change hbs api & change perm point (#344)

* change hbs api & change perm point

etc/lop.yml

@@ -44,18 +44,38 @@
   groups:
     - title: 告警策略
       ops:
-        - en: mon_stra_write
+        - en: mon_stra_create
-          cn: 告警策略配置权限
+          cn: 创建告警策略
+        - en: mon_stra_modify
+          cn: 修改告警策略
+        - en: mon_stra_delete
+          cn: 删除告警策略
+    - title: 告警屏蔽
+      ops:
+        - en: mon_maskconf_create
+          cn: 创建告警屏蔽
+        - en: mon_maskconf_modify
+          cn: 修改告警屏蔽
+        - en: mon_maskconf_delete
+          cn: 删除告警屏蔽
     - title: 采集策略
       ops:
-        - en: mon_collect_write
+        - en: mon_collect_create
-          cn: 采集策略配置权限
+          cn: 创建采集策略
-    - title: 大屏操作
+        - en: mon_collect_modify
+          cn: 修改采集策略
+        - en: mon_collect_delete
+          cn: 删除采集策略
+    - title: 大盘操作
       ops:
-        - en: mon_screen_write
+        - en: mon_screen_create
-          cn: 监控大屏配置权限
+          cn: 创建监控大盘
-        - en: mon_screen_read
+        - en: mon_screen_modify
-          cn: 监控大屏查看权限
+          cn: 修改监控大盘
+        - en: mon_screen_delete
+          cn: 删除监控大盘
+        - en: mon_screen_view
+          cn: 查看监控大盘
     # - title: 指标计算
     #   ops:
     #     - en: mon_aggr_write
@@ -63,4 +83,4 @@
     - title: 告警历史
       ops:
         - en: mon_event_write
-          cn: 告警历史屏蔽、认领、忽略
+          cn: 告警历史认领、忽略

src/common/dataobj/metric.go

@@ -73,6 +73,10 @@ func (m *MetricValue) CheckValidity(now int64) (err error) {
 		return
 	}
 
+	if m.Nid != "" {
+		m.Endpoint = NidToEndpoint(m.Nid)
+	}
+
 	if m.Metric == "" {
 		err = fmt.Errorf("metric should not be empty")
 		return

src/modules/index/config/config.go

@@ -62,7 +62,7 @@ func Parse(conf string) error {
 	viper.SetDefault("cache.rebuildWorker", 20)      //从磁盘读取所以的数据的并发个数
 	viper.SetDefault("cache.maxQueryCount", 100000)  //clude接口支持查询的最大曲线个数
 	viper.SetDefault("cache.reportEndpoint", true)
-	viper.SetDefault("cache.hbsMod", "monapi")
+	viper.SetDefault("cache.hbsMod", "rdb")
 
 	viper.SetDefault("report", map[string]interface{}{
 		"mod":      "index",

src/modules/index/index.go

@@ -61,7 +61,7 @@ func main() {
 	identity.Parse()
 	cache.InitDB(cfg.Cache)
 
-	go report.Init(cfg.Report, "monapi")
+	go report.Init(cfg.Report, "rdb")
 	go rpc.Start()
 
 	r := gin.New()

src/modules/judge/judge.go

@@ -62,7 +62,7 @@ func main() {
 	loggeri.Init(cfg.Logger)
 	go stats.Init("n9e.judge")
 
-	query.Init(cfg.Query, "monapi")
+	query.Init(cfg.Query, "rdb")
 	redi.Init(cfg.Redis)
 
 	cache.InitHistoryBigMap()
@@ -74,7 +74,7 @@ func main() {
 
 	go stra.GetStrategy(cfg.Strategy)
 	go judge.NodataJudge(cfg.NodataConcurrency)
-	go report.Init(cfg.Report, "monapi")
+	go report.Init(cfg.Report, "rdb")
 
 	if cfg.Logger.Level != "DEBUG" {
 		gin.SetMode(gin.ReleaseMode)

src/modules/monapi/http/http_middlewre.go

@@ -39,7 +39,7 @@ func cookieUser(c *gin.Context) string {
 }
 
 func headerUser(c *gin.Context) string {
-	token := c.GetHeader("x-user-token")
+	token := c.GetHeader("X-User-Token")
 	if token == "" {
 		return ""
 	}
@@ -56,10 +56,10 @@ func headerUser(c *gin.Context) string {
 
 const internalToken = "monapi-builtin-token"
 
