Micro-service registration method and device
阅读说明:本技术 一种微服务注册方法和装置 (Micro-service registration method and device ) 是由 李茂材 周开班 王宗友 刘攀 张劲松 朱耿良 孔利 时一防 黄焕坤 刘区城 杨常 于 2019-11-14 设计创作,主要内容包括:本申请实施例公开了一种微服务注册方法和装置,该方法包括:接收微服务终端发送的注册请求;获取微服务终端的公钥对注册信息的签名数据进行解密,并检测注册信息的签名数据经过解密后得到的信息是否与微服务的注册信息相同;若相同,则检测区块链网络的存储空间中是否存在第一名称和第一校验编码;若不存在,则向区块链网络中的各个共识节点发送注册信息和注册信息的签名数据;若各个共识节点返回的共识响应满足共识条件,则调用智能合约将注册信息存储至区块链网络的存储空间中,并针对注册请求向微服务终端返回注册完成响应。采用本申请实施例,可以避免微服务的地址被恶意篡改,提高微服务的安全性以及提供服务的稳定性。(The embodiment of the application discloses a micro-service registration method and a device, wherein the method comprises the following steps: receiving a registration request sent by a microservice terminal; acquiring a public key of the micro-service terminal to decrypt the signature data of the registration information, and detecting whether the information obtained by decrypting the signature data of the registration information is the same as the registration information of the micro-service; if the first name and the first check code exist in the storage space of the block chain network, detecting whether the first name and the first check code exist in the storage space of the block chain network; if the registration information does not exist, the registration information and the signature data of the registration information are sent to all the common identification nodes in the block chain network; and if the consensus response returned by each consensus node meets the consensus condition, calling an intelligent contract to store the registration information into a storage space of the block chain network, and returning a registration completion response to the micro-service terminal according to the registration request. By adopting the method and the device, malicious tampering of the address of the micro-service can be avoided, and the safety of the micro-service and the stability of service provision are improved.)
1. A method for registering micro-services, comprising:
a registration node receives a registration request sent by a micro service terminal, wherein the registration request comprises registration information of a micro service and signature data of the registration information, the registration information comprises a first name, a first calling address and a first check code of the micro service, the first calling address is used for calling the micro service, and the first check code is signature data generated by the micro service through encryption of an encryption algorithm;
the registration node acquires a public key of the micro service terminal to decrypt the signature data of the registration information and detects whether the information obtained by decrypting the signature data of the registration information is the same as the registration information of the micro service;
if the information obtained by decrypting the signature data of the registration information is the same as the registration information of the microservice, the registration node detects whether the first name and the first check code exist in a storage space of the block chain network;
if the first name and the first check code do not exist in the storage space of the block chain network, the registration node sends the registration information and signature data of the registration information to each consensus node in the block chain network, so that each consensus node in the block chain network checks the signature data of the registration information based on a public key of the micro service terminal and returns a consensus response, and the block chain network comprises the registration node and at least 2 consensus nodes;
if the consensus response returned by each consensus node meets the consensus condition, the registration node calls an intelligent contract to store the registration information into a storage space of the block chain network, and returns a registration completion response to the micro-service terminal aiming at the registration request.
2. The method of claim 1, wherein after the registration node invokes an intelligent contract to store the registration information in a memory space of the blockchain network, the method further comprises:
the registration node receives a data reading request sent by the calling terminal, wherein the data reading request comprises the first name;
and the registration node calls the intelligent contract to read a first calling address corresponding to the first name in the storage space, and returns the first calling address to the calling terminal aiming at the read data request, so that the calling terminal requests the micro service corresponding to the first calling address to the micro service terminal.
3. The method of claim 2, wherein after returning the first call address to the calling terminal for the read data request, the method further comprises:
the registration node receives a calling event reported by the micro-service terminal, wherein the calling event comprises the first name, calling duration and a calling account, and the calling account is an account for calling the micro-service on the calling terminal;
the registration node calls the intelligent contract to transfer a first digital asset in the calling account to an account of the micro-service terminal, wherein the size of the first digital asset is determined based on the calling duration and the micro-service corresponding to the first name.
4. The method of claim 1, wherein after the registration node invokes an intelligent contract to store the registration information in a memory space of the blockchain network, the method further comprises:
the registration node receives a registration information modification request sent by the micro-service terminal, wherein the registration information modification request comprises the first name and a second calling address;
the registration node calls the intelligent contract to read a first calling address corresponding to the first name in the storage space;
and the registration node calls the intelligent contract to modify a first calling address corresponding to the first name in the storage space into the second calling address.
5. The method according to any of claims 1-4, wherein the first call address is a first Internet protocol, IP, address;
before the registration node sends the registration information and signature data of the registration information to each consensus node in the blockchain network, the method further includes:
the registration center acquires a preset target network segment;
the registration center detects whether the first IP address is in the target network segment;
and if the first IP address is in the target network segment, the registration center triggers and executes to send the registration information and signature data of the registration information to each common node in the block chain network.
6. The method of claim 1, wherein the registration node invoking an intelligent contract to store the registration information into a storage space of the blockchain network comprises:
the registration node acquires a key file corresponding to the micro service terminal and encrypts the registration information based on the key file;
and the registration node calls an intelligent contract to store the registration information encrypted by the key file into a storage space of the block chain network.
