2019-11-16 18:48:24 +00:00
|
|
|
package wrapper
|
2015-12-20 23:50:16 +00:00
|
|
|
|
|
|
|
import (
|
2018-03-03 11:53:52 +00:00
|
|
|
"context"
|
2020-02-07 20:58:03 +00:00
|
|
|
"strings"
|
2018-03-03 11:53:52 +00:00
|
|
|
|
2020-02-10 08:26:28 +00:00
|
|
|
"github.com/micro/go-micro/v2/auth"
|
2020-01-30 14:39:00 +03:00
|
|
|
"github.com/micro/go-micro/v2/client"
|
|
|
|
"github.com/micro/go-micro/v2/debug/stats"
|
|
|
|
"github.com/micro/go-micro/v2/debug/trace"
|
2020-02-10 08:26:28 +00:00
|
|
|
"github.com/micro/go-micro/v2/errors"
|
2020-01-30 14:39:00 +03:00
|
|
|
"github.com/micro/go-micro/v2/metadata"
|
|
|
|
"github.com/micro/go-micro/v2/server"
|
2015-12-20 23:50:16 +00:00
|
|
|
)
|
|
|
|
|
2015-12-23 00:02:42 +00:00
|
|
|
type clientWrapper struct {
|
2015-12-20 23:50:16 +00:00
|
|
|
client.Client
|
2020-02-25 22:15:44 +00:00
|
|
|
|
|
|
|
// Auth interface
|
|
|
|
auth func() auth.Auth
|
|
|
|
// headers to inject
|
2016-01-28 17:55:28 +00:00
|
|
|
headers metadata.Metadata
|
2015-12-20 23:50:16 +00:00
|
|
|
}
|
|
|
|
|
2020-01-24 21:58:29 +00:00
|
|
|
type traceWrapper struct {
|
|
|
|
client.Client
|
|
|
|
|
|
|
|
name string
|
2020-01-29 15:45:11 +00:00
|
|
|
trace trace.Tracer
|
2020-01-24 21:58:29 +00:00
|
|
|
}
|
|
|
|
|
2019-11-16 18:48:24 +00:00
|
|
|
var (
|
|
|
|
HeaderPrefix = "Micro-"
|
|
|
|
)
|
|
|
|
|
2016-04-15 16:45:59 +01:00
|
|
|
func (c *clientWrapper) setHeaders(ctx context.Context) context.Context {
|
2019-01-17 09:40:49 +00:00
|
|
|
// copy metadata
|
|
|
|
mda, _ := metadata.FromContext(ctx)
|
|
|
|
md := metadata.Copy(mda)
|
2016-11-02 17:21:53 +00:00
|
|
|
|
2020-02-25 22:15:44 +00:00
|
|
|
// get auth token
|
|
|
|
if a := c.auth(); a != nil {
|
|
|
|
tk := a.Options().Token
|
|
|
|
// if the token if exists and auth header isn't set then set it
|
|
|
|
if len(tk) > 0 && len(md["Authorization"]) == 0 {
|
2020-03-25 11:20:53 +00:00
|
|
|
md["Authorization"] = auth.BearerScheme + tk
|
2020-02-25 22:15:44 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2019-01-17 09:40:49 +00:00
|
|
|
// set headers
|
2016-04-15 16:45:59 +01:00
|
|
|
for k, v := range c.headers {
|
|
|
|
if _, ok := md[k]; !ok {
|
|
|
|
md[k] = v
|
|
|
|
}
|
|
|
|
}
|
2016-11-02 17:21:53 +00:00
|
|
|
|
2016-04-15 16:45:59 +01:00
|
|
|
return metadata.NewContext(ctx, md)
|
|
|
|
}
|
|
|
|
|
2015-12-23 00:02:42 +00:00
|
|
|
func (c *clientWrapper) Call(ctx context.Context, req client.Request, rsp interface{}, opts ...client.CallOption) error {
|
2016-04-15 16:45:59 +01:00
|
|
|
ctx = c.setHeaders(ctx)
|
2015-12-20 23:50:16 +00:00
|
|
|
return c.Client.Call(ctx, req, rsp, opts...)
|
|
|
|
}
|
|
|
|
|
2018-04-14 18:15:09 +01:00
|
|
|
func (c *clientWrapper) Stream(ctx context.Context, req client.Request, opts ...client.CallOption) (client.Stream, error) {
|
2016-04-15 16:45:59 +01:00
|
|
|
ctx = c.setHeaders(ctx)
|
2015-12-20 23:50:16 +00:00
|
|
|
return c.Client.Stream(ctx, req, opts...)
|
|
|
|
}
|
|
|
|
|
2018-04-14 18:15:09 +01:00
|
|
|
func (c *clientWrapper) Publish(ctx context.Context, p client.Message, opts ...client.PublishOption) error {
|
2016-04-15 16:45:59 +01:00
|
|
|
ctx = c.setHeaders(ctx)
|
2015-12-20 23:50:16 +00:00
|
|
|
return c.Client.Publish(ctx, p, opts...)
|
|
|
|
}
|
2019-11-16 18:48:24 +00:00
|
|
|
|
2020-01-24 21:58:29 +00:00
|
|
|
func (c *traceWrapper) Call(ctx context.Context, req client.Request, rsp interface{}, opts ...client.CallOption) error {
|
|
|
|
newCtx, s := c.trace.Start(ctx, req.Service()+"."+req.Endpoint())
|
|
|
|
|
2020-02-12 11:57:17 +01:00
|
|
|
s.Type = trace.SpanTypeRequestOutbound
|
2020-01-24 21:58:29 +00:00
|
|
|
err := c.Client.Call(newCtx, req, rsp, opts...)
