关于新版本 tidb dashboard API 调用说明

作者： WalterWj 原文来源： https://tidb.net/blog/d2d669b2

背景

tidb 新版本增加了对登陆密码进行非对称加密的的步骤。

token 的获取可以参考登录界面的登录流程：

1. 通过 api 获取 /api/user/login_info 获取公钥等信息
2. 通过 api /api/user/login 进行登录，payload 为 username 和 password，如果第一步存在公钥，则需要使用公钥对 password 进行加密

参考代码：

https://github.com/pingcap/tidb-dashboard/blob/master/ui/packages/tidb-dashboard-for-op/public/test-portal/index.html

操作

这里启动一个本地的 7.1.5 的 tidb 集群，pd 端口为 2399。数据库登录 账号/密码：root/tidb @123

获取 login info

curl http://127.0.0.1:2399/dashboard/api/user/login_info

{"supported_auth_types":[0,1],"sql_auth_public_key":"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvn9fJETVZeV1oYF5YzAQMNR4x3+8pUMtYmy7DNtSocIPuph76qW+0jaRhrbE7nJi2/51jzkp97cyaZGruPsdQogK5agsRlOirPTUPabJOmaLKW0WtLRzaH/Is1hkAqskdTAUVHK3cO0B7AMLPMjopDHMNSIGFlqtG9u+v2YNyFTRvVH/KqyAHFfwYxNHOeiV0i4rdAMi0hHmt3p7cWeOkQlyJvUATT8zh7fgljTzrMnyd0TLMgpRUFBbwXY4vdcz1YvwwPLAqoEjCzqOYn+xYg5euf84z91N6mCUBkpR0/nUcwLlgRUSnlbhMo+6Agsq9lJ37D0A9Yw5hjoRhetd4wIDAQAB"}

加密 public key

这里输入密码即可。注意结果换行去掉。

echo -n "tidb@123" | openssl rsautl -encrypt -pubin -inkey <(echo -e "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvn9fJETVZeV1oYF5YzAQMNR4x3+8pUMtYmy7DNtSocIPuph76qW+0jaRhrbE7nJi2/51jzkp97cyaZGruPsdQogK5agsRlOirPTUPabJOmaLKW0WtLRzaH/Is1hkAqskdTAUVHK3cO0B7AMLPMjopDHMNSIGFlqtG9u+v2YNyFTRvVH/KqyAHFfwYxNHOeiV0i4rdAMi0hHmt3p7cWeOkQlyJvUATT8zh7fgljTzrMnyd0TLMgpRUFBbwXY4vdcz1YvwwPLAqoEjCzqOYn+xYg5euf84z91N6mCUBkpR0/nUcwLlgRUSnlbhMo+6Agsq9lJ37D0A9Yw5hjoRhetd4wIDAQAB\n-----END PUBLIC KEY-----") -out encrypted_password.bin

base64 encrypted_password.bin
ORzuvWIQi4veJkIdMDEC7zehtKQP9pV5cOE8WCpAM6siy+dWkJYVUwIQYythVIHqByZU9X+kS7sx
tBY+HIbiesAhUDB5Nr98fmz7ZiYS2x/pGAqzT0Xvi6UzH89ESxf4fev+Mx0TOu+TE/oqtLNIFXus
CDG1EbPACMke7KgOtsUSZhwbIQrsAdesezSkqec4Uif8FNvtgi7Uv4JU2T56rqF41moTcHZzDuMa
KzD6fqWfJ9YOGFzxr1ZJrPZKu1hyw4SZ1IeI9QGiBwkYEJolhVyFypmbkUtSaHzc4trePQ3TNGT3
v6nKepiZ+xyXYPpK8BKPG6JKcYCR6pR8wrahLg==

获取 token

使用加密后的 password 来登录

curl -X POST "http://127.0.0.1:2399/dashboard/api/user/login" \
>      -H "Content-Type: application/json" \
>      -d '{"username": "root", "password": "ORzuvWIQi4veJkIdMDEC7zehtKQP9pV5cOE8WCpAM6siy+dWkJYVUwIQYythVIHqByZU9X+kS7sxtBY+HIbiesAhUDB5Nr98fmz7ZiYS2x/pGAqzT0Xvi6UzH89ESxf4fev+Mx0TOu+TE/oqtLNIFXusCDG1EbPACMke7KgOtsUSZhwbIQrsAdesezSkqec4Uif8FNvtgi7Uv4JU2T56rqF41moTcHZzDuMaKzD6fqWfJ9YOGFzxr1ZJrPZKu1hyw4SZ1IeI9QGiBwkYEJolhVyFypmbkUtSaHzc4trePQ3TNGT3v6nKepiZ+xyXYPpK8BKPG6JKcYCR6pR8wrahLg=="}'
{"token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE3MjYxMDc1NzEsIm9yaWdfaWF0IjoxNzI2MDIxMTcxLCJwIjoiaHVpeHFkS3JGbTdFMlQ5NVVidEhsNGgvZkd5cmRGYk9DOWxKbERRRzVEak51V3VaK25XVW1ndlNtMkJvZTN1dFI5UnFXZnl0WEpYSTlRQjBiRGtrNS9DZllsSjlFVCtHK3hTQ2F3SVNaUGs5ZHRnRVpmQW9YTG1UaGFDKzcwNU5KZy9pYmtHTitJL3Z4L3ZpVWlQcmhrSWZvTGppcW9SMFRhZnJTUjRGbTRQWlJRcy9ETzJZaTNSKzhrbDlBaERBSC9EeG42TDZrNDdpRXcrNVRTYk1vZEFTUU5yZTkvaUpPb1ltb3pQemVDWkFzeGhwdGg0RW56WmQ5RjA1d3NaZFlUbURyWEJhbDl6N0duVEp3aFdwWStFQlorRjY3dz09In0.zXTjUJASXpJPR8W1-q6KIvrIVBz3TizCs3xNQhmmO5w","expire":"2024-09-12T10:19:31.604370383+08:00"}

调用 API

这里需要使用获取的 token

curl -X GET "http://127.0.0.1:2399/dashboard/api/slow_query/list" \
     -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE3MjYxMDcwOTAsIm9yaWdfaWF0IjoxNzI2MDIwNjkwLCJwIjoiMC9ZdTFGSC80aEZkckdxZWFSa0hTTVJQQU5DU2EyNjFCUENsd2ZsVFd4MmViMGlGTHlzZEhOQXNIbEJhMW5oK2VraVBPa2Fld2R5SElZMkZEakxIeGFBSzZuQnQ2dXRJWDA1ZkNncjVjd1hNdXNRL2hmWERSVGNLZXVobDRVMWUrTWxFMjByQmtBTmx3Y0hHZ2lzZmJsVWFNVFo1ZU9ma1RhZ1hQbGd0UEh5MGpiT1MzTWVWZ1VJWjBsdkM1eU0xOHZyTk9mZDBYT2crdTBWYUw4VzVENzNmL2Z0eWJYUnJyN3M2OXkrdU5GcXZJa0RxUDR0UnUwYktWb0VQWmpaTitvTGd6VmE2R3BYc01iS3hYYUdxS1drdFROa0NkZz09In0.eJKmiR04jKRUOIu-rzHsjlIr-yX5VPpmMgAw7LeTr6A"