diff --git a/cloud/src/meta-service/meta_service_helper.h b/cloud/src/meta-service/meta_service_helper.h index 3bf57665bc8b23..89c39c02bce402 100644 --- a/cloud/src/meta-service/meta_service_helper.h +++ b/cloud/src/meta-service/meta_service_helper.h @@ -91,6 +91,46 @@ inline std::string encryt_sk(std::string debug_string) { // Move the position to the end of the current "sk" field and continue searching pos = sk_value_end; } + // Iterate through the string and find all occurrences of ""sk": " + pos = 0; + while ((pos = debug_string.find("\"sk\": ", pos)) != std::string::npos) { + // Find the start of the "sk" value (position after ""sk": ") + size_t value_start_pos = pos + 6; // 6 is the length of "\"sk\": " + + // Find the opening quote for the value + size_t quote_pos = debug_string.find('\"', value_start_pos); + if (quote_pos == std::string::npos) { + // No opening quote found, move to next occurrence + pos = value_start_pos; + continue; + } + + // Start after the opening quote + size_t sk_value_start = quote_pos + 1; + + // Find the closing quote + size_t sk_value_end = debug_string.find('\"', sk_value_start); + if (sk_value_end == std::string::npos) { + // No closing quote found, move to next occurrence + pos = sk_value_start; + continue; + } + + // Extract the "sk" value + std::string sk_value = debug_string.substr(sk_value_start, sk_value_end - sk_value_start); + + // Encrypt the "sk" value with MD5 + std::string encrypted_sk = "md5: " + md5(sk_value); + + // Calculate the length change after replacement + int length_diff = encrypted_sk.length() - (sk_value_end - sk_value_start); + + // Replace the original "sk" value with the encrypted value + debug_string.replace(sk_value_start, sk_value_end - sk_value_start, encrypted_sk); + + // Move the position past the replacement, adjusting for length change + pos = sk_value_end + length_diff; + } return debug_string; } @@ -134,6 +174,12 @@ void begin_rpc(std::string_view func_name, brpc::Controller* ctrl, const Request << " lock_id=" << req->lock_id() << " initiator=" << req->initiator() << " expiration=" << req->expiration() << " require_compaction_stats=" << req->require_compaction_stats(); + } else if constexpr (std::is_same_v || + std::is_same_v) { + std::string debug_string = encryt_sk(res->DebugString()); + TEST_SYNC_POINT_CALLBACK("ak_begin_rpc", &debug_string); + LOG(INFO) << "begin " << func_name << " remote_caller=" << ctrl->remote_side() + << " original_client_ip=" << req->request_ip() << " request=" << debug_string; } else { LOG(INFO) << "begin " << func_name << " remote_caller=" << ctrl->remote_side() << " original_client_ip=" << req->request_ip() @@ -179,9 +225,10 @@ void finish_rpc(std::string_view func_name, brpc::Controller* ctrl, const Reques << " original_client_ip=" << req->request_ip() << " status=" << res->status().ShortDebugString(); } else if constexpr (std::is_same_v || - std::is_same_v) { + std::is_same_v || + std::is_same_v) { std::string debug_string = encryt_sk(res->DebugString()); - TEST_SYNC_POINT_CALLBACK("sk_finish_rpc", &debug_string); + TEST_SYNC_POINT_CALLBACK("ak_sk_finish_rpc", &debug_string); LOG(INFO) << "finish " << func_name << " remote_caller=" << ctrl->remote_side() << " original_client_ip=" << req->request_ip() << " response=" << debug_string; } else { diff --git a/cloud/src/meta-service/meta_service_http.cpp b/cloud/src/meta-service/meta_service_http.cpp index 8e8daefb3affab..bdfa856061c5bb 100644 --- a/cloud/src/meta-service/meta_service_http.cpp +++ b/cloud/src/meta-service/meta_service_http.cpp @@ -48,6 +48,7 @@ #include "common/configbase.h" #include "common/logging.h" #include "common/string_util.h" +#include "meta-service/meta_service_helper.h" #include "meta-store/keys.h" #include "meta-store/txn_kv.h" #include "meta-store/txn_kv_error.h" @@ -63,18 +64,11 @@ namespace doris::cloud { auto st = parse_json_message(unresolved_path, body, &req); \ if (!st.ok()) { \ std::string msg = "parse http request '" + unresolved_path + "': " + st.ToString(); \ - LOG_WARNING(msg).tag("body", body); \ + LOG_WARNING(msg).tag("body", encryt_sk(body)); \ return http_json_reply(MetaServiceCode::PROTOBUF_PARSE_ERR, msg); \ } \ } while (0) -extern std::string get_instance_id(const std::shared_ptr& rc_mgr, - const std::string& cloud_unique_id); - -extern int decrypt_instance_info(InstanceInfoPB& instance, const std::string& instance_id, - MetaServiceCode& code, std::string& msg, - std::shared_ptr& txn); - extern void get_kv_range_boundaries_count(std::vector& partition_boundaries, std::unordered_map& partition_count); @@ -86,7 +80,8 @@ static google::protobuf::util::Status parse_json_message(const std::string& unre if (!st.ok()) { std::string msg = "failed to strictly parse http request for '" + unresolved_path + "' error: " + st.ToString(); - LOG_WARNING(msg).tag("body", body); + std::string log_body = encryt_sk(body); + LOG_WARNING(msg).tag("body", log_body); // ignore unknown fields google::protobuf::util::JsonParseOptions json_parse_options; @@ -773,6 +768,7 @@ void MetaServiceImpl::http(::google::protobuf::RpcController* controller, LOG(INFO) << "rpc from " << cntl->remote_side() << " request: " << cntl->http_request().uri().path(); std::string http_request = format_http_request(cntl); + http_request = encryt_sk(http_request); // Auth auto token = http_query(cntl->http_request().uri(), "token"); @@ -783,7 +779,7 @@ void MetaServiceImpl::http(::google::protobuf::RpcController* controller, cntl->response_attachment().append(body); cntl->response_attachment().append("\n"); LOG(WARNING) << "failed to handle http from " << cntl->remote_side() - << " request: " << http_request << " msg: " << body; + << " request: " << encryt_sk(http_request) << " msg: " << body; return; } @@ -801,6 +797,7 @@ void MetaServiceImpl::http(::google::protobuf::RpcController* controller, cntl->response_attachment().append("\n"); int ret = cntl->http_response().status_code(); + LOG(INFO) << (ret == 200 ? "succ to " : "failed to ") << __PRETTY_FUNCTION__ << " " << cntl->remote_side() << " request=\n" << http_request << "\n ret=" << ret << " msg=" << msg;