labring · maslow · Dec 12, 2022 · Dec 12, 2022
diff --git a/server/package-lock.json b/server/package-lock.json
diff --git a/server/package.json b/server/package.json
@@ -46,6 +46,7 @@
     "dotenv": "^16.0.3",
     "fast-json-patch": "^3.1.1",
     "mongodb": "^4.12.1",
+    "ms": "^2.1.3",
     "nanoid": "^3.3.4",
     "passport": "^0.6.0",
     "passport-jwt": "^4.0.0",

diff --git a/server/src/applications/applications.controller.ts b/server/src/applications/applications.controller.ts
@@ -24,6 +24,7 @@ import { CreateApplicationDto } from './dto/create-application.dto'
 import { UpdateApplicationDto } from './dto/update-application.dto'
 import { ApplicationsService } from './applications.service'
 import { ApplicationCoreService } from 'src/core/application.cr.service'
+import { ServerConfig } from 'src/constants'
 
 @ApiTags('Application')
 @Controller('applications')
@@ -83,14 +84,17 @@ export class ApplicationsController {
     // get sub resources
     const resources = await this.appService.getSubResources(appid)
 
-    const data = await this.appService.findOne(appid)
-    const sts = await this.appService.getApplicationSTS(appid, resources.oss)
+    const data = await this.appService.findOne(appid, { configuration: true })
+    const sts = await this.appService.getOssSTS(appid, resources.oss)
     const credentials = {
+      endpoint: ServerConfig.OSS_ENDPOINT,
       accessKeyId: sts.Credentials?.AccessKeyId,
       secretAccessKey: sts.Credentials?.SecretAccessKey,
       sessionToken: sts.Credentials?.SessionToken,
       expiration: sts.Credentials?.Expiration,
     }
+
+    const debug_token = await this.appService.getDebugFunctionToken(appid)
     const res = {
       ...data,
       gateway: resources.gateway,
@@ -99,6 +103,7 @@ export class ApplicationsController {
         ...resources.oss,
         credentials,
       },
+      function_debug_token: debug_token,
     }
 
     return ResponseUtil.ok(res)

diff --git a/server/src/applications/applications.module.ts b/server/src/applications/applications.module.ts
@@ -6,6 +6,7 @@ import { ApplicationsService } from './applications.service'
 import { PrismaService } from '../prisma.service'
 import { ApplicationTaskService } from './application-task.service'
 import { InstanceService } from 'src/instance/instance.service'
+import { JwtService } from '@nestjs/jwt'
 
 @Module({
   imports: [CoreModule],
@@ -15,6 +16,7 @@ import { InstanceService } from 'src/instance/instance.service'
     PrismaService,
     ApplicationTaskService,
     InstanceService,
+    JwtService,
   ],
   exports: [ApplicationsService],
 })

diff --git a/server/src/applications/applications.service.ts b/server/src/applications/applications.service.ts
@@ -11,6 +11,8 @@ import { OSSUserCoreService } from 'src/core/oss-user.cr.service'
 import { APPLICATION_SECRET_KEY, ServerConfig } from 'src/constants'
 import { GenerateAlphaNumericPassword } from 'src/common/random'
 import { OSSUser } from 'src/core/api/oss-user.cr'
+import * as assert from 'node:assert'
+import { JwtService } from '@nestjs/jwt'
 
 @Injectable()
 export class ApplicationsService {
@@ -20,6 +22,7 @@ export class ApplicationsService {
     private readonly databaseCore: DatabaseCoreService,
     private readonly gatewayCore: GatewayCoreService,
     private readonly ossCore: OSSUserCoreService,
+    private readonly jwtService: JwtService,
   ) {}
 
   async create(userid: string, dto: CreateApplicationDto) {
@@ -160,7 +163,7 @@ export class ApplicationsService {
    * @param app
    * @returns
    */
-  public getSTSClient(oss: OSSUser) {
+  private getSTSClient(oss: OSSUser) {
     return new STSClient({
       endpoint: ServerConfig.OSS_ENDPOINT,
       credentials: {
@@ -172,12 +175,12 @@ export class ApplicationsService {
   }
 
   /**
-   * Generate application full-granted STS
+   * Generate application full-granted OSS STS
    * @param bucket
    * @param duration_seconds
    * @returns
    */
-  public async getApplicationSTS(
+  public async getOssSTS(
     appid: string,
     user: OSSUser,
     duration_seconds?: number,
@@ -209,4 +212,25 @@ export class ApplicationsService {
     }
     return JSON.stringify(policy)
   }
+
+  async getDebugFunctionToken(appid: string) {
+    const conf = await this.prisma.applicationConfiguration.findUnique({
+      where: { appid },
+    })
+
+    // get secret from envs
+    const secret = conf?.environments.find(
+      (env) => env.name === APPLICATION_SECRET_KEY,
+    )
+    assert(secret?.value, 'application secret not found')
+
+    // generate token
+    const exp = Math.floor(Date.now() / 1000) + 60 * 60 * 24 * 7 // 7 days
+
+    const token = this.jwtService.sign(
+      { appid, type: 'debug', exp },
+      { secret: secret.value },
+    )
+    return token
+  }
 }
diff --git a/server/src/main.ts b/server/src/main.ts
@@ -30,9 +30,8 @@ async function bootstrap() {
     .setTitle('Open API Documentation of laf')
     .setDescription('`The APIs of laf server`')
     .setVersion('1.0.alpha')
-    .addServer('http://localhost:3000', 'local server')
+    .addServer(ServerConfig.SERVER, 'current server')
     .addServer('http://dev.server:3000', 'dev server')
-    .addServer(ServerConfig.SERVER, 'prod server')
     .addBearerAuth(
       { type: 'http', scheme: 'bearer', bearerFormat: 'JWT', in: 'header' },
       'Authorization',