Merge branch 'main' into fix-api-auth

alert/dispatch/dispatch.go

@@ -185,8 +185,8 @@ func (e *Dispatch) HandleEventWithNotifyRule(eventOrigin *models.AlertCurEvent)
 
 			for _, processor := range processors {
 				logger.Infof("before processor notify_id: %d, event:%+v, processor:%+v", notifyRuleId, eventCopy, processor)
-				eventCopy = processor.Process(e.ctx, eventCopy)
-				logger.Infof("after processor notify_id: %d, event:%+v, processor:%+v", notifyRuleId, eventCopy, processor)
+				eventCopy, res, err := processor.Process(e.ctx, eventCopy)
+				logger.Infof("after processor notify_id: %d, event:%+v, processor:%+v, res:%v, err:%v", notifyRuleId, eventCopy, processor, res, err)
 				if eventCopy == nil {
 					logger.Warningf("notify_id: %d, event:%+v, processor:%+v, event is nil", notifyRuleId, eventCopy, processor)
 					break

alert/mute/mute.go

@@ -9,6 +9,7 @@ import (
 	"github.com/ccfos/nightingale/v6/memsto"
 	"github.com/ccfos/nightingale/v6/models"
 
+	"github.com/pkg/errors"
 	"github.com/toolkits/pkg/logger"
 )
 
@@ -135,7 +136,8 @@ func EventMuteStrategy(event *models.AlertCurEvent, alertMuteCache *memsto.Alert
 	}
 
 	for i := 0; i < len(mutes); i++ {
-		if MatchMute(event, mutes[i]) {
+		matched, _ := MatchMute(event, mutes[i])
+		if matched {
 			return true, mutes[i].Id
 		}
 	}
@@ -144,9 +146,9 @@ func EventMuteStrategy(event *models.AlertCurEvent, alertMuteCache *memsto.Alert
 }
 
 // MatchMute 如果传入了clock这个可选参数，就表示使用这个clock表示的时间，否则就从event的字段中取TriggerTime
-func MatchMute(event *models.AlertCurEvent, mute *models.AlertMute, clock ...int64) bool {
+func MatchMute(event *models.AlertCurEvent, mute *models.AlertMute, clock ...int64) (bool, error) {
 	if mute.Disabled == 1 {
-		return false
+		return false, errors.New("mute is disabled")
 	}
 
 	// 如果不是全局的，判断 匹配的 datasource id
@@ -158,13 +160,13 @@ func MatchMute(event *models.AlertCurEvent, mute *models.AlertMute, clock ...int
 
 		// 判断 event.datasourceId 是否包含在 idm 中
 		if _, has := idm[event.DatasourceId]; !has {
-			return false
+			return false, errors.New("datasource id not match")
 		}
 	}
 
 	if mute.MuteTimeType == models.TimeRange {
 		if !mute.IsWithinTimeRange(event.TriggerTime) {
-			return false
+			return false, errors.New("event trigger time not within mute time range")
 		}
 	} else if mute.MuteTimeType == models.Periodic {
 		ts := event.TriggerTime
@@ -173,11 +175,11 @@ func MatchMute(event *models.AlertCurEvent, mute *models.AlertMute, clock ...int
 		}
 
 		if !mute.IsWithinPeriodicMute(ts) {
-			return false
+			return false, errors.New("event trigger time not within periodic mute range")
 		}
 	} else {
 		logger.Warningf("mute time type invalid, %d", mute.MuteTimeType)
-		return false
+		return false, errors.New("mute time type invalid")
 	}
 
 	var matchSeverity bool
@@ -193,12 +195,14 @@ func MatchMute(event *models.AlertCurEvent, mute *models.AlertMute, clock ...int
 	}
 
 	if !matchSeverity {
-		return false
+		return false, errors.New("event severity not match mute severity")
 	}
 
 	if mute.ITags == nil || len(mute.ITags) == 0 {
-		return true
+		return true, nil
 	}
-
-	return common.MatchTags(event.TagsMap, mute.ITags)
+	if !common.MatchTags(event.TagsMap, mute.ITags) {
+		return false, errors.New("event tags not match mute tags")
+	}
+	return true, nil
 }

alert/pipeline/processor/aisummary/ai_summary.go

@@ -17,7 +17,6 @@ import (
 	"github.com/ccfos/nightingale/v6/models"
 	"github.com/ccfos/nightingale/v6/pkg/ctx"
 	"github.com/ccfos/nightingale/v6/pkg/tplx"
-	"github.com/toolkits/pkg/logger"
 )
 
 const (
@@ -55,26 +54,23 @@ func (c *AISummaryConfig) Init(settings interface{}) (models.Processor, error) {
 	return result, err
 }
 
-func (c *AISummaryConfig) Process(ctx *ctx.Context, event *models.AlertCurEvent) *models.AlertCurEvent {
+func (c *AISummaryConfig) Process(ctx *ctx.Context, event *models.AlertCurEvent) (*models.AlertCurEvent, string, error) {
 	if c.Client == nil {
 		if err := c.initHTTPClient(); err != nil {
-			logger.Errorf("failed to initialize HTTP client: %v", err)
-			return event
+			return event, "", fmt.Errorf("failed to initialize HTTP client: %v processor: %v", err, c)
 		}
 	}
 
 	// 准备告警事件信息
 	eventInfo, err := c.prepareEventInfo(event)
 	if err != nil {
-		logger.Errorf("failed to prepare event info: %v", err)
-		return event
+		return event, "", fmt.Errorf("failed to prepare event info: %v processor: %v", err, c)
 	}
 
 	// 调用AI模型生成总结
 	summary, err := c.generateAISummary(eventInfo)
 	if err != nil {
-		logger.Errorf("failed to generate AI summary: %v", err)
-		return event
+		return event, "", fmt.Errorf("failed to generate AI summary: %v processor: %v", err, c)
 	}
 
 	// 将总结添加到annotations字段
@@ -86,12 +82,11 @@ func (c *AISummaryConfig) Process(ctx *ctx.Context, event *models.AlertCurEvent)
 	// 更新Annotations字段
 	b, err := json.Marshal(event.AnnotationsJSON)
 	if err != nil {
-		logger.Errorf("failed to marshal annotations: %v", err)
-		return event
+		return event, "", fmt.Errorf("failed to marshal annotations: %v processor: %v", err, c)
 	}
 	event.Annotations = string(b)
 
