jumpserver/apps/accounts/demos/go/demo.go

package main

import (
	"crypto/hmac"
	"crypto/sha256"
	"encoding/base64"
	"encoding/json"
	"fmt"
	"log"
	"net/http"
	"net/url"
	"os"
	"strings"
	"time"
)

type APIClient struct {
	Client    *http.Client
	APIURL    string
	KeyID     string
	KeySecret string
	OrgID     string
}

func NewAPIClient() *APIClient {
	return &APIClient{
		Client:    &http.Client{},
		APIURL:    getEnv("API_URL", "http://127.0.0.1:8080"),
		KeyID:     getEnv("API_KEY_ID", "72b0b0aa-ad82-4182-a631-ae4865e8ae0e"),
		KeySecret: getEnv("API_KEY_SECRET", "6fuSO7P1m4cj8SSlgaYdblOjNAmnxDVD7tr8"),
		OrgID:     getEnv("ORG_ID", "00000000-0000-0000-0000-000000000002"),
	}
}

func getEnv(key, defaultValue string) string {
	value := os.Getenv(key)
	if value == "" {
		return defaultValue
	}
	return value
}

func (c *APIClient) GetAccountSecret(asset, account string) (map[string]interface{}, error) {
	u, err := url.Parse(c.APIURL)
	if err != nil {
		return nil, fmt.Errorf("failed to parse API URL: %v", err)
	}
	u.Path = "/api/v1/accounts/integration-applications/account-secret/"

	q := u.Query()
	q.Add("asset", asset)
	q.Add("account", account)
	u.RawQuery = q.Encode()

	req, err := http.NewRequest("GET", u.String(), nil)
	if err != nil {
		return nil, fmt.Errorf("failed to create request: %v", err)
	}

	date := time.Now().UTC().Format("Mon, 02 Jan 2006 15:04:05 GMT")
	req.Header.Set("Accept", "application/json")
	req.Header.Set("X-JMS-ORG", c.OrgID)
	req.Header.Set("Date", date)
	req.Header.Set("X-Source", "jms-pam")

	headersList := []string{"(request-target)", "accept", "date", "x-jms-org"}
	var signatureParts []string

	for _, h := range headersList {
		var value string
		if h == "(request-target)" {
			value = strings.ToLower(req.Method) + " " + req.URL.RequestURI()
		} else {
			canonicalKey := http.CanonicalHeaderKey(h)
			value = req.Header.Get(canonicalKey)
		}
		signatureParts = append(signatureParts, fmt.Sprintf("%s: %s", h, value))
	}

	signatureString := strings.Join(signatureParts, "\n")
	mac := hmac.New(sha256.New, []byte(c.KeySecret))
	mac.Write([]byte(signatureString))
	signatureB64 := base64.StdEncoding.EncodeToString(mac.Sum(nil))

	headersJoined := strings.Join(headersList, " ")
	authHeader := fmt.Sprintf(
		`Signature keyId="%s",algorithm="hmac-sha256",headers="%s",signature="%s"`,
		c.KeyID,
		headersJoined,
		signatureB64,
	)
	req.Header.Set("Authorization", authHeader)

	resp, err := c.Client.Do(req)
	if err != nil {
		return nil, fmt.Errorf("request failed: %v", err)
	}
	defer resp.Body.Close()

	if resp.StatusCode != http.StatusOK {
		return nil, fmt.Errorf("API returned non-200 status: %d", resp.StatusCode)
	}

	var result map[string]interface{}
	if err := json.NewDecoder(resp.Body).Decode(&result); err != nil {
		return nil, fmt.Errorf("failed to decode response: %v", err)
	}

