42 Star 162 Fork 138

HuaweiCloudDeveloper / saas-housekeeper

加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
克隆/下载
贡献代码
同步代码
取消
提示: 由于 Git 不支持空文件夾,创建文件夹后会生成空的 .keep 文件
Loading...
README
Apache-2.0

[TOC]

项目介绍

本项目是华为云开发者团队基于SaaS项目技术支持实践,采用微服务架构,结合华为云服务能力开发的SaaS化开源项目,旨在为企业级开发者提供云原生SaaS应用构建的技术参考,包括微服务架构、多租隔离设计、多租户路由、数据存储多租设计等。更多SaaS相关技术细节可参考:SaaS应用开发

本项目提供服务型SaaS服务,提供家政服务的接入,家政公司或个人家政服务者可通过此SaaS平台发布自己的服务为用户提供家政服务,此SaaS系统在用户入口上是彼此独立的,用户场景类比小程序独立商户。项目主要演示租户的申请,租户的建立,租户的定制,SaaS管理者的运营操作。项目最终目的是打造SaaS系统脚手架,提供具体业务之外的SaaS基础架构,包括运营、运维,CICD的能力,为SaaS开发者提供可复用的素材。

saas-housekeeper.PNG saas-housekeeper.PNG

架构图

活动图

saas-housekeeper.PNG

技术架构图

saas-housekeeper.PNG

逻辑组件

housekeeper逻辑视图

项目演示

  • 访问地址
名称 地址 账号
租户注册 http://saas-housekeeper.cloudbu.cloud-onlinelab.cn/tenant/#/register 无需账号
超级管理中心 http://saas-housekeeper.cloudbu.cloud-onlinelab.cn/super-admin/#/login 账号: Admin 密码: AF5<dBNy
租户管理中心 http://sample1.saas-housekeeper.cloudbu.cloud-onlinelab.cn/tenant/#/login 账号: tenant 密码: lhKk101@mm.
用户管理中心 http://sample1.saas-housekeeper.cloudbu.cloud-onlinelab.cn/customer/#/login 注册获得
雇员管理中心 http://sample1.saas-housekeeper.cloudbu.cloud-onlinelab.cn/worker/#/login 注册获得

NOTE: 五级域名*“sample1”*为租户定义,可替换为租户自己申请的域名,注册域名时请注意五级域名不包含“.” 。不能注册为“sample1.com”

  • 体验流程

步骤一:潜在租户(企业)通过访问租户管理中心-租户注册(http://saas-housekeeper.cloudbu.cloud-onlinelab.cn/tenant/#/register),进行租户注册操作

步骤二:SaaS管理员账号可通过访问租户管理中心(http://saas-housekeeper.cloudbu.cloud-onlinelab.cn/super-admin/#/login) 对提交的租户注册请求进行审批

ps:租户域名为租户注册时填写的栏目,为后续租户、用户、雇员中心网站分配动态url

步骤三:注册审批通过的租户可通过访问发布中心 http://(你注册的租户域名).saas-housekeeper.cloudbu.cloud-onlinelab.cn/tenant/#/login 定制企业服务

步骤四:雇员角色通过任务中心注册称为企业员工 http://(你注册的租户域名).saas-housekeeper.cloudbu.cloud-onlinelab.cn/worker/#/login 接取最终用户的订单

步骤五:用户角色注册访问用户前端 http://(你注册的租户域名).saas-housekeeper.cloudbu.cloud-onlinelab.cn/customer/#/login 对租户提供的定制服务进行购买下单

步骤六:雇员可以通过访问雇员管理中心 http://(你注册的租户域名).saas-housekeeper.cloudbu.cloud-onlinelab.cn/worker/#/login 接取最终用户的订单

  • 租户注册,管理员审批 saas-housekeeper.PNG

  • 租户新建服务 saas-housekeeper.PNG

  • 用户下单 saas-housekeeper.PNG

  • 雇员接单 saas-housekeeper.PNG

组织结构

saas-housekeeper
├── saas-housekeeper-common -- 公共类
├── saas-housekeeper-config-server -- 配置中心
├── saas-housekeeper-eureka -- 注册中心
├── saas-housekeeper-gateway -- 网关中心
├── saas-housekeeper-message-service -- 消息中心
├── saas-housekeeper-order-service -- 订单中心
├── saas-housekeeper-publish-service -- 服务发布中心
├── saas-housekeeper-web-customer -- 用户管理中心
├── saas-housekeeper-web-super-admin -- 超级管理员管理中心
├── saas-housekeeper-web-tenant -- 租户管理中心
├── saas-housekeeper-web-worker -- 任务管理中心
└── saas-housekeeper-config -- 配置文件

