feat: Support managing proxy servers (higress-group#572)

Author: CH3CHO

backend/console/src/main/java/com/alibaba/higress/console/config/SdkConfig.java

@@ -26,6 +26,7 @@
 import com.alibaba.higress.sdk.model.wasmplugin.WasmPluginServiceConfig;
 import com.alibaba.higress.sdk.service.DomainService;
 import com.alibaba.higress.sdk.service.HigressServiceProvider;
+import com.alibaba.higress.sdk.service.ProxyServerService;
 import com.alibaba.higress.sdk.service.RouteService;
 import com.alibaba.higress.sdk.service.ServiceService;
 import com.alibaba.higress.sdk.service.ServiceSourceService;
@@ -121,6 +122,11 @@ public ServiceSourceService serviceSourceService() {
         return serviceProvider.serviceSourceService();
     }
 
+    @Bean
+    public ProxyServerService proxyServerService() {
+        return serviceProvider.proxyServerService();
+    }
+
     @Bean
     public TlsCertificateService tlsCertificateService() {
         return serviceProvider.tlsCertificateService();
@@ -160,5 +166,4 @@ public McpServerService mcpServerService() {
     public McpServerHelper mcpServerHelper() {
         return new McpServerHelper();
     }
-
 }

backend/console/src/main/java/com/alibaba/higress/console/controller/ProxyServerController.java