-	return event
+	return event, "", nil
 }
 
 func (c *AISummaryConfig) initHTTPClient() error {
@@ -137,7 +132,7 @@ func (c *AISummaryConfig) prepareEventInfo(event *models.AlertCurEvent) (string,
 func (c *AISummaryConfig) generateAISummary(eventInfo string) (string, error) {
 	// 构建基础请求参数
 	reqParams := map[string]interface{}{
-		"model":       c.ModelName,
+		"model": c.ModelName,
 		"messages": []Message{
 			{
 				Role:    "user",

alert/pipeline/processor/aisummary/ai_summary_test.go

@@ -54,7 +54,8 @@ func TestAISummaryConfig_Process(t *testing.T) {
 	assert.NotNil(t, processor)
 
 	// 测试处理函数
-	result := processor.Process(&ctx.Context{}, event)
+	result, _, err := processor.Process(&ctx.Context{}, event)
+	assert.NoError(t, err)
 	assert.NotNil(t, result)
 	assert.NotEmpty(t, result.AnnotationsJSON["ai_summary"])
 

alert/pipeline/processor/callback/callback.go

@@ -3,6 +3,7 @@ package callback
 import (
 	"crypto/tls"
 	"encoding/json"
+	"fmt"
 	"io"
 	"net/http"
 	"net/url"
@@ -42,7 +43,7 @@ func (c *CallbackConfig) Init(settings interface{}) (models.Processor, error) {
 	return result, err
 }
 
-func (c *CallbackConfig) Process(ctx *ctx.Context, event *models.AlertCurEvent) *models.AlertCurEvent {
+func (c *CallbackConfig) Process(ctx *ctx.Context, event *models.AlertCurEvent) (*models.AlertCurEvent, string, error) {
 	if c.Client == nil {
 		transport := &http.Transport{
 			TLSClientConfig: &tls.Config{InsecureSkipVerify: c.SkipSSLVerify},
@@ -51,7 +52,7 @@ func (c *CallbackConfig) Process(ctx *ctx.Context, event *models.AlertCurEvent)
 		if c.Proxy != "" {
 			proxyURL, err := url.Parse(c.Proxy)
 			if err != nil {
-				logger.Errorf("failed to parse proxy url: %v", err)
+				return event, "", fmt.Errorf("failed to parse proxy url: %v processor: %v", err, c)
 			} else {
 				transport.Proxy = http.ProxyURL(proxyURL)
 			}
@@ -71,14 +72,12 @@ func (c *CallbackConfig) Process(ctx *ctx.Context, event *models.AlertCurEvent)
 
 	body, err := json.Marshal(event)
 	if err != nil {
-		logger.Errorf("failed to marshal event: %v", err)
-		return event
+		return event, "", fmt.Errorf("failed to marshal event: %v processor: %v", err, c)
 	}
 
 	req, err := http.NewRequest("POST", c.URL, strings.NewReader(string(body)))
 	if err != nil {
-		logger.Errorf("failed to create request: %v event: %v", err, event)
-		return event
+		return event, "", fmt.Errorf("failed to create request: %v processor: %v", err, c)
 	}
 
 	for k, v := range headers {
@@ -91,16 +90,14 @@ func (c *CallbackConfig) Process(ctx *ctx.Context, event *models.AlertCurEvent)
 
 	resp, err := c.Client.Do(req)
 	if err != nil {
-		logger.Errorf("failed to send request: %v event: %v", err, event)
-		return event
+		return event, "", fmt.Errorf("failed to send request: %v processor: %v", err, c)
 	}
 
 	b, err := io.ReadAll(resp.Body)
 	if err != nil {
-		logger.Errorf("failed to read response body: %v event: %v", err, event)
-		return event
+		return event, "", fmt.Errorf("failed to read response body: %v processor: %v", err, c)
 	}
 
-	logger.Infof("response body: %s", string(b))
-	return event
+	logger.Debugf("callback processor response body: %s", string(b))
+	return event, "callback success", nil
 }

alert/pipeline/processor/eventdrop/event_drop.go

@@ -2,6 +2,7 @@ package eventdrop
 
 import (
 	"bytes"
+	"fmt"
 	"strings"
 	texttemplate "text/template"
 
@@ -25,7 +26,7 @@ func (c *EventDropConfig) Init(settings interface{}) (models.Processor, error) {
 	return result, err
 }
 
-func (c *EventDropConfig) Process(ctx *ctx.Context, event *models.AlertCurEvent) *models.AlertCurEvent {
+func (c *EventDropConfig) Process(ctx *ctx.Context, event *models.AlertCurEvent) (*models.AlertCurEvent, string, error) {
 	// 使用背景是可以根据此处理器，实现对事件进行更加灵活的过滤的逻辑
 	// 在标签过滤和属性过滤都不满足需求时可以使用
 	// 如果模板执行结果为 true，则删除该事件
@@ -40,22 +41,20 @@ func (c *EventDropConfig) Process(ctx *ctx.Context, event *models.AlertCurEvent)
 
 	tpl, err := texttemplate.New("eventdrop").Funcs(tplx.TemplateFuncMap).Parse(text)
 	if err != nil {
-		logger.Errorf("processor failed to parse template: %v event: %v", err, event)
-		return event
+		return event, "", fmt.Errorf("processor failed to parse template: %v processor: %v", err, c)
 	}
 
 	var body bytes.Buffer
 	if err = tpl.Execute(&body, event); err != nil {
-		logger.Errorf("processor failed to execute template: %v event: %v", err, event)
-		return event
+		return event, "", fmt.Errorf("processor failed to execute template: %v processor: %v", err, c)
 	}
 
 	result := strings.TrimSpace(body.String())
 	logger.Infof("processor eventdrop result: %v", result)
 	if result == "true" {
 		logger.Infof("processor eventdrop drop event: %v", event)
-		return nil
+		return nil, "drop event success", nil
 	}
 
-	return event
+	return event, "drop event failed", nil
 }

alert/pipeline/processor/eventupdate/event_update.go

@@ -3,6 +3,7 @@ package eventupdate
 import (
 	"crypto/tls"
 	"encoding/json"
+	"fmt"
 	"io"
 	"net/http"
 	"net/url"
@@ -30,7 +31,7 @@ func (c *EventUpdateConfig) Init(settings interface{}) (models.Processor, error)
 	return result, err
 }
 