7. The method of claim 1, wherein after the registration node invokes an intelligent contract to store the registration information in a memory space of the blockchain network, the method further comprises:
the registration node receives a logout request sent by the micro-service terminal, wherein the logout request comprises a first name of the micro-service;
and the registration node calls the intelligent contract to delete the registration information corresponding to the first name in the storage space.
8. A microservice registration apparatus, comprising:
the system comprises a receiving and sending module, a sending and receiving module and a processing module, wherein the receiving and sending module is used for receiving a registration request sent by a micro-service terminal, the registration request comprises registration information of a micro-service and signature data of the registration information, the registration information comprises a first name, a first calling address and a first verification code of the micro-service, the first calling address is used for calling the micro-service, and the first verification code is signature data generated by the micro-service through encryption of an encryption algorithm;
the decryption module is used for acquiring a public key of the micro service terminal to decrypt the signature data of the registration information;
the detection module is used for detecting whether the information obtained by decrypting the signature data of the registration information is the same as the registration information of the microservice or not;
the detection module is further configured to detect whether the first name and the first check code exist in a storage space of a block chain network when information obtained by decrypting signature data of the registration information is the same as the registration information of the microservice;
the transceiver module is further configured to send the registration information and signature data of the registration information to each common node in the blockchain network when the first name and the first check code do not exist in the storage space of the blockchain network, so that each common node in the blockchain network checks the signature data of the registration information based on a public key of the microservice terminal and returns a common response, where the blockchain network includes the registration node and at least 2 common nodes;
the storage module is used for calling an intelligent contract to store the registration information into a storage space of the block chain network when the consensus response returned by each consensus node meets the consensus condition;
and the transceiver module is used for returning a registration completion response to the micro-service terminal aiming at the registration request.
9. A block link point, comprising: a processor, a memory, and a transceiver;
the processor is respectively connected with a memory and a transceiver, wherein the memory is used for storing program codes, the transceiver is used for communicating with the micro service terminal and/or the calling terminal, the transceiver is specifically used for receiving a registration request sent by the micro service terminal, the registration request comprises registration information of the micro service and signature data of the registration information, the registration information comprises a first name, a first calling address and a first check code of the micro service, the first calling address is used for calling the micro service, and the first check code is signature data generated by the micro service through encryption algorithm encryption;
the processor is configured to invoke the program code to perform the following:
acquiring a public key of the micro-service terminal to decrypt the signature data of the registration information, and detecting whether the information obtained by decrypting the signature data of the registration information is the same as the registration information of the micro-service;
when the signature data of the registration information is decrypted to obtain information which is the same as the registration information of the micro service, detecting whether the first name and the first check code exist in a storage space of a block chain network;
the transceiver is further specifically configured to: when the first name and the first check code do not exist in the storage space of the block chain network, sending the registration information and signature data of the registration information to each consensus node in the block chain network, so that each consensus node in the block chain network checks the signature data of the registration information based on a public key of the micro service terminal and returns a consensus response, wherein the block chain network comprises the registration node and at least 2 consensus nodes;
the processor is further configured to invoke the program code to perform the following: when the consensus response returned by each consensus node meets the consensus condition, calling an intelligent contract to store the registration information into a storage space of the block chain network;
the transceiver is further specifically configured to: and returning a registration completion response to the micro service terminal aiming at the registration request.
10. A computer-readable storage medium, characterized in that the computer-readable storage medium stores a computer program comprising program instructions which, when executed by a processor, perform the method according to any one of claims 1-7.
Technical Field
The present application relates to the field of computer technologies, and in particular, to a method and an apparatus for registering a microservice.
Background
Existing microservice registries (e.g., zookeeper) can only be deployed in a mutually trusted distributed environment for security. If the micro service terminal is invaded, the registered micro service address is maliciously modified in the registration center, so that other calling terminals cannot obtain corresponding services or are attacked maliciously through the address returned by the registration center.
Disclosure of Invention
The embodiment of the application provides a micro-service registration method and device, which can avoid malicious tampering of an address of a micro-service, and improve the safety of the micro-service and the stability of service provision.
In a first aspect, an embodiment of the present application provides a method for registering a microservice, where the method includes:
a registration node receives a registration request sent by a micro-service terminal, wherein the registration request comprises registration information of a micro-service and signature data of the registration information, the registration information comprises a first name, a first calling address and a first check code of the micro-service, the first calling address is used for calling the micro-service, and the first check code is signature data generated by the micro-service through encryption of an encryption algorithm;
the registration node acquires a public key of the micro-service terminal to decrypt the signature data of the registration information and detects whether the information obtained by decrypting the signature data of the registration information is the same as the registration information of the micro-service;
if the information obtained by decrypting the signature data of the registration information is the same as the registration information of the micro service, the registration node detects whether the first name and the first check code exist in the storage space of the block chain network;
if the first name and the first check code do not exist in the storage space of the blockchain network, the registration node sends the registration information and signature data of the registration information to each common identification node in the blockchain network, so that each common identification node in the blockchain network checks the signature data of the registration information based on the public key of the micro service terminal and returns a common identification response, and the blockchain network comprises the registration node and at least 2 common identification nodes;
if the consensus response returned by each consensus node meets the consensus condition, the registration node calls an intelligent contract to store the registration information into the storage space of the block chain network, and returns a registration completion response to the micro-service terminal aiming at the registration request.
