.go +++ b/pkg/microservice/aslan/core/system/service/proxy.go @@ -55,6 +55,10 @@ func ListProxies(log *zap.SugaredLogger) ([]*commonmodels.Proxy, error) { log.Errorf("Proxy.List error: %v", err) return resp, e.ErrListProxies.AddErr(err) } + for _, proxy := range resp { + proxy.Username = "" + proxy.Password = "" + } return resp, nil } diff --git a/pkg/microservice/aslan/core/workflow/service/workflow/controller/job/job_nacos.go b/pkg/microservice/aslan/core/workflow/service/workflow/controller/job/job_nacos.go index 3f23da4db3..1315463906 100644 --- a/pkg/microservice/aslan/core/workflow/service/workflow/controller/job/job_nacos.go +++ b/pkg/microservice/aslan/core/workflow/service/workflow/controller/job/job_nacos.go @@ -117,12 +117,12 @@ func (j NacosJobController) Update(useUserInput bool, ticket *commonmodels.Appro nacosConfigs, err := commonservice.ListNacosConfig(j.jobSpec.NacosID, j.jobSpec.NamespaceID, j.jobSpec.GroupName, log.SugaredLogger()) if err != nil { - return err + return fmt.Errorf("获取 Nacos 配置失败: %w", err) } namespaces, err := commonservice.ListNacosNamespace(j.jobSpec.NacosID, log.SugaredLogger()) if err != nil { - return err + return fmt.Errorf("获取 Nacos 命名空间失败: %w", err) } namespaceName := "" @@ -169,12 +169,12 @@ func (j NacosJobController) Update(useUserInput bool, ticket *commonmodels.Appro func (j NacosJobController) SetOptions(ticket *commonmodels.ApprovalTicket) error { nacosConfigs, err := commonservice.ListNacosConfig(j.jobSpec.NacosID, j.jobSpec.NamespaceID, j.jobSpec.GroupName, log.SugaredLogger()) if err != nil { - return err + return fmt.Errorf("获取 Nacos 配置失败: %w", err) } namespaces, err := commonservice.ListNacosNamespace(j.jobSpec.NacosID, log.SugaredLogger()) if err != nil { - return err + return fmt.Errorf("获取 Nacos 命名空间失败: %w", err) } namespaceName := "" @@ -226,11 +226,11 @@ func (j NacosJobController) ToTask(taskID int64) ([]*commonmodels.JobTask, error } client, err := commonservice.GetNacosClient(j.jobSpec.NacosID) if err != nil { - return nil, err + return nil, fmt.Errorf("获取 Nacos 客户端失败: %w", err) } namespaces, err := client.ListNamespaces() if err != nil { - return nil, err + return nil, fmt.Errorf("获取 Nacos 命名空间失败: %w", err) } namespaceName := "" for _, namespace := range namespaces { From 9faa3deeaecb87d235a5ba9d01059538205953aa Mon Sep 17 00:00:00 2001 From: huanghongbo-hhb Date: Mon, 8 Jun 2026 16:48:37 +0800 Subject: [PATCH 08/12] chore: keep proxy auth TODO comment Signed-off-by: huanghongbo-hhb --- pkg/microservice/aslan/core/system/handler/proxy.go | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/pkg/microservice/aslan/core/system/handler/proxy.go b/pkg/microservice/aslan/core/system/handler/proxy.go index 2679e5d331..c2274c8bd0 100644 --- a/pkg/microservice/aslan/core/system/handler/proxy.go +++ b/pkg/microservice/aslan/core/system/handler/proxy.go @@ -68,6 +68,13 @@ func ListProxies(c *gin.Context) { return } + // TODO: Authroization leaks + // authorization checks + //if !ctx.Resources.IsSystemAdmin { + // ctx.UnAuthorized = true + // return + //} + ctx.Resp, ctx.RespErr = service.ListProxies(ctx.Logger) } From 384246da3a88dfd4c25b0521bde84d3ecfc0133c Mon Sep 17 00:00:00 2001 From: huanghongbo-hhb Date: Mon, 8 Jun 2026 17:31:14 +0800 Subject: [PATCH 09/12] revert: remove nacos error humanizer Signed-off-by: huanghongbo-hhb --- .../aslan/core/common/service/nacos.go | 28 ++--- .../jobcontroller/job_nacos.go | 2 + .../service/configuration_management.go | 8 +- .../service/workflow/workflow_task_v4.go | 2 +- .../user/core/repository/orm/user.go | 9 +- pkg/tool/nacos/error_humanizer.go | 101 ------------------ pkg/tool/nacos/nacos1_client.go | 18 ++-- pkg/tool/nacos/nacos3_client.go | 48 ++++----- 8 files changed, 53 insertions(+), 163 deletions(-) delete mode 100644 pkg/tool/nacos/error_humanizer.go diff --git a/pkg/microservice/aslan/core/common/service/nacos.go b/pkg/microservice/aslan/core/common/service/nacos.go index 0754222ea0..b045a03cfe 100644 --- a/pkg/microservice/aslan/core/common/service/nacos.go +++ b/pkg/microservice/aslan/core/common/service/nacos.go @@ -27,29 +27,15 @@ import ( "github.com/koderover/zadig/v2/pkg/types" ) -func logNacosError(log *zap.SugaredLogger, err error) { - if err == nil { - return - } - - cause := errors.Cause(err) - if cause != nil && cause != err { - log.Errorf("%v, raw error: %v", err, cause) - return - } - - log.Error(err) -} - func ListNacosNamespace(nacosID string, log *zap.SugaredLogger) ([]*types.NacosNamespace, error) { client, err := GetNacosClient(nacosID) if err != nil { - logNacosError(log, err) + log.Error(err) return []*types.NacosNamespace{}, err } resp, err := client.ListNamespaces() if err != nil { - logNacosError(log, err) + log.Error(err) return []*types.NacosNamespace{}, err } return resp, nil @@ -58,12 +44,12 @@ func ListNacosNamespace(nacosID string, log *zap.SugaredLogger) ([]*types.NacosN func ListNacosConfig(nacosID, namespaceID, groupName string, log *zap.SugaredLogger) ([]*types.NacosConfig, error) { client, err := GetNacosClient(nacosID) if err != nil { - logNacosError(log, err) + log.Error(err) return []*types.NacosConfig{}, err } namespaces, err := client.ListNamespaces() if err != nil { - logNacosError(log, err) + log.Error(err) return nil, err } @@ -77,7 +63,7 @@ func ListNacosConfig(nacosID, namespaceID, groupName string, log *zap.SugaredLog resp, err := client.ListConfigs(namespaceID, groupName) if err != nil { - logNacosError(log, err) + log.Error(err) return []*types.NacosConfig{}, err } for _, item := range resp { @@ -91,13 +77,13 @@ func ListNacosConfig(nacosID, namespaceID, groupName string, log *zap.SugaredLog func ListNacosGroup(nacosID, namespaceID, keyword string, log *zap.SugaredLogger) ([]*types.NacosDataID, error) { client, err := GetNacosClient(nacosID) if err != nil { - logNacosError(log, err) + log.Error(err) return []*types.NacosDataID{}, err } resp, err := client.ListGroups(namespaceID, keyword) if err != nil { - logNacosError(log, err) + log.Error(err) return []*types.NacosDataID{}, err } diff --git a/pkg/microservice/aslan/core/common/service/workflowcontroller/jobcontroller/job_nacos.go b/pkg/microservice/aslan/core/common/service/workflowcontroller/jobcontroller/job_nacos.go index bab7ec950b..0e8d7325da 100644 --- a/pkg/microservice/aslan/core/common/service/workflowcontroller/jobcontroller/job_nacos.go +++ b/pkg/microservice/aslan/core/common/service/workflowcontroller/jobcontroller/job_nacos.go @@ -58,11 +58,13 @@ func (c *NacosJobCtl) Run(ctx context.Context) { client, err := nacos.NewNacosClient(c.jobTaskSpec.Type, c.jobTaskSpec.NacosAddr, c.jobTaskSpec.AuthConfig) if err != nil { + c.logger.Error(err) logError(c.job, err.Error(), c.logger) return } for _, data := range c.jobTaskSpec.NacosDatas { if err := client.UpdateConfig(data.DataID, data.Group, c.jobTaskSpec.NamespaceID, data.Content, data.Format); err != nil { + c.logger.Error(err) data.Error = err.Error() logError(c.job, err.Error(), c.logger) return diff --git a/pkg/microservice/aslan/core/system/service/configuration_management.go b/pkg/microservice/aslan/core/system/service/configuration_management.go index 1b8007453d..4b9ccc9943 100644 --- a/pkg/microservice/aslan/core/system/service/configuration_management.go +++ b/pkg/microservice/aslan/core/system/service/configuration_management.go @@ -114,11 +114,11 @@ func ValidateConfigurationManagement(rawData string, log *zap.SugaredLogger) err case setting.SourceFromApollo: return validateApolloAuthConfig(getApolloConfigFromRaw(rawData)) case setting.SourceFromNacos: - return validateNacosAuthConfig(getNacosConfigFromRaw(rawData)) + return validateNacosAuthConfig(getNacosConfigFromRaw(rawData), log) case setting.SourceFromNacos3: - return validateNacosAuthConfig(getNacos3ConfigFromRaw(rawData)) + return validateNacosAuthConfig(getNacos3ConfigFromRaw(rawData), log) case setting.SourceFromNacosEEMSE: - return validateNacosAuthConfig(getNacosEEMSEAuthConfigFromRaw(rawData)) + return validateNacosAuthConfig(getNacosEEMSEAuthConfigFromRaw(rawData), log) default: return e.ErrInvalidParam.AddDesc("invalid type") } @@ -144,7 +144,7 @@ func validateApolloAuthConfig(config *commonmodels.ApolloConfig) error { return nil } -func validateNacosAuthConfig(config *nacos.NacosConfig) error { +func validateNacosAuthConfig(config *nacos.NacosConfig, log *zap.SugaredLogger) error { if config.Type != setting.SourceFromNacos && config.Type != setting.SourceFromNacos3 && config.Type != setting.SourceFromNacosEEMSE { return fmt.Errorf("nacos type is not nacos 1.x or nacos 3.x or nacos ee mse") } diff --git a/pkg/microservice/aslan/core/workflow/service/workflow/workflow_task_v4.go b/pkg/microservice/aslan/core/workflow/service/workflow/workflow_task_v4.go index 19b3ae813d..0308dc0cd5 100644 --- a/pkg/microservice/aslan/core/workflow/service/workflow/workflow_task_v4.go +++ b/pkg/microservice/aslan/core/workflow/service/workflow/workflow_task_v4.go @@ -1751,7 +1751,7 @@ func RevertWorkflowTaskV4Job(ctx *internalhandler.Context, workflowName, jobName originalConfig, err := client.GetConfig(in.DataID, in.Group, in.NamespaceID) if err != nil { log.Errorf("failed to find current config for data: %s in namespace: %s, error: %s", in.DataID, in.NamespaceID, err) - return fmt.Errorf("failed to find current config for data: %s in namespace: %s, error: %s", in.DataID, in.NamespaceID, err) + return fmt.Errorf("获取 Nacos 