-func (c *EventUpdateConfig) Process(ctx *ctx.Context, event *models.AlertCurEvent) *models.AlertCurEvent {
+func (c *EventUpdateConfig) Process(ctx *ctx.Context, event *models.AlertCurEvent) (*models.AlertCurEvent, string, error) {
 	if c.Client == nil {
 		transport := &http.Transport{
 			TLSClientConfig: &tls.Config{InsecureSkipVerify: c.SkipSSLVerify},
@@ -39,7 +40,7 @@ func (c *EventUpdateConfig) Process(ctx *ctx.Context, event *models.AlertCurEven
 		if c.Proxy != "" {
 			proxyURL, err := url.Parse(c.Proxy)
 			if err != nil {
-				logger.Errorf("failed to parse proxy url: %v", err)
+				return event, "", fmt.Errorf("failed to parse proxy url: %v processor: %v", err, c)
 			} else {
 				transport.Proxy = http.ProxyURL(proxyURL)
 			}
@@ -59,14 +60,12 @@ func (c *EventUpdateConfig) Process(ctx *ctx.Context, event *models.AlertCurEven
 
 	body, err := json.Marshal(event)
 	if err != nil {
-		logger.Errorf("failed to marshal event: %v", err)
-		return event
+		return event, "", fmt.Errorf("failed to marshal event: %v processor: %v", err, c)
 	}
 
 	req, err := http.NewRequest("POST", c.URL, strings.NewReader(string(body)))
 	if err != nil {
-		logger.Errorf("failed to create request: %v event: %v", err, event)
-		return event
+		return event, "", fmt.Errorf("failed to create request: %v processor: %v", err, c)
 	}
 
 	for k, v := range headers {
@@ -79,22 +78,19 @@ func (c *EventUpdateConfig) Process(ctx *ctx.Context, event *models.AlertCurEven
 
 	resp, err := c.Client.Do(req)
 	if err != nil {
-		logger.Errorf("failed to send request: %v event: %v", err, event)
-		return event
+		return event, "", fmt.Errorf("failed to send request: %v processor: %v", err, c)
 	}
 
 	b, err := io.ReadAll(resp.Body)
 	if err != nil {
-		logger.Errorf("failed to read response body: %v event: %v", err, event)
-		return event
+		return nil, "", fmt.Errorf("failed to read response body: %v processor: %v", err, c)
 	}
-	logger.Infof("response body: %s", string(b))
+	logger.Debugf("event update processor response body: %s", string(b))
 
 	err = json.Unmarshal(b, &event)
 	if err != nil {
-		logger.Errorf("failed to unmarshal response body: %v event: %v", err, event)
-		return event
+		return event, "", fmt.Errorf("failed to unmarshal response body: %v processor: %v", err, c)
 	}
 
-	return event
+	return event, "", nil
 }

alert/pipeline/processor/relabel/relabel.go

@@ -42,7 +42,7 @@ func (r *RelabelConfig) Init(settings interface{}) (models.Processor, error) {
 	return result, err
 }
 
-func (r *RelabelConfig) Process(ctx *ctx.Context, event *models.AlertCurEvent) *models.AlertCurEvent {
+func (r *RelabelConfig) Process(ctx *ctx.Context, event *models.AlertCurEvent) (*models.AlertCurEvent, string, error) {
 	sourceLabels := make([]model.LabelName, len(r.SourceLabels))
 	for i := range r.SourceLabels {
 		sourceLabels[i] = model.LabelName(strings.ReplaceAll(r.SourceLabels[i], ".", REPLACE_DOT))
@@ -64,7 +64,7 @@ func (r *RelabelConfig) Process(ctx *ctx.Context, event *models.AlertCurEvent) *
 	}
 
 	EventRelabel(event, relabelConfigs)
-	return event
+	return event, "", nil
 }
 
 func EventRelabel(event *models.AlertCurEvent, relabelConfigs []*pconf.RelabelConfig) {

center/router/router.go

@@ -254,6 +254,7 @@ func (rt *Router) Config(r *gin.Engine) {
 
 		pages.GET("/notify-channels", rt.notifyChannelsGets)
 		pages.GET("/contact-keys", rt.contactKeysGets)
+		pages.GET("/install-date", rt.installDateGet)
 
 		pages.GET("/self/perms", rt.auth(), rt.user(), rt.permsGets)
 		pages.GET("/self/profile", rt.auth(), rt.user(), rt.selfProfileGet)
@@ -372,6 +373,8 @@ func (rt *Router) Config(r *gin.Engine) {
 		pages.POST("/relabel-test", rt.auth(), rt.user(), rt.relabelTest)
 		pages.POST("/busi-group/:id/alert-rules/clone", rt.auth(), rt.user(), rt.perm("/alert-rules/add"), rt.bgrw(), rt.cloneToMachine)
 		pages.POST("/busi-groups/alert-rules/clones", rt.auth(), rt.user(), rt.perm("/alert-rules/add"), rt.batchAlertRuleClone)
+		pages.POST("/busi-group/alert-rules/notify-tryrun", rt.auth(), rt.user(), rt.perm("/alert-rules/add"), rt.alertRuleNotifyTryRun)
+		pages.POST("/busi-group/alert-rules/enable-tryrun", rt.auth(), rt.user(), rt.perm("/alert-rules/add"), rt.alertRuleEnableTryRun)
 
 		pages.GET("/busi-groups/recording-rules", rt.auth(), rt.user(), rt.perm("/recording-rules"), rt.recordingRuleGetsByGids)
 		pages.GET("/busi-group/:id/recording-rules", rt.auth(), rt.user(), rt.perm("/recording-rules"), rt.recordingRuleGets)
@@ -397,6 +400,7 @@ func (rt *Router) Config(r *gin.Engine) {
 		pages.POST("/busi-group/:id/alert-subscribes", rt.auth(), rt.user(), rt.perm("/alert-subscribes/add"), rt.bgrw(), rt.alertSubscribeAdd)
 		pages.PUT("/busi-group/:id/alert-subscribes", rt.auth(), rt.user(), rt.perm("/alert-subscribes/put"), rt.bgrw(), rt.alertSubscribePut)
 		pages.DELETE("/busi-group/:id/alert-subscribes", rt.auth(), rt.user(), rt.perm("/alert-subscribes/del"), rt.bgrw(), rt.alertSubscribeDel)
+		pages.POST("/alert-subscribe/alert-subscribes-tryrun", rt.auth(), rt.user(), rt.perm("/alert-subscribes/add"), rt.alertSubscribeTryRun)
 
 		pages.GET("/alert-cur-event/:eid", rt.alertCurEventGet)
 		pages.GET("/alert-his-event/:eid", rt.alertHisEventGet)

center/router/router_alert_rule.go

@@ -11,6 +11,7 @@ import (
 
 	"gopkg.in/yaml.v2"
 