-// CheckHeaderToken check thirdparty x-srv-token
+// CheckHeaderToken check thirdparty X-Srv-Token
 func CheckHeaderToken() gin.HandlerFunc {
 	return func(c *gin.Context) {
-		token := c.GetHeader("x-srv-token")
+		token := c.GetHeader("X-Srv-Token")
 		if token != internalToken && !slice.ContainsString(config.Get().Tokens, token) {
 			errors.Bomb("token[%s] invalid", token)
 		}

src/modules/monapi/http/router.go

@@ -20,12 +20,6 @@ func Config(r *gin.Engine) {
 		sys.GET("/addr", addr)
 	}
 
-	hbs := r.Group("/api/hbs")
-	{
-		hbs.POST("/heartbeat", heartBeat)
-		hbs.GET("/instances", instanceGets)
-	}
-
 	node := r.Group("/api/mon/node").Use(GetCookieUser())
 	{
 		node.GET("/:id/maskconf", maskconfGets)

src/modules/monapi/http/router_collect.go

@@ -41,7 +41,7 @@ func collectPost(c *gin.Context) {
 				errors.Bomb("unmarshal body %s err:%v", string(b), err)
 			}
 
-			can, err := models.UsernameCandoNodeOp(loginUsername(c), "mon_collect_write", collect.Nid)
+			can, err := models.UsernameCandoNodeOp(loginUsername(c), "mon_collect_create", collect.Nid)
 			errors.Dangerous(err)
 			if !can {
 				errors.Bomb("permission deny")
@@ -73,7 +73,7 @@ func collectPost(c *gin.Context) {
 				errors.Bomb("unmarshal body %s err:%v", string(b), err)
 			}
 
-			can, err := models.UsernameCandoNodeOp(loginUsername(c), "mon_collect_write", collect.Nid)
+			can, err := models.UsernameCandoNodeOp(loginUsername(c), "mon_collect_create", collect.Nid)
 			errors.Dangerous(err)
 			if !can {
 				errors.Bomb("permission deny")
@@ -104,7 +104,7 @@ func collectPost(c *gin.Context) {
 				errors.Bomb("unmarshal body %s err:%v", string(b), err)
 			}
 
-			can, err := models.UsernameCandoNodeOp(loginUsername(c), "mon_collect_write", collect.Nid)
+			can, err := models.UsernameCandoNodeOp(loginUsername(c), "mon_collect_create", collect.Nid)
 			errors.Dangerous(err)
 			if !can {
 				errors.Bomb("permission deny")
@@ -136,7 +136,7 @@ func collectPost(c *gin.Context) {
 				errors.Bomb("unmarshal body %s err:%v", string(b), err)
 			}
 
-			can, err := models.UsernameCandoNodeOp(loginUsername(c), "mon_collect_write", collect.Nid)
+			can, err := models.UsernameCandoNodeOp(loginUsername(c), "mon_collect_create", collect.Nid)
 			errors.Dangerous(err)
 			if !can {
 				errors.Bomb("permission deny")
@@ -168,7 +168,7 @@ func collectPost(c *gin.Context) {
 				errors.Bomb("unmarshal body %s err:%v", string(b), err)
 			}
 
-			can, err := models.UsernameCandoNodeOp(loginUsername(c), "mon_collect_write", collect.Nid)
+			can, err := models.UsernameCandoNodeOp(loginUsername(c), "mon_collect_create", collect.Nid)
 			errors.Dangerous(err)
 			if !can {
 				errors.Bomb("permission deny")
@@ -266,7 +266,7 @@ func collectPut(c *gin.Context) {
 			errors.Bomb("unmarshal body %s err:%v", string(b), err)
 		}
 
-		can, err := models.UsernameCandoNodeOp(loginUsername(c), "mon_collect_write", collect.Nid)
+		can, err := models.UsernameCandoNodeOp(loginUsername(c), "mon_collect_modify", collect.Nid)
 		errors.Dangerous(err)
 		if !can {
 			errors.Bomb("permission deny")
@@ -311,7 +311,7 @@ func collectPut(c *gin.Context) {
 			errors.Bomb("unmarshal body %s err:%v", string(b), err)
 		}
 
