From aa8bdaf5409c5cb9525a45d445f5b93f796c16ef Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=B2=9B=E9=A3=8E?= Date: Thu, 16 Oct 2025 16:33:56 +0800 Subject: [PATCH 1/5] feat: support 2.0.0 wasmplugin --- Dockerfile | 2 +- pull_plugins.py | 27 +++++++++++++++++++-------- 2 files changed, 20 insertions(+), 9 deletions(-) diff --git a/Dockerfile b/Dockerfile index 1615b5b..844f37e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -26,7 +26,7 @@ WORKDIR /workspace COPY pull_plugins.py plugins.properties ./ # 执行构建操作 -RUN python3 pull_plugins.py +RUN python3 pull_plugins.py --download-v2 # 运行阶段:最终镜像 FROM $NGINX_IMAGE diff --git a/pull_plugins.py b/pull_plugins.py index e76b47f..fb38c11 100644 --- a/pull_plugins.py +++ b/pull_plugins.py @@ -7,6 +7,7 @@ import shutil import hashlib from datetime import datetime + def calculate_md5(file_path, chunk_size=4096): """计算文件的 MD5 值""" md5_hash = hashlib.md5() @@ -96,6 +97,8 @@ def main(): parser = argparse.ArgumentParser(description='处理插件配置文件') parser.add_argument('properties_path', nargs='?', default=None, help='properties文件路径(默认:脚本所在目录下的plugins.properties)') + parser.add_argument('--download-v2', action='store_true', + help='是否下载 2.0.0 版本插件') args = parser.parse_args() # 用户未提供路径时,使用默认逻辑 @@ -116,27 +119,35 @@ def main(): for plugin_name, plugin_url in properties.items(): print(f"\n正在处理插件: {plugin_name}") - success = process_plugin(base_path, plugin_name, plugin_url) + # 处理原始版本(1.0.0) + success = process_plugin(base_path, plugin_name, plugin_url, "1.0.0") if not success: - failed_plugins.append(plugin_name) + failed_plugins.append(f"{plugin_name}:1.0.0") + + # 如果指定了 --download-v2 参数,则额外处理 2.0.0 版本 + if args.download_v2: + v2_url = plugin_url.replace(":1.0.0", ":2.0.0") + print(f"\n正在处理插件 {plugin_name} 的 2.0.0 版本") + success = process_plugin(base_path, plugin_name, v2_url, "2.0.0") + if not success: + failed_plugins.append(f"{plugin_name}:2.0.0") if failed_plugins: print("\n以下插件未成功处理:") for plugin in failed_plugins: print(f"- {plugin}") -def process_plugin(base_path, plugin_name, plugin_url): +def process_plugin(base_path, plugin_name, plugin_url, version): """ 处理单个插件下载和信息获取 """ - version = plugin_url.split(':')[-1] plugins_base_path = os.path.join(base_path, 'plugins') os.makedirs(plugins_base_path, exist_ok=True) plugin_dir = os.path.join(plugins_base_path, plugin_name, version) os.makedirs(plugin_dir, exist_ok=True) - temp_download_dir = os.path.join(plugins_base_path, f"{plugin_name}_temp") + temp_download_dir = os.path.join(plugins_base_path, f"{plugin_name}_{version}_temp") os.makedirs(temp_download_dir, exist_ok=True) wasm_found = False @@ -169,10 +180,10 @@ def process_plugin(base_path, plugin_name, plugin_url): wasm_found = handle_wasm_layer(wasm_path, plugin_dir) except subprocess.CalledProcessError as e: - print(f"{plugin_name} 命令执行失败: {e}") + print(f"{plugin_name} ({version}) 命令执行失败: {e}") return False except Exception as e: - print(f"{plugin_name} 处理过程中发生错误: {e}") + print(f"{plugin_name} ({version}) 处理过程中发生错误: {e}") return False finally: shutil.rmtree(temp_download_dir, ignore_errors=True) @@ -183,4 +194,4 @@ def process_plugin(base_path, plugin_name, plugin_url): return wasm_found if __name__ == '__main__': - main() + main() \ No newline at end of file From c916ae1fa2c5d2074847de3df087b43941530f58 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=B2=9B=E9=A3=8E?= Date: Mon, 10 Nov 2025 18:10:35 +0800 Subject: [PATCH 2/5] fix: support json-converter plugin --- plugins.properties | 1 + 1 file changed, 1 insertion(+) diff --git a/plugins.properties b/plugins.properties index 3dcba17..ab723e7 100644 --- a/plugins.properties +++ b/plugins.properties @@ -49,6 +49,7 @@ cache-control=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/cache-c de-graphql=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/de-graphql:1.0.0 geo-ip=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/geo-ip:1.0.0 frontend-gray=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/frontend-gray:1.0.0 +json-converter=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/jsonrpc-converter:1.0.0 # Traffic request-block=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/request-block:1.0.0 From ece8379dcc79c5d6294f4edcfef8d652509b85e2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=B2=9B=E9=A3=8E?= Date: Tue, 3 Feb 2026 14:51:00 +0800 Subject: [PATCH 3/5] =?UTF-8?q?chore(plugins):=20=E5=8D=87=E7=BA=A7?= =?UTF-8?q?=E6=89=80=E6=9C=89=E6=8F=92=E4=BB=B6=E7=89=88=E6=9C=AC=E8=87=B3?= =?UTF-8?q?2.0.0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - 更新AI系列插件版本号从1.0.0到2.0.0 - 更新认证相关插件版本号从1.0.0到2.0.0 - 更新转换类插件版本号从1.0.0到2.0.0 - 更新流量控制插件版本号从1.0.0到2.0.0 - 更新安全相关插件版本号从1.0.0到2.0.0 - 新增.gitignore文件,忽略IDE和环境相关文件夹和文件 --- .idea/.gitignore | 10 ++++++ plugins.properties | 86 +++++++++++++++++++++++----------------------- 2 files changed, 53 insertions(+), 43 deletions(-) create mode 100644 .idea/.gitignore diff --git a/.idea/.gitignore b/.idea/.gitignore new file mode 100644 index 0000000..7bc07ec --- /dev/null +++ b/.idea/.gitignore @@ -0,0 +1,10 @@ +# Default ignored files +/shelf/ +/workspace.xml +# Editor-based HTTP Client requests +/httpRequests/ +# Environment-dependent path to Maven home directory +/mavenHomeManager.xml +# Datasource local storage ignored files +/dataSources/ +/dataSources.local.xml diff --git a/plugins.properties b/plugins.properties index ab723e7..987dac9 100644 --- a/plugins.properties +++ b/plugins.properties @@ -12,54 +12,54 @@ # # AI -ai-prompt-decorator=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/ai-prompt-decorator:1.0.0 -ai-prompt-template=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/ai-prompt-template:1.0.0 -ai-rag=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/ai-rag:1.0.0 -ai-search=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/ai-search:1.0.0 -ai-security-guard=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/ai-security-guard:1.0.0 -ai-statistics=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/ai-statistics:1.0.0 -ai-token-ratelimit=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/ai-token-ratelimit:1.0.0 -ai-transformer=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/ai-transformer:1.0.0 -ai-cache=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/ai-cache:1.0.0 -ai-proxy=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/ai-proxy:1.0.0 -ai-history=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/ai-history:1.0.0 -ai-intent=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/ai-intent:1.0.0 -ai-quota=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/ai-quota:1.0.0 -ai-agent=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/ai-agent:1.0.0 -ai-data-masking=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/ai-data-masking:1.0.0 -ai-json-resp=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/ai-json-resp:1.0.0 -model-router=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/model-router:1.0.0 -model-mapper=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/model-mapper:1.0.0 -mcp-server=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/mcp-server/all-in-one:1.0.0 +ai-prompt-decorator=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/ai-prompt-decorator:2.0.0 +ai-prompt-template=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/ai-prompt-template:2.0.0 +ai-rag=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/ai-rag:2.0.0 +ai-search=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/ai-search:2.0.0 +ai-security-guard=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/ai-security-guard:2.0.0 +ai-statistics=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/ai-statistics:2.0.0 +ai-token-ratelimit=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/ai-token-ratelimit:2.0.0 +ai-transformer=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/ai-transformer:2.0.0 +ai-cache=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/ai-cache:2.0.0 +ai-proxy=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/ai-proxy:2.0.0 +ai-history=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/ai-history:2.0.0 +ai-intent=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/ai-intent:2.0.0 +ai-quota=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/ai-quota:2.0.0 +ai-agent=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/ai-agent:2.0.0 +ai-data-masking=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/ai-data-masking:2.0.0 +ai-json-resp=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/ai-json-resp:2.0.0 +model-router=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/model-router:2.0.0 +model-mapper=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/model-mapper:2.0.0 +mcp-server=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/mcp-server/all-in-one:2.0.0 # Auth -basic-auth=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/basic-auth:1.0.0 -key-auth=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/key-auth:1.0.0 -oidc=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/oidc:1.0.0 -jwt-auth=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/jwt-auth:1.0.0 -hmac-auth=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/hmac-auth:1.0.0 -ext-auth=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/ext-auth:1.0.0 -oauth=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/oauth:1.0.0 -opa=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/opa:1.0.0 +basic-auth=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/basic-auth:2.0.0 +key-auth=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/key-auth:2.0.0 +oidc=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/oidc:2.0.0 +jwt-auth=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/jwt-auth:2.0.0 +hmac-auth=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/hmac-auth:2.0.0 +ext-auth=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/ext-auth:2.0.0 +oauth=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/oauth:2.0.0 +opa=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/opa:2.0.0 # Transformation -custom-response=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/custom-response:1.0.0 -transformer=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/transformer:1.0.0 -cache-control=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/cache-control:1.0.0 -de-graphql=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/de-graphql:1.0.0 -geo-ip=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/geo-ip:1.0.0 -frontend-gray=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/frontend-gray:1.0.0 -json-converter=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/jsonrpc-converter:1.0.0 +custom-response=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/custom-response:2.0.0 +transformer=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/transformer:2.0.0 +cache-control=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/cache-control:2.0.0 +de-graphql=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/de-graphql:2.0.0 +geo-ip=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/geo-ip:2.0.0 +frontend-gray=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/frontend-gray:2.0.0 +json-converter=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/jsonrpc-converter:2.0.0 # Traffic -request-block=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/request-block:1.0.0 -key-rate-limit=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/key-rate-limit:1.0.0 -cluster-key-rate-limit=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/cluster-key-rate-limit:1.0.0 -ip-restriction=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/ip-restriction:1.0.0 -request-validation=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/request-validation:1.0.0 -traffic-tag=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/traffic-tag:1.0.0 +request-block=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/request-block:2.0.0 +key-rate-limit=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/key-rate-limit:2.0.0 +cluster-key-rate-limit=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/cluster-key-rate-limit:2.0.0 +ip-restriction=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/ip-restriction:2.0.0 +request-validation=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/request-validation:2.0.0 +traffic-tag=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/traffic-tag:2.0.0 # Security -bot-detect=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/bot-detect:1.0.0 -waf=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/waf:1.0.0 -cors=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/cors:1.0.0 +bot-detect=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/bot-detect:2.0.0 +waf=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/waf:2.0.0 +cors=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/cors:2.0.0 From 0e973ae813fdedcad9ad9d54b08985377bf99c9f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=B2=9B=E9=A3=8E?= Date: Tue, 3 Feb 2026 16:49:01 +0800 Subject: [PATCH 4/5] fix: remove idea --- .../build-plugin-server-image-and-push.yml | 63 ------ .gitignore | 174 --------------- .idea/.gitignore | 10 - Dockerfile | 44 ---- LICENSE | 201 ------------------ README.md | 124 ----------- deploy/higress-plugin-server.yaml | 47 ---- generate_metadata.py | 42 ---- nginx.conf | 44 ---- plugins.properties | 65 ------ pull_plugins.py | 197 ----------------- 11 files changed, 1011 deletions(-) delete mode 100644 .github/workflows/build-plugin-server-image-and-push.yml delete mode 100644 .gitignore delete mode 100644 .idea/.gitignore delete mode 100644 Dockerfile delete mode 100644 LICENSE delete mode 100644 README.md delete mode 100644 deploy/higress-plugin-server.yaml delete mode 100644 generate_metadata.py delete mode 100644 nginx.conf delete mode 100644 plugins.properties delete mode 100644 pull_plugins.py diff --git a/.github/workflows/build-plugin-server-image-and-push.yml b/.github/workflows/build-plugin-server-image-and-push.yml deleted file mode 100644 index e0dd572..0000000 --- a/.github/workflows/build-plugin-server-image-and-push.yml +++ /dev/null @@ -1,63 +0,0 @@ -name: Build Plugin Server Image and Push - -on: - push: - branches: [ "main" ] - pull_request: - branches: [ "main" ] - -jobs: - build-plugin-server-image: - runs-on: ubuntu-latest - environment: - name: image-registry-plugin-server - env: - PLUGIN_SERVER_IMAGE_REGISTRY: ${{ vars.IMAGE_REGISTRY || 'higress-registry.cn-hangzhou.cr.aliyuncs.com' }} - PLUGIN_SERVER_IMAGE_NAME: ${{ vars.PLUGIN_SERVER_IMAGE_NAME || 'higress/plugin-server' }} - steps: - - name: "Checkout ${{ github.ref }}" - uses: actions/checkout@v4 - with: - fetch-depth: 1 - - - name: Free Up GitHub Actions Ubuntu Runner Disk Space 🔧 - uses: jlumbroso/free-disk-space@main - with: - tool-cache: false - android: true - dotnet: true - haskell: true - large-packages: true - swap-storage: true - - - name: Calculate Docker metadata - id: docker-meta - uses: docker/metadata-action@v5 - with: - images: | - ${{ env.PLUGIN_SERVER_IMAGE_REGISTRY }}/${{ env.PLUGIN_SERVER_IMAGE_NAME }} - tags: | - type=raw,value=1.0.0 - - - name: Set up Docker Buildx (with docker-container driver) - uses: docker/setup-buildx-action@v3 - with: - driver: docker-container - install: true - use: true - - - name: Login to Docker Registry - uses: docker/login-action@v3 - with: - registry: ${{ env.PLUGIN_SERVER_IMAGE_REGISTRY }} - username: ${{ secrets.REGISTRY_USERNAME }} - password: ${{ secrets.REGISTRY_PASSWORD }} - - - name: Build Docker Image and Push - run: | - docker buildx build \ - --platform linux/amd64,linux/arm64 \ - -t ${{ steps.docker-meta.outputs.tags }} \ - -f Dockerfile \ - --push \ - . diff --git a/.gitignore b/.gitignore deleted file mode 100644 index 0a19790..0000000 --- a/.gitignore +++ /dev/null @@ -1,174 +0,0 @@ -# Byte-compiled / optimized / DLL files -__pycache__/ -*.py[cod] -*$py.class - -# C extensions -*.so - -# Distribution / packaging -.Python -build/ -develop-eggs/ -dist/ -downloads/ -eggs/ -.eggs/ -lib/ -lib64/ -parts/ -sdist/ -var/ -wheels/ -share/python-wheels/ -*.egg-info/ -.installed.cfg -*.egg -MANIFEST - -# PyInstaller -# Usually these files are written by a python script from a template -# before PyInstaller builds the exe, so as to inject date/other infos into it. -*.manifest -*.spec - -# Installer logs -pip-log.txt -pip-delete-this-directory.txt - -# Unit test / coverage reports -htmlcov/ -.tox/ -.nox/ -.coverage -.coverage.* -.cache -nosetests.xml -coverage.xml -*.cover -*.py,cover -.hypothesis/ -.pytest_cache/ -cover/ - -# Translations -*.mo -*.pot - -# Django stuff: -*.log -local_settings.py -db.sqlite3 -db.sqlite3-journal - -# Flask stuff: -instance/ -.webassets-cache - -# Scrapy stuff: -.scrapy - -# Sphinx documentation -docs/_build/ - -# PyBuilder -.pybuilder/ -target/ - -# Jupyter Notebook -.ipynb_checkpoints - -# IPython -profile_default/ -ipython_config.py - -# pyenv -# For a library or package, you might want to ignore these files since the code is -# intended to run in multiple environments; otherwise, check them in: -# .python-version - -# pipenv -# According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control. -# However, in case of collaboration, if having platform-specific dependencies or dependencies -# having no cross-platform support, pipenv may install dependencies that don't work, or not -# install all needed dependencies. -#Pipfile.lock - -# UV -# Similar to Pipfile.lock, it is generally recommended to include uv.lock in version control. -# This is especially recommended for binary packages to ensure reproducibility, and is more -# commonly ignored for libraries. -#uv.lock - -# poetry -# Similar to Pipfile.lock, it is generally recommended to include poetry.lock in version control. -# This is especially recommended for binary packages to ensure reproducibility, and is more -# commonly ignored for libraries. -# https://python-poetry.org/docs/basic-usage/#commit-your-poetrylock-file-to-version-control -#poetry.lock - -# pdm -# Similar to Pipfile.lock, it is generally recommended to include pdm.lock in version control. -#pdm.lock -# pdm stores project-wide configurations in .pdm.toml, but it is recommended to not include it -# in version control. -# https://pdm.fming.dev/latest/usage/project/#working-with-version-control -.pdm.toml -.pdm-python -.pdm-build/ - -# PEP 582; used by e.g. github.com/David-OConnor/pyflow and github.com/pdm-project/pdm -__pypackages__/ - -# Celery stuff -celerybeat-schedule -celerybeat.pid - -# SageMath parsed files -*.sage.py - -# Environments -.env -.venv -env/ -venv/ -ENV/ -env.bak/ -venv.bak/ - -# Spyder project settings -.spyderproject -.spyproject - -# Rope project settings -.ropeproject - -# mkdocs documentation -/site - -# mypy -.mypy_cache/ -.dmypy.json -dmypy.json - -# Pyre type checker -.pyre/ - -# pytype static type analyzer -.pytype/ - -# Cython debug symbols -cython_debug/ - -# PyCharm -# JetBrains specific template is maintained in a separate JetBrains.gitignore that can -# be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore -# and can be added to the global gitignore or merged into this file. For a more nuclear -# option (not recommended) you can uncomment the following to ignore the entire idea folder. -#.idea/ - -# Ruff stuff: -.ruff_cache/ - -# PyPI configuration file -.pypirc diff --git a/.idea/.gitignore b/.idea/.gitignore deleted file mode 100644 index 7bc07ec..0000000 --- a/.idea/.gitignore +++ /dev/null @@ -1,10 +0,0 @@ -# Default ignored files -/shelf/ -/workspace.xml -# Editor-based HTTP Client requests -/httpRequests/ -# Environment-dependent path to Maven home directory -/mavenHomeManager.xml -# Datasource local storage ignored files -/dataSources/ -/dataSources.local.xml diff --git a/Dockerfile b/Dockerfile deleted file mode 100644 index 844f37e..0000000 --- a/Dockerfile +++ /dev/null @@ -1,44 +0,0 @@ -# 构建阶段:处理插件和元数据 -ARG PYTHON_IMAGE=higress-registry.cn-hangzhou.cr.aliyuncs.com/higress/python:3.11-alpine -ARG NGINX_IMAGE=higress-registry.cn-hangzhou.cr.aliyuncs.com/higress/nginx:alpine - -FROM $PYTHON_IMAGE AS builder - -# 安装系统依赖 -RUN apk add --no-cache \ - wget \ - ca-certificates \ - && update-ca-certificates - -# 安装 ORAS 客户端 -RUN set -eux; \ - ORAS_VERSION="1.2.3"; \ - ARCH=$(uname -m | sed 's/x86_64/amd64/;s/aarch64/arm64/'); \ - wget -O /tmp/oras.tar.gz "https://github.com/oras-project/oras/releases/download/v${ORAS_VERSION}/oras_$(echo ${ORAS_VERSION})_linux_${ARCH}.tar.gz" \ - && tar -zxvf /tmp/oras.tar.gz -C /usr/local/bin \ - && rm -rf /tmp/oras.tar.gz oras \ - && oras version - -# 创建工作目录 -WORKDIR /workspace - -# 复制脚本 -COPY pull_plugins.py plugins.properties ./ - -# 执行构建操作 -RUN python3 pull_plugins.py --download-v2 - -# 运行阶段:最终镜像 -FROM $NGINX_IMAGE - -# 从构建阶段复制生成的文件 -COPY --from=builder /workspace/plugins /usr/share/nginx/html/plugins - -# 复制 Nginx 配置 -COPY nginx.conf /etc/nginx/nginx.conf - -# 暴露端口 -EXPOSE 8080 - -# 启动 Nginx -CMD ["nginx", "-g", "daemon off;"] \ No newline at end of file diff --git a/LICENSE b/LICENSE deleted file mode 100644 index 261eeb9..0000000 --- a/LICENSE +++ /dev/null @@ -1,201 +0,0 @@ - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/README.md b/README.md deleted file mode 100644 index 3c3b147..0000000 --- a/README.md +++ /dev/null @@ -1,124 +0,0 @@ -# Higress Plugin Server - -HTTP server for Higress Wasm plugins - -## 构建插件服务器镜像并推送 - -### 构建本地架构镜像 - -```bash -docker build -t higress-plugin-server:1.0.0 -f Dockerfile . -``` - -### 构建多架构镜像并推送至仓库 - -```bash -docker buildx build \ - --platform linux/amd64,linux/arm64 \ - -t {your-image-storage}/higress-plugin-server:1.0.0 \ - -f Dockerfile \ - --push \ - . -``` - -## 本地启动插件服务器 - -```bash -docker run -d --name higress-plugin-server --rm -p 8080:8080 higress-plugin-server:1.0.0 -``` - -## K8s 部署 plugin-server - -``` -apiVersion: apps/v1 -kind: Deployment -metadata: - name: higress-plugin-server - namespace: higress-system -spec: - replicas: 2 - selector: - matchLabels: - app: higress-plugin-server - higress: higress-plugin-server - strategy: - type: RollingUpdate - rollingUpdate: - maxSurge: 25% - maxUnavailable: 25% - progressDeadlineSeconds: 600 - revisionHistoryLimit: 10 - template: - metadata: - labels: - app: higress-plugin-server - higress: higress-plugin-server - spec: - containers: - - name: higress-core - image: higress-registry.cn-hangzhou.cr.aliyuncs.com/higress/plugin-server:1.0.0 - imagePullPolicy: Always - ports: - - containerPort: 8080 - protocol: TCP - resources: - requests: - memory: "128Mi" - cpu: "200m" - limits: - memory: "256Mi" - cpu: "500m" - restartPolicy: Always ---- -apiVersion: v1 -kind: Service -metadata: - name: higress-plugin-server - namespace: higress-system - labels: - app: higress-plugin-server - higress: higress-plugin-server -spec: - type: ClusterIP - ports: - - port: 80 - protocol: TCP - targetPort: 8080 - selector: - app: higress-plugin-server - higress: higress-plugin-server -``` - - -## 配置插件地址 - -### 在 Higress Console 中配置插件下载地址 - -要满足这一需求,只需要为 Higress Console 容器添加 HIGRESS_ADMIN_WASM_PLUGIN_CUSTOM_IMAGE_URL_PATTERN 环境变量,值为自定义镜像地址的格式模版。