+	"github.com/ccfos/nightingale/v6/alert/mute"
 	"github.com/ccfos/nightingale/v6/models"
 	"github.com/ccfos/nightingale/v6/pkg/strx"
 	"github.com/ccfos/nightingale/v6/pushgw/pconf"
@@ -18,6 +19,7 @@ import (
 
 	"github.com/gin-gonic/gin"
 	"github.com/jinzhu/copier"
+	"github.com/pkg/errors"
 	"github.com/prometheus/prometheus/prompb"
 	"github.com/toolkits/pkg/ginx"
 	"github.com/toolkits/pkg/i18n"
@@ -157,6 +159,120 @@ func (rt *Router) alertRuleAddByFE(c *gin.Context) {
 	ginx.NewRender(c).Data(reterr, nil)
 }
 
+type AlertRuleTryRunForm struct {
+	EventId         int64            `json:"event_id" binding:"required"`
+	AlertRuleConfig models.AlertRule `json:"alert_rule_config" binding:"required"`
+}
+
+func (rt *Router) alertRuleNotifyTryRun(c *gin.Context) {
+	// check notify channels of old version
+	var f AlertRuleTryRunForm
+	ginx.BindJSON(c, &f)
+
+	hisEvent, err := models.AlertHisEventGetById(rt.Ctx, f.EventId)
+	ginx.Dangerous(err)
+
+	if hisEvent == nil {
+		ginx.Bomb(http.StatusNotFound, "event not found")
+	}
+
+	curEvent := *hisEvent.ToCur()
+	curEvent.SetTagsMap()
+
+	if f.AlertRuleConfig.NotifyVersion == 1 {
+		for _, id := range f.AlertRuleConfig.NotifyRuleIds {
+			notifyRule, err := models.GetNotifyRule(rt.Ctx, id)
+			ginx.Dangerous(err)
+			for _, notifyConfig := range notifyRule.NotifyConfigs {
+				_, err = SendNotifyChannelMessage(rt.Ctx, rt.UserCache, rt.UserGroupCache, notifyConfig, []*models.AlertCurEvent{&curEvent})
+				ginx.Dangerous(err)
+			}
+		}
+
+		ginx.NewRender(c).Data("notification test ok", nil)
+		return
+	}
+
+	if len(f.AlertRuleConfig.NotifyChannelsJSON) == 0 {
+		ginx.Bomb(http.StatusOK, "no notify channels selected")
+	}
+
+	if len(f.AlertRuleConfig.NotifyGroupsJSON) == 0 {
+		ginx.Bomb(http.StatusOK, "no notify groups selected")
+	}
+
+	ancs := make([]string, 0, len(curEvent.NotifyChannelsJSON))
+	ugids := f.AlertRuleConfig.NotifyGroupsJSON
+	ngids := make([]int64, 0)
+	for i := 0; i < len(ugids); i++ {
+		if gid, err := strconv.ParseInt(ugids[i], 10, 64); err == nil {
+			ngids = append(ngids, gid)
+		}
+	}
+	userGroups := rt.UserGroupCache.GetByUserGroupIds(ngids)
+	uids := make([]int64, 0)
+	for i := range userGroups {
+		uids = append(uids, userGroups[i].UserIds...)
+	}
+	users := rt.UserCache.GetByUserIds(uids)
+	for _, NotifyChannels := range curEvent.NotifyChannelsJSON {
+		flag := true
+		// ignore non-default channels
+		switch NotifyChannels {
+		case models.Dingtalk, models.Wecom, models.Feishu, models.Mm,
+			models.Telegram, models.Email, models.FeishuCard:
+			// do nothing
+		default:
+			continue
+		}
+		// default channels
+		for ui := range users {
+			if _, b := users[ui].ExtractToken(NotifyChannels); b {
+				flag = false
+				break
+			}
+		}
+		if flag {
+			ancs = append(ancs, NotifyChannels)
+		}
+	}
+	if len(ancs) > 0 {
+		ginx.Dangerous(errors.New(fmt.Sprintf("All users are missing notify channel configurations. Please check for missing tokens (each channel should be configured with at least one user). %v", ancs)))
+	}
+
+	ginx.NewRender(c).Data("notification test ok", nil)
+}
+
+func (rt *Router) alertRuleEnableTryRun(c *gin.Context) {
+	// check notify channels of old version
+	var f AlertRuleTryRunForm
+	ginx.BindJSON(c, &f)
+
+	hisEvent, err := models.AlertHisEventGetById(rt.Ctx, f.EventId)
+	ginx.Dangerous(err)
+
+	if hisEvent == nil {
+		ginx.Bomb(http.StatusNotFound, "event not found")
+	}
+
+	curEvent := *hisEvent.ToCur()
+	curEvent.SetTagsMap()
+
+	if f.AlertRuleConfig.Disabled == 1 {
+		ginx.Bomb(http.StatusOK, "rule is disabled")
+	}
+
+	if mute.TimeSpanMuteStrategy(&f.AlertRuleConfig, &curEvent) {
+		ginx.Bomb(http.StatusOK, "event is not match for period of time")
+	}
+
+	if mute.BgNotMatchMuteStrategy(&f.AlertRuleConfig, &curEvent, rt.TargetCache) {
+		ginx.Bomb(http.StatusOK, "event target busi group not match rule busi group")
+	}
+
+	ginx.NewRender(c).Data("event is effective", nil)
+}
+
 func (rt *Router) alertRuleAddByImport(c *gin.Context) {
 	username := c.MustGet("username").(string)
 

center/router/router_alert_subscribe.go

@@ -1,13 +1,18 @@
 package router
 
 import (
+	"fmt"
 	"net/http"
+	"strconv"
+	"strings"
 	"time"
 
+	"github.com/ccfos/nightingale/v6/alert/common"
 	"github.com/ccfos/nightingale/v6/models"
 	"github.com/ccfos/nightingale/v6/pkg/strx"
 
 	"github.com/gin-gonic/gin"
+	"github.com/pkg/errors"
 	"github.com/toolkits/pkg/ginx"
 )
 
@@ -104,6 +109,124 @@ func (rt *Router) alertSubscribeAdd(c *gin.Context) {
 	ginx.NewRender(c).Message(f.Add(rt.Ctx))
 }
 