-		can, err := models.UsernameCandoNodeOp(loginUsername(c), "mon_collect_write", collect.Nid)
+		can, err := models.UsernameCandoNodeOp(loginUsername(c), "mon_collect_modify", collect.Nid)
 		errors.Dangerous(err)
 		if !can {
 			errors.Bomb("permission deny")
@@ -331,7 +331,7 @@ func collectPut(c *gin.Context) {
 			errors.Bomb("采集不存在 type:%s id:%d", recv.Type, collect.Id)
 		}
 
-		can, err = models.UsernameCandoNodeOp(loginUsername(c), "mon_collect_write", collect.Nid)
+		can, err = models.UsernameCandoNodeOp(loginUsername(c), "mon_collect_modify", collect.Nid)
 		errors.Dangerous(err)
 		if !can {
 			errors.Bomb("permission deny")
@@ -362,7 +362,7 @@ func collectPut(c *gin.Context) {
 			errors.Bomb("unmarshal body %s err:%v", string(b), err)
 		}
 
-		can, err := models.UsernameCandoNodeOp(loginUsername(c), "mon_collect_write", collect.Nid)
+		can, err := models.UsernameCandoNodeOp(loginUsername(c), "mon_collect_modify", collect.Nid)
 		errors.Dangerous(err)
 		if !can {
 			errors.Bomb("permission deny")
@@ -408,7 +408,7 @@ func collectPut(c *gin.Context) {
 			errors.Bomb("unmarshal body %s err:%v", string(b), err)
 		}
 
-		can, err := models.UsernameCandoNodeOp(loginUsername(c), "mon_collect_write", collect.Nid)
+		can, err := models.UsernameCandoNodeOp(loginUsername(c), "mon_collect_modify", collect.Nid)
 		errors.Dangerous(err)
 		if !can {
 			errors.Bomb("permission deny")
@@ -453,7 +453,7 @@ func collectPut(c *gin.Context) {
 			errors.Bomb("unmarshal body %s err:%v", string(b), err)
 		}
 
-		can, err := models.UsernameCandoNodeOp(loginUsername(c), "mon_collect_write", collect.Nid)
+		can, err := models.UsernameCandoNodeOp(loginUsername(c), "mon_collect_modify", collect.Nid)
 		errors.Dangerous(err)
 		if !can {
 			errors.Bomb("permission deny")
@@ -527,7 +527,7 @@ func collectsDel(c *gin.Context) {
 				nid = tmp.(*models.PluginCollect).Nid
 			}
 
-			can, err := models.UsernameCandoNodeOp(loginUsername(c), "mon_collect_write", int64(nid))
+			can, err := models.UsernameCandoNodeOp(loginUsername(c), "mon_collect_delete", int64(nid))
 			errors.Dangerous(err)
 			if !can {
 				errors.Bomb("permission deny")

src/modules/monapi/http/router_index.go

@@ -128,7 +128,7 @@ func Tagkv(request NidMetricRecv) ([]IndexTagkvResp, error) {
 
 func GetIndexes() []string {
 	var indexInstances []string
-	instances, err := report.GetAlive("index", "monapi")
+	instances, err := report.GetAlive("index", "rdb")
 	if err != nil {
 		return indexInstances
 	}

src/modules/monapi/http/router_maskconf.go

@@ -52,7 +52,7 @@ func (f MaskconfForm) Validate() {
 func maskconfPost(c *gin.Context) {
 	var f MaskconfForm
 	errors.Dangerous(c.ShouldBind(&f))
-	can, err := models.UsernameCandoNodeOp(loginUsername(c), "mon_stra_write", f.Nid)
+	can, err := models.UsernameCandoNodeOp(loginUsername(c), "mon_maskconf_create", f.Nid)
 	errors.Dangerous(err)
 	if !can {
 		errors.Bomb("permission deny")
@@ -103,7 +103,7 @@ func maskconfDel(c *gin.Context) {
 	mask, err := models.MaskconfGet("id", id)
 	errors.Dangerous(err)
 