In a second aspect, an embodiment of the present application provides a micro-service registration apparatus, including:
the system comprises a receiving and sending module, a sending and receiving module and a processing module, wherein the receiving and sending module is used for receiving a registration request sent by a micro-service terminal, the registration request comprises registration information of a micro-service and signature data of the registration information, the registration information comprises a first name, a first calling address and a first check code of the micro-service, the first calling address is used for calling the micro-service, and the first check code is signature data generated by the micro-service through encryption algorithm encryption;
the decryption module is used for acquiring the public key of the micro service terminal to decrypt the signature data of the registration information;
the detection module is used for detecting whether the information obtained by decrypting the signature data of the registration information is the same as the registration information of the micro service;
the detection module is further configured to detect whether the first name and the first check code exist in a storage space of the block chain network when information obtained by decrypting the signature data of the registration information is the same as the registration information of the micro service;
the transceiver module is further configured to send the registration information and signature data of the registration information to each common node in the blockchain network when the first name and the first check code do not exist in the storage space of the blockchain network, so that each common node in the blockchain network checks the signature data of the registration information based on the public key of the micro service terminal and returns a common response, where the blockchain network includes the registration node and at least 2 common nodes;
the storage module is used for calling an intelligent contract to store the registration information into the storage space of the block chain network when the consensus response returned by each consensus node meets the consensus condition;
the transceiver module is used for returning a registration completion response to the micro-service terminal according to the registration request.
In one possible design, the device further comprises a reading module. The transceiver module is further configured to receive a data reading request sent by the calling terminal, where the data reading request includes the first name; the reading module is used for calling the intelligent contract to read a first calling address corresponding to the first name in the storage space; the transceiver module is further configured to return the first call address to the call terminal according to the read data request, so that the call terminal requests the micro-service terminal to call the micro-service corresponding to the first call address.
In one possible design, the apparatus further includes an asset transfer module. The transceiver module is further configured to receive a call event reported by the microservice terminal, where the call event includes the first name, a call duration, and a call account, and the call account is an account for calling the microservice on the call terminal; the asset transfer module is used for transferring the first digital asset in the calling account to the account of the micro-service terminal by calling the intelligent contract, and the size of the first digital asset is determined based on the calling duration and the micro-service corresponding to the first name.
In one possible design, the apparatus further includes a modification module. The transceiver module is further configured to receive a registration information modification request sent by the micro service terminal, where the registration information modification request includes the first name and the second calling address; the reading module is further configured to call the intelligent contract to read a first call address corresponding to the first name in the storage space; the modification module is used for calling the intelligent contract to modify the first calling address corresponding to the first name in the storage space into the second calling address.
In one possible design, the first calling address is a first internet protocol IP address. The apparatus also includes an acquisition module. The acquisition module is used for acquiring a preset target network segment; the detection module is further configured to detect whether the first IP address is in the target network segment; the transceiver module is further configured to send the registration information and signature data of the registration information to each common node in the blockchain network when the first IP address is in the target network segment.
In one possible design, the memory module is specifically configured to:
acquiring a key file corresponding to the micro service terminal, and encrypting the registration information based on the key file; and calling an intelligent contract to store the registration information encrypted by the key file into the storage space of the blockchain network.
In one possible design, the apparatus further includes a deletion module. The transceiver module is further configured to receive a logout request sent by the micro-service terminal, where the logout request includes a first name of the micro-service; the deleting module is used for calling the intelligent contract to delete the registration information corresponding to the first name in the storage space.
In a third aspect, an embodiment of the present application provides a block link point, including: a processor, a memory, and a transceiver;
the processor is respectively connected with the memory and the transceiver, wherein the memory is used for storing program codes, the transceiver is used for communicating with the micro service terminal and/or the calling terminal, the transceiver is specifically used for receiving a registration request sent by the micro service terminal, the registration request comprises registration information of the micro service and signature data of the registration information, the registration information comprises a first name, a first calling address and a first check code of the micro service, the first calling address is used for calling the micro service, and the first check code is signature data generated by encrypting the micro service through an encryption algorithm;
the processor is configured to call the program code to perform the following:
acquiring a public key of the micro-service terminal to decrypt the signature data of the registration information, and detecting whether the information obtained by decrypting the signature data of the registration information is the same as the registration information of the micro-service;
when the signature data of the registration information is decrypted to obtain information which is the same as the registration information of the micro service, detecting whether the first name and the first check code exist in a storage space of the block chain network;
the transceiver is further specifically configured to: when the first name and the first check code do not exist in the storage space of the block chain network, sending the registration information and signature data of the registration information to each common identification node in the block chain network, so that each common identification node in the block chain network checks the signature data of the registration information based on the public key of the micro service terminal and returns a common identification response, wherein the block chain network comprises the registration node and at least 2 common identification nodes;
the processor is further configured to invoke the program code to perform the following: when the consensus response returned by each consensus node meets the consensus condition, calling an intelligent contract to store the registration information into the storage space of the block chain network;
the transceiver is further specifically configured to: and returning a registration completion response to the micro service terminal aiming at the registration request.