+type SubscribeTryRunForm struct {
+	EventId         int64                 `json:"event_id" binding:"required"`
+	SubscribeConfig models.AlertSubscribe `json:"subscribe_config" binding:"required"`
+}
+
+func (rt *Router) alertSubscribeTryRun(c *gin.Context) {
+	var f SubscribeTryRunForm
+	ginx.BindJSON(c, &f)
+
+	hisEvent, err := models.AlertHisEventGetById(rt.Ctx, f.EventId)
+	ginx.Dangerous(err)
+
+	if hisEvent == nil {
+		ginx.Bomb(http.StatusNotFound, "event not found")
+	}
+
+	curEvent := *hisEvent.ToCur()
+	curEvent.SetTagsMap()
+
+	// 先判断匹配条件
+	if !f.SubscribeConfig.MatchCluster(curEvent.DatasourceId) {
+		ginx.Dangerous(errors.New("Datasource mismatch"))
+	}
+
+	// 匹配 tag
+	f.SubscribeConfig.Parse()
+	if !common.MatchTags(curEvent.TagsMap, f.SubscribeConfig.ITags) {
+		ginx.Dangerous(errors.New("Tags mismatch"))
+	}
+
+	// 匹配group name
+	if !common.MatchGroupsName(curEvent.GroupName, f.SubscribeConfig.IBusiGroups) {
+		ginx.Dangerous(errors.New("Group name mismatch"))
+	}
+
+	// 检查严重级别（Severity）匹配
+	if len(f.SubscribeConfig.SeveritiesJson) != 0 {
+		match := false
+		for _, s := range f.SubscribeConfig.SeveritiesJson {
+			if s == curEvent.Severity || s == 0 {
+				match = true
+				break
+			}
+		}
+		if !match {
+			ginx.Dangerous(errors.New("Severity mismatch"))
+		}
+	}
+
+	// 新版本通知规则
+	if f.SubscribeConfig.NotifyVersion == 1 {
+		for _, id := range f.SubscribeConfig.NotifyRuleIds {
+			notifyRule, err := models.GetNotifyRule(rt.Ctx, id)
+			ginx.Dangerous(err)
+
+			for _, notifyConfig := range notifyRule.NotifyConfigs {
+				_, err = SendNotifyChannelMessage(rt.Ctx, rt.UserCache, rt.UserGroupCache, notifyConfig, []*models.AlertCurEvent{&curEvent})
+				ginx.Dangerous(err)
+			}
+		}
+
+		ginx.NewRender(c).Data("notification test ok", nil)
+		return
+	}
+
+	// 旧版通知方式
+	f.SubscribeConfig.ModifyEvent(&curEvent)
+	if len(curEvent.NotifyChannelsJSON) == 0 {
+		ginx.Bomb(http.StatusBadRequest, "no notify channels selected")
+	}
+
+	if len(curEvent.NotifyGroupsJSON) == 0 {
+		ginx.Bomb(http.StatusOK, "no notify groups selected")
+	}
+
+	ancs := make([]string, 0, len(curEvent.NotifyChannelsJSON))
+	ugids := strings.Fields(f.SubscribeConfig.UserGroupIds)
+	ngids := make([]int64, 0)
+	for i := 0; i < len(ugids); i++ {
+		if gid, err := strconv.ParseInt(ugids[i], 10, 64); err == nil {
+			ngids = append(ngids, gid)
+		}
+	}
+
+	userGroups := rt.UserGroupCache.GetByUserGroupIds(ngids)
+	uids := make([]int64, 0)
+	for i := range userGroups {
+		uids = append(uids, userGroups[i].UserIds...)
+	}
+	users := rt.UserCache.GetByUserIds(uids)
+	for _, NotifyChannels := range curEvent.NotifyChannelsJSON {
+		flag := true
+		// ignore non-default channels
+		switch NotifyChannels {
+		case models.Dingtalk, models.Wecom, models.Feishu, models.Mm,
+			models.Telegram, models.Email, models.FeishuCard:
+			// do nothing
+		default:
+			continue
+		}
+		// default channels
+		for ui := range users {
+			if _, b := users[ui].ExtractToken(NotifyChannels); b {
+				flag = false
+				break
+			}
+		}
+		if flag {
+			ancs = append(ancs, NotifyChannels)
+		}
+	}
+	if len(ancs) > 0 {
+		ginx.Dangerous(errors.New(fmt.Sprintf("All users are missing notify channel configurations. Please check for missing tokens (each channel should be configured with at least one user). %v", ancs)))
+	}
+
+	ginx.NewRender(c).Data("notification test ok", nil)
+}
+
 func (rt *Router) alertSubscribePut(c *gin.Context) {
 	var fs []models.AlertSubscribe
 	ginx.BindJSON(c, &fs)

center/router/router_event_pipeline.go

@@ -8,7 +8,6 @@ import (
 
 	"github.com/gin-gonic/gin"
 	"github.com/toolkits/pkg/ginx"
-	"github.com/toolkits/pkg/logger"
 )
 
 // 获取事件Pipeline列表
@@ -145,13 +144,25 @@ func (rt *Router) tryRunEventPipeline(c *gin.Context) {
 		if err != nil {
 			ginx.Bomb(http.StatusBadRequest, "get processor: %+v err: %+v", p, err)
 		}
-		event = processor.Process(rt.Ctx, event)
+		event, _, err = processor.Process(rt.Ctx, event)
+		if err != nil {
+			ginx.Bomb(http.StatusBadRequest, "processor: %+v err: %+v", p, err)
+		}
+
 		if event == nil {
-			ginx.Bomb(http.StatusBadRequest, "event is dropped")
+			ginx.NewRender(c).Data(map[string]interface{}{
+				"event":  event,
+				"result": "event is dropped",
+			}, nil)
+			return
 		}
 	}
 
-	ginx.NewRender(c).Data(event, nil)
+	m := map[string]interface{}{
+		"event":  event,
+		"result": "",
+	}
+	ginx.NewRender(c).Data(m, nil)
 }
 
 // 测试事件处理器
@@ -170,15 +181,17 @@ func (rt *Router) tryRunEventProcessor(c *gin.Context) {
 
 	processor, err := models.GetProcessorByType(f.ProcessorConfig.Typ, f.ProcessorConfig.Config)
 	if err != nil {
-		ginx.Bomb(http.StatusBadRequest, "get processor err: %+v", err)
+		ginx.Bomb(200, "get processor err: %+v", err)
 	}
-	event = processor.Process(rt.Ctx, event)
-	logger.Infof("processor %+v result: %+v", f.ProcessorConfig, event)
-	if event == nil {
-		ginx.Bomb(http.StatusBadRequest, "event is dropped")
+	event, res, err := processor.Process(rt.Ctx, event)
+	if err != nil {
+		ginx.Bomb(200, "processor err: %+v", err)
 	}
 