当前配置失败: %w", err) } nacosID := types.NacosDataID{ DataID: in.DataID, diff --git a/pkg/microservice/user/core/repository/orm/user.go b/pkg/microservice/user/core/repository/orm/user.go index c45755a5e3..903423166f 100644 --- a/pkg/microservice/user/core/repository/orm/user.go +++ b/pkg/microservice/user/core/repository/orm/user.go @@ -149,7 +149,8 @@ func ListUsersByNameAndRoleWithLoginTime(page int, perPage int, name string, rol err = db.Table("user"). Select("user.uid, user.name, user.account, user.identity_type, user.api_token_enabled, IFNULL(user_login.last_login_time, 0) AS last_login_time"). Joins("LEFT JOIN user_login ON user_login.uid = user.uid"). - Where("user.uid IN ? AND user.name LIKE ?", uids, "%"+name+"%"). + Where("user.uid IN ?", uids). + Where("user.name LIKE ?", "%"+name+"%"). Order("last_login_time " + string(order)). Offset((page - 1) * perPage). Limit(perPage). @@ -168,7 +169,8 @@ func ListUsersByNameAndRole(page int, perPage int, name string, roles []string, err error ) - err = db.Where("user.name LIKE ? AND role.name IN ? AND role.namespace = ?", "%"+name+"%", roles, namespace). + err = db.Where("user.name LIKE ?", "%"+name+"%"). + Where("role.name IN ? AND role.namespace = ?", roles, namespace). Joins("INNER JOIN role_binding on role_binding.uid = user.uid"). Joins("INNER JOIN role on role_binding.role_id = role.id").Order("account ASC").Offset((page - 1) * perPage). Group("user.uid"). @@ -275,7 +277,8 @@ func GetUsersCountByRoles(name string, roles []string, namespace string) (int64, count int64 ) - err = repository.DB.Where("user.name LIKE ? AND role.name IN ? AND role.namespace = ?", "%"+name+"%", roles, namespace). + err = repository.DB.Where("user.name LIKE ?", "%"+name+"%"). + Where("role.name IN ? AND role.namespace = ?", roles, namespace). Joins("INNER JOIN role_binding on role_binding.uid = user.uid"). Joins("INNER JOIN role on role_binding.role_id = role.id"). Group("user.uid"). diff --git a/pkg/tool/nacos/error_humanizer.go b/pkg/tool/nacos/error_humanizer.go deleted file mode 100644 index 08c7d24cc1..0000000000 --- a/pkg/tool/nacos/error_humanizer.go +++ /dev/null @@ -1,101 +0,0 @@ -package nacos - -import ( - "fmt" - "net/url" - "regexp" - "strings" -) - -var authStatusPattern = regexp.MustCompile(`(^|[^0-9])(401|403)([^0-9]|$)`) - -type HumanizedError struct { - message string - cause error -} - -func (e *HumanizedError) Error() string { - return e.message -} - -func (e *HumanizedError) Unwrap() error { - return e.cause -} - -func (e *HumanizedError) Cause() error { - return e.cause -} - -func humanizeNacosError(operation, serverAddr string, err error) error { - if err == nil { - return nil - } - - raw := strings.ToLower(err.Error()) - addr := displayNacosAddress(serverAddr) - message := fmt.Sprintf("%s失败:请检查 Nacos 地址、账号密码和服务状态", operation) - - switch { - case strings.Contains(raw, "parse nacos server address failed"), - strings.Contains(raw, "missing protocol scheme"), - strings.Contains(raw, "invalid uri"): - message = fmt.Sprintf("%s失败:Nacos 地址格式不正确,请检查地址配置", operation) - case strings.Contains(raw, "unmarshal nacos"), - strings.Contains(raw, "unmarshal task error"), - strings.Contains(raw, "cannot unmarshal"), - strings.Contains(raw, "invalid character"): - message = fmt.Sprintf("%s失败:Nacos 返回的数据格式异常,请检查服务版本或响应内容", operation) - case strings.Contains(raw, "no such host"): - message = fmt.Sprintf("%s失败:无法解析 Nacos 地址 %s,请检查地址是否填写正确", operation, addr) - case strings.Contains(raw, "certificate signed by unknown authority"): - message = fmt.Sprintf("%s失败:HTTPS 证书校验失败,请检查 Nacos 服务证书是否受信任", operation) - case strings.Contains(raw, "x509:"): - message = fmt.Sprintf("%s失败:HTTPS 证书校验失败,请检查 Nacos 服务证书配置是否正确", operation) - case strings.Contains(raw, "connection refused"): - message = fmt.Sprintf("%s失败:连接被拒绝,请检查服务地址、端口或 Nacos 服务状态", operation) - case strings.Contains(raw, "i/o timeout"), - strings.Contains(raw, "context deadline exceeded"), - strings.Contains(raw, "client.timeout exceeded"): - message = fmt.Sprintf("%s失败:连接超时,请检查网络连通性或 Nacos 服务状态", operation) - case containsNacosAuthError(raw): - message = fmt.Sprintf("%s失败:用户名或密码错误,或当前账号无权限访问 Nacos", operation) - } - - return &HumanizedError{ - message: message, - cause: err, - } -} - -func containsNacosAuthError(raw string) bool { - if authStatusPattern.MatchString(raw) { - return true - } - - for _, keyword := range []string{ - "unauthorized", - "forbidden", - "unknown user", - "user not found", - "invalid password", - "password error", - "access denied", - "permission denied", - "login failed", - } { - if strings.Contains(raw, keyword) { - return true - } - } - - return false -} - -func displayNacosAddress(serverAddr string) string { - parsed, err := url.Parse(serverAddr) - if err == nil && parsed.Host != "" { - return parsed.Host - } - - return serverAddr -} diff --git a/pkg/tool/nacos/nacos1_client.go b/pkg/tool/nacos/nacos1_client.go index c3d5db7854..3428fb39d7 100644 --- a/pkg/tool/nacos/nacos1_client.go +++ b/pkg/tool/nacos/nacos1_client.go @@ -75,7 +75,7 @@ const ( func NewNacos1Client(serverAddr, userName, password string) (*NacosClient, error) { host, err := url.Parse(serverAddr) if err != nil { - return nil, humanizeNacosError("Nacos 连接", serverAddr, errors.Wrap(err, "parse nacos server address failed")) + return nil, errors.Wrap(err, "parse nacos server address failed") } // add default context path if host.Path == "" { @@ -88,10 +88,10 @@ func NewNacos1Client(serverAddr, userName, password string) (*NacosClient, error SetResult(&result). Post(loginURL) if err != nil { - return nil, humanizeNacosError("Nacos 连接", serverAddr, errors.Wrap(err, "login nacos failed")) + return nil, errors.Wrap(err, "login nacos failed") } if !resp.IsSuccess() { - return nil, humanizeNacosError("Nacos 连接", serverAddr, fmt.Errorf("login nacos failed: %s", resp.String())) + return nil, fmt.Errorf("login nacos failed: %s", resp.String()) } c := httpclient.New( @@ -126,7 +126,7 @@ func (c *NacosClient) ListNamespaces() ([]*types.NacosNamespace, error) { url := "/v1/console/namespaces" res := &nacosNamespaceResp{} if _, err := c.Client.Get(url, httpclient.SetResult(res)); err != nil { - return nil, humanizeNacosError("获取 Nacos 命名空间", c.serverAddr, errors.Wrap(err, "list nacos namespace failed")) + return nil, errors.Wrap(err, "list nacos namespace failed") } resp := []*types.NacosNamespace{} for _, namespace := range res.Data { @@ -161,7 +161,7 @@ func (c *NacosClient) ListGroups(namespaceID, keyword string) ([]*types.NacosDat "accessToken": c.token, }) if _, err := c.Client.Get(url, params, httpclient.SetResult(res)); err != nil { - return nil, humanizeNacosError("获取 Nacos 配置分组", c.serverAddr, errors.Wrap(err, "list nacos config failed")) + return nil, errors.Wrap(err, "list nacos config failed") } for _, conf := range res.PageItems { if groupSet.Has(conf.Group) { @@ -203,7 +203,7 @@ func (c *NacosClient) ListConfigs(namespaceID, groupName string) ([]*types.Nacos "accessToken": c.token, }) if _, err := c.Client.Get(url, params, httpclient.SetResult(res)); err != nil { - return nil, humanizeNacosError("获取 Nacos 配置", c.serverAddr, errors.Wrap(err, "list nacos config failed")) + return nil, errors.Wrap(err, "list nacos config failed") } for _, conf := range res.PageItems { nacosID := types.NacosDataID{ @@ -234,7 +234,7 @@ func (c *NacosClient) GetConfig(dataID, group, namespaceID string) (*types.Nacos "accessToken": c.token, }) if _, err := c.Client.Get(url, params, httpclient.SetResult(res)); err != nil { - return nil, humanizeNacosError("获取 Nacos 配置详情", c.serverAddr, errors.Wrap(err, "get nacos config failed")) + return nil, errors.Wrap(err, "get nacos config failed") } nacosID := types.NacosDataID{ DataID: res.DataID, @@ -261,7 +261,7 @@ func (c *NacosClient) GetConfigHistory(dataID, group, namespaceID string) ([]*ty res := &nacosConfigHistoryResp{} if _, err := c.Client.Get(url, params, httpclient.SetResult(res)); err != nil { - return nil, humanizeNacosError("获取 Nacos 配置历史", c.serverAddr, errors.Wrap(err, "list nacos config history failed")) + return nil, errors.Wrap(err, "list nacos config history failed") } return res.PageItems, nil @@ -279,7 +279,7 @@ func (c *NacosClient) UpdateConfig(dataID, group, namespaceID, content, format s "accessToken": c.token, } if _, err := c.Client.Post(path, httpclient.SetFormData(formValues)); err != nil { - return humanizeNacosError("更新 Nacos 配置", c.serverAddr, errors.Wrap(err, "update nacos config failed")) + return errors.Wrap(err, "update nacos config failed") } return nil } diff --git a/pkg/tool/nacos/nacos3_client.go b/pkg/tool/nacos/nacos3_client.go index 36297610e2..8f75871849 100644 --- a/pkg/tool/nacos/nacos3_client.go +++ b/pkg/tool/nacos/nacos3_client.go @@ -105,19 +105,19 @@ func NewNacos3Client(serverAddr, userName, password string) (*Nacos3Client, erro SetResult(nacosResp). Post(loginURL) if err != nil { - return nil, humanizeNacosError("Nacos 连接", serverAddr, errors.Wrap(err, "login nacos failed")) + return nil, errors.Wrap(err, "login nacos failed") } if !resp.IsSuccess() { - return nil, humanizeNacosError("Nacos 连接", serverAddr, fmt.Errorf("login nacos failed: %s", resp.String())) + return nil, fmt.Errorf("login nacos failed: %s", resp.String()) } if err := nacosResp.handleError(); err != nil { - return nil, humanizeNacosError("Nacos 连接", serverAddr, errors.Wrap(err, "login nacos failed")) + return nil, errors.Wrap(err, "login