In a fourth aspect, an embodiment of the present application provides a computer-readable storage medium, where a computer program is stored, where the computer program includes program instructions, and when the processor executes the program instructions, the method for registering a microservice in the first aspect of the embodiment of the present application is performed.
According to the embodiment of the application, the registration request sent by the micro-service terminal is received, and the registration request comprises the registration information of the micro-service and the signature data of the registration information. And acquiring a public key of the microservice terminal to decrypt the signature data of the registration information, and judging whether the decrypted information is the same as the registration information. And when the decrypted information is the same as the registration information, detecting whether the first name and the first check code exist in the storage space of the block chain network. And when the first name and the first check code do not exist in the storage space of the blockchain network, sending the registration information and signature data of the registration information to each consensus node in the blockchain network. And when the consensus response returned by each consensus node meets the consensus condition, calling an intelligent contract to store the registration information into the storage space of the block chain network, and returning a registration completion response to the micro-service terminal according to the registration request. The address of the micro service can be prevented from being maliciously tampered, and the safety of the micro service and the stability of the provided service are improved.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1A is an alternative structural diagram of a distributed system 100 applied to a blockchain system according to an embodiment of the present disclosure;
FIG. 1B is an alternative Block Structure (Block Structure) according to an embodiment of the present application;
fig. 2 is a schematic flow chart of a microservice registration method provided in an embodiment of the present application;
fig. 3 is another schematic flow chart of a microservice registration method provided in an embodiment of the present application;
fig. 4 is a schematic structural diagram of a microservice registration apparatus provided in an embodiment of the present application;
fig. 5 is a schematic structural diagram of a blockchain node according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
It should be understood that the term "and/or" as used in this specification and the appended claims refers to and includes any and all possible combinations of one or more of the associated listed items.
The system related to the embodiment of the application can be a distributed system formed by connecting a client, a plurality of nodes (any form of computing equipment in an access network, such as a server and a user terminal) through a network communication mode. The client in the system related to the embodiment of the present application may be a microservice terminal or a browser or an application (such as APP) in a calling terminal.
Taking a distributed system as an example of a blockchain system, referring To fig. 1A, fig. 1A is an optional structural schematic diagram of a blockchain system To which the distributed system 100 provided in this embodiment of the present application is applied, where the blockchain system is formed by a plurality of nodes (computing devices in any form in an access network, such as servers and user terminals) and one or more clients, and a Peer-To-Peer (P2P, Peer To Peer) network is formed between the nodes, and the P2P Protocol is an application layer Protocol operating on a Transmission Control Protocol (TCP). In a distributed system, any machine, such as a server or a terminal, can join to become a node, and the node comprises a hardware layer, a middle layer, an operating system layer and an application layer. The number of nodes and client data included in the distributed system 100 are not limited in the embodiment of the present application.
Referring to the functions of each node in the blockchain system shown in fig. 1A, the functions involved include:
1) routing, a basic function that a node has, is used to support communication between nodes.
Besides the routing function, the node may also have the following functions:
2) the application is used for being deployed in a block chain, realizing specific services according to actual service requirements, recording data related to the realization functions to form recording data, carrying a digital signature in the recording data to represent a source of task data, and sending the recording data to other nodes in the block chain system, so that the other nodes add the recording data to a temporary block when the source and integrity of the recording data are verified successfully.
For example, the services implemented by the application include:
2.1) wallet, for providing the function of transaction of electronic money, including initiating transaction (i.e. sending the transaction record of current transaction to other nodes in the blockchain system, after the other nodes are successfully verified, storing the record data of transaction in the temporary blocks of the blockchain as the response of confirming the transaction is valid; of course, the wallet also supports the querying of the remaining electronic money in the electronic money address;
and 2.2) sharing the account book, wherein the shared account book is used for providing functions of operations such as storage, query and modification of account data, record data of the operations on the account data are sent to other nodes in the block chain system, and after the other nodes verify the validity, the record data are stored in a temporary block as a response for acknowledging that the account data are valid, and confirmation can be sent to the node initiating the operations.
2.3) Intelligent contracts, computerized agreements, which can enforce the terms of a contract, implemented by codes deployed on a shared ledger for execution when certain conditions are met, for completing automated transactions according to actual business requirement codes, such as querying the logistics status of goods purchased by a buyer, transferring the buyer's electronic money to the merchant's address after the buyer signs for the goods; of course, smart contracts are not limited to executing contracts for trading, but may also execute contracts that process received information.
3) And the Block chain comprises a series of blocks (blocks) which are mutually connected according to the generated chronological order, new blocks cannot be removed once being added into the Block chain, and recorded data submitted by nodes in the Block chain system are recorded in the blocks.
Referring to fig. 1B, fig. 1B is an optional schematic diagram of a Block Structure (Block Structure) provided in this embodiment, each Block includes a hash value of a transaction record (hash value of the Block) stored in the Block and a hash value of a previous Block, and the blocks are connected by the hash value to form a Block chain. The block may include information such as a time stamp at the time of block generation. A block chain (Blockchain), which is essentially a decentralized database, is a string of data blocks associated by using cryptography, and each data block contains related information for verifying the validity (anti-counterfeiting) of the information and generating a next block.
