feat(token): add get token by uuid api

duanhongyi · duanhongyi · commit d5813900aa9e · 2025-06-18T10:51:38.000+08:00
diff --git a/charts/controller/templates/_helpers.tpl b/charts/controller/templates/_helpers.tpl
@@ -119,8 +119,18 @@ env:
       name: controller-creds
       key: victoriametrics-url
 {{- else if .Values.victoriametrics.enabled }}
+- name: "DRYCC_VICTORIAMETRICS_USERNAME"
+  valueFrom:
+    secretKeyRef:
+      name: victoriametrics-vmauth-creds
+      key: username
+- name: "DRYCC_VICTORIAMETRICS_PASSWORD"
+  valueFrom:
+    secretKeyRef:
+      name: victoriametrics-vmauth-creds
+      key: password
 - name: "DRYCC_VICTORIAMETRICS_URL"
-  value: "http://drycc-victoriametrics-vmselect.{{$.Release.Namespace}}.svc.{{$.Values.global.clusterDomain}}:8481"
+  value: "http://$(DRYCC_VICTORIAMETRICS_USERNAME):$(DRYCC_VICTORIAMETRICS_PASSWORD)@drycc-victoriametrics-vmauth.{{$.Release.Namespace}}.svc.{{$.Values.global.clusterDomain}}:8481"
 {{- end }}
 {{- if .Values.passport.enabled }}
 - name: "DRYCC_PASSPORT_URL"
diff --git a/rootfs/api/urls.py b/rootfs/api/urls.py
@@ -253,7 +253,9 @@
         r'^prometheus/(?P<username>[\w.@+-]+)/(?P<path>.+)/?$', views.PrometheusProxy.as_view()),
     # tokens
     re_path(r'^tokens/?$', views.TokenViewSet.as_view({'get': 'list'})),
-    re_path(r"^tokens/(?P<pk>[-_\w]+)/?$", views.TokenViewSet.as_view({'delete': 'destroy'})),
+    re_path(
+        r"^tokens/(?P<pk>[-_\w]+)/?$",
+        views.TokenViewSet.as_view({'get': 'retrieve', 'delete': 'destroy'})),
 ]
 
 mutate_urlpatterns = [
diff --git a/rootfs/api/views.py b/rootfs/api/views.py
@@ -156,7 +156,8 @@ def token(self, request, *args, **kwargs):
             alias = request.query_params.get('alias', '')
             token = models.base.Token(owner=user, alias=alias, oauth=oauth)
             token.save()
-            return HttpResponse(json.dumps({"token": token.key, "username": user.username}))
+            return HttpResponse(json.dumps(
+                {"uuid": str(token.uuid), "token": token.key, "username": user.username}))
         return HttpResponse(status=404)
 
 
@@ -1338,10 +1339,10 @@ class PrometheusProxy(View):
 
     async def proxy(self, request, username, path):
         auth = await database_sync_to_async(self.authentication.authenticate)(request)
-        if not auth or len(auth) != 2 or not auth[0].username != username:
-            return JsonResponse({'error': 'access denied'}, status=403)
-        if auth[0].is_superuser or auth[0].is_staff:
-            path = f"/select/0/prometheus/{path}"
+        if not auth or len(auth) != 2:
+            return JsonResponse({'error': 'Unauthorized'}, status=401)
+        if auth[0].username != username:
+            return JsonResponse({'error': 'Access denied'}, status=403)
         else:
             path = f"/select/{auth[0].id}/prometheus/{path}"
         url = urljoin(settings.DRYCC_VICTORIAMETRICS_URL, path)