nacos failed") } result := nacosLoginResp{} if err := resp.UnmarshalJson(&result); err != nil { - return nil, humanizeNacosError("Nacos 连接", serverAddr, errors.Wrap(err, "unmarshal nacos login response failed")) + return nil, errors.Wrap(err, "unmarshal nacos login response failed") } c := httpclient.New( @@ -139,16 +139,16 @@ func (c *Nacos3Client) ListNamespaces() ([]*types.NacosNamespace, error) { nacosResp := &nacos3Resp{} if _, err := c.Client.Get(url, httpclient.SetResult(nacosResp)); err != nil { - return nil, humanizeNacosError("获取 Nacos 命名空间", c.serverAddr, errors.Wrap(err, "list nacos namespace failed")) + return nil, errors.Wrap(err, "list nacos namespace failed") } if err := nacosResp.handleError(); err != nil { - return nil, humanizeNacosError("获取 Nacos 命名空间", c.serverAddr, errors.Wrap(err, "list nacos namespace failed")) + return nil, errors.Wrap(err, "list nacos namespace failed") } res := []*nacos3Namespace{} if err := IToi(nacosResp.Data, &res); err != nil { - return nil, humanizeNacosError("获取 Nacos 命名空间", c.serverAddr, errors.Wrap(err, "unmarshal nacos namespace response failed")) + return nil, errors.Wrap(err, "unmarshal nacos namespace response failed") } resp := []*types.NacosNamespace{} @@ -174,16 +174,16 @@ func (c *Nacos3Client) ListGroups(namespaceID, keyword string) ([]*types.NacosDa }) if _, err := c.Client.Get(url, params, httpclient.SetResult(nacosResp)); err != nil { - return nil, humanizeNacosError("获取 Nacos 配置分组", c.serverAddr, errors.Wrap(err, "list nacos config failed")) + return nil, errors.Wrap(err, "list nacos config failed") } if err := nacosResp.handleError(); err != nil { - return nil, humanizeNacosError("获取 Nacos 配置分组", c.serverAddr, errors.Wrap(err, "list nacos config failed")) + return nil, errors.Wrap(err, "list nacos config failed") } res := []*nacos3ConfigItem{} if err := IToi(nacosResp.Data, &res); err != nil { - return nil, humanizeNacosError("获取 Nacos 配置分组", c.serverAddr, errors.Wrap(err, "unmarshal nacos config response failed")) + return nil, errors.Wrap(err, "unmarshal nacos config response failed") } groupSet := sets.NewString() @@ -219,16 +219,16 @@ func (c *Nacos3Client) ListConfigs(namespaceID, groupName string) ([]*types.Naco "accessToken": c.token, }) if _, err := c.Client.Get(url, params, httpclient.SetResult(nacosResp)); err != nil { - return nil, humanizeNacosError("获取 Nacos 配置", c.serverAddr, errors.Wrap(err, "list nacos config failed")) + return nil, errors.Wrap(err, "list nacos config failed") } if err := nacosResp.handleError(); err != nil { - return nil, humanizeNacosError("获取 Nacos 配置", c.serverAddr, errors.Wrap(err, "list nacos config failed")) + return nil, errors.Wrap(err, "list nacos config failed") } res := []*nacos3ConfigItem{} if err := IToi(nacosResp.Data, &res); err != nil { - return nil, humanizeNacosError("获取 Nacos 配置", c.serverAddr, errors.Wrap(err, "unmarshal nacos config response failed")) + return nil, errors.Wrap(err, "unmarshal nacos config response failed") } configs := []*types.NacosConfig{} @@ -261,16 +261,16 @@ func (c *Nacos3Client) GetConfig(dataID, group, namespaceID string) (*types.Naco nacosResp := &nacos3Resp{} if _, err := c.Client.Get(url, params, httpclient.SetResult(nacosResp)); err != nil { - return nil, humanizeNacosError("获取 Nacos 配置详情", c.serverAddr, errors.Wrap(err, "get nacos config failed")) + return nil, errors.Wrap(err, "get nacos config failed") } if err := nacosResp.handleError(); err != nil { - return nil, humanizeNacosError("获取 Nacos 配置详情", c.serverAddr, errors.Wrap(err, "get nacos config failed")) + return nil, errors.Wrap(err, "get nacos config failed") } res := &nacos3Config{} if err := IToi(nacosResp.Data, res); err != nil { - return nil, humanizeNacosError("获取 Nacos 配置详情", c.serverAddr, errors.Wrap(err, "unmarshal nacos config response failed")) + return nil, errors.Wrap(err, "unmarshal nacos config response failed") } nacosID := types.NacosDataID{ @@ -297,16 +297,16 @@ func (c *Nacos3Client) GetConfigHistory(dataID, group, namespaceID string) ([]*t nacosResp := &nacos3Resp{} if _, err := c.Client.Get(url, params, httpclient.SetResult(nacosResp)); err != nil { - return nil, humanizeNacosError("获取 Nacos 配置历史", c.serverAddr, errors.Wrap(err, "list nacos config history failed")) + return nil, errors.Wrap(err, "list nacos config history failed") } if err := nacosResp.handleError(); err != nil { - return nil, humanizeNacosError("获取 Nacos 配置历史", c.serverAddr, errors.Wrap(err, "list nacos config history failed")) + return nil, errors.Wrap(err, "list nacos config history failed") } res := &nacos3ConfigHistoryResp{} if err := IToi(nacosResp.Data, res); err != nil { - return nil, humanizeNacosError("获取 Nacos 