	return result, nil
}

func main() {
	client := NewAPIClient()
	result, err := client.GetAccountSecret("ubuntu_docker", "root")
	if err != nil {
		log.Fatalf("Error: %v", err)
	}
	fmt.Printf("Result: %+v\n", result)
}
merge: with pam (#14911) * perf: change i18n * perf: pam * perf: change translate * perf: add check account * perf: add date field * perf: add account filter * perf: remove some js * perf: add account status action * perf: update pam * perf: 修改 discover account * perf: update filter * perf: update gathered account * perf: 修改账号同步 * perf: squash migrations * perf: update pam * perf: change i18n * perf: update account risk * perf: 更新风险发现 * perf: remove css * perf: Admin connection token * perf: Add a switch to check connectivity after changing the password, and add a custom ssh command for push tasks * perf: Modify account migration files * perf: update pam * perf: remove to check account dir * perf: Admin connection token * perf: update check account * perf: 优化发送结果 * perf: update pam * perf: update bulk update create * perf: prepaire using thread timer for bulk_create_decorator * perf: update bulk create decorator * perf: 优化 playbook manager * perf: 优化收集账号的报表 * perf: Update poetry * perf: Update Dockerfile with new base image tag * fix: Account migrate 0012 file * perf: 修改备份 * perf: update pam * fix: Expand resource_type filter to include raw type * feat: PAM Service (#14552) * feat: PAM Service * perf: import package name --------- Co-authored-by: jiangweidong <1053570670@qq.com> * perf: Change secret dashboard (#14551) Co-authored-by: feng <1304903146@qq.com> * perf: update migrations * perf: 修改支持 pam * perf: Change secret record table dashboard * perf: update status * fix: Automation send report * perf: Change secret report * feat: windows accounts gather * perf: update change status * perf: Account backup * perf: Account backup report * perf: Account migrate * perf: update service to application * perf: update migrations * perf: update logo * feat: oracle accounts gather (#14571) * feat: oracle accounts gather * feat: sqlserver accounts gather * feat: postgresql accounts gather * feat: mysql accounts gather --------- Co-authored-by: wangruidong <940853815@qq.com> * feat: mongodb accounts gather * perf: Change secret * perf: Migrate * perf: Merge conflicting migration files * perf: Change secret * perf: Automation filter org * perf: Account push * perf: Random secret string * perf: Enhance SQL query and update risk handling in accounts * perf: Ticket filter assignee_id * perf: 修改 account remote * perf: 修改一些 adhoc 任务 * perf: Change secret * perf: Remove push account extra api * perf: update status * perf: The entire organization can view activity log * fix: risk field check * perf: add account details api * perf: add demo mode * perf: Delete gather_account * perf: Perfect solution to account version problem * perf: Update status action to handle multiple accounts * perf: Add GatherAccountDetailField and update serializers * perf: Display account history in combination with password change records * perf: Lina translate * fix: Update mysql_filter to handle nested user info * perf: Admin connection token validate_permission account * perf: copy move account * perf: account filter risk * perf: account risk filter * perf: Copy move account failed message * fix: gather account sync account to asset * perf: Pam dashboard * perf: Account dashboard total accounts * perf: Pam dashboard * perf: Change secret filter account secret_reset * perf: 修改 risk filter * perf: pam translate * feat: Check for leaked duplicate passwords. (#14711) * feat: Check for leaked duplicate passwords. * perf: Use SQLite instead of txt as leak password database --------- Co-authored-by: jiangweidong <1053570670@qq.com> Co-authored-by: 老广 <ibuler@qq.com> * perf: merge with remote * perf: Add risk change_password_add handle * perf: Pam dashboard * perf: check account manager import * perf: 重构扫描 * perf: 修改 db * perf: Gather account manager * perf: update change db lib * perf: dashboard * perf: Account gather * perf: 修改 asset get queryset * perf: automation report * perf: Pam account * perf: Pam dashboard api * perf: risk add account * perf: 修改 risk check * perf: Risk account * perf: update risk add reopen action * perf: add pylintrc * Revert "perf: automation report" This reverts commit 22aee542071638bcefae5a244bcabf76f794d7c3. * perf: check account engine * perf: Perf: Optimism Gather Report Style * Perf: Remove unuser actions * Perf: Perf push account * perf: perf gather account * perf: Automation report * perf: Push account recorder * perf: Push account record * perf: Pam dashboard * perf: perf * perf: update intergration * perf: integrations application detail add account tab page * feat: Custom change password supports configuration of interactive items * perf: Go and Python demo code * perf: Custom secret change * perf: add user filter * perf: translate * perf: Add demo code docs * perf: update some i18n * perf: update some i18n * perf: Add Java, Node, Go, and cURL demo code * perf: Translate * perf: Change secret translate * perf: Translate * perf: update some i18n * perf: translate * perf: Ansible playbook * perf: update some choice * perf: update some choice * perf: update account serializer remote unused code * perf: conflict * perf: update import --------- Co-authored-by: ibuler <ibuler@qq.com> Co-authored-by: feng <1304903146@qq.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: wangruidong <940853815@qq.com> Co-authored-by: jiangweidong <1053570670@qq.com> Co-authored-by: feng626 <57284900+feng626@users.noreply.github.com> Co-authored-by: zhaojisen <1301338853@qq.com> 2025-02-21 08:39:57 +00:00			`package main`