技术选型

技术 说明 官网
Spring-Cloud 微服务框架 https://spring.io/projects/spring-cloud
SpringBoot 容器+MVC框架 https://spring.io/projects/spring-boot
Eureka 注册中心 https://github.com/xmartlabs/Eureka
SpringSecurity 认证和授权框架 https://spring.io/projects/spring-security
MyBatis-plus ORM框架 https://baomidou.com/
K8S 华为云应用容器引擎CCE https://support.huaweicloud.com/cce/index.html
Mysql 云数据库RDS https://support.huaweicloud.com/rds/index.html
Redis 分布式缓存DCS服务 https://support.huaweicloud.com/intl/zh-cn/dcs/index.html
RabbitMQ 分布式消息队列 DMS https://support.huaweicloud.com/intl/zh-cn/rabbitmq/index.html
flyway 数据迁移工具 https://flywaydb.org/
saas-tenant-router-starter 多租户路由中间件 https://gitee.com/HuaweiCloudDeveloper/saas-tenant-router-starter.git
JWT JWT登录支持 https://github.com/jwtk/jjwt
Lombok 简化对象封装工具 https://github.com/rzwitserloot/lombok
Swagger-UI 文档生成工具 https://github.com/swagger-api/swagger-ui

项目启动

运行此项目你需要安装Docker,如何将Docker安装在 WindowsMac(请安装4.6.1版本)。

1 windows环境执行start.bat文件,Linux,Mac环境执行start.sh文件,将host地址 127.0.0.1 映射为 sample.housekeeper.local.huawei.com. 实现租户路由。

2 项目根目录执行下列命令打包后端模块

mvn clean install -DskipTests

3 然后用docker compose 运行整个项目

docker compose up

ps: 本项目是通过访问域名的前缀来实现租户路由的。在本地运行只能模拟域名,将127.0.0.1映射为sample.housekeeper.local.huawei.com(租户标识为前缀). 其中租户标识为sample。

名称 地址 账号
超级管理中心 http://sample.housekeeper.local.huawei.com/#/super-admin/login 账号: Admin 密码: AF5<dBNy
租户管理中心 http://sample.housekeeper.local.huawei.com/#/tenant/login 账号: tenant 密码: lhKk101@mm.
用户管理中心 http://sample.housekeeper.local.huawei.com/#/customer/login 账号: customer 密码: 123456
雇员管理中心 http://sample.housekeeper.local.huawei.com/#/worker/login 账号: worker 密码: 123456

项目设计说明

Schema数据隔离设计

我们在SaaS应用开发指南里提到数据隔离的三种方案,在本项目中我们采用了Schema数据隔离方案,我们选择这个方案的原因无关业务,主要是为了展示Schema数据隔离的技术手段。关于这几种数据隔离方案的特性和应用场景可以参考SaaS应用开发指南

Schema数据隔离的实现依赖了我们的开源插件,我们只需要在网关处把租户标识放到请求头“tenentDomain”中(此过程可称为流量染色),通过路由插件的schema切换功能,租户的访问就可以路由到数据库相应的schema。

具体参考租户路由插件

Figure Name:unnaming.png CAD Name:zh-cn_image_0000001443530661.png

租户申请

本项目可分为两个子系统,一个是SaaS管理系统,一个是housekeeper应用系统,租户申请是通过SaaS管理系统来完成的,

  • 租户通过邮件申请流程

housekeeper邮箱验证顺序图

  1. 潜在租户打开租户申请界面输入邮箱名
  2. 后台收到邮箱名后生成验证码并以验证码为key存放邮箱名到缓存
  3. 拼接验证码和邮箱名到一个租户注册的前端连接,发送该连接到潜在租户邮箱
  4. 潜在租户点击连接携带验证码和邮箱名到该前端,输入注册信息后提交到后台。
  5. 后台根据验证码找到缓存中的邮箱名与刚提交的邮箱名作对比,验证一直则把潜在租户信息保存到后台待审核。

此设计的目的是通过邮件坐标对潜在租户的访问进行审计以及信息的初步验证

Schema数据隔离设计的租户创建

数据空间

租户路由表

  • 数据空间的创建需要新建schema以及同步数据表。

    本项目的数据空间创建借助了flyway插件做管理。flyway保存了创建数据空间的sql语句,执行后会在新的schema下建表,插入预置数据。参考:flyway官网

  • 租户路由表需要记录租户标识、租户domain、数据库名和schema名等信息,

    在本项目的Spring Cloud 版本中我们使用了Spring Cloud Config作为配置管理,使用jdbc方式动态配置表,使用消息Bus作数据同步,实现租户路由表动态更新。

    新建租户活动图

SaaS用户系统与权限设计

  • 用户系统

SaaS管理系统和业务系统的使用对象并不重叠,很多企业级的SaaS管理系统一般是在内网使用,所以两个系统并不使用同一套用户系统,SaaS管理系统使用者通常只会有一两个人,所以直接放在配置里。