配置历史", c.serverAddr, errors.Wrap(err, "unmarshal nacos config history response failed")) + return nil, errors.Wrap(err, "unmarshal nacos config history response failed") } histories := []*types.NacosConfigHistory{} @@ -334,16 +334,16 @@ func (c *Nacos3Client) GetConfigHistory(dataID, group, namespaceID string) ([]*t nacosResp := &nacos3Resp{} if _, err := c.Client.Get(url, params, httpclient.SetResult(nacosResp)); err != nil { - return humanizeNacosError("获取 Nacos 配置历史详情", c.serverAddr, errors.Wrap(err, "get nacos config history failed")) + return errors.Wrap(err, "get nacos config history failed") } if err := nacosResp.handleError(); err != nil { - return humanizeNacosError("获取 Nacos 配置历史详情", c.serverAddr, errors.Wrap(err, "get nacos config history failed")) + return errors.Wrap(err, "get nacos config history failed") } res := &nacos3ConfigHistory{} if err := IToi(nacosResp.Data, res); err != nil { - return humanizeNacosError("获取 Nacos 配置历史详情", c.serverAddr, errors.Wrap(err, "unmarshal nacos config history response failed")) + return errors.Wrap(err, "unmarshal nacos config history response failed") } mu.Lock() @@ -387,11 +387,11 @@ func (c *Nacos3Client) UpdateConfig(dataID, group, namespaceID, content, format nacosResp := &nacos3Resp{} if _, err := c.Client.Post(path, httpclient.SetFormData(formValues), httpclient.SetResult(nacosResp)); err != nil { - return humanizeNacosError("更新 Nacos 配置", c.serverAddr, errors.Wrap(err, "update nacos config failed")) + return errors.Wrap(err, "update nacos config failed") } if err := nacosResp.handleError(); err != nil { - return humanizeNacosError("更新 Nacos 配置", c.serverAddr, errors.Wrap(err, "update nacos config failed")) + return errors.Wrap(err, "update nacos config failed") } return nil From 27268328be29ba05a5bc8c64ae08282bb301b765 Mon Sep 17 00:00:00 2001 From: huanghongbo-hhb Date: Mon, 8 Jun 2026 17:34:34 +0800 Subject: [PATCH 10/12] fix: revert unintended user orm change Signed-off-by: huanghongbo-hhb --- pkg/microservice/user/core/repository/orm/user.go | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/pkg/microservice/user/core/repository/orm/user.go b/pkg/microservice/user/core/repository/orm/user.go index 903423166f..c45755a5e3 100644 --- a/pkg/microservice/user/core/repository/orm/user.go +++ b/pkg/microservice/user/core/repository/orm/user.go @@ -149,8 +149,7 @@ func ListUsersByNameAndRoleWithLoginTime(page int, perPage int, name string, rol err = db.Table("user"). Select("user.uid, user.name, user.account, user.identity_type, user.api_token_enabled, IFNULL(user_login.last_login_time, 0) AS last_login_time"). Joins("LEFT JOIN user_login ON user_login.uid = user.uid"). - Where("user.uid IN ?", uids). - Where("user.name LIKE ?", "%"+name+"%"). + Where("user.uid IN ? AND user.name LIKE ?", uids, "%"+name+"%"). Order("last_login_time " + string(order)). Offset((page - 1) * perPage). Limit(perPage). @@ -169,8 +168,7 @@ func ListUsersByNameAndRole(page int, perPage int, name string, roles []string, err error ) - err = db.Where("user.name LIKE ?", "%"+name+"%"). - Where("role.name IN ? AND role.namespace = ?", roles, namespace). + err = db.Where("user.name LIKE ? AND role.name IN ? AND role.namespace = ?", "%"+name+"%", roles, namespace). Joins("INNER JOIN role_binding on role_binding.uid = user.uid"). Joins("INNER JOIN role on role_binding.role_id = role.id").Order("account ASC").Offset((page - 1) * perPage). Group("user.uid"). @@ -277,8 +275,7 @@ func GetUsersCountByRoles(name string, roles []string, namespace string) (int64, count int64 ) - err = repository.DB.Where("user.name LIKE ?", "%"+name+"%"). - Where("role.name IN ? AND role.namespace = ?", roles, namespace). + err = repository.DB.Where("user.name LIKE ? AND role.name IN ? AND role.namespace = ?", "%"+name+"%", roles, namespace). Joins("INNER JOIN role_binding on role_binding.uid = user.uid"). Joins("INNER JOIN role on role_binding.role_id = role.id"). Group("user.uid"). From 6214902dc39e1154e82e0853f5df40ed2b174340 Mon Sep 17 00:00:00 2001 From: huanghongbo-hhb Date: Mon, 8 Jun 2026 17:42:33 +0800 Subject: [PATCH 11/12] chore: drop error sanitize tests from pr Signed-off-by: huanghongbo-hhb --- pkg/tool/errors/errors_test.go | 20 ++------------------ 1 file changed, 2 insertions(+), 18 deletions(-) diff --git a/pkg/tool/errors/errors_test.go b/pkg/tool/errors/errors_test.go index e019932632..7d3ac3dd68 100644 --- a/pkg/tool/errors/errors_test.go +++ b/pkg/tool/errors/errors_test.go @@ -27,11 +27,10 @@ func TestErrors(t *testing.T) { httpErr := NewHTTPError(400, "testErr", "error description") assert.Equal(400, httpErr.Code()) - assert.Equal("testErr: error description", httpErr.Error()) + assert.Equal("testErr", httpErr.Error()) assert.Equal("error