The micro-service registration method provided by the present application will be described in detail below with reference to fig. 2 and 3.
Fig. 2 is a schematic flow chart of a method for registering a microservice according to an embodiment of the present disclosure. As shown in fig. 2, the micro-service registration method may include, but is not limited to, the following steps:
s201, the micro service terminal sends a registration request to a registration node. Accordingly, the registration node receives the registration request.
In some possible embodiments, the registration request may include registration information of the microservice and signature data of the registration information. One or more of a first name, an identification, a first calling address, a type (such as free, fee, or VIP), a functional description, or a first check code of the micro-service may be included in the registration information of the micro-service. The first call address may be used to call the microservice. The first check code is signature data generated by the microservice through encryption algorithm encryption.
In some possible embodiments, after the user develops the micro-service, the micro-service may be uploaded at the micro-service terminal. After receiving the micro service uploaded by the user, the micro service terminal may encrypt the micro service by using an encryption algorithm to generate signature data, and may use the signature data as a first check code. The microservice terminal can obtain information such as a first name, a type, a first calling address and function description of the microservice, and can generate an identifier of the microservice. Optionally, the information such as the first name, type, and function description of the micro service may be input by the user on the micro service terminal. The identifier of the micro service may be a hash value obtained by the micro service terminal calculating the first call address by using a hash algorithm. The first call address of the microservice may be generated based on a memory path of the microservice. The microservice terminal can generate registration information based on the first name, the identification, the first calling address, the type, the function description and the first check code of the microservice, and can encrypt the registration information by using a private key to generate signature data. The microservice terminal sends a registration request to a registration node, which may be used to request registration of the microservice into a blockchain network to provide a service.
S202, the registration node acquires the public key of the micro-service terminal to decrypt the signature data of the registration information, and detects whether the information obtained by decrypting the signature data of the registration information is the same as the registration information of the micro-service.
In some feasible embodiments, a storage space of the block chain network stores a public key of the micro service terminal, and the registration node may obtain the public key of the micro service terminal from the block chain network and may decrypt signature data of registration information carried by the registration request by using the public key of the micro service terminal. The registration node may detect whether information obtained by decrypting the signature data of the registration information is the same as the registration information of the microservice. According to the method and the device, the registration information is checked and signed, whether the micro-service terminal sending the registration request is a legal terminal or not can be judged, and malicious registration of the micro-service on the block chain network by stealing the identity of the legal terminal by other terminals is avoided.
S203, if the information obtained by decrypting the signature data of the registration information is the same as the registration information of the micro service, the registration node detects whether a first name and a first check code exist in the storage space of the block chain network.
In some possible embodiments, if the signature data of the registration information is decrypted by the public key of the micro service terminal to obtain the same information as the registration information of the micro service, which indicates that the registration information is sent by the micro service terminal itself, the registration node may detect whether the first name and the first check code exist in the storage space of the block chain network. In the embodiment of the application, the uniqueness of the microservice registered in the blockchain network can be ensured by detecting whether the microservice with a name (first name) which is duplicated with the microservice to be registered exists in the blockchain network or not and detecting whether the microservice which is completely the same with the microservice to be registered exists in the blockchain network or not (because the first check code is signature data generated by the microservice through an encryption algorithm, when the same encryption algorithm is used, the generated signature data are different as long as the microservice is different, and the first check code is also different).
In some possible embodiments, if the information obtained by decrypting the signature data of the registration information by the public key of the microservice terminal is different from the registration information of the microservice terminal, which indicates that the registration information may not be sent by the microservice terminal itself, the registration node may return a registration rejection response to the registration request. The registration rejection response may include registration failure information that may be used to reflect a mismatch of the micro service terminal and the registration information.
And S204, if the first name and the first check code do not exist in the storage space of the block chain network, the registration node sends the registration information and the signature data of the registration information to each common node in the block chain network.
In some possible embodiments, if the first name of the micro service and the first check code of the micro service do not exist in the storage space of the blockchain network, which indicates that the micro service is not registered, the registration node may send the registration information and signature data of the registration information to each common node in the blockchain network. After receiving the signature data of the registration information, each consensus node may decrypt the signature data of the registration information using the public key of the microservice, and may detect whether the information obtained by decrypting the signature data of the registration information is the same as the registration information. And when the information obtained by decrypting the signature data of the registration information is the same as the registration information, the consensus node returns a consensus successful response to the registration node. And when the information obtained by decrypting the signature data of the registration information is different from the registration information, the consensus node returns a consensus failure response to the registration node. It can be understood that each consensus node returns a corresponding consensus response (same, returns a consensus successful response; different, returns a consensus failed response) based on whether the information obtained by decrypting the signature data of the detected registration information is the same as the registration information. Wherein, the blockchain network can comprise a registration node and at least 2 consensus nodes.