-	ginx.NewRender(c).Data(event, nil)
+	ginx.NewRender(c).Data(map[string]interface{}{
+		"event":  event,
+		"result": res,
+	}, nil)
 }
 
 func (rt *Router) tryRunEventProcessorByNotifyRule(c *gin.Context) {
@@ -212,9 +225,17 @@ func (rt *Router) tryRunEventProcessorByNotifyRule(c *gin.Context) {
 			if err != nil {
 				ginx.Bomb(http.StatusBadRequest, "get processor: %+v err: %+v", p, err)
 			}
-			event = processor.Process(rt.Ctx, event)
+
+			event, _, err := processor.Process(rt.Ctx, event)
+			if err != nil {
+				ginx.Bomb(http.StatusBadRequest, "processor: %+v err: %+v", p, err)
+			}
 			if event == nil {
-				ginx.Bomb(http.StatusBadRequest, "event is dropped")
+				ginx.NewRender(c).Data(map[string]interface{}{
+					"event":  event,
+					"result": "event is dropped",
+				}, nil)
+				return
 			}
 		}
 	}

center/router/router_mute.go

@@ -95,7 +95,9 @@ func (rt *Router) alertMuteTryRun(c *gin.Context) {
 	f.AlertMute.Btime = 0             // 最小可能值（如 Unix 时间戳起点）
 	f.AlertMute.Etime = math.MaxInt64 // 最大可能值（int64 上限）
 
-	if !mute.MatchMute(&curEvent, &f.AlertMute) {
+	match, err := mute.MatchMute(&curEvent, &f.AlertMute)
+	ginx.Dangerous(err)
+	if !match {
 		ginx.NewRender(c).Data("not match", nil)
 		return
 	}

center/router/router_notify_rule.go

@@ -6,11 +6,12 @@ import (
 	"time"
 
 	"github.com/ccfos/nightingale/v6/alert/dispatch"
+	"github.com/ccfos/nightingale/v6/memsto"
 	"github.com/ccfos/nightingale/v6/models"
+	"github.com/ccfos/nightingale/v6/pkg/ctx"
 	"github.com/ccfos/nightingale/v6/pkg/slice"
 
 	"github.com/gin-gonic/gin"
-	"github.com/pkg/errors"
 	"github.com/toolkits/pkg/ginx"
 	"github.com/toolkits/pkg/logger"
 )
@@ -161,79 +162,89 @@ func (rt *Router) notifyTest(c *gin.Context) {
 		ginx.Bomb(http.StatusBadRequest, "not events applicable")
 	}
 
-	notifyChannels, err := models.NotifyChannelGets(rt.Ctx, f.NotifyConfig.ChannelID, "", "", -1)
-	ginx.Dangerous(err)
+	resp, err := SendNotifyChannelMessage(rt.Ctx, rt.UserCache, rt.UserGroupCache, f.NotifyConfig, events)
+	ginx.NewRender(c).Data(resp, err)
+}
+
+func SendNotifyChannelMessage(ctx *ctx.Context, userCache *memsto.UserCacheType, userGroup *memsto.UserGroupCacheType, notifyConfig models.NotifyConfig, events []*models.AlertCurEvent) (string, error) {
+	notifyChannels, err := models.NotifyChannelGets(ctx, notifyConfig.ChannelID, "", "", -1)
+	if err != nil {
+		return "", fmt.Errorf("failed to get notify channels: %v", err)
+	}
+
 	if len(notifyChannels) == 0 {
-		ginx.Bomb(http.StatusBadRequest, "notify channel not found")
+		return "", fmt.Errorf("notify channel not found")
 	}
 
 	notifyChannel := notifyChannels[0]
-
 	if !notifyChannel.Enable {
-		ginx.Bomb(http.StatusBadRequest, "notify channel not enabled, please enable it first")
+		return "", fmt.Errorf("notify channel not enabled, please enable it first")
 	}
-
 	tplContent := make(map[string]interface{})
-	if notifyChannel.RequestType != "flashtudy" {
-		messageTemplates, err := models.MessageTemplateGets(rt.Ctx, f.NotifyConfig.TemplateID, "", "")
-		ginx.Dangerous(err)
+	if notifyChannel.RequestType != "flashduty" {
+		messageTemplates, err := models.MessageTemplateGets(ctx, notifyConfig.TemplateID, "", "")
+		if err != nil {
+			return "", fmt.Errorf("failed to get message templates: %v", err)
+		}
+
 		if len(messageTemplates) == 0 {
-			ginx.Bomb(http.StatusBadRequest, "message template not found")
+			return "", fmt.Errorf("message template not found")
 		}
 		tplContent = messageTemplates[0].RenderEvent(events)
 	}
-
 	var contactKey string
 	if notifyChannel.ParamConfig != nil && notifyChannel.ParamConfig.UserInfo != nil {
 		contactKey = notifyChannel.ParamConfig.UserInfo.ContactKey
 	}
 
-	sendtos, flashDutyChannelIDs, customParams := dispatch.GetNotifyConfigParams(&f.NotifyConfig, contactKey, rt.UserCache, rt.UserGroupCache)
+	sendtos, flashDutyChannelIDs, customParams := dispatch.GetNotifyConfigParams(&notifyConfig, contactKey, userCache, userGroup)
 
 	var resp string
 	switch notifyChannel.RequestType {
 	case "flashduty":
 		client, err := models.GetHTTPClient(notifyChannel)
-		ginx.Dangerous(err)
+		if err != nil {
+			return "", fmt.Errorf("failed to get http client: %v", err)
+		}
 
 		for i := range flashDutyChannelIDs {
 			resp, err = notifyChannel.SendFlashDuty(events, flashDutyChannelIDs[i], client)
 			if err != nil {
-				break
+				return "", fmt.Errorf("failed to send flashduty notify: %v", err)
 			}
 		}
 		logger.Infof("channel_name: %v, event:%+v, tplContent:%s, customParams:%v, respBody: %v, err: %v", notifyChannel.Name, events[0], tplContent, customParams, resp, err)
-		ginx.NewRender(c).Data(resp, err)
+		return resp, nil
 	case "http":
 		client, err := models.GetHTTPClient(notifyChannel)
-		ginx.Dangerous(err)
+		if err != nil {
+			return "", fmt.Errorf("failed to get http client: %v", err)
+		}
 