@@ -0,0 +1,119 @@
+/*
+ * Copyright (c) 2022-2025 Alibaba Group Holding Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
+ * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations under the License.
+ */
+package com.alibaba.higress.console.controller;
+
+import javax.annotation.Resource;
+import javax.validation.constraints.NotBlank;
+
+import org.springdoc.api.annotations.ParameterObject;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.DeleteMapping;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.PutMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+import com.alibaba.higress.console.controller.dto.PaginatedResponse;
+import com.alibaba.higress.console.controller.dto.Response;
+import com.alibaba.higress.console.controller.util.ControllerUtil;
+import com.alibaba.higress.sdk.constant.HigressConstants;
+import com.alibaba.higress.sdk.exception.ValidationException;
+import com.alibaba.higress.sdk.model.CommonPageQuery;
+import com.alibaba.higress.sdk.model.PaginatedResult;
+import com.alibaba.higress.sdk.model.ProxyServer;
+import com.alibaba.higress.sdk.service.ProxyServerService;
+
+import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.responses.ApiResponse;
+import io.swagger.v3.oas.annotations.responses.ApiResponses;
+import io.swagger.v3.oas.annotations.tags.Tag;
+
+@RestController("ProxyServerController")
+@RequestMapping("/v1/proxy-servers")
+@Tag(name = "Proxy Server APIs")
+public class ProxyServerController {
+
+    @Resource
+    private ProxyServerService proxyServerService;
+
+    @GetMapping
+    @Operation(summary = "List proxy servers")
+    @ApiResponses(value = {@ApiResponse(responseCode = "200", description = "Proxy servers listed successfully"),
+        @ApiResponse(responseCode = "500", description = "Internal server error")})
+    public ResponseEntity<PaginatedResponse<ProxyServer>> list(@ParameterObject CommonPageQuery query) {
+        PaginatedResult<ProxyServer> result = proxyServerService.list(query);
+        return ControllerUtil.buildResponseEntity(result);
+    }
+
+    @PostMapping
+    @Operation(summary = "Add a new proxy server")
+    @ApiResponses(value = {@ApiResponse(responseCode = "200", description = "Proxy server added successfully"),
+        @ApiResponse(responseCode = "400", description = "Proxy server data is not valid"),
+        @ApiResponse(responseCode = "409", description = "Proxy server already existed with the same name."),
+        @ApiResponse(responseCode = "500", description = "Internal server error")})
+    public ResponseEntity<Response<ProxyServer>> add(@RequestBody ProxyServer proxyServer) {
+        if (!proxyServer.isValid()) {
+            throw new ValidationException("proxyServer body is not valid.");
+        }
+        if (proxyServer.getName().endsWith(HigressConstants.INTERNAL_RESOURCE_NAME_SUFFIX)) {
+            throw new ValidationException("Adding an internal proxy server is not allowed.");
+        }
+        ProxyServer finalProxyServer = proxyServerService.add(proxyServer);
+        return ControllerUtil.buildResponseEntity(finalProxyServer);
+    }
+
+    @PutMapping("/{name}")
+    @Operation(summary = "Update an existed proxy server")
+    @ApiResponses(value = {@ApiResponse(responseCode = "200", description = "Proxy server updated successfully"),
+        @ApiResponse(responseCode = "400", description = "Proxy server data is not valid"),
+        @ApiResponse(responseCode = "409", description = "Proxy server trying to add already existed"),
+        @ApiResponse(responseCode = "500", description = "Internal server error")})
+    public ResponseEntity<Response<ProxyServer>> addOrUpdate(@PathVariable("name") @NotBlank String name,
+        @RequestBody ProxyServer proxyServer) {
+        proxyServer.setName(name);
+        if (!proxyServer.isValid()) {
+            throw new ValidationException("proxyServer body is not valid.");
+        }
+        if (proxyServer.getName().endsWith(HigressConstants.INTERNAL_RESOURCE_NAME_SUFFIX)) {
+            throw new ValidationException("Updating an internal proxy server is not allowed.");
+        }
+        ProxyServer finalProxyServer = proxyServerService.addOrUpdate(proxyServer);
+        return ControllerUtil.buildResponseEntity(finalProxyServer);
+    }
+
+    @DeleteMapping("/{name}")
+    @Operation(summary = "Delete a proxy server")
+    @ApiResponses(value = {@ApiResponse(responseCode = "204", description = "Proxy server deleted successfully"),
+        @ApiResponse(responseCode = "400", description = "Deleting an internal proxy server is not allowed."),
+        @ApiResponse(responseCode = "500", description = "Internal server error")})
+    public ResponseEntity<Response<ProxyServer>> delete(@PathVariable("name") @NotBlank String name) {
+        if (name.endsWith(HigressConstants.INTERNAL_RESOURCE_NAME_SUFFIX)) {
+            throw new ValidationException("Deleting an internal proxy server is not allowed.");
+        }
+        proxyServerService.delete(name);
+        return ResponseEntity.noContent().build();
+    }
+
+    @GetMapping("/{name}")
+    @Operation(summary = "Get proxy server by name")
+    @ApiResponses(value = {@ApiResponse(responseCode = "200", description = "Proxy server found"),
+        @ApiResponse(responseCode = "404", description = "Proxy server not found"),
+        @ApiResponse(responseCode = "500", description = "Internal server error")})
+    public ResponseEntity<Response<ProxyServer>> query(@PathVariable("name") @NotBlank String name) {
+        ProxyServer server = proxyServerService.query(name);
+        return ControllerUtil.buildResponseEntity(server);
+    }
+}

backend/sdk/src/main/java/com/alibaba/higress/sdk/model/ProxyServer.java

@@ -0,0 +1,76 @@
+/*
+ * Copyright (c) 2022-2025 Alibaba Group Holding Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
+ * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations under the License.
+ */
+package com.alibaba.higress.sdk.model;
+
+import java.beans.Transient;
+import java.util.regex.Pattern;
+
+import org.apache.commons.lang3.StringUtils;
+
+import com.alibaba.higress.sdk.service.kubernetes.crd.mcp.V1McpBridge;
+import com.alibaba.higress.sdk.util.ValidateUtil;
+
+import io.swagger.v3.oas.annotations.media.Schema;
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+@Data
+@Builder
+@NoArgsConstructor
+@AllArgsConstructor
+@Schema(description = "Proxy Server")
+public class ProxyServer {
+
+    private static final Pattern NAME_PATTERN = Pattern.compile("^[a-z][a-z0-9-_.]{0,62}$");
+
+    @Schema(description = "Proxy server type", allowableValues = {V1McpBridge.PROXY_TYPE_HTTP})
+    private String type;
+
+    @Schema(description = "Proxy server name")
+    private String name;
+
+    @Schema(description = "Proxy server version. Required when updating.")
+    private String version;
+
+    @Schema(description = "Proxy server address, can be IP or domain name")
+    private String serverAddress;
+
+    @Schema(description = "Proxy server port")
+    private Integer serverPort;
+
+    @Schema(description = "Proxy server connect timeout in milliseconds, default is 1200")
+    private Integer connectTimeout;
+
+    @Transient
+    public boolean isValid() {
+        if (StringUtils.isBlank(name) || !NAME_PATTERN.matcher(name).matches()) {
+            return false;
+        }
+        if (StringUtils.isBlank(type)) {
+            return false;
+        }
+        if (StringUtils.isBlank(serverAddress)
+            || !ValidateUtil.checkIpAddress(serverAddress) && !ValidateUtil.checkDomain(serverAddress)) {
+            return false;
+        }
+        if (!ValidateUtil.checkPort(serverPort)) {
+            return false;
+        }
+        if (connectTimeout != null && connectTimeout < 0) {
+            return false;
+        }
+        return true;
+    }
+}