In some possible embodiments, the first call address may be a first Internet Protocol (IP) address. Before the registration center sends the registration information and the signature data of the registration information to each common node in the block chain network, the registration node can acquire a preset target network segment. The registered node may detect whether the first IP address of the microservice is within the target network segment. When the first IP address is in the target network segment, it indicates that the first IP address is a legal address, and the registration node may send the registration information and signature data of the registration information to each common node in the blockchain network. When the first IP address is outside the target network segment, the first IP address is not a legal address, and the registration node can reject the registration request.
For example, the first IP address is 192.0.245.1 and the destination network segment is 192.0.0.0 through 195.255.255.255, with the first IP address being within the destination network segment.
And S205, if the consensus response returned by each consensus node meets the consensus condition, the registration node calls an intelligent contract to store the registration information of the micro service into a storage space of the block chain network.
In some possible embodiments, the registration node receives the consensus responses returned by the respective consensus nodes for the registration information, and may count the number of consensus responses indicating successful consensus in the consensus responses returned by the respective consensus nodes. If the number is greater than half of the total number of the common nodes in the blockchain network, which indicates that the registration information has been approved by most of the common nodes in the blockchain network, and also indicates that most of the common nodes in the blockchain network approve that the registration information belongs to the micro service terminal, the registration node may invoke an intelligent contract to store the registration information in a storage space of the blockchain network. According to the embodiment of the application, the micro-service is registered on the block chain network, so that the address of the micro-service can be prevented from being maliciously tampered, and the safety of the micro-service and the stability of providing the service are improved.
In some possible embodiments, when the registration node calls the smart contract to store the registration information, the registration node may obtain a key file corresponding to the microservice terminal, and may encrypt the registration information based on the key file. The registration node can call an intelligent contract to store the registration information encrypted by the key file into a storage space of the blockchain network. By encrypting the key file, the embodiment of the application can still ensure the safety of the registration information when the storage space in the blockchain network is attacked. Wherein the key file may correspond to only one decryption file.
In some possible embodiments, if the number is less than or equal to half of the total number of the common nodes in the blockchain network, which indicates that the registration information cannot be approved by most of the common nodes in the blockchain network, and also indicates that most of the common nodes in the blockchain network do not approve that the registration information belongs to the micro service terminal, the registration node may refuse to store the registration information and return a registration failure response to the micro service terminal. The registration failure response may be used to reflect a failure to agree on the registration information in the blockchain network.
And S206, the registration node returns a registration completion response to the micro service terminal aiming at the registration request.
In some possible embodiments, the registration completion response may be used to indicate that the microservice registration described above is complete.
In some possible embodiments, the micro service terminal may send a registration information modification request to the registration node, where the registration information modification request may include the first name and the second calling address. After receiving the registration information modification request, the registration node may invoke an intelligent contract to read a first calling address corresponding to the first name in a storage space of the block chain network, and may invoke the intelligent contract to modify the first calling address corresponding to the first name in the storage space into the second calling address. According to the embodiment of the application, the address of the micro service is modified by calling the intelligent contract, so that the covering storage can be realized, and the modification is more convenient and quicker.
In the embodiment of the application, a registration node receives a registration request sent by a microservice terminal, wherein the registration request comprises registration information of the microservice and signature data of the registration information. The registration node acquires a public key of the micro-service terminal to decrypt the signature data of the registration information and judges whether the decrypted information is the same as the registration information. And when the decrypted information is the same as the registration information, the registration node detects whether the first name and the first check code exist in the storage space of the block chain network. And when the first name and the first check code do not exist in the storage space of the blockchain network, the registration node sends the registration information and signature data of the registration information to each consensus node in the blockchain network. And when the consensus response returned by each consensus node meets the consensus condition, the registration node calls an intelligent contract to store the registration information into the storage space of the block chain network, and returns a registration completion response to the micro-service terminal according to the registration request. The address of the micro service can be prevented from being maliciously tampered, and the safety of the micro service and the stability of the provided service are improved.
Please refer to fig. 3, which is another flowchart illustrating a method for registering a microservice according to an embodiment of the present disclosure. As shown in fig. 3, the micro-service registration method may include, but is not limited to, the following steps:
s301, the micro service terminal sends a registration request to the registration node. Accordingly, the registration node receives the registration request.
S302, the registration node acquires the public key of the micro-service terminal to decrypt the signature data of the registration information, and detects whether the information obtained by decrypting the signature data of the registration information is the same as the registration information of the micro-service.
And S303, if the information obtained by decrypting the signature data of the registration information is the same as the registration information of the micro service, the registration node detects whether a first name and a first check code exist in the storage space of the block chain network.
And S304, if the first name and the first check code do not exist in the storage space of the block chain network, the registration node sends the registration information and the signature data of the registration information to each common node in the block chain network.
And S305, if the consensus response returned by each consensus node meets the consensus condition, the registration node calls an intelligent contract to store the registration information of the micro service into a storage space of the block chain network.
S306, the registration node returns a registration completion response to the micro service terminal aiming at the registration request.
In some possible implementations, the implementations of steps S301 to S306 in the embodiment of the present application may refer to the implementations of steps S201 to S206 in the embodiment shown in fig. 2, and are not described herein again.
S307, the calling terminal sends a read data request to the registration node. Accordingly, the registration node receives a read data request.