-	can, err := models.UsernameCandoNodeOp(loginUsername(c), "mon_stra_write", mask.Nid)
+	can, err := models.UsernameCandoNodeOp(loginUsername(c), "mon_maskconf_delete", mask.Nid)
 	errors.Dangerous(err)
 	if !can {
 		errors.Bomb("permission deny")
@@ -120,7 +120,7 @@ func maskconfPut(c *gin.Context) {
 		errors.Bomb("maskconf is nil")
 	}
 
-	can, err := models.UsernameCandoNodeOp(loginUsername(c), "mon_stra_write", mc.Nid)
+	can, err := models.UsernameCandoNodeOp(loginUsername(c), "mon_maskconf_modify", mc.Nid)
 	errors.Dangerous(err)
 	if !can {
 		errors.Bomb("permission deny")

src/modules/monapi/http/router_screen.go

@@ -39,7 +39,7 @@ func screenPost(c *gin.Context) {
 
 	var f ScreenForm
 	errors.Dangerous(c.ShouldBind(&f))
-	can, err := models.UsernameCandoNodeOp(username, "mon_screen_write", node.Id)
+	can, err := models.UsernameCandoNodeOp(username, "mon_screen_create", node.Id)
 	errors.Dangerous(err)
 	if !can {
 		errors.Bomb("permission deny")
@@ -58,7 +58,16 @@ func screenPost(c *gin.Context) {
 }
 
 func screenGets(c *gin.Context) {
-	objs, err := models.ScreenGets(urlParamInt64(c, "id"))
+	username := loginUsername(c)
+
+	nid := urlParamInt64(c, "id")
+	can, err := models.UsernameCandoNodeOp(username, "mon_screen_view", nid)
+	errors.Dangerous(err)
+	if !can {
+		errors.Bomb("permission deny")
+	}
+
+	objs, err := models.ScreenGets(nid)
 	renderData(c, objs, err)
 }
 
@@ -67,7 +76,7 @@ func screenGet(c *gin.Context) {
 	obj, err := models.ScreenGet("id", urlParamInt64(c, "id"))
 	node := mustNode(obj.NodeId)
 
-	can, err := models.UsernameCandoNodeOp(username, "mon_screen_read", obj.NodeId)
+	can, err := models.UsernameCandoNodeOp(username, "mon_screen_view", obj.NodeId)
 	errors.Dangerous(err)
 	if !can {
 		errors.Bomb("permission deny")
@@ -90,7 +99,7 @@ func screenPut(c *gin.Context) {
 	errors.Dangerous(c.ShouldBind(&f))
 	screenNameValidate(f.Name)
 
-	can, err := models.UsernameCandoNodeOp(username, "mon_screen_write", screen.NodeId)
+	can, err := models.UsernameCandoNodeOp(username, "mon_screen_modify", screen.NodeId)
 	errors.Dangerous(err)
 	if !can {
 		errors.Bomb("permission deny")
@@ -109,7 +118,7 @@ func screenDel(c *gin.Context) {
 	username := loginUsername(c)
 	screen := mustScreen(urlParamInt64(c, "id"))
 
-	can, err := models.UsernameCandoNodeOp(username, "mon_screen_write", screen.NodeId)
+	can, err := models.UsernameCandoNodeOp(username, "mon_screen_delete", screen.NodeId)
 	errors.Dangerous(err)
 	if !can {
 		errors.Bomb("permission deny")
@@ -148,7 +157,7 @@ func screenSubclassPost(c *gin.Context) {
 	errors.Dangerous(c.ShouldBind(&f))
 	f.Validate()
 
-	can, err := models.UsernameCandoNodeOp(loginUsername(c), "mon_screen_write", screen.NodeId)
+	can, err := models.UsernameCandoNodeOp(loginUsername(c), "mon_screen_create", screen.NodeId)
 	errors.Dangerous(err)
 	if !can {
 		errors.Bomb("permission deny")
@@ -176,7 +185,7 @@ func screenSubclassPut(c *gin.Context) {
 	//校验权限
 	for i := 0; i < cnt; i++ {
 		screen := mustScreen(arr[i].ScreenId)
-		can, err := models.UsernameCandoNodeOp(username, "mon_screen_write", screen.NodeId)
+		can, err := models.UsernameCandoNodeOp(username, "mon_screen_modify", screen.NodeId)
 		errors.Dangerous(err)
 		if !can {
 			errors.Bomb("permission deny")
@@ -201,7 +210,7 @@ func screenSubclassLocPut(c *gin.Context) {
 	for i := 0; i < cnt; i++ {
 		screen := mustScreen(arr[i].ScreenId)
 
