[Bug]: 无法通过acl校验

[woraser]

Contact Details

No response

This bug is related to UI or API?

API

What happened?

我使用docker-compse 部署最新版本，将oneterm-ui中的oneterm-api指向自己运行的开发环境，成功登录之后，无法进行任何操作，都会卡在获取acltoken步骤，acl-api中也没显示对应日志

Version

newest

What browsers are you seeing the problem on?

No response

Relevant log output

修改后的docker-compose.yaml
version: "3.0"

services:
  oneterm-api:
    image: registry.cn-hangzhou.aliyuncs.com/veops/oneterm-api:24.3
    container_name: oneterm-api
    volumes:
      - file-data:/replay
      - ./docs/api.yaml:/oneterm/config.yaml
    depends_on:
      - mysql
      - redis
      - oneterm-guacd
    restart: always
    networks:
      new:
        aliases:
          - oneterm-api
    ports:
      - '8081:8080'

  oneterm-ssh:
    image: registry.cn-hangzhou.aliyuncs.com/veops/oneterm-ssh:24.3
    container_name: oneterm-ssh
    ports:
      - "12229:12228"
    restart: always
    tty: true
    volumes:
      - ./docs/ssh.yaml:/oneterm/config.yaml
      - ./docs/scripts/entrypoint.sh:/oneterm/entrypoint.sh
      - ssh-data:/root/.ssh
    entrypoint: ./entrypoint.sh
    depends_on:
      - oneterm-api
    networks:
      new:
        aliases:
          - oneterm-ssh

  oneterm-guacd:
    image: registry.cn-hangzhou.aliyuncs.com/veops/oneterm-guacd:24.3
    container_name: oneterm-guacd
    user: root
    restart: always
    volumes:
      - file-data:/replay
    networks:
      new:
        aliases:
          - oneterm-guacd
    ports:
      - '4822:4822'

  mysql:
    image: registry.cn-hangzhou.aliyuncs.com/veops/mysql:latest
    #image: mysql:8.0.30
    container_name: oneterm-mysql
    environment:
      TZ: Asia/Shanghai
      MYSQL_ROOT_PASSWORD: '123456'
      MYSQL_DATABASE: 'oneterm'
    volumes:
      - db-data:/var/lib/mysql
      - ./docs/mysqld.cnf:/etc/mysql/conf.d/mysqld.cnf
      - ./docs/acl.sql:/docker-entrypoint-initdb.d/2-acl.sql
      - ./docs/api.sql:/docker-entrypoint-initdb.d/3-api.sql
      - ./docs/create-users.sql:/docker-entrypoint-initdb.d/1-create-users.sql
    command: --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci
    restart: always
    networks:
      new:
        aliases:
          - mysql
    ports:
      - '23306:3306'

  redis:
    image: registry.cn-hangzhou.aliyuncs.com/veops/redis:latest
    container_name: oneterm-redis
    #command: redis-server --requirepass tyrj5QVP9rHs
    restart: always
    environment:
      TZ: Asia/Shanghai
    networks:
      new:
        aliases:
          - redis
    ports:
      - '6379:6379'

  oneterm-ui:
    image: registry.cn-hangzhou.aliyuncs.com/veops/oneterm-ui:24.3
    container_name: oneterm-ui
    depends_on:
      - oneterm-api
    environment:
      TZ: Asia/Shanghai
      ONETERM_API_HOST: {{本机host，网络肯定是通的}}:8080
      ACL_API_HOST: acl-api:5000
      NGINX_PORT: 80
    volumes:
      - ./docs/nginx.oneterm.conf.example:/etc/nginx/conf.d/nginx.oneterm.conf.example
    restart: always
    command:
      - /bin/sh
      - -c
      - |
        envsubst '$$ONETERM_API_HOST  $$ACL_API_HOST $$NGINX_PORT' < /etc/nginx/conf.d/nginx.oneterm.conf.example > /etc/nginx/conf.d/oneterm.conf
        nginx -g  'daemon off;'
    networks:
      - new
    ports:
      - "8001:80"

  acl-api:
    image: registry.cn-hangzhou.aliyuncs.com/veops/acl-api:1.1
    container_name: oneterm-acl-api
    environment:
      #TZ: Asia/Shanghai
      WAIT_HOSTS: mysql:3306, redis:6379
    volumes:
      - ./docs/settings.py:/data/app/acl/settings.py
      - ./docs/.env:/data/apps/acl/.env
      - ./docs/nginx.oneterm.conf.example:/etc/nginx/conf.d/nginx.oneterm.conf.example
    restart: always
    command:
      - /bin/sh
      - -c
      - |
        sleep 2
        flask db-setup
        flask init-acl
        flask init-department

        gunicorn --workers=3 autoapp:app -b 0.0.0.0:5000 -D --access-logfile logs/access.log --error-logfile logs/error.log

        celery -A celery_worker.celery worker -E -Q acl_async --logfile=one_acl_async.log --autoscale=2,1 
    depends_on:
      - mysql
      - redis
    networks:
      new:
        aliases:
          - acl-api
    ports:
      - '5000:5000'

volumes:
  db-data:
    driver: local
    name: oneterm_db-data
  file-data:
    driver: local
    name: oneterm_file-data
  ssh-data:
    driver: local
    name: oneterm_ssh

networks:
  new:
    driver: bridge
    name: oneterm_network
    ipam:
      config:
        - subnet: 172.30.0.0/24


本地oneterm-api开发环境配置文件
mode: debug

http:
  ip: 0.0.0.0
  port: 8080

mysql:
  ip: 127.0.0.1
  port: 23306
  user: root
  password: 123456
  dbName: "oneterm"

redis:
  addr: 127.0.0.1:6379
  password: root

log:
  level: debug
  path: app.log
  format: json
  maxSize: 1
  # consoleEnable Whether to enable outputting logs to the console as the sametime
  consoleEnable: true

auth:
  acl:
    appId: '5867e079dfd1437e9ae07576ab24b391'
    secretKey: '2qlTA4z@#KyigJLYHGrev?0WD6hjX*8E'
    url: http://本地地址:5000/api/v1
    resourceNames:
      - key: account
        value: account
      - key: asset
        value: asset
      - key: command
        value: command
      - key: gateway
        value: gateway
      - key: authorization
        value: authorization

cmdb:
  url: http://host/api/v0.1

secretKey: 'xW2FAUfgffjmerTEBXADmURDOQ43ojLN'

worker:
  uid: 1
  rid: 1
  key: a5704726392648b7b5a15cc39091a166
  secret: P#Iunzvq7E^6mwMbftgW@KYG28x14*Dy

sshServer:
  ip: 127.0.0.1
  port: 12229
  account: test
  password: 135790
  xtoken: 123456

guacd:
  ip: 127.0.0.1
  port: 4822
  gateway: oneterm-api
错误日志：2024-05-30T17:28:56.090+0800    ERROR   remote/http.go:57       github.com/veops/oneterm/pkg/server/remote.GetAclToken failed   {"url": "http://xxx:5000/api/v1/acl/apps/token", "req": "{\"app_id\":\"5867e079dfd1437e9ae07576ab24b391\",\"secret_key\":\"65d34ec2a5e42add26741a7b487020a8\"}", "resp": ""}