In some possible embodiments, after the microservice registration described above is successful, the caller may invoke this microservice. Specifically, the calling terminal may send a read data request to the registration node, and accordingly, the registration node may receive the read data request. The read data request may include a first name of the micro service.
S308, the registration node calls the intelligent contract to read a first calling address corresponding to the first name in the storage space.
S309, the registration node returns the first calling address to the calling terminal aiming at the read data request.
In some possible embodiments, the registration node may call a first call address corresponding to the first name in a storage space of the intelligent contract read blockchain network. The first call address may be used to call the microservice. The registry can return the first calling address to the calling terminal according to the read data request. Optionally, the first calling address may be an IP address, a website, or a calling interface.
In some possible embodiments, the registration node may invoke an intelligent contract to read the registration information corresponding to the first name in the storage space of the blockchain network. The registry can obtain a decryption file corresponding to the micro-service terminal, and can decrypt the registration information corresponding to the first name by using the decryption file to obtain the first calling address in the registration information. The registry can return the first calling address to the calling terminal according to the read data request.
It can be understood that, if the registration center receives the registration information modification request of the microservice terminal before receiving the read data request, and modifies the first calling address corresponding to the first name in the storage space of the block chain network into the second calling address, when the registration center receives the read data request, the calling address corresponding to the first name read from the storage space of the block chain network is the second calling address, and at this time, the calling address returned to the calling terminal for the read data request is also the second calling address. For convenience of description, the embodiments of the present application only take the example that the registration center does not receive the registration information modification request of the microserver terminal before receiving the read data request.
S310, the calling terminal calls the micro service corresponding to the first calling address in the micro service terminal.
And S311, the micro service terminal returns the calling result to the calling terminal.
In some possible embodiments, after the calling terminal receives the first calling address, the calling terminal may request the micro-service terminal to call the micro-service corresponding to the first calling address. After the micro-service call corresponding to the first call address is finished, that is, after the operation is finished, the micro-service terminal may return a call result to the call terminal. The calling result can be a result obtained by the micro-service operation corresponding to the first calling address.
Optionally, when the calling terminal requests the micro service terminal to call the micro service corresponding to the first calling address, the calling terminal may send a calling account to the micro service terminal. After the micro-service terminal receives the calling account, whether the calling account is in a permitted calling list of the micro-service terminal can be detected. When the calling account is in the allowed calling list of the micro-service terminal, the micro-service terminal allows the calling terminal to call the micro-service corresponding to the first calling address to obtain a calling result. And when the calling account is not in the allowed calling list of the micro-service terminal, the micro-service terminal refuses the calling request of the calling terminal.
In some possible embodiments, in the process of calling the micro service corresponding to the first calling address by the calling terminal, the micro service terminal may record the starting time and the ending time of calling the micro service corresponding to the first calling address by the calling terminal, and may also record the number of times of calling the micro service corresponding to the first calling address by the calling terminal.
S312, the micro service terminal reports the calling event to the registered node. Accordingly, the registration node receives the invocation event.
In some possible embodiments, the micro service terminal may determine the call duration according to the recorded start time and end time of the call terminal calling the micro service corresponding to the first call address. The microservice terminal may generate a call event based on a call duration, a call account, a first name, and/or a number of calls. The microservice terminal may encrypt the invocation event using a private key. The microservice terminal can report the encrypted calling event to the registration node. Accordingly, the registered node may receive the encrypted invocation event. After receiving the encrypted calling event, the registration node may decrypt the encrypted calling event by using the public key of the micro service terminal to obtain information included in the calling event. The calling event may include information such as the first name, the calling duration, the calling account, and/or the number of calls of the microservice.
S313, the registration node calls the intelligent contract to transfer the first digital assets in the calling account to the account of the micro-service terminal.
In some possible embodiments, the registration node may invoke the intelligent contract to acquire the registration information corresponding to the first name in the storage space of the blockchain network, and may acquire the type of the micro-service (free, charged or VIP) in the registration information. If the type of the micro-service in the registration information is free, the registry can call an intelligent contract to record the call event in the storage space of the blockchain network. If the type of the micro-service in the registration information is a fee, the registry may determine the size of the first digital asset based on the call duration in the call event, the micro-service corresponding to the first name, and the call account. The registry may invoke the smart contract to transfer the first digital asset in the invoked account to the account of the microservice terminal. Optionally, after transferring the first digital asset in the calling account to the account of the microservice terminal, the registry may call an intelligent contract to record the calling event in the memory space of the blockchain network.
For example, the calling time is 10 minutes, the micro service corresponding to the first name is micro service a, and the calling account is a common account. Assuming that the micro-service A needs to consume 1Q currency of digital assets every 1 minute called by a common account; microservice a needs to consume 0.8Q of money of digital assets every 1 minute it is invoked by a VIP account. And the registry determines that the first digital asset is 1 × 10 ═ 10Q currency according to the calling duration, the micro service corresponding to the first name and the calling account. The registry may transfer the 10Q currency in the calling account to the account of the microservice terminal. Similarly, if the calling account is a VIP account, the first digital asset is 0.8 x 10 ═ 8Q dollars. At this time, the registry may transfer the 8Q coin in the calling account to the account of the microservice terminal.