backend/sdk/src/main/java/com/alibaba/higress/sdk/model/ServiceSource.java

@@ -12,9 +12,11 @@
  */
 package com.alibaba.higress.sdk.model;
 
+import java.beans.Transient;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
+import java.util.Set;
 
 import org.apache.commons.collections4.CollectionUtils;
 import org.apache.commons.collections4.MapUtils;
@@ -24,6 +26,7 @@
 import com.alibaba.higress.sdk.service.kubernetes.crd.mcp.V1McpBridge;
 import com.alibaba.higress.sdk.util.ValidateUtil;
 import com.google.common.base.Splitter;
+import com.google.common.collect.ImmutableSet;
 
 import io.swagger.v3.oas.annotations.media.Schema;
 import lombok.AllArgsConstructor;
@@ -40,6 +43,9 @@ public class ServiceSource implements VersionedDto {
 
     private static final Map<String, ServiceSourceValidator> VALIDATORS = new HashMap<>();
 
+    private static final Set<String> PROXY_SUPPORTED_REGISTRY_TYPES =
+        ImmutableSet.of(V1McpBridge.REGISTRY_TYPE_STATIC, V1McpBridge.REGISTRY_TYPE_DNS);
+
     static {
         VALIDATORS.put(V1McpBridge.REGISTRY_TYPE_NACOS, new NacosServiceSourceValidator());
         VALIDATORS.put(V1McpBridge.REGISTRY_TYPE_NACOS2, new NacosServiceSourceValidator());
@@ -78,6 +84,9 @@ public class ServiceSource implements VersionedDto {
     @Schema(description = "Service source SNI. Used in static and dns types when TLS is enabled.")
     private String sni;
 
+    @Schema(description = "Proxy server name. Only supported in static and dns types.")
+    private String proxyName;
+
     @Schema(description = "Service source extra properties, depending on the type.\n"
         + "For nacos/nacos2/nacos3: nacosGroups, nacosNamespaceId\n"
         + "For MCP supported types (e.g. nacos3): enableMCPServer, mcpServerBaseUrl, mcpServerExportDomains\n"
@@ -87,6 +96,7 @@ public class ServiceSource implements VersionedDto {
     @Schema(description = "Service source authentication config")
     private ServiceSourceAuthN authN;
 
+    @Transient
     public boolean isValid() {
         if (StringUtils.isAnyBlank(this.name, this.type, this.getDomain())) {
             return false;
@@ -109,6 +119,10 @@ public boolean isValid() {
             return false;
         }
 
+        if (StringUtils.isNotEmpty(proxyName) && !PROXY_SUPPORTED_REGISTRY_TYPES.contains(this.getType())) {
+            return false;
+        }
+
         return true;
     }
 