本项目业务系统的用户系统与其他业务子系统一样,使用了Schema数据隔离,每个租户下的员工与用户都是独立的,并不能使用一个账号登录其他租户的系统。

用户系统是否独立与业务性质相关,如果系统只是企业级应用,使用独立的用户系统比较方便。如果系统涉及C端市场,用户资源可以设为租户通用,促进最终用户在租户间的共享,免去用户重复注册登录的麻烦。

zh-cn_image_0000001393011770

  • 角色

此套系统中,业务系统包括3个角色,商家(租户)、雇员(租户内部员工)、消费者(最终用户)。

本系统RBAC设计非常简单,每个用户只属于一个角色,接口以角色的维度对访问进行控制。

本项目中,租户角色的授予是SaaS管理员审批的,随着租户创建生成。用户和员工的角色在此系统中没有人工审批流程,只是在员工注册中加了身份证检测,真实应用中员工的注册一般需要通过系统审核和人工审核,然后才能把员工角色赋予该账号。

  • 权限

页面权限:本业务系统中有三个前端应用,角色对应该前端的登录权限,租户可以登陆租户前端、雇员前端和用户前端,雇员可以登陆雇员前端和用户前端,用户只能登录用户前端。

操作权限:在每个后台接口中都会对不同角色的操作权限做判断,例如参观者角色只可以浏览界面,而不能做业务操作

数据权限:每个租户下的用户只能看到本租户应用下的数据。

租户可配置设计

在家政项目中,A租户想做清洁服务,B租户想做月子服务,服务的内容和规格和收费计量都不一样,怎么把这些内容让租户自己定义呢?这些表的设计就是把服务的定义,规格的定义,选项的定义,各种组合的价格都变成客户可自配置的内容。

关注SaaS的观众大概了解过元数据驱动多租架构,本质上就是让用户去创建虚拟的数据表来定制自己的业务,例如业务表的字段属性、关联关系、索引都是客户可配置的,目前这种设计更多用在PaaS项目中,SaaS项目可以依赖这种基础能力去开拓自己的产品,但SaaS产品完全按照元数据驱动的设计去开发比较复杂也非必要,在具体的SaaS产品设计上可以根据业务的维度来定义业务元数据。本项目把家政业务的元数据定义交给租户。

zh-cn_image_0000001443690641

SaaS系统可观测设计

本项目在上线的时候采用了华为云的AOM与APM作为线上运维部署,在AOM配置了探针后,我们在日志的配置中把“apm-traceid”配置上就可以打印出链路追踪的信息,使链路追踪与日志关联,达到立体化运维的效果。

我们的路由插件会把租户的标识放到日志的tanantId中,可以通过日志查询到请求对应的租户。

本项目日志收集的标准格式,可打印出traceId 和 tanentId ,对租户的使用进行分析:

`

%d{yyyy-MM-dd HH:mm:ss.SSS} [%thread] %-5level traceId:[%X{apm-traceid}tenantId:[%X{tenantId}]userId[%X{userId}] %logger{50} : %msg%n

`

相关参考

Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 1. Definitions. "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License. "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files. "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types. "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof. "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution." "Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work. 2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form. 3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed. 4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions: (a) You must give any other recipients of the Work or Derivative Works a copy of this License; and (b) You must cause any modified files to carry prominent notices stating that You changed the files; and (c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and (d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License. You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License. 5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions. 6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file. 7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License. 8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages. 9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. END OF TERMS AND CONDITIONS APPENDIX: How to apply the Apache License to your work. To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "[]" replaced with your own identifying information. (Don't include the brackets!) The text should be enclosed in the appropriate comment syntax for the file format. We also recommend that a file or class name and description of purpose be included on the same "printed page" as the copyright notice for easier identification within third-party archives. Copyright [yyyy] [name of copyright owner] Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

简介

SaaS+微服务:本项目是华为云开发者团队基于SaaS项目技术支持实践,采用微服务架构(SpringCloud),结合华为云服务能力开发的SaaS化开源项目,旨在为企业级开发者提供云原生SaaS应用构建的技术参考,包括微服务架构、多租隔离设计、多租户路由、数据存储多租设计等。更多SaaS相关技术细节可参考:华为云开发者文档中心SaaS应用开发指导。 展开 收起
Apache-2.0
取消

贡献者

全部

近期动态

加载更多
不能加载更多了
Java
1
https://gitee.com/HuaweiCloudDeveloper/saas-housekeeper.git
git@gitee.com:HuaweiCloudDeveloper/saas-housekeeper.git
HuaweiCloudDeveloper
saas-housekeeper
saas-housekeeper
master-dev

搜索帮助

14c37bed 8189591 565d56ea 8189591