模版可以按需使用 ${name} 和 ${version} 作为插件名称和镜像版本的占位符。 - -示例: - -```bash -HIGRESS_ADMIN_WASM_PLUGIN_CUSTOM_IMAGE_URL_PATTERN=http://higress-plugin-server.higress-system.svc/plugins/${name}/${version}/plugin.wasm -``` - -> `higress-plugin-server.higress-system.svc` 替换为 Higress Gateway 可以用来访问插件服务器的地址。 - -Higress Console 针对 key-rate-limit 插件生成的镜像地址将为:http://higress-plugin-server.higress-system.svc/plugins/key-rate-limit/1.0.0/plugin.wasm - -### 修改对接 Nacos 3.x 所生成的 MCP Server 插件地址配置 - -要满足这一需求,只需要为 Higress Controller 容器添加 MCP_SERVER_WASM_IMAGE_URL 环境变量,值为根据自定义镜像地址格式模版生成的 mcp-server 插件地址。 - -示例: - -```bash -MCP_SERVER_WASM_IMAGE_URL=http://higress-plugin-server.higress-system.svc/plugins/mcp-server/1.0.0/plugin.wasm -``` - -> `higress-plugin-server.higress-system.svc` 替换为 Higress Gateway 可以用来访问插件服务器的地址。 - -## 参考文档 - -- 如何修改内置插件镜像地址:https://higress.cn/docs/latest/ops/how-tos/builtin-plugin-url/ -- 如何使用 HTTP/HTTPS 协议加载 Wasm 插件:https://higress.cn/docs/latest/ops/how-tos/load-wasm-with-http/ diff --git a/deploy/higress-plugin-server.yaml b/deploy/higress-plugin-server.yaml deleted file mode 100644 index 1e6f131..0000000 --- a/deploy/higress-plugin-server.yaml +++ /dev/null @@ -1,47 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: higress-plugin-server - namespace: higress-system -spec: - replicas: 2 - selector: - matchLabels: - app: higress-plugin-server - template: - metadata: - labels: - app: higress-plugin-server - spec: - containers: - - name: nginx - image: {image-address} - ports: - - containerPort: 8080 - resources: - limits: - cpu: 500m - memory: 256Mi - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - higress-plugin-server - topologyKey: "kubernetes.io/hostname" ---- -apiVersion: v1 -kind: Service -metadata: - name: higress-plugin-server - namespace: higress-system -spec: - selector: - app: higress-plugin-server - ports: - - protocol: TCP - port: 80 - targetPort: 8080 \ No newline at end of file diff --git a/generate_metadata.py b/generate_metadata.py deleted file mode 100644 index 7c5b73b..0000000 --- a/generate_metadata.py +++ /dev/null @@ -1,42 +0,0 @@ -import os -from pathlib import Path -from datetime import datetime -import hashlib - -# 设置根目录 -plugins_dir = Path('plugins') - -def calculate_md5(file_path, chunk_size=4096): - """计算文件的 MD5 值""" - md5_hash = hashlib.md5() - with open(file_path, 'rb') as f: - while chunk := f.read(chunk_size): - md5_hash.update(chunk) - return md5_hash.hexdigest() - -# 遍历所有 plugin.wasm 文件 -for wasm_path in plugins_dir.rglob('plugin.wasm'): - # 获取两个上级目录名 - parent_name = wasm_path.parent.name - grandparent_name = wasm_path.parent.parent.name - file_label = f"{grandparent_name}:{parent_name}" - - # 获取文件元信息 - stat_info = wasm_path.stat() - size = stat_info.st_size - mtime = datetime.fromtimestamp(stat_info.st_mtime).isoformat() - ctime = datetime.fromtimestamp(stat_info.st_ctime).isoformat() - - # 计算文件的 MD5 值 - md5_value = calculate_md5(wasm_path) - - # 构建 metadata.txt 的路径 - metadata_path = wasm_path.parent / 'metadata.txt' - - # 写入元信息(File 字段更新) - with open(metadata_path, 'w') as f: - f.write(f"File: {file_label}\n") - f.write(f"Size: {size} bytes\n") - f.write(f"Last Modified: {mtime}\n") - f.write(f"Created: {ctime}\n") - f.write(f"MD5: {md5_value}\n") diff --git a/nginx.conf b/nginx.conf deleted file mode 100644 index 8b65a25..0000000 --- a/nginx.conf +++ /dev/null @@ -1,44 +0,0 @@ -user nginx; -worker_processes auto; - -error_log /var/log/nginx/error.log notice; -pid /var/run/nginx.pid; - -events { - worker_connections 1024; -} - -http { - include /etc/nginx/mime.types; - default_type application/octet-stream; - - # 访问日志格式 - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - - access_log /var/log/nginx/access.log main; - - sendfile on; - keepalive_timeout 65; - - # 启用目录浏览 - autoindex on; - - server { - listen 8080; - server_name localhost; - - # 静态文件根目录 - root /usr/share/nginx/html; - - # 隐藏 Nginx 版本号 - server_tokens off; - - # 错误页面 - error_page 500 502 503 504 /50x.html; - location = /50x.html { - root /usr/share/nginx/html; - } - } -} \ No newline at end of file diff --git a/plugins.properties b/plugins.properties deleted file mode 100644 index 987dac9..0000000 --- a/plugins.properties +++ /dev/null @@ -1,65 +0,0 @@ -# -# Copyright (c) 2022-2023 Alibaba Group Holding Ltd. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on -# an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the -# specific language governing permissions and limitations under the License. -# - -# AI -ai-prompt-decorator=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/ai-prompt-decorator:2.0.0 -ai-prompt-template=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/ai-prompt-template:2.0.0 -ai-rag=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/ai-rag:2.0.0 -ai-search=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/ai-search:2.0.0 -ai-security-guard=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/ai-security-guard:2.0.0 -ai-statistics=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/ai-statistics:2.0.0 -ai-token-ratelimit=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/ai-token-ratelimit:2.0.0 -ai-transformer=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/ai-transformer:2.0.0 -ai-cache=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/ai-cache:2.0.0 -ai-proxy=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/ai-proxy:2.0.0 -ai-history=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/ai-history:2.0.0 -ai-intent=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/ai-intent:2.0.0 -ai-quota=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/ai-quota:2.0.0 -ai-agent=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/ai-agent:2.0.0 -ai-data-masking=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/ai-data-masking:2.0.0 -ai-json-resp=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/ai-json-resp:2.0.0 -model-router=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/model-router:2.0.0 -model-mapper=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/model-mapper:2.0.0 -mcp-server=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/mcp-server/all-in-one:2.0.0 - -# Auth -basic-auth=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/basic-auth:2.0.0 -key-auth=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/key-auth:2.0.0 -oidc=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/oidc:2.0.0 -jwt-auth=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/jwt-auth:2.0.0 -hmac-auth=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/hmac-auth:2.0.0 -ext-auth=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/ext-auth:2.0.0 -oauth=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/oauth:2.0.0 -opa=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/opa:2.0.0 - -# Transformation -custom-response=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/custom-response:2.0.0 -transformer=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/transformer:2.0.0 -cache-control=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/cache-control:2.0.0 -de-graphql=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/de-graphql:2.0.0 -geo-ip=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/geo-ip:2.0.0 -frontend-gray=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/frontend-gray:2.0.0 -json-converter=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/jsonrpc-converter:2.0.0 - -# Traffic -request-block=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/request-block:2.0.0 -key-rate-limit=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/key-rate-limit:2.0.0 -cluster-key-rate-limit=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/cluster-key-rate-limit:2.0.0 -ip-restriction=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/ip-restriction:2.0.0 -request-validation=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/request-validation:2.0.0 -traffic-tag=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/traffic-tag:2.0.0 - -# Security -bot-detect=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/bot-detect:2.0.0 -waf=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/waf:2.0.0 -cors=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/cors:2.0.0 diff --git a/pull_plugins.py b/pull_plugins.py deleted file mode 100644 index fb38c11..0000000 --- a/pull_plugins.py +++ /dev/null @@ -1,197 +0,0 @@ -import os -import sys -import subprocess -import json -import argparse -import tarfile -import shutil -import hashlib -from datetime import datetime - -def calculate_md5(file_path, chunk_size=4096): - """计算文件的 MD5 值""" - md5_hash = hashlib.md5() - with open(file_path, 'rb') as f: - while chunk := f.read(chunk_size): - md5_hash.update(chunk) - return md5_hash.hexdigest() - -def read_properties(file_path): - """ - 读取 properties 文件并解析所有插件信息 - """ - properties = {} - try: - with open(file_path, 'r') as f: - for line in f: - line = line.strip() - if line and not line.startswith('#'): - key, value = line.split('=', 1) - value = value.replace('oci://', '', 1) - properties[key.strip()] = value.strip() - except Exception as e: - print(f"读取文件时发生错误: {e}") - return None - return properties - -def handle_tar_layer(tar_path, target_dir): - """ - 处理 tar.gzip 层 - 返回是否找到 wasm 文件 - """ - try: - with tarfile.open(tar_path, 'r:gz') as tar: - wasm_files = [f for f in tar.getmembers() if f.name.endswith('.wasm')] - if wasm_files: - wasm_file = wasm_files[0] - tar.extract(wasm_file, path=target_dir) - old_path = os.path.join(target_dir, wasm_file.name) - new_path = os.path.join(target_dir, 'plugin.wasm') - os.rename(old_path, new_path) - print(f"成功提取 .wasm 文件: {new_path}") - return True - else: - print("未找到 .wasm 文件") - return False - except Exception as e: - print(f"解压 tar 文件错误: {e}") - return False - -def handle_wasm_layer(wasm_path, target_dir): - """ - 处理 .wasm 层 - 返回是否成功复制 wasm 文件 - """ - try: - new_path = os.path.join(target_dir, 'plugin.wasm') - shutil.copy2(wasm_path, new_path) - print(f"成功复制 .wasm 文件: {new_path}") - return True - except Exception as e: - print(f"复制 .wasm 文件错误: {e}") - return False - -def generate_metadata(plugin_dir, plugin_name): - """ - 为 plugin.wasm 生成 metadata.txt - """ - wasm_path = os.path.join(plugin_dir, 'plugin.wasm') - try: - stat_info = os.stat(wasm_path) - size = stat_info.st_size - mtime = datetime.fromtimestamp(stat_info.st_mtime).isoformat() - ctime = datetime.fromtimestamp(stat_info.st_ctime).isoformat() - md5_value = calculate_md5(wasm_path) - metadata_path = os.path.join(plugin_dir, 'metadata.txt') - with open(metadata_path, 'w') as f: - f.write(f"Plugin Name: {plugin_name}\n") - f.write(f"Size: {size} bytes\n") - f.write(f"Last Modified: {mtime}\n") - f.write(f"Created: {ctime}\n") - f.write(f"MD5: {md5_value}\n") - print(f"成功生成 metadata.txt: {metadata_path}") - except Exception as e: - print(f"生成元数据失败: {e}") - -def main(): - parser = argparse.ArgumentParser(description='处理插件配置文件') - parser.add_argument('properties_path', nargs='?', default=None, - help='properties文件路径(默认:脚本所在目录下的plugins.properties)') - parser.add_argument('--download-v2', action='store_true', - help='是否下载 2.0.0 版本插件') - args = parser.parse_args() - - # 用户未提供路径时,使用默认逻辑 - if args.properties_path is None: - script_dir = os.path.dirname(os.path.abspath(__file__)) - default_path = os.path.join(script_dir, 'plugins.properties') - - args.properties_path = default_path - - base_path = os.path.dirname(args.properties_path) - properties = read_properties(args.properties_path) - - if not properties: - print("未找到有效的插件配置") - return - - failed_plugins = [] - - for plugin_name, plugin_url in properties.items(): - print(f"\n正在处理插件: {plugin_name}") - # 处理原始版本(1.0.0) - success = process_plugin(base_path, plugin_name, plugin_url, "1.0.0") - if not success: - failed_plugins.append(f"{plugin_name}:1.0.0") - - # 如果指定了 --download-v2 参数,则额外处理 2.0.0 版本 - if args.download_v2: - v2_url = plugin_url.replace(":1.0.0", ":2.0.0") - print(f"\n正在处理插件 {plugin_name} 的 2.0.0 版本") - success = process_plugin(base_path, plugin_name, v2_url, "2.0.0") - if not success: - failed_plugins.append(f"{plugin_name}:2.0.0") - - if failed_plugins: - print("\n以下插件未成功处理:") - for plugin in failed_plugins: - print(f"- {plugin}") - -def process_plugin(base_path, plugin_name, plugin_url, version): - """ - 处理单个插件下载和信息获取 - """ - plugins_base_path = os.path.join(base_path, 'plugins') - os.makedirs(plugins_base_path, exist_ok=True) - - plugin_dir = os.path.join(plugins_base_path, plugin_name, version) - os.makedirs(plugin_dir, exist_ok=True) - - temp_download_dir = os.path.join(plugins_base_path, f"{plugin_name}_{version}_temp") - os.makedirs(temp_download_dir, exist_ok=True) - - wasm_found = False - - try: - subprocess.run(['oras', 'cp', plugin_url, '--to-oci-layout', temp_download_dir], check=True) - - with open(os.path.join(temp_download_dir, 'index.json'), 'r') as f: - index = json.load(f) - - manifest_digest = index['manifests'][0]['digest'] - manifest_path = os.path.join(temp_download_dir, 'blobs', 'sha256', manifest_digest.split(':')[1]) - - with open(manifest_path, 'r') as f: - manifest = json.load(f) - - for layer in manifest.get('layers', []): - media_type = layer.get('mediaType', '') - digest = layer.get('digest', '').split(':')[1] - - if media_type in [ - 'application/vnd.docker.image.rootfs.diff.tar.gzip', - 'application/vnd.oci.image.layer.v1.tar+gzip' - ]: - tar_path = os.path.join(temp_download_dir, 'blobs', 'sha256', digest) - wasm_found = handle_tar_layer(tar_path, plugin_dir) - - elif media_type == 'application/vnd.module.wasm.content.layer.v1+wasm': - wasm_path = os.path.join(temp_download_dir, 'blobs', 'sha256', digest) - wasm_found = handle_wasm_layer(wasm_path, plugin_dir) - - except subprocess.CalledProcessError as e: - print(f"{plugin_name} ({version}) 命令执行失败: {e}") - return False - except Exception as e: - print(f"{plugin_name} ({version}) 处理过程中发生错误: {e}") - return False - finally: - shutil.rmtree(temp_download_dir, ignore_errors=True) - - if wasm_found: - generate_metadata(plugin_dir, plugin_name) - - return wasm_found - -if __name__ == '__main__': - main() \ No newline at end of file From 12871aef8922285680f43382f86827b80f960219 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=B2=9B=E9=A3=8E?