			`import (`
			`"crypto/hmac"`
			`"crypto/sha256"`
			`"encoding/base64"`
			`"encoding/json"`
			`"fmt"`
			`"log"`
			`"net/http"`
			`"net/url"`
			`"os"`
			`"strings"`
			`"time"`
			`)`

			`type APIClient struct {`
			`Client *http.Client`
			`APIURL string`
			`KeyID string`
			`KeySecret string`
			`OrgID string`
			`}`

			`func NewAPIClient() *APIClient {`
			`return &APIClient{`
			`Client: &http.Client{},`
			`APIURL: getEnv("API_URL", "http://127.0.0.1:8080"),`
			`KeyID: getEnv("API_KEY_ID", "72b0b0aa-ad82-4182-a631-ae4865e8ae0e"),`
			`KeySecret: getEnv("API_KEY_SECRET", "6fuSO7P1m4cj8SSlgaYdblOjNAmnxDVD7tr8"),`
			`OrgID: getEnv("ORG_ID", "00000000-0000-0000-0000-000000000002"),`
			`}`
			`}`

			`func getEnv(key, defaultValue string) string {`
			`value := os.Getenv(key)`
			`if value == "" {`
			`return defaultValue`
			`}`
			`return value`
			`}`

			`func (c *APIClient) GetAccountSecret(asset, account string) (map[string]interface{}, error) {`
			`u, err := url.Parse(c.APIURL)`
			`if err != nil {`
			`return nil, fmt.Errorf("failed to parse API URL: %v", err)`
			`}`
			`u.Path = "/api/v1/accounts/integration-applications/account-secret/"`

			`q := u.Query()`
			`q.Add("asset", asset)`
			`q.Add("account", account)`
			`u.RawQuery = q.Encode()`

			`req, err := http.NewRequest("GET", u.String(), nil)`
			`if err != nil {`
			`return nil, fmt.Errorf("failed to create request: %v", err)`
			`}`

			`date := time.Now().UTC().Format("Mon, 02 Jan 2006 15:04:05 GMT")`
			`req.Header.Set("Accept", "application/json")`
			`req.Header.Set("X-JMS-ORG", c.OrgID)`
			`req.Header.Set("Date", date)`
			`req.Header.Set("X-Source", "jms-pam")`

			`headersList := []string{"(request-target)", "accept", "date", "x-jms-org"}`
			`var signatureParts []string`

			`for _, h := range headersList {`
			`var value string`
			`if h == "(request-target)" {`
			`value = strings.ToLower(req.Method) + " " + req.URL.RequestURI()`
			`} else {`
			`canonicalKey := http.CanonicalHeaderKey(h)`
			`value = req.Header.Get(canonicalKey)`
			`}`
			`signatureParts = append(signatureParts, fmt.Sprintf("%s: %s", h, value))`
			`}`

			`signatureString := strings.Join(signatureParts, "\n")`
			`mac := hmac.New(sha256.New, []byte(c.KeySecret))`
			`mac.Write([]byte(signatureString))`
			`signatureB64 := base64.StdEncoding.EncodeToString(mac.Sum(nil))`

			`headersJoined := strings.Join(headersList, " ")`
			`authHeader := fmt.Sprintf(`
			`Signature keyId="%s",algorithm="hmac-sha256",headers="%s",signature="%s"`,
			`c.KeyID,`
			`headersJoined,`
			`signatureB64,`
			`)`
			`req.Header.Set("Authorization", authHeader)`

			`resp, err := c.Client.Do(req)`
			`if err != nil {`
			`return nil, fmt.Errorf("request failed: %v", err)`
			`}`
			`defer resp.Body.Close()`

			`if resp.StatusCode != http.StatusOK {`
			`return nil, fmt.Errorf("API returned non-200 status: %d", resp.StatusCode)`
			`}`

			`var result map[string]interface{}`
			`if err := json.NewDecoder(resp.Body).Decode(&result); err != nil {`
			`return nil, fmt.Errorf("failed to decode response: %v", err)`
			`}`

			`return result, nil`
			`}`

			`func main() {`
			`client := NewAPIClient()`
			`result, err := client.GetAccountSecret("ubuntu_docker", "root")`
			`if err != nil {`
			`log.Fatalf("Error: %v", err)`
			`}`
			`fmt.Printf("Result: %+v\n", result)`
			`}`