[Summer 2024] 拆分Nacos控制台使用的AdminAPI和客户端使用的openAPI及鉴权功能

[KomachiSion]

开源之夏是由中国科学院软件研究所“开源软件供应链点亮计划”发起并长期支持的一项暑期开源活动，旨在鼓励在校学生积极参与开源软件的开发维护，培养和发掘更多优秀的开发者，促进优秀开源软件社区的蓬勃发展，助力开源软件供应链建设。

Nacos将会作为指导组织参加本次的“开源之夏2024”

背景

Nacos社区自1.2.0版本开始，提供了鉴权功能，用于简单的进行数据的访问控制和错用拦截。随着Nacos的用户快速增加，许多用户提出了诸如“需要控制台鉴权，但client不需要鉴权”、“控制台需要单独部署开启访问控制，引擎部署内网不开鉴权”等类似诉求越发增多，但由于之前的设计中并没有单独为控制台的访问设计API，而是大量复用了OpenAPI，导致Nacos的鉴权功能的开启和关闭会同时影响到Nacos客户端的访问和控制台的访问，无法满足新的用户需求。

因此，Nacos社区希望通过本次开源之夏活动，将Nacos控制台使用的AdminAPI 和客户端使用的openAPI作出拆分，让控制台不再使用openAPI进行引擎数据的访问，同时对两类接口的鉴权通过不同的开关进行独立控制，提供能够满足不同场景开启不同程度的鉴权能力，同时为后续Nacos控制台和Nacos引擎独立部署提供接口基础。

目标

拆分当前Nacos控制台使用的AdminAPI 和客户端使用的openAPI，使得Nacos控制台不再依赖Nacos客户端所使用的openAPI进行访问；同时修改默认的鉴权插件，将两类接口的鉴权流程独立控制。

难度

基础

导师

杨翊
[email protected]

产出要求

• 梳理并设计Nacos控制台所需要的所有AdminAPI；
• 按照Nacos的API标准，实现上述所有AdminAPI；
• 修改Nacos控制台代码，使用上述所有AdminAPI；
• 修改Nacos默认鉴权插件，实现AdminAPI和OpenAPI的鉴权独立开关；
• 添加AdminAPI的相关文档；

能力要求

• 熟悉Java编程语言
• 熟悉RestFul等常用OpenAPI定义标准
• 了解JavaScript编程语言及NodeJS框架
• 熟悉Markdown

---

Open Source Promotion Plan is a summer program organized by the Institute of Software Chinese Academy of Sciences and long-term supported by the Open Source Software Supply Chain Promotion Plan. It aims to encourage college students to actively participate in the maintenance and development of open source software, promote the vigorous development of open source software communities, and build the open source software supply chain together.

Nacos will join The Summer 2024 as the mentoring organization.

Background

Since version 1.2.0, the Nacos community introduced an authentication feature for basic data access control and misuse interception. As the number of Nacos users grows rapidly, many have expressed the need for console authentication without affecting client authentication and the desire for console to have separate deployment with access control while the engine deployment within an intranet doesn't require authentication. However, since the previous design did not separately construct APIs for console access, and heavily reused OpenAPI, the authentication feature in Nacos affected both the client access and the console access simultaneously. This design is unable to meet the new user requirements.

Therefore, through the "Summer of Open Source", the Nacos community hopes to split the AdminAPI used by the Nacos console and the OpenAPI used by clients. This would allow the console to no longer rely on the openAPI to access engine data. In addition, authentication for these two types of interfaces would be independently controlled by different switches, to provide various levels of authentication required for different scenarios. It also lays the foundation for separately deploying the Nacos console and Nacos engine in the future.

Target

The goal is to split the current AdminAPI used by the Nacos console and the OpenAPI used by the client, so that the Nacos console no longer depends on the openAPI used by the Nacos client for access. Moreover, modify the default authentication plugin to independently control the authentication process of both types of interfaces.

Difficulty

Basic

Mentor

Yi Yang
[email protected]

Output Requirements

• Catalog and design all the AdminAPIs required by the Nacos console.
• Implement all the aforementioned AdminAPIs following Nacos API standards.
• Modify the Nacos console code to use all the aforementioned AdminAPIs.
• Modify the default Nacos authentication plugin to implement independent switches for the authentication of AdminAPI and OpenAPI.
• Add related documentation for AdminAPI.

Technical Requirements

• Proficient in Java programming language.
• Familiar with common OpenAPI definition standards such as RestFul.
• Understanding of JavaScript programming language and the NodeJS framework.
• Proficient in Markdown.