search

aliyun / alibaba-cloud-sdk-go

Alibaba Cloud SDK for Go
Apache License 2.0
1.16k stars 273 forks source link

网络环境配置有认证的http代理,header中设置的阿里云认证Authorization字段被错误替换成本地代理认证,导致阿里云返回MissingAccessKeyId #557

Closed pastel001 closed 2 years ago

pastel001 commented 2 years ago

前提条件:

linux 配置系统代理 export http_proxy=http://username:password@proxyhost:proxyport 最小复现代码

package main

import (
    "fmt"
    "github.com/aliyun/alibaba-cloud-sdk-go/sdk"
    "github.com/aliyun/alibaba-cloud-sdk-go/sdk/requests"
)

func main() {
    client, err := sdk.NewClientWithAccessKey("cn-beijing", "xxx", "xxx")
    if err != nil {
        panic(err)
    }
    request := requests.NewCommonRequest()
    request.Method = "GET"
    request.Scheme = "https" // https | http
    request.Domain = "cr.cn-beijing.aliyuncs.com"
    request.Version = "2016-06-07"
    request.PathPattern = "/repos/xxx/xxxx/tags"
    request.Headers["Content-Type"] = "application/json"

    response, err := client.ProcessCommonRequest(request)
    if err != nil {
        panic(err)
    }
    fmt.Print(response.GetHttpContentString())
}

SDK应答

panic: SDK.ServerError ErrorCode: MissingAccessKeyId Recommend: https://troubleshoot.api.aliyun.com?q=MissingAccessKeyId&product=cr RequestId: 4BB0953B-9488-56CD-90B0-7B1535329B18 Message: AccessKeyId is mandatory for this action.

sdk中的错误位置:

https://github.com/aliyun/alibaba-cloud-sdk-go/blob/v1.61.1536/sdk/client.go 601到605行,错误的把之前设置用于调用阿里云sdk的Authorization字段被替换成了代理的basic认证

if proxy != nil && proxy.User != nil {
        if password, passwordSet := proxy.User.Password(); passwordSet {
                httpRequest.SetBasicAuth(proxy.User.Username(), password)
        }
}

修改:

这块代码可以设置Proxy-Authorization字段而不是Authorization字段。 或者直接删掉,因为client.httpClient.Transport里面已经设置了代理

if trans, ok := client.httpClient.Transport.(*http.Transport); ok && trans != nil {
        if trans.TLSClientConfig != nil {
            trans.TLSClientConfig.InsecureSkipVerify = client.getHTTPSInsecure(request)
        } else {
            trans.TLSClientConfig = &tls.Config{
                InsecureSkipVerify: client.getHTTPSInsecure(request),
            }
        }
        if proxy != nil && !flag {
            trans.Proxy = http.ProxyURL(proxy)
        }
        client.httpClient.Transport = trans
    }
httpResponse, err = hookDo(client.httpClient.Do)(httpRequest)

中会在请求中添加Proxy-Authorization字段

yndu13 commented 2 years ago

已修复并发布,release 为 v1.61.1578 https://github.com/aliyun/alibaba-cloud-sdk-go/pull/565