= Date: Tue, 3 Feb 2026 16:49:12 +0800 Subject: [PATCH 5/5] fix: remove idea --- .../build-plugin-server-image-and-push.yml | 63 ++++++ .gitignore | 175 +++++++++++++++ Dockerfile | 44 ++++ LICENSE | 201 ++++++++++++++++++ README.md | 124 +++++++++++ deploy/higress-plugin-server.yaml | 47 ++++ generate_metadata.py | 42 ++++ nginx.conf | 44 ++++ plugins.properties | 65 ++++++ pull_plugins.py | 197 +++++++++++++++++ 10 files changed, 1002 insertions(+) create mode 100644 .github/workflows/build-plugin-server-image-and-push.yml create mode 100644 .gitignore create mode 100644 Dockerfile create mode 100644 LICENSE create mode 100644 README.md create mode 100644 deploy/higress-plugin-server.yaml create mode 100644 generate_metadata.py create mode 100644 nginx.conf create mode 100644 plugins.properties create mode 100644 pull_plugins.py diff --git a/.github/workflows/build-plugin-server-image-and-push.yml b/.github/workflows/build-plugin-server-image-and-push.yml new file mode 100644 index 0000000..e0dd572 --- /dev/null +++ b/.github/workflows/build-plugin-server-image-and-push.yml @@ -0,0 +1,63 @@ +name: Build Plugin Server Image and Push + +on: + push: + branches: [ "main" ] + pull_request: + branches: [ "main" ] + +jobs: + build-plugin-server-image: + runs-on: ubuntu-latest + environment: + name: image-registry-plugin-server + env: + PLUGIN_SERVER_IMAGE_REGISTRY: ${{ vars.IMAGE_REGISTRY || 'higress-registry.cn-hangzhou.cr.aliyuncs.com' }} + PLUGIN_SERVER_IMAGE_NAME: ${{ vars.PLUGIN_SERVER_IMAGE_NAME || 'higress/plugin-server' }} + steps: + - name: "Checkout ${{ github.ref }}" + uses: actions/checkout@v4 + with: + fetch-depth: 1 + + - name: Free Up GitHub Actions Ubuntu Runner Disk Space 🔧 + uses: jlumbroso/free-disk-space@main + with: + tool-cache: false + android: true + dotnet: true + haskell: true + large-packages: true + swap-storage: true + + - name: Calculate Docker metadata + id: docker-meta + uses: docker/metadata-action@v5 + with: + images: | + ${{ env.PLUGIN_SERVER_IMAGE_REGISTRY }}/${{ env.PLUGIN_SERVER_IMAGE_NAME }} + tags: | + type=raw,value=1.0.0 + + - name: Set up Docker Buildx (with docker-container driver) + uses: docker/setup-buildx-action@v3 + with: + driver: docker-container + install: true + use: true + + - name: Login to Docker Registry + uses: docker/login-action@v3 + with: + registry: ${{ env.PLUGIN_SERVER_IMAGE_REGISTRY }} + username: ${{ secrets.REGISTRY_USERNAME }} + password: ${{ secrets.REGISTRY_PASSWORD }} + + - name: Build Docker Image and Push + run: | + docker buildx build \ + --platform linux/amd64,linux/arm64 \ + -t ${{ steps.docker-meta.outputs.tags }} \ + -f Dockerfile \ + --push \ + . diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..32b1709 --- /dev/null +++ b/.gitignore @@ -0,0 +1,175 @@ +# Byte-compiled / optimized / DLL files +__pycache__/ +*.py[cod] +*$py.class + +# C extensions +*.so + +# Distribution / packaging +.Python +build/ +develop-eggs/ +dist/ +downloads/ +eggs/ +.eggs/ +lib/ +lib64/ +parts/ +sdist/ +var/ +wheels/ +share/python-wheels/ +*.egg-info/ +.installed.cfg +*.egg +MANIFEST + +# PyInstaller +# Usually these files are written by a python script from a template +# before PyInstaller builds the exe, so as to inject date/other infos into it. +*.manifest +*.spec + +# Installer logs +pip-log.txt +pip-delete-this-directory.txt + +# Unit test / coverage reports +htmlcov/ +.tox/ +.nox/ +.coverage +.coverage.* +.cache +nosetests.xml +coverage.xml +*.cover +*.py,cover +.hypothesis/ +.pytest_cache/ +cover/ + +# Translations +*.mo +*.pot + +# Django stuff: +*.log +local_settings.py +db.sqlite3 +db.sqlite3-journal + +# Flask stuff: +instance/ +.webassets-cache + +# Scrapy stuff: +.scrapy + +# Sphinx documentation +docs/_build/ + +# PyBuilder +.pybuilder/ +target/ + +# Jupyter Notebook +.ipynb_checkpoints + +# IPython +profile_default/ +ipython_config.py + +# pyenv +# For a library or package, you might want to ignore these files since the code is +# intended to run in multiple environments; otherwise, check them in: +# .python-version + +# pipenv +# According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control. +# However, in case of collaboration, if having platform-specific dependencies or dependencies +# having no cross-platform support, pipenv may install dependencies that don't work, or not +# install all needed dependencies. +#Pipfile.lock + +# UV +# Similar to Pipfile.lock, it is generally recommended to include uv.lock in version control. +# This is especially recommended for binary packages to ensure reproducibility, and is more +# commonly ignored for libraries. +#uv.lock + +# poetry +# Similar to Pipfile.lock, it is generally recommended to include poetry.lock in version control. +# This is especially recommended for binary packages to ensure reproducibility, and is more +# commonly ignored for libraries. +# https://python-poetry.org/docs/basic-usage/#commit-your-poetrylock-file-to-version-control +#poetry.lock + +# pdm +# Similar to Pipfile.lock, it is generally recommended to include pdm.lock in version control. +#pdm.lock +# pdm stores project-wide configurations in .pdm.toml, but it is recommended to not include it +# in version control. +# https://pdm.fming.dev/latest/usage/project/#working-with-version-control +.pdm.toml +.pdm-python +.pdm-build/ + +# PEP 582; used by e.g. github.com/David-OConnor/pyflow and github.com/pdm-project/pdm +__pypackages__/ + +# Celery stuff +celerybeat-schedule +celerybeat.pid + +# SageMath parsed files +*.sage.py + +# Environments +.env +.venv +env/ +venv/ +ENV/ +env.bak/ +venv.bak/ + +# Spyder project settings +.spyderproject +.spyproject + +# Rope project settings +.ropeproject + +# mkdocs documentation +/site + +# mypy +.mypy_cache/ +.dmypy.json +dmypy.json + +# Pyre type checker +.pyre/ + +# pytype static type analyzer +.pytype/ + +# Cython debug symbols +cython_debug/ + +# PyCharm +# JetBrains specific template is maintained in a separate JetBrains.gitignore that can +# be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore +# and can be added to the global gitignore or merged into this file. For a more nuclear +# option (not recommended) you can uncomment the following to ignore the entire idea folder. +#.idea/ + +# Ruff stuff: +.ruff_cache/ + +# PyPI configuration file +.pypirc +.idea diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..844f37e --- /dev/null +++ b/Dockerfile @@ -0,0 +1,44 @@ +# 构建阶段:处理插件和元数据 +ARG PYTHON_IMAGE=higress-registry.cn-hangzhou.cr.aliyuncs.com/higress/python:3.11-alpine +ARG NGINX_IMAGE=higress-registry.cn-hangzhou.cr.aliyuncs.com/higress/nginx:alpine + +FROM $PYTHON_IMAGE AS builder + +# 安装系统依赖 +RUN apk add --no-cache \ + wget \ + ca-certificates \ + && update-ca-certificates + +# 安装 ORAS 客户端 +RUN set -eux; \ + ORAS_VERSION="1.2.3"; \ + ARCH=$(uname -m | sed 's/x86_64/amd64/;s/aarch64/arm64/'); \ + wget -O /tmp/oras.tar.gz "https://github.com/oras-project/oras/releases/download/v${ORAS_VERSION}/oras_$(echo ${ORAS_VERSION})_linux_${ARCH}.tar.gz" \ + && tar -zxvf /tmp/oras.tar.gz -C /usr/local/bin \ + && rm -rf /tmp/oras.tar.gz oras \ + && oras version + +# 创建工作目录 +WORKDIR /workspace + +# 复制脚本 +COPY pull_plugins.py plugins.properties ./ + +# 执行构建操作 +RUN python3 pull_plugins.py --download-v2 + +# 运行阶段:最终镜像 +FROM $NGINX_IMAGE + +# 从构建阶段复制生成的文件 +COPY --from=builder /workspace/plugins /usr/share/nginx/html/plugins + +# 复制 Nginx 配置 +COPY nginx.conf /etc/nginx/nginx.conf + +# 暴露端口 +EXPOSE 8080 + +# 启动 Nginx +CMD ["nginx", "-g", "daemon off;"] \ No newline at end of file diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..261eeb9 --- /dev/null +++ b/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/README.md b/README.md new file mode 100644 index 0000000..3c3b147 --- /dev/null +++ b/README.md @@ -0,0 +1,124 @@ +# Higress Plugin Server + +HTTP server for Higress Wasm plugins + +## 构建插件服务器镜像并推送 + +### 构建本地架构镜像 + +```bash +docker build -t higress-plugin-server:1.0.0 -f Dockerfile . +``` + +### 构建多架构镜像并推送至仓库 + +```bash +docker buildx build \ + --platform linux/amd64,linux/arm64 \ + -t {your-image-storage}/higress-plugin-server:1.0.0 \ + -f Dockerfile \ + --push \ + . +``` + +## 本地启动插件服务器 + +```bash +docker run -d --name higress-plugin-server --rm -p 8080:8080 higress-plugin-server:1.0.0 +``` + +## K8s 部署 plugin-server + +``` +apiVersion: apps/v1 +kind: Deployment +metadata: + name: higress-plugin-server + namespace: higress-system +spec: + replicas: 2 + selector: + matchLabels: + app: higress-plugin-server + higress: higress-plugin-server + strategy: + type: RollingUpdate + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + progressDeadlineSeconds: 600 + revisionHistoryLimit: 10 + template: + metadata: + labels: + app: higress-plugin-server + higress: higress-plugin-server + spec: + containers: + - name: higress-core + image: higress-registry.cn-hangzhou.cr.aliyuncs.com/higress/plugin-server:1.0.0 + imagePullPolicy: Always + ports: + - containerPort: 8080 + protocol: TCP + resources: + requests: + memory: "128Mi" + cpu: "200m" + limits: + memory: "256Mi" + cpu: "500m" + restartPolicy: Always +--- +apiVersion: v1 +kind: Service +metadata: + name: higress-plugin-server + namespace: higress-system + labels: + app: higress-plugin-server + higress: higress-plugin-server +spec: + type: ClusterIP + ports: + - port: 80 + protocol: TCP + targetPort: 8080 + selector: + app: higress-plugin-server + higress: higress-plugin-server +``` + + +## 配置插件地址 + +### 在 Higress Console 中配置插件下载地址 + +要满足这一需求,只需要为 Higress Console 容器添加 HIGRESS_ADMIN_WASM_PLUGIN_CUSTOM_IMAGE_URL_PATTERN 环境变量,值为自定义镜像地址的格式模版。模版可以按需使用 ${name} 和 ${version} 作为插件名称和镜像版本的占位符。 + +示例: + +```bash +HIGRESS_ADMIN_WASM_PLUGIN_CUSTOM_IMAGE_URL_PATTERN=http://higress-plugin-server.higress-system.svc/plugins/${name}/${version}/plugin.wasm +``` + +> `higress-plugin-server.higress-system.svc` 替换为 Higress Gateway 可以用来访问插件服务器的地址。 + +Higress Console 针对 key-rate-limit 插件生成的镜像地址将为:http://higress-plugin-server.higress-system.svc/plugins/key-rate-limit/1.0.0/plugin.wasm + +### 修改对接 Nacos 3.x 所生成的 MCP Server 插件地址配置 + +要满足这一需求,只需要为 Higress Controller 容器添加 MCP_SERVER_WASM_IMAGE_URL 环境变量,值为根据自定义镜像地址格式模版生成的 mcp-server 插件地址。 + +示例: + +```bash +MCP_SERVER_WASM_IMAGE_URL=http://higress-plugin-server.higress-system.svc/plugins/mcp-server/1.0.0/plugin.wasm +``` + +> `higress-plugin-server.higress-system.svc` 替换为 Higress Gateway 可以用来访问插件服务器的地址。 + +## 参考文档 + +- 如何修改内置插件镜像地址:https://higress.cn/docs/latest/ops/how-tos/builtin-plugin-url/ +- 如何使用 HTTP/HTTPS 协议加载 Wasm 插件:https://higress.cn/docs/latest/ops/how-tos/load-wasm-with-http/ diff --git a/deploy/higress-plugin-server.yaml b/deploy/higress-plugin-server.yaml new file mode 100644 index 0000000..1e6f131 --- /dev/null +++ b/deploy/higress-plugin-server.yaml @@ -0,0 +1,47 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: higress-plugin-server + namespace: higress-system +spec: + replicas: 2 + selector: + matchLabels: + app: higress-plugin-server + template: + metadata: + labels: + app: higress-plugin-server + spec: + containers: + - name: nginx + image: {image-address} + ports: + - containerPort: 8080 + resources: + limits: + cpu: 500m + memory: 256Mi + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - higress-plugin-server + topologyKey: "kubernetes.io/hostname" +--- +apiVersion: v1 +kind: Service +metadata: + name: higress-plugin-server + namespace: higress-system +spec: + selector: + app: higress-plugin-server + ports: + - protocol: TCP + port: 80 + targetPort: 8080 \ No newline at end of file diff --git a/generate_metadata.py b/generate_metadata.py new file mode 100644 index 0000000..7c5b73b --- /dev/null +++ b/generate_metadata.py @@ -0,0 +1,42 @@ +import os +from pathlib import Path +from datetime import datetime +import hashlib + +# 设置根目录 +plugins_dir = Path('plugins') + +def calculate_md5(file_path, chunk_size=4096): + """计算文件的 MD5 值""" + md5_hash = hashlib.md5() + with open(file_path, 'rb') as f: + while chunk := f.read(chunk_size): + md5_hash.update(chunk) + return md5_hash.hexdigest() + +# 遍历所有 plugin.wasm 文件 +for wasm_path in plugins_dir.rglob('plugin.wasm'): + # 获取两个上级目录名 + parent_name = wasm_path.parent.name + grandparent_name = wasm_path.parent.parent.name + file_label = f"{grandparent_name}:{parent_name}" + + # 获取文件元信息 + stat_info = wasm_path.stat() + size = stat_info.st_size + mtime = datetime.fromtimestamp(stat_info.st_mtime).isoformat() + ctime = datetime.fromtimestamp(stat_info.st_ctime).isoformat() + + # 计算文件的 MD5 值 + md5_value = calculate_md5(wasm_path) + + # 构建 metadata.txt 的路径 + metadata_path = wasm_path.parent / 'metadata.txt' + + # 写入元信息(File 字段更新) + with open(metadata_path, 'w') as f: + f.write(f"File: {file_label}\n") + f.write(f"Size: {size} bytes\n") + f.write(f"Last Modified: {mtime}\n") + f.write(f"Created: {ctime}\n") + f.write(f"MD5: {md5_value}\n") diff --git a/nginx.conf b/nginx.conf new file mode 100644 index 0000000..8b65a25 --- /dev/null +++ b/nginx.conf @@ -0,0 +1,44 @@ +user nginx; +worker_processes auto; + +error_log /var/log/nginx/error.log notice; +pid /var/run/nginx.pid; + +events { + worker_connections 1024; +} + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + # 访问日志格式 + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + sendfile on; + keepalive_timeout 65; + + # 启用目录浏览 + autoindex on; + + server { + listen 8080; + server_name localhost; + + # 静态文件根目录 + root /usr/share/nginx/html; + + # 隐藏 Nginx 版本号 + server_tokens off; + + # 错误页面 + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /usr/share/nginx/html; + } + } +} \ No newline at end of file diff --git a/plugins.properties b/plugins.properties new file mode 100644 index 0000000..987dac9 --- /dev/null +++ b/plugins.properties @@ -0,0 +1,65 @@ +# +# Copyright (c) 2022-2023 Alibaba Group Holding Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on +# an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the +# specific language governing permissions and limitations under the License. +# + +# AI +ai-prompt-decorator=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/ai-prompt-decorator:2.0.0 +ai-prompt-template=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/ai-prompt-template:2.0.0 +ai-rag=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/ai-rag:2.0.0 +ai-search=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/ai-search:2.0.0 +ai-security-guard=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/ai-security-guard:2.0.0 +ai-statistics=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/ai-statistics:2.0.0 +ai-token-ratelimit=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/ai-token-ratelimit:2.0.0 +ai-transformer=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/ai-transformer:2.0.0 +ai-cache=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/ai-cache:2.0.0 +ai-proxy=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/ai-proxy:2.0.0 +ai-history=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/ai-history:2.0.0 +ai-intent=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/ai-intent:2.0.0 +ai-quota=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/ai-quota:2.0.0 +ai-agent=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/ai-agent:2.0.0 +ai-data-masking=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/ai-data-masking:2.0.0 +ai-json-resp=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/ai-json-resp:2.0.0 +model-router=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/model-router:2.0.0 +model-mapper=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/model-mapper:2.0.0 +mcp-server=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/mcp-server/all-in-one:2.0.0 + +# Auth +basic-auth=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/basic-auth:2.0.0 +key-auth=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/key-auth:2.0.0 +oidc=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/oidc:2.0.0 +jwt-auth=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/jwt-auth:2.0.0 +hmac-auth=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/hmac-auth:2.0.0 +ext-auth=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/ext-auth:2.0.0 +oauth=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/oauth:2.0.0 +opa=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/opa:2.0.0 + +# Transformation +custom-response=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/custom-response:2.0.0 +transformer=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/transformer:2.0.0 +cache-control=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/cache-control:2.0.0 +de-graphql=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/de-graphql:2.0.0 +geo-ip=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/geo-ip:2.0.0 +frontend-gray=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/frontend-gray:2.0.0 +json-converter=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/jsonrpc-converter:2.0.0 + +# Traffic +request-block=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/request-block:2.0.0 +key-rate-limit=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/key-rate-limit:2.0.0 +cluster-key-rate-limit=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/cluster-key-rate-limit:2.0.0 +ip-restriction=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/ip-restriction:2.0.0 +request-validation=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/request-validation:2.0.0 +traffic-tag=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/traffic-tag:2.0.0 + +# Security +bot-detect=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/bot-detect:2.0.0 +waf=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/waf:2.0.0 +cors=oci://higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/cors:2.0.0 diff --git a/pull_plugins.py b/pull_plugins.py new file mode 100644 index 0000000..fb38c11 --- /dev/null +++ b/pull_plugins.py @@ -0,0 +1,197 @@ +import os +import sys +import subprocess +import json +import argparse +import tarfile +import shutil +import hashlib +from datetime import datetime + +def calculate_md5(file_path, chunk_size=4096): + """计算文件的 MD5 值""" + md5_hash = hashlib.md5() + with open(file_path, 'rb') as f: + while chunk := f.read(chunk_size): + md5_hash.update(chunk) + return md5_hash.hexdigest() + +def read_properties(file_path): + """ + 读取 properties 文件并解析所有插件信息 + """ + properties = {} + try: + with open(file_path, 'r') as f: + for line in f: + line = line.strip() + if line and not line.startswith('#'): + key, value = line.split('=', 1) + value = value.replace('oci://', '', 1) + properties[key.strip()] = value.strip() + except Exception as e: + print(f"读取文件时发生错误: {e}") + return None + return properties + +def handle_tar_layer(tar_path, target_dir): + """ + 处理 tar.gzip 层 + 返回是否找到 wasm 文件 + """ + try: + with tarfile.open(tar_path, 'r:gz') as tar: + wasm_files = [f for f in tar.getmembers() if f.name.endswith('.wasm')] + if wasm_files: + wasm_file = wasm_files[0] + tar.extract(wasm_file, path=target_dir) + old_path = os.path.join(target_dir, wasm_file.name) + new_path = os.path.join(target_dir, 'plugin.wasm') + os.rename(old_path, new_path) + print(f"成功提取 .wasm 文件: {new_path}") + return True + else: + print("未找到 .wasm 文件") + return False + except Exception as e: + print(f"解压 tar 文件错误: {e}") + return False + +def handle_wasm_layer(wasm_path, target_dir): + """ + 处理 .wasm 层 + 返回是否成功复制 wasm 文件 + """ + try: + new_path = os.path.join(target_dir, 'plugin.wasm') + shutil.copy2(wasm_path, new_path) + print(f"成功复制 .wasm 文件: {new_path}") + return True + except Exception as e: + print(f"复制 .wasm 文件错误: {e}") + return False + +def generate_metadata(plugin_dir, plugin_name): + """ + 为 plugin.wasm 生成 metadata.txt + """ + wasm_path = os.path.join(plugin_dir, 'plugin.wasm') + try: + stat_info = os.stat(wasm_path) + size = stat_info.st_size + mtime = datetime.fromtimestamp(stat_info.st_mtime).isoformat() + ctime = datetime.fromtimestamp(stat_info.st_ctime).isoformat() + md5_value = calculate_md5(wasm_path) + metadata_path = os.path.join(plugin_dir, 'metadata.txt') + with open(metadata_path, 'w') as f: + f.write(f"Plugin Name: {plugin_name}\n") + f.write(f"Size: {size} bytes\n") + f.write(f"Last Modified: {mtime}\n") + f.write(f"Created: {ctime}\n") + f.write(f"MD5: {md5_value}\n") + print(f"成功生成 metadata.txt: {metadata_path}") + except Exception as e: + print(f"生成元数据失败: {e}") + +def main(): + parser = argparse.ArgumentParser(description='处理插件配置文件') + parser.add_argument('properties_path', nargs='?', default=None, + help='properties文件路径(默认:脚本所在目录下的plugins.properties)') + parser.add_argument('--download-v2', action='store_true', + help='是否下载 2.0.0 版本插件') + args = parser.parse_args() + + # 用户未提供路径时,使用默认逻辑 + if args.properties_path is None: + script_dir = os.path.dirname(os.path.abspath(__file__)) + default_path = os.path.join(script_dir, 'plugins.properties') + + args.properties_path = default_path + + base_path = os.path.dirname(args.properties_path) + properties = read_properties(args.properties_path) + + if not properties: + print("未找到有效的插件配置") + return + + failed_plugins = [] + + for plugin_name, plugin_url in properties.items(): + print(f"\n正在处理插件: {plugin_name}") + # 处理原始版本(1.0.0) + success = process_plugin(base_path, plugin_name, plugin_url, "1.0.0") + if not success: + failed_plugins.append(f"{plugin_name}:1.0.0") + + # 如果指定了 --download-v2 参数,则额外处理 2.0.0 版本 + if args.download_v2: + v2_url = plugin_url.replace(":1.0.0", ":2.0.0") + print(f"\n正在处理插件 {plugin_name} 的 2.0.0 版本") + success = process_plugin(base_path, plugin_name, v2_url, "2.0.0") + if not success: + failed_plugins.append(f"{plugin_name}:2.0.0") + + if failed_plugins: + print("\n以下插件未成功处理:") + for plugin in failed_plugins: + print(f"- {plugin}") + +def process_plugin(base_path, plugin_name, plugin_url, version): + """ + 处理单个插件下载和信息获取 + """ + plugins_base_path = os.path.join(base_path, 'plugins') + os.makedirs(plugins_base_path, exist_ok=True) + + plugin_dir = os.path.join(plugins_base_path, plugin_name, version) + os.makedirs(plugin_dir, exist_ok=True) + + temp_download_dir = os.path.join(plugins_base_path, f"{plugin_name}_{version}_temp") + os.makedirs(temp_download_dir, exist_ok=True) + + wasm_found = False + + try: + subprocess.run(['oras', 'cp', plugin_url, '--to-oci-layout', temp_download_dir], check=True) + + with open(os.path.join(temp_download_dir, 'index.json'), 'r') as f: + index = json.load(f) + + manifest_digest = index['manifests'][0]['digest'] + manifest_path = os.path.join(temp_download_dir, 'blobs', 'sha256', manifest_digest.split(':')[1]) + + with open(manifest_path, 'r') as f: + manifest = json.load(f) + + for layer in manifest.get('layers', []): + media_type = layer.get('mediaType', '') + digest = layer.get('digest', '').split(':')[1] + + if media_type in [ + 'application/vnd.docker.image.rootfs.diff.tar.gzip', + 'application/vnd.oci.image.layer.v1.tar+gzip' + ]: + tar_path = os.path.join(temp_download_dir, 'blobs', 'sha256', digest) + wasm_found = handle_tar_layer(tar_path, plugin_dir) + + elif media_type == 'application/vnd.module.wasm.content.layer.v1+wasm': + wasm_path = os.path.join(temp_download_dir, 'blobs', 'sha256', digest) + wasm_found = handle_wasm_layer(wasm_path, plugin_dir) + + except subprocess.CalledProcessError as e: + print(f"{plugin_name} ({version}) 命令执行失败: {e}") + return False + except Exception as e: + print(f"{plugin_name} ({version}) 处理过程中发生错误: {e}") + return False + finally: + shutil.rmtree(temp_download_dir, ignore_errors=True) + + if wasm_found: + generate_metadata(plugin_dir, plugin_name) + + return wasm_found + +if __name__ == '__main__': + main() \ No newline at end of file