-		can, err := models.UsernameCandoNodeOp(username, "mon_screen_write", screen.NodeId)
+		can, err := models.UsernameCandoNodeOp(username, "mon_screen_modify", screen.NodeId)
 		errors.Dangerous(err)
 		if !can {
 			errors.Bomb("permission deny")
@@ -220,7 +229,7 @@ func screenSubclassDel(c *gin.Context) {
 	errors.Dangerous(err)
 
 	screen := mustScreen(subclass.ScreenId)
-	can, err := models.UsernameCandoNodeOp(loginUsername(c), "mon_screen_write", screen.NodeId)
+	can, err := models.UsernameCandoNodeOp(loginUsername(c), "mon_screen_delete", screen.NodeId)
 	errors.Dangerous(err)
 	if !can {
 		errors.Bomb("permission deny")

src/modules/monapi/http/router_stra.go

@@ -13,7 +13,7 @@ func straPost(c *gin.Context) {
 	stra := new(models.Stra)
 	errors.Dangerous(c.ShouldBind(stra))
 
-	can, err := models.UsernameCandoNodeOp(username, "mon_stra_write", stra.Nid)
+	can, err := models.UsernameCandoNodeOp(username, "mon_stra_create", stra.Nid)
 	errors.Dangerous(err)
 	if !can {
 		errors.Bomb("permission deny")
@@ -45,7 +45,7 @@ func straPut(c *gin.Context) {
 	stra := new(models.Stra)
 	errors.Dangerous(c.ShouldBind(stra))
 
-	can, err := models.UsernameCandoNodeOp(username, "mon_stra_write", stra.Nid)
+	can, err := models.UsernameCandoNodeOp(username, "mon_stra_modify", stra.Nid)
 	errors.Dangerous(err)
 	if !can {
 		errors.Bomb("permission deny")
@@ -80,7 +80,7 @@ func strasDel(c *gin.Context) {
 	for _, id := range rev.Ids {
 		stra, err := models.StraGet("id", id)
 		errors.Dangerous(err)
-		can, err := models.UsernameCandoNodeOp(username, "mon_stra_write", stra.Nid)
+		can, err := models.UsernameCandoNodeOp(username, "mon_stra_delete", stra.Nid)
 		errors.Dangerous(err)
 		if !can {
 			errors.Bomb("permission deny")
@@ -136,14 +136,3 @@ func effectiveStrasGet(c *gin.Context) {
 	}
 	renderData(c, stras, nil)
 }
-
-/*
-func GetNodeBy(ip string) (string, error) {
-	cluster := config.Get().Judges
-	for node, ipv := range cluster {
-		if ipv == ip {
-			return node, nil
-		}
-	}
-	return "", fmt.Errorf("node not found by %s", ip)
-}*/

src/modules/monapi/monapi.go

@@ -61,7 +61,7 @@ func main() {
 
 	cache.InitMemoryCache(time.Hour)
 	config.InitLogger()
-	models.InitMySQL("mon", "hbs", "rdb")
+	models.InitMySQL("mon", "rdb")
 
 	scache.Init()
 

src/modules/monapi/notify/notify.go

@@ -370,7 +370,7 @@ func send(tos []string, content, subject, notifyType string) error {
 			url = "http://" + url
 		}
 
-		res, code, err := httplib.PostJSON(url, time.Second*5, data, map[string]string{"x-srv-token": "rdb-builtin-token"})
+		res, code, err := httplib.PostJSON(url, time.Second*5, data, map[string]string{"X-Srv-Token": "rdb-builtin-token"})
 		if err != nil {
 			logger.Errorf("call sender api failed, server: %v, data: %+v, err: %v, resp:%v, status code:%d", url, data, err, string(res), code)
 			continue
@@ -436,7 +436,7 @@ func send2Ticket(content, subject, hashId string, prio int, eventType string, wo
 			Info: info,
 		}
 