description", httpErr.Desc()) httpErr.AddDesc("error description updated") - assert.Equal("testErr: error description updated", httpErr.Error()) assert.Equal("error description updated", httpErr.Desc()) err2 := NewWithDesc(httpErr, "new error with desc") @@ -51,21 +50,6 @@ func TestErrors(t *testing.T) { code, message := ErrorMessage(httpErr) assert.Equal(400, code) assert.Equal(400, message["code"]) - assert.Equal("error", message["type"]) - assert.Equal(httpErr.Message(), message["message"]) + assert.Equal(httpErr.Error(), message["message"]) assert.Equal(httpErr.Desc(), message["description"]) } - -func TestSanitizeSensitiveInfoKeepsWrappedURLDelimiters(t *testing.T) { - assert := assert.New(t) - - input := `(https://example.com?token=secret)` - assert.Equal(`(https://example.com?token=***)`, sanitizeSensitiveInfo(input)) -} - -func TestSanitizeSensitiveInfoRedactsEncodedSensitiveQueryKeys(t *testing.T) { - assert := assert.New(t) - - input := `https://example.com?%70%61%73%73%77%6f%72%64=secret&username=demo` - assert.Equal(`https://example.com?%70%61%73%73%77%6f%72%64=***&username=***`, sanitizeSensitiveInfo(input)) -} From ad601cb8150262f441020b8f2ab72dc770a834bc Mon Sep 17 00:00:00 2001 From: huanghongbo-hhb Date: Mon, 8 Jun 2026 18:06:16 +0800 Subject: [PATCH 12/12] fix: keep original nacos error messages Signed-off-by: huanghongbo-hhb --- pkg/microservice/aslan/core/common/service/nacos.go | 7 +++++++ .../workflowcontroller/jobcontroller/job_nacos.go | 2 -- .../core/system/service/configuration_management.go | 8 ++++---- .../service/workflow/controller/job/job_nacos.go | 12 ++++++------ .../workflow/service/workflow/workflow_task_v4.go | 2 +- 5 files changed, 18 insertions(+), 13 deletions(-) diff --git a/pkg/microservice/aslan/core/common/service/nacos.go b/pkg/microservice/aslan/core/common/service/nacos.go index b045a03cfe..3a81445255 100644 --- a/pkg/microservice/aslan/core/common/service/nacos.go +++ b/pkg/microservice/aslan/core/common/service/nacos.go @@ -30,11 +30,13 @@ import ( func ListNacosNamespace(nacosID string, log *zap.SugaredLogger) ([]*types.NacosNamespace, error) { client, err := GetNacosClient(nacosID) if err != nil { + err = errors.Wrap(err, "fail to get nacos client") log.Error(err) return []*types.NacosNamespace{}, err } resp, err := client.ListNamespaces() if err != nil { + err = errors.Wrap(err, "fail to list nacos namespace") log.Error(err) return []*types.NacosNamespace{}, err } @@ -44,11 +46,13 @@ func ListNacosNamespace(nacosID string, log *zap.SugaredLogger) ([]*types.NacosN func ListNacosConfig(nacosID, namespaceID, groupName string, log *zap.SugaredLogger) ([]*types.NacosConfig, error) { client, err := GetNacosClient(nacosID) if err != nil { + err = errors.Wrap(err, "fail to get nacos client") log.Error(err) return []*types.NacosConfig{}, err } namespaces, err := client.ListNamespaces() if err != nil { + err = errors.Wrap(err, "fail to list nacos namespaces") log.Error(err) return nil, err } @@ -63,6 +67,7 @@ func ListNacosConfig(nacosID, namespaceID, groupName string, log *zap.SugaredLog resp, err := client.ListConfigs(namespaceID, groupName) if err != nil { + err = errors.Wrap(err, "fail to list nacos config") log.Error(err) return []*types.NacosConfig{}, err } @@ -77,12 +82,14 @@ func ListNacosConfig(nacosID, namespaceID, groupName string, log *zap.SugaredLog func ListNacosGroup(nacosID, namespaceID, keyword string, log *zap.SugaredLogger) ([]*types.NacosDataID, error) { client, err := GetNacosClient(nacosID) if err != nil { + err = errors.Wrap(err, "fail to get nacos client") log.Error(err) return []*types.NacosDataID{}, err } resp, err := client.ListGroups(namespaceID, keyword) if err != nil { + err = errors.Wrap(err, "fail to list nacos config") log.Error(err) return []*types.NacosDataID{}, err } diff --git a/pkg/microservice/aslan/core/common/service/workflowcontroller/jobcontroller/job_nacos.go b/pkg/microservice/aslan/core/common/service/workflowcontroller/jobcontroller/job_nacos.go index 0e8d7325da..bab7ec950b 100644 --- a/pkg/microservice/aslan/core/common/service/workflowcontroller/jobcontroller/job_nacos.go +++ b/pkg/microservice/aslan/core/common/service/workflowcontroller/jobcontroller/job_nacos.go @@ -58,13 +58,11 @@ func (c *NacosJobCtl) Run(ctx context.Context) { client, err := nacos.NewNacosClient(c.jobTaskSpec.Type, c.jobTaskSpec.NacosAddr, c.jobTaskSpec.AuthConfig) if err != nil { - c.logger.Error(err) logError(c.job, err.Error(), c.logger) return } for _, data := range c.jobTaskSpec.NacosDatas { if err := client.UpdateConfig(data.DataID, data.Group, c.jobTaskSpec.NamespaceID, data.Content, data.Format); err != nil { - c.logger.Error(err) data.Error = err.Error() logError(c.job, err.Error(), c.logger) return diff --git a/pkg/microservice/aslan/core/system/service/configuration_management.go b/pkg/microservice/aslan/core/system/service/configuration_management.go index 4b9ccc9943..1b8007453d 100644 --- a/pkg/microservice/aslan/core/system/service/configuration_management.go +++ b/pkg/microservice/aslan/core/system/service/configuration_management.go @@ -114,11 +114,11 @@ func ValidateConfigurationManagement(rawData string, log *zap.SugaredLogger) err case setting.SourceFromApollo: return validateApolloAuthConfig(getApolloConfigFromRaw(rawData)) case setting.SourceFromNacos: - return validateNacosAuthConfig(getNacosConfigFromRaw(rawData), log) + return validateNacosAuthConfig(getNacosConfigFromRaw(rawData)) case setting.SourceFromNacos3: - return validateNacosAuthConfig(getNacos3ConfigFromRaw(rawData), log) + return validateNacosAuthConfig(getNacos3ConfigFromRaw(rawData)) case setting.SourceFromNacosEEMSE: - return validateNacosAuthConfig(getNacosEEMSEAuthConfigFromRaw(rawData), log) + return validateNacosAuthConfig(getNacosEEMSEAuthConfigFromRaw(rawData)) default: return e.ErrInvalidParam.AddDesc("invalid type") } @@ -144,7 +144,7 @@ func validateApolloAuthConfig(config *commonmodels.ApolloConfig) error { return nil } -func validateNacosAuthConfig(config *nacos.NacosConfig, log *zap.SugaredLogger) error { +func validateNacosAuthConfig(config *nacos.NacosConfig) error { if config.Type != setting.SourceFromNacos && config.Type != setting.SourceFromNacos3 && config.Type != setting.SourceFromNacosEEMSE { return fmt.Errorf("nacos type is not nacos 1.x or nacos 3.x or nacos ee mse") } diff --git a/pkg/microservice/aslan/core/workflow/service/workflow/controller/job/job_nacos.go b/pkg/microservice/aslan/core/workflow/service/workflow/controller/job/job_nacos.go index 1315463906..4fc2960e84 100644 --- a/pkg/microservice/aslan/core/workflow/service/workflow/controller/job/job_nacos.go +++ b/pkg/microservice/aslan/core/workflow/service/workflow/controller/job/job_nacos.go @@ -117,12 +117,12 @@ func (j NacosJobController) Update(useUserInput bool, ticket *commonmodels.Appro nacosConfigs, err := commonservice.ListNacosConfig(j.jobSpec.NacosID, j.jobSpec.NamespaceID, j.jobSpec.GroupName, log.SugaredLogger()) if err != nil { - return fmt.Errorf("获取 Nacos 配置失败: %w", err) + return fmt.Errorf("fail to list nacos config: %w", err) } namespaces, err := commonservice.ListNacosNamespace(j.jobSpec.NacosID, log.SugaredLogger()) if err != nil { - return fmt.Errorf("获取 Nacos 命名空间失败: %w", err) + return fmt.Errorf("failed to list nacos namespace") } namespaceName := "" @@ -169,12 +169,12 @@ func (j NacosJobController) Update(useUserInput bool, ticket *commonmodels.Appro func (j NacosJobController) SetOptions(ticket *commonmodels.ApprovalTicket) error { nacosConfigs, err := commonservice.ListNacosConfig(j.jobSpec.NacosID, j.jobSpec.NamespaceID, j.jobSpec.GroupName, log.SugaredLogger()) if err != nil { - return fmt.Errorf("获取 Nacos 配置失败: %w", err) + return fmt.Errorf("fail to list nacos config: %w", err) } namespaces, err := commonservice.ListNacosNamespace(j.jobSpec.NacosID, log.SugaredLogger()) if err != nil { - return fmt.Errorf("获取 Nacos 命名空间失败: %w", err) + return fmt.Errorf("failed to list nacos namespace") } namespaceName := "" @@ -226,11 +226,11 @@ func (j NacosJobController) ToTask(taskID int64) ([]*commonmodels.JobTask, error } client, err := commonservice.GetNacosClient(j.jobSpec.NacosID) if err != nil { - return nil, fmt.Errorf("获取 Nacos 客户端失败: %w", err) + return nil, fmt.Errorf("get nacos client error: %v", err) } namespaces, err := client.ListNamespaces() if err != nil { - return nil, fmt.Errorf("获取 Nacos 命名空间失败: %w", err) + return nil, err } namespaceName := "" for _, namespace := range namespaces { diff --git a/pkg/microservice/aslan/core/workflow/service/workflow/workflow_task_v4.go b/pkg/microservice/aslan/core/workflow/service/workflow/workflow_task_v4.go index 0308dc0cd5..19b3ae813d 100644 --- a/pkg/microservice/aslan/core/workflow/service/workflow/workflow_task_v4.go +++ b/pkg/microservice/aslan/core/workflow/service/workflow/workflow_task_v4.go @@ -1751,7 +1751,7 @@ func RevertWorkflowTaskV4Job(ctx *internalhandler.Context, workflowName, jobName originalConfig, err := client.GetConfig(in.DataID, in.Group, in.NamespaceID) if err != nil { log.Errorf("failed to find current config for data: %s in namespace: %s, error: %s", in.DataID, in.NamespaceID, err) - return fmt.Errorf("获取 Nacos 当前配置失败: %w", err) + return fmt.Errorf("failed to find current config for data: %s in namespace: %s, error: %s", in.DataID, in.NamespaceID, err) } nacosID := types.NacosDataID{ DataID: in.DataID,