If the type of the micro service in the registration information is VIP, the registration center can detect whether the calling account in the calling event is a VIP account. If the calling account is a VIP account, the registry can call an intelligent contract to record the calling event in a storage space of the block chain network. Optionally, if the call account is a VIP account, the registry may detect whether the call duration in the call event exceeds the maximum call duration of the micro service corresponding to the first name. If the call duration exceeds the maximum call duration, the registry may determine the size of the second digital asset based on an absolute difference between the call duration and the maximum call duration and the microservice corresponding to the first name. The registry may invoke the smart contract to transfer the second digital asset in the invoked account to the account of the microservice terminal. The maximum call duration may be included in the registration information of the microservice.
For example, the maximum call duration of the microservice corresponding to the first name is 30 minutes, and the call duration is 50 minutes. Suppose that the micro-service for the first name consumes 0.5Q of dollars of digital assets every time the call duration exceeds the maximum call duration by one minute. And the registry determines that the second digital asset is 0.5 x (50-30) to 10Q coins based on the absolute difference value between the calling duration and the maximum calling duration and the micro service corresponding to the first name. The registry calls the intelligent contract to transfer the 10Q currency in the calling account to the account of the micro-service terminal.
In some possible embodiments, the micro service terminal may send a deregistration request to the registration node, and accordingly, the registration node may receive the deregistration request. The logoff request may include a first name of the microservice. And the registration node calls an intelligent contract to search and delete the registration information corresponding to the first name in the storage space of the block chain network.
In the embodiment of the application, the registration node can register the micro service according to the registration request of the micro service terminal, can also provide a calling address for the calling terminal after the micro service is successfully registered, and can realize the transfer of the digital assets according to the calling event. The address of the micro service can be prevented from being maliciously tampered, and the safety of the micro service and the stability of the provided service are improved; a trusted microservice invocation transaction is also provided.
The micro-service registration method according to the embodiment of the present application is described in detail above, and in order to better implement the above scheme according to the embodiment of the present application, the embodiment of the present application further provides a corresponding apparatus and device.
Referring to fig. 4, fig. 4 is a schematic structural diagram of a micro-service registration apparatus according to an embodiment of the present application. The micro-service registration apparatus 10 may be applied in a registration node as shown in fig. 2 or fig. 3, and the micro-service registration apparatus 10 may include:
the receiving and sending
the
the
the
the
a
the
In some possible embodiments, the microservice registration apparatus 10 further comprises a
In some possible embodiments, the microservice registration apparatus 10 further includes an
In some possible embodiments, the micro-service registration apparatus 10 further includes a
In some possible embodiments, the first calling address is a first internet protocol IP address. The microservice registration apparatus 10 further comprises an obtaining
In some possible embodiments, the
In some possible embodiments, the microservice registration apparatus 10 further comprises a
The
In a specific implementation, the implementation of each module may also correspond to the corresponding description of the registration node in the method embodiment shown in fig. 2 or fig. 3, and execute the method and the function executed by the registration node in the foregoing embodiment.
In the embodiment of the application, the micro-service registration device receives a registration request sent by a micro-service terminal, wherein the registration request comprises registration information of the micro-service and signature data of the registration information. The microservice registration device acquires a public key of the microservice terminal to decrypt the signature data of the registration information, and judges whether the decrypted information is the same as the registration information. And when the decrypted information is the same as the registration information, the micro-service registration device detects whether the first name and the first check code exist in the storage space of the block chain network. When the first name and the first check code do not exist in the storage space of the block chain network, the micro-service registration device sends the registration information and signature data of the registration information to each consensus node in the block chain network. When the consensus response returned by each consensus node meets the consensus condition, the micro-service registration device calls an intelligent contract to store the registration information into the storage space of the block chain network, and returns a registration completion response to the micro-service terminal according to the registration request. The address of the micro service can be prevented from being maliciously tampered, and the safety of the micro service and the stability of the provided service are improved.
Please refer to fig. 5, which is a schematic structural diagram of a blockchain node according to an embodiment of the present disclosure. As shown in fig. 5, block link points 1000 may include: a
In the block link point 1000 shown in fig. 5, the
And the
The
The
The
Further, here, it is to be noted that: an embodiment of the present application further provides a computer-readable storage medium, and the computer-readable storage medium stores the aforementioned computer program executed by the micro service registration apparatus 10, and the computer program includes program instructions, and when the processor executes the program instructions, the description of the micro service registration method in the embodiment corresponding to fig. 2 or fig. 3 can be performed, so that details are not repeated here. In addition, the beneficial effects of the same method are not described in detail. For technical details not disclosed in embodiments of the computer-readable storage medium referred to in the present application, reference is made to the description of embodiments of the method of the present application.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by a computer program, which can be stored in a computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. The storage medium may be a magnetic disk, an optical disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), or the like.
The above disclosure is only for the purpose of illustrating the preferred embodiments of the present application and is not to be construed as limiting the scope of the present application, so that the present application is not limited thereto, and all equivalent variations and modifications can be made to the present application.
- 上一篇:一种医用注射器针头装配设备
- 下一篇:一种区块链访问控制中的权限传递方法