-		res, code, err := httplib.PostJSON(url, time.Second*5, req, map[string]string{"x-srv-token": "ticket-builtin-token"})
+		res, code, err := httplib.PostJSON(url, time.Second*5, req, map[string]string{"X-Srv-Token": "ticket-builtin-token"})
 		if err != nil {
 			logger.Errorf("call ticket api failed, server: %v, data: %+v, err: %v, resp:%v, status code:%d", url, req, err, string(res), code)
 			return

src/modules/monapi/scache/init.go

@@ -34,7 +34,7 @@ func Init() {
 func InitJudgeHashRing() {
 	JudgeHashRing = NewConsistentHashRing(int32(config.JudgesReplicas), []string{})
 
-	judges, err := report.GetAlive("judge", "monapi")
+	judges, err := report.GetAlive("judge", "rdb")
 	if err != nil {
 		logger.Warning("get judge err:", err)
 	}

src/modules/monapi/scache/judge.go

@@ -21,7 +21,7 @@ func CheckJudgeNodes() {
 }
 
 func CheckJudge() error {
-	judges, err := report.GetAlive("judge", "monapi")
+	judges, err := report.GetAlive("judge", "rdb")
 	if err != nil {
 		logger.Warning("get judge err:", err)
 		return fmt.Errorf("report.GetAlive judge fail: %v", err)

src/modules/rdb/http/router.go

@@ -23,6 +23,12 @@ func Config(r *gin.Engine) {
 		notLogin.GET("/auth/settings", authSettings)
 	}
 
+	hbs := r.Group("/api/hbs")
+	{
+		hbs.POST("/heartbeat", heartBeat)
+		hbs.GET("/instances", instanceGets)
+	}
+
 	rootLogin := r.Group("/api/rdb").Use(shouldBeRoot())
 	{
 		rootLogin.GET("/configs/smtp", smtpConfigsGet)

src/modules/rdb/http/router_hbs.go

@@ -36,7 +36,7 @@ func heartBeat(c *gin.Context) {
 }
 
 func instanceGets(c *gin.Context) {
-	mod := mustQueryStr(c, "mod")
+	mod := queryStr(c, "mod")
 	alive := queryInt(c, "alive", 0)
 
 	instances, err := models.GetAllInstances(mod, alive)

src/modules/rdb/rdb.go

@@ -57,7 +57,7 @@ func main() {
 	loggeri.Init(config.Config.Logger)
 
 	// 初始化数据库和相关数据
-	models.InitMySQL("rdb")
+	models.InitMySQL("rdb", "hbs")
 	models.InitSalt()
 	models.InitRooter()
 

src/modules/transfer/backend/tsdb/index.go

@@ -40,7 +40,7 @@ func GetIndexLoop() {
 }
 
 func GetIndex() {
-	instances, err := report.GetAlive("index", "monapi")
+	instances, err := report.GetAlive("index", "rdb")
 	if err != nil {
 		stats.Counter.Set("get.index.err", 1)
 		logger.Warningf("get index list err:%v", err)

src/modules/transfer/config/config.go

@@ -100,7 +100,7 @@ func Parse(conf string) error {
 		"maxIdle":     32,   //建立的连接池的最大空闲数
 		"connTimeout": 1000, //链接超时时间，单位毫秒
 		"callTimeout": 3000, //访问超时时间，单位毫秒
-		"hbsMod":      "monapi",
+		"hbsMod":      "rdb",
 	})
 
 	viper.SetDefault("backend.tsdb", map[string]interface{}{

src/modules/transfer/transfer.go

@@ -63,7 +63,7 @@ func main() {
 	backend.Init(cfg.Backend)
 	cron.Init()
 
-	go report.Init(cfg.Report, "monapi")
+	go report.Init(cfg.Report, "rdb")
 	go rpc.Start()
 
 	r := gin.New()

src/modules/tsdb/config/config.go

@@ -95,7 +95,7 @@ func Parse(conf string) error {
 
 	viper.SetDefault("index.activeDuration", 90000)  //索引最大的保留时间，超过此数值，索引不会被重建，默认是1天+1小时
 	viper.SetDefault("index.rebuildInterval", 21600) //重建索引的周期，单位为秒，默认是6h
-	viper.SetDefault("index.hbsMod", "monapi")       //获取index心跳的模块
+	viper.SetDefault("index.hbsMod", "rdb")          //获取index心跳的模块
 
 	viper.SetDefault("rpcClient", map[string]int{
 		"maxConns":    320,  //查询和推送数据的并发个数