apache · moonming · Nov 13, 2023 · Nov 4, 2023 · Nov 5, 2023 · Nov 5, 2023
diff --git a/apisix/discovery/nacos/init.lua b/apisix/discovery/nacos/init.lua
@@ -39,6 +39,8 @@ local auth_path = 'auth/login'
 local instance_list_path = 'ns/instance/list?healthyOnly=true&serviceName='
 local default_namespace_id = "public"
 local default_group_name = "DEFAULT_GROUP"
+local access_key
+local secret_key
 
 local events
 local events_list
@@ -145,6 +147,20 @@ local function get_group_name_param(group_name)
     return param
 end
 
+local function get_signed_param(group_name, service_name)
+    local param = ''
+    if access_key ~= '' and secret_key ~= '' then
+        local str_to_sign = ngx.now() * 1000 .. '@@' .. group_name .. '@@' .. service_name
+        local args = {
+            ak = access_key,
+            data = str_to_sign,
+            signature = ngx.encode_base64(ngx.hmac_sha1(secret_key, str_to_sign))
+        }
+        param = '&' .. ngx.encode_args(args)
+    end
+    return param
+end
+
 local function get_base_uri()
     local host = local_conf.discovery.nacos.host
     -- TODO Add health check to get healthy nodes.
@@ -286,8 +302,10 @@ local function fetch_full_registry(premature)
         local scheme = service_info.scheme or ''
         local namespace_param = get_namespace_param(service_info.namespace_id)
         local group_name_param = get_group_name_param(service_info.group_name)
+        local signature_param = get_signed_param(service_info.group_name, service_info.service_name)
         local query_path = instance_list_path .. service_info.service_name
                            .. token_param .. namespace_param .. group_name_param
+                           .. signature_param
         data, err = get_url(base_uri, query_path)
         if err then
             log.error('get_url:', query_path, ' err:', err)
@@ -385,6 +403,8 @@ function _M.init_worker()
     log.info('default_weight:', default_weight)
     local fetch_interval = local_conf.discovery.nacos.fetch_interval
     log.info('fetch_interval:', fetch_interval)
+    access_key = local_conf.discovery.nacos.access_key
+    secret_key = local_conf.discovery.nacos.secret_key
     ngx_timer_at(0, fetch_full_registry)
     ngx_timer_every(fetch_interval, fetch_full_registry)
 end

diff --git a/apisix/discovery/nacos/schema.lua b/apisix/discovery/nacos/schema.lua
@@ -52,6 +52,8 @@ return {
                 read = 5000,
             }
         },
+        access_key = {type = 'string', default = ''},
+        secret_key = {type = 'string', default = ''},
     },
     required = {'host'}
 }
diff --git a/conf/config-default.yaml b/conf/config-default.yaml
@@ -308,6 +308,8 @@ nginx_config:                     # Config for render the template to generate n
 #      connect: 2000       # Default 2000ms
 #      send: 2000          # Default 2000ms
 #      read: 5000          # Default 5000ms
+#    access_key: ""
+#    secret_key: ""
 #  consul_kv:              # Consul KV
 #    servers:              # Consul KV address(es)
 #      - "http://127.0.0.1:8500"