 		if notifyChannel.RequestConfig == nil {
-			ginx.Bomb(http.StatusBadRequest, "request config not found")
+			return "", fmt.Errorf("request config is nil")
 		}
 
 		if notifyChannel.RequestConfig.HTTPRequestConfig == nil {
-			ginx.Bomb(http.StatusBadRequest, "http request config not found")
+			return "", fmt.Errorf("http request config is nil")
 		}
 
 		if dispatch.NeedBatchContacts(notifyChannel.RequestConfig.HTTPRequestConfig) || len(sendtos) == 0 {
 			resp, err = notifyChannel.SendHTTP(events, tplContent, customParams, sendtos, client)
 			logger.Infof("channel_name: %v, event:%+v, sendtos:%+v, tplContent:%s, customParams:%v, respBody: %v, err: %v", notifyChannel.Name, events[0], sendtos, tplContent, customParams, resp, err)
 			if err != nil {
-				logger.Errorf("failed to send http notify: %v", err)
+				return "", fmt.Errorf("failed to send http notify: %v", err)
 			}
-			ginx.NewRender(c).Data(resp, err)
+			return resp, nil
 		} else {
 			for i := range sendtos {
 				resp, err = notifyChannel.SendHTTP(events, tplContent, customParams, []string{sendtos[i]}, client)
 				logger.Infof("channel_name: %v, event:%+v,  tplContent:%s, customParams:%v, sendto:%+v, respBody: %v, err: %v", notifyChannel.Name, events[0], tplContent, customParams, sendtos[i], resp, err)
 				if err != nil {
-					logger.Errorf("failed to send http notify: %v", err)
-					ginx.NewRender(c).Message(err)
-					return
+					return "", fmt.Errorf("failed to send http notify: %v", err)
 				}
 			}
-			ginx.NewRender(c).Message(err)
+			return resp, nil
 		}
 
 	case "smtp":
@@ -241,14 +252,17 @@ func (rt *Router) notifyTest(c *gin.Context) {
 			ginx.Bomb(http.StatusBadRequest, "No valid email address in the user and team")
 		}
 		err := notifyChannel.SendEmailNow(events, tplContent, sendtos)
-		ginx.NewRender(c).Message(err)
+		if err != nil {
+			return "", fmt.Errorf("failed to send email notify: %v", err)
+		}
+		return resp, nil
 	case "script":
 		resp, _, err := notifyChannel.SendScript(events, tplContent, customParams, sendtos)
 		logger.Infof("channel_name: %v, event:%+v, tplContent:%s, customParams:%v, respBody: %v, err: %v", notifyChannel.Name, events[0], tplContent, customParams, resp, err)
-		ginx.NewRender(c).Data(resp, err)
+		return resp, err
 	default:
 		logger.Errorf("unsupported request type: %v", notifyChannel.RequestType)
-		ginx.NewRender(c).Message(errors.New("unsupported request type"))
+		return "", fmt.Errorf("unsupported request type")
 	}
 }
 

center/router/router_user.go

@@ -235,3 +235,20 @@ func (rt *Router) userDel(c *gin.Context) {
 
 	ginx.NewRender(c).Message(target.Del(rt.Ctx))
 }
+
+func (rt *Router) installDateGet(c *gin.Context) {
+	rootUser, err := models.UserGetByUsername(rt.Ctx, "root")
+	if err != nil {
+		logger.Errorf("get root user failed: %v", err)
+		ginx.NewRender(c).Data(0, nil)
+		return
+	}
+
+	if rootUser == nil {
+		logger.Errorf("root user not found")
+		ginx.NewRender(c).Data(0, nil)
+		return
+	}
+
+	ginx.NewRender(c).Data(rootUser.CreateAt, nil)
+}

conf/crypto.go

@@ -14,6 +14,13 @@ func decryptConfig(config *ConfigType, cryptoKey string) error {
 
 	config.DB.DSN = decryptDsn
 
+	decryptRedisPwd, err := secu.DealWithDecrypt(config.Redis.Password, cryptoKey)
+	if err != nil {
+		return fmt.Errorf("failed to decrypt the redis password: %s", err)
+	}
+
+	config.Redis.Password = decryptRedisPwd
+
 	for k := range config.HTTP.APIForService.BasicAuth {
 		decryptPwd, err := secu.DealWithDecrypt(config.HTTP.APIForService.BasicAuth[k], cryptoKey)
 		if err != nil {

go.mod

@@ -27,7 +27,7 @@ require (
 	github.com/jinzhu/copier v0.4.0
 	github.com/json-iterator/go v1.1.12
 	github.com/koding/multiconfig v0.0.0-20171124222453-69c27309b2d7
-	github.com/lib/pq v1.0.0
+	github.com/lib/pq v1.10.9
 	github.com/mailru/easyjson v0.7.7
 	github.com/mattn/go-isatty v0.0.19
 	github.com/mitchellh/mapstructure v1.5.0

go.sum

@@ -220,8 +220,8 @@ github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+
 github.com/leodido/go-urn v1.2.1/go.mod h1:zt4jvISO2HfUBqxjfIshjdMTYS56ZS/qv49ictyFfxY=
 github.com/leodido/go-urn v1.2.4 h1:XlAE/cm/ms7TE/VMVoduSpNBoyc2dOxHs5MZSwAN63Q=
 github.com/leodido/go-urn v1.2.4/go.mod h1:7ZrI8mTSeBSHl/UaRyKQW1qZeMgak41ANeCNaVckg+4=
-github.com/lib/pq v1.0.0 h1:X5PMW56eZitiTeO7tKzZxFCSpbFZJtkMMooicw2us9A=
-github.com/lib/pq v1.0.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
+github.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw=
+github.com/lib/pq v1.10.9/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
 github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0=
 github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
 github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94=

models/event_processor.go

@@ -8,8 +8,12 @@ import (
 )
 
 type Processor interface {
-	Init(settings interface{}) (Processor, error)                  // 初始化配置
-	Process(ctx *ctx.Context, event *AlertCurEvent) *AlertCurEvent // 处理告警事件
+	Init(settings interface{}) (Processor, error) // 初始化配置
+	Process(ctx *ctx.Context, event *AlertCurEvent) (*AlertCurEvent, string, error)
+	// 处理器有三种情况：
+	// 1. 处理成功，返回处理后的事件
+	// 2. 处理成功，不需要返回处理后端事件，只返回处理结果，将处理结果放到 string 中，比如 eventdrop callback 处理器
+	// 3. 处理失败，返回错误，将错误放到 error 中
 }
 