@@ -138,12 +152,12 @@ private boolean validateMcpConfigs() {
             if (!(rawExportDomains instanceof List)) {
                 return false;
             }
-            List<?> exportDomains = (List<?>) rawExportDomains;
+            List<?> exportDomains = (List<?>)rawExportDomains;
             for (Object rawExportDomain : exportDomains) {
                 if (!(rawExportDomain instanceof String)) {
                     return false;
                 }
-                String exportDomain = (String) rawExportDomain;
+                String exportDomain = (String)rawExportDomain;
                 if (!ValidateUtil.checkDomain(exportDomain)) {
                     return false;
                 }
@@ -154,7 +168,7 @@ private boolean validateMcpConfigs() {
         if (!(rawServerBaseUrl instanceof String)) {
             return false;
         }
-        String serverBaseUrl= (String) rawServerBaseUrl;
+        String serverBaseUrl = (String)rawServerBaseUrl;
         if (!ValidateUtil.checkUrlPath(serverBaseUrl)) {
             return false;
         }

backend/sdk/src/main/java/com/alibaba/higress/sdk/model/ai/LlmProvider.java

@@ -36,6 +36,8 @@ public class LlmProvider {
     private String type;
     @Schema(description = "Provider protocol", ref = "LlmProviderProtocol")
     private String protocol;
+    @Schema(description = "Proxy server name")
+    private String proxyName;
     @Schema(description = "Tokens used to request the provider")
     private List<String> tokens;
     @Schema(description = "Token fail-over configuration")

backend/sdk/src/main/java/com/alibaba/higress/sdk/service/HigressServiceProvider.java

@@ -43,6 +43,8 @@ static HigressServiceProvider create(HigressServiceConfig config) throws IOExcep
 
     ServiceSourceService serviceSourceService();
 
+    ProxyServerService proxyServerService();
+
     TlsCertificateService tlsCertificateService();
 
     WasmPluginService wasmPluginService();
@@ -56,5 +58,4 @@ static HigressServiceProvider create(HigressServiceConfig config) throws IOExcep
     LlmProviderService llmProviderService();
 
     McpServerService mcpServerService();
-
 }

backend/sdk/src/main/java/com/alibaba/higress/sdk/service/HigressServiceProviderImpl.java

@@ -39,6 +39,7 @@ class HigressServiceProviderImpl implements HigressServiceProvider {
     private final RouteService routeService;
     private final ServiceService serviceService;
     private final ServiceSourceService serviceSourceService;
+    private final ProxyServerService proxyServerService;
     private final TlsCertificateService tlsCertificateService;
     private final WasmPluginService wasmPluginService;
     private final WasmPluginInstanceService wasmPluginInstanceService;
@@ -56,6 +57,7 @@ class HigressServiceProviderImpl implements HigressServiceProvider {
             serviceService = new ServiceServiceByApiServerImpl(kubernetesClientService, kubernetesModelConverter);
         }
         serviceSourceService = new ServiceSourceServiceImpl(kubernetesClientService, kubernetesModelConverter);
+        proxyServerService = new ProxyServerServiceImpl(kubernetesClientService, kubernetesModelConverter);
         tlsCertificateService = new TlsCertificateServiceImpl(kubernetesClientService, kubernetesModelConverter);
         wasmPluginService = new WasmPluginServiceImpl(kubernetesClientService, kubernetesModelConverter,
             config.getWasmPluginServiceConfig());
@@ -104,6 +106,11 @@ public ServiceSourceService serviceSourceService() {
         return serviceSourceService;
     }
 
+    @Override
+    public ProxyServerService proxyServerService() {
+        return proxyServerService;
+    }
+
     @Override
     public TlsCertificateService tlsCertificateService() {
         return tlsCertificateService;

backend/sdk/src/main/java/com/alibaba/higress/sdk/service/ProxyServerService.java

@@ -0,0 +1,30 @@
+/*
+ * Copyright (c) 2022-2025 Alibaba Group Holding Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
+ * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations under the License.
+ */
+package com.alibaba.higress.sdk.service;
+
+import com.alibaba.higress.sdk.model.CommonPageQuery;
+import com.alibaba.higress.sdk.model.PaginatedResult;
+import com.alibaba.higress.sdk.model.ProxyServer;
+
+public interface ProxyServerService {
+
+    PaginatedResult<ProxyServer> list(CommonPageQuery query);
+
+    ProxyServer addOrUpdate(ProxyServer serviceSource);
+
+    ProxyServer add(ProxyServer serviceSource);
+
+    void delete(String name);
+
+    ProxyServer query(String name);
+}