fix(apigateway): add scopedpolicybindings api (#21989)

pkg/apigateway/handler/auth.go

@@ -16,6 +16,7 @@ package handler
 
 import (
 	"context"
+	"crypto/md5"
 	"encoding/base64"
 	"fmt"
 	"net/http"
@@ -43,6 +44,8 @@ import (
 	compute_modules "yunion.io/x/onecloud/pkg/mcclient/modules/compute"
 	modules "yunion.io/x/onecloud/pkg/mcclient/modules/identity"
 	"yunion.io/x/onecloud/pkg/mcclient/modules/notify"
+	"yunion.io/x/onecloud/pkg/mcclient/modules/yunionconf"
+	"yunion.io/x/onecloud/pkg/util/hashcache"
 	"yunion.io/x/onecloud/pkg/util/logclient"
 	"yunion.io/x/onecloud/pkg/util/netutils2"
 	"yunion.io/x/onecloud/pkg/util/seclib2"
@@ -74,6 +77,7 @@ func (h *AuthHandlers) AddMethods() {
 		NewHP(h.handleSsoLogin, "ssologin"),
 		NewHP(h.handleIdpInitSsoLogin, "ssologin", "<idp_id>"),
 		NewHP(h.postLogoutHandler, "logout"),
+		NewHP(h.getScopedPolicyBindings, "scopedpolicybindings"),
 		// oidc auth
 		NewHP(handleOIDCAuth, "oidc", "auth"),
 		NewHP(handleOIDCConfiguration, "oidc", ".well-known", "openid-configuration"),
@@ -212,6 +216,28 @@ func (h *AuthHandlers) getRegions(ctx context.Context, w http.ResponseWriter, re
 	appsrv.SendJSON(w, jsonutils.Marshal(resp))
 }
 
+var (
+	bindingCache = hashcache.NewCache(1024, time.Minute)
+)
+
+func (h *AuthHandlers) getScopedPolicyBindings(ctx context.Context, w http.ResponseWriter, req *http.Request) {
+	_, params, _ := appsrv.FetchEnv(ctx, w, req)
+	hash := fmt.Sprintf("%x", md5.Sum([]byte(params.String())))
+	cache := bindingCache.Get(hash)
+	if cache != nil {
+		appsrv.SendJSON(w, jsonutils.Marshal(cache))
+		return
+	}
+	s := auth.GetAdminSession(ctx, options.Options.Region)
+	resp, err := yunionconf.ScopedPolicyBindings.List(s, params)
+	if err != nil {
+		httperrors.GeneralServerError(ctx, w, err)
+		return
+	}
+	bindingCache.AtomicSet(hash, resp)
+	appsrv.SendJSON(w, jsonutils.Marshal(resp))
+}
+
 func (h *AuthHandlers) getUser(ctx context.Context, w http.ResponseWriter, req *http.Request) {
 	data, err := getUserInfo(ctx, req)
 	if err != nil {