 type NewProcessorFn func(settings interface{}) (Processor, error)

pkg/ginx/auth.go

@@ -0,0 +1,102 @@
+// Copyright 2014 Manu Martinez-Almeida. All rights reserved.
+// Use of this source code is governed by a MIT style
+// license that can be found in the LICENSE file.
+
+package ginx
+
+import (
+	"crypto/subtle"
+	"encoding/base64"
+	"net/http"
+	"strconv"
+
+	"github.com/gin-gonic/gin"
+)
+
+// AuthUserKey is the cookie name for user credential in basic auth.
+const AuthUserKey = "user"
+
+// Accounts defines a key/value for user/pass list of authorized logins.
+type Accounts []Account
+
+type Account struct {
+	User     string
+	Password string
+}
+
+type authPair struct {
+	value string
+	user  string
+}
+
+type authPairs []authPair
+
+func (a authPairs) searchCredential(authValue string) (string, bool) {
+	if authValue == "" {
+		return "", false
+	}
+	for _, pair := range a {
+		if subtle.ConstantTimeCompare(StringToBytes(pair.value), StringToBytes(authValue)) == 1 {
+			return pair.user, true
+		}
+	}
+	return "", false
+}
+
+// BasicAuthForRealm returns a Basic HTTP Authorization middleware. It takes as arguments a map[string]string where
+// the key is the user name and the value is the password, as well as the name of the Realm.
+// If the realm is empty, "Authorization Required" will be used by default.
+// (see http://tools.ietf.org/html/rfc2617#section-1.2)
+func BasicAuthForRealm(accounts Accounts, realm string) gin.HandlerFunc {
+	if realm == "" {
+		realm = "Authorization Required"
+	}
+	realm = "Basic realm=" + strconv.Quote(realm)
+	pairs := processAccounts(accounts)
+	return func(c *gin.Context) {
+		// Search user in the slice of allowed credentials
+		user, found := pairs.searchCredential(c.Request.Header.Get("Authorization"))
+		if !found {
+			// Credentials doesn't match, we return 401 and abort handlers chain.
+			c.Header("WWW-Authenticate", realm)
+			c.AbortWithStatus(http.StatusUnauthorized)
+			return
+		}
+
+		// The user credentials was found, set user's id to key AuthUserKey in this context, the user's id can be read later using
+		// c.MustGet(gin.AuthUserKey).
+		c.Set(AuthUserKey, user)
+	}
+}
+
+// BasicAuth returns a Basic HTTP Authorization middleware. It takes as argument a map[string]string where
+// the key is the user name and the value is the password.
+func BasicAuth(accounts Accounts) gin.HandlerFunc {
+	return BasicAuthForRealm(accounts, "")
+}
+
+func processAccounts(accounts Accounts) authPairs {
+	length := len(accounts)
+	assert1(length > 0, "Empty list of authorized credentials")
+	pairs := make(authPairs, 0, length)
+	for _, account := range accounts {
+		assert1(account.User != "", "User can not be empty")
+		value := authorizationHeader(account.User, account.Password)
+		pairs = append(pairs, authPair{
+			value: value,
+			user:  account.User,
+		})
+	}
+	return pairs
+}
+
+func authorizationHeader(user, password string) string {
+	base := user + ":" + password
+	return "Basic " + base64.StdEncoding.EncodeToString(StringToBytes(base))
+}
+
+func assert1(guard bool, text string) {
+	if !guard {
+		panic(text)
+	}
+}

pkg/ginx/bytesconv.go

@@ -0,0 +1,23 @@
+// Copyright 2023 Gin Core Team. All rights reserved.
+// Use of this source code is governed by a MIT style
+// license that can be found in the LICENSE file.
+
+//go:build go1.20
+
+package ginx
+
+import (
+	"unsafe"
+)
+
+// StringToBytes converts string to byte slice without a memory allocation.
+// For more details, see https://github.com/golang/go/issues/53003#issuecomment-1140276077.
+func StringToBytes(s string) []byte {
+	return unsafe.Slice(unsafe.StringData(s), len(s))
+}
+
+// BytesToString converts byte slice to string without a memory allocation.
+// For more details, see https://github.com/golang/go/issues/53003#issuecomment-1140276077.
+func BytesToString(b []byte) string {
+	return unsafe.String(unsafe.SliceData(b), len(b))
+}

pushgw/router/router.go

@@ -6,11 +6,13 @@ import (
 
 	"github.com/gin-gonic/gin"
 	"github.com/prometheus/prometheus/prompb"
+	"github.com/toolkits/pkg/logger"
 
 	"github.com/ccfos/nightingale/v6/alert/aconf"
 	"github.com/ccfos/nightingale/v6/center/metas"
 	"github.com/ccfos/nightingale/v6/memsto"
 	"github.com/ccfos/nightingale/v6/pkg/ctx"
+	"github.com/ccfos/nightingale/v6/pkg/ginx"
 	"github.com/ccfos/nightingale/v6/pkg/httpx"
 	"github.com/ccfos/nightingale/v6/pushgw/idents"
 	"github.com/ccfos/nightingale/v6/pushgw/pconf"
@@ -86,15 +88,22 @@ func (rt *Router) Config(r *gin.Engine) {
 
 	if len(rt.HTTP.APIForAgent.BasicAuth) > 0 {
 		// enable basic auth
-		accounts := make(gin.Accounts)
+		accounts := make(ginx.Accounts, 0)
 		for username, password := range rt.HTTP.APIForAgent.BasicAuth {
-			accounts[username] = password
-		}
-		for username, password := range rt.HTTP.APIForService.BasicAuth {
-			accounts[username] = password
+			accounts = append(accounts, ginx.Account{
+				User:     username,
+				Password: password,
+			})
 		}
 
-		auth := gin.BasicAuth(accounts)
+		for username, password := range rt.HTTP.APIForService.BasicAuth {
+			accounts = append(accounts, ginx.Account{
+				User:     username,
+				Password: password,
+			})
+		}
+
+		auth := ginx.BasicAuth(accounts)
 		r.POST("/opentsdb/put", auth, rt.openTSDBPut)
 		r.POST("/openfalcon/push", auth, rt.falconPush)
 		r.POST("/prometheus/v1/write", auth, rt.remoteWrite)