|
|
|
|
if err != nil {
|
|
|
|
s.Metadata["error"] = err.Error()
|
|
|
|
}
|
|
|
|
|
|
|
|
// finish the trace
|
|
|
|
c.trace.Finish(s)
|
|
|
|
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
2020-02-25 22:15:44 +00:00
|
|
|
// FromService wraps a client to inject service and auth metadata
|
|
|
|
func FromService(name string, c client.Client, fn func() auth.Auth) client.Client {
|
2019-11-16 18:48:24 +00:00
|
|
|
return &clientWrapper{
|
2019-11-16 18:52:27 +00:00
|
|
|
c,
|
2020-02-25 22:15:44 +00:00
|
|
|
fn,
|
2019-11-16 18:52:27 +00:00
|
|
|
metadata.Metadata{
|
|
|
|
HeaderPrefix + "From-Service": name,
|
|
|
|
},
|
|
|
|
}
|
2019-11-16 18:48:24 +00:00
|
|
|
}
|
2019-12-18 18:36:42 +00:00
|
|
|
|
|
|
|
// HandlerStats wraps a server handler to generate request/error stats
|
|
|
|
func HandlerStats(stats stats.Stats) server.HandlerWrapper {
|
|
|
|
// return a handler wrapper
|
|
|
|
return func(h server.HandlerFunc) server.HandlerFunc {
|
|
|
|
// return a function that returns a function
|
|
|
|
return func(ctx context.Context, req server.Request, rsp interface{}) error {
|
|
|
|
// execute the handler
|
|
|
|
err := h(ctx, req, rsp)
|
|
|
|
// record the stats
|
|
|
|
stats.Record(err)
|
|
|
|
// return the error
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2020-01-24 21:58:29 +00:00
|
|
|
|
|
|
|
// TraceCall is a call tracing wrapper
|
2020-01-29 15:45:11 +00:00
|
|
|
func TraceCall(name string, t trace.Tracer, c client.Client) client.Client {
|
2020-01-24 21:58:29 +00:00
|
|
|
return &traceWrapper{
|
|
|
|
name: name,
|
|
|
|
trace: t,
|
|
|
|
Client: c,
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// TraceHandler wraps a server handler to perform tracing
|
2020-01-29 15:45:11 +00:00
|
|
|
func TraceHandler(t trace.Tracer) server.HandlerWrapper {
|
2020-01-24 21:58:29 +00:00
|
|
|
// return a handler wrapper
|
|
|
|
return func(h server.HandlerFunc) server.HandlerFunc {
|
|
|
|
// return a function that returns a function
|
|
|
|
return func(ctx context.Context, req server.Request, rsp interface{}) error {
|
2020-02-07 20:58:03 +00:00
|
|
|
// don't store traces for debug
|
|
|
|
if strings.HasPrefix(req.Endpoint(), "Debug.") {
|
|
|
|
return h(ctx, req, rsp)
|
|
|
|
}
|
|
|
|
|
2020-01-24 21:58:29 +00:00
|
|
|
// get the span
|
|
|
|
newCtx, s := t.Start(ctx, req.Service()+"."+req.Endpoint())
|
2020-02-12 11:57:17 +01:00
|
|
|
s.Type = trace.SpanTypeRequestInbound
|
2020-01-24 21:58:29 +00:00
|
|
|
|
|
|
|
err := h(newCtx, req, rsp)
|
|
|
|
if err != nil {
|
|
|
|
s.Metadata["error"] = err.Error()
|
|
|
|
}
|
|
|
|
|
|
|
|
// finish
|
|
|
|
t.Finish(s)
|
|
|
|
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2020-02-10 08:26:28 +00:00
|
|
|
|
|
|
|
// AuthHandler wraps a server handler to perform auth
|
2020-03-25 20:59:37 +00:00
|
|
|
func AuthHandler(fn func() auth.Auth) server.HandlerWrapper {
|
2020-02-10 08:26:28 +00:00
|
|
|
return func(h server.HandlerFunc) server.HandlerFunc {
|
|
|
|
return func(ctx context.Context, req server.Request, rsp interface{}) error {
|
|
|
|
// get the auth.Auth interface
|
|
|
|
a := fn()
|
|
|
|
|
2020-02-13 14:07:14 +00:00
|
|
|
// Check for debug endpoints which should be excluded from auth
|
|
|
|
if strings.HasPrefix(req.Endpoint(), "Debug.") {
|
|
|
|
return h(ctx, req, rsp)
|
2020-02-10 08:26:28 +00:00
|
|
|
}
|
|
|
|
|
2020-03-23 16:19:30 +00:00
|
|
|
// Check for auth service endpoints which should be excluded from auth
|
|
|
|
if strings.HasPrefix(req.Endpoint(), "Auth.") {
|
|
|
|
return h(ctx, req, rsp)
|
|
|
|
}
|
|
|
|
|
2020-02-10 08:26:28 +00:00
|
|
|
// Extract the token if present. Note: if noop is being used
|
|
|
|
// then the token can be blank without erroring
|
|
|
|
var token string
|
|
|
|
if header, ok := metadata.Get(ctx, "Authorization"); ok {
|
|
|
|
// Ensure the correct scheme is being used
|
2020-03-25 11:20:53 +00:00
|
|
|
if !strings.HasPrefix(header, auth.BearerScheme) {
|
2020-02-10 08:26:28 +00:00
|
|
|
return errors.Unauthorized("go.micro.auth", "invalid authorization header. expected Bearer schema")
|
|
|
|
}
|
|
|
|
|
2020-03-25 11:20:53 +00:00
|
|
|
token = header[len(auth.BearerScheme):]
|
2020-02-10 08:26:28 +00:00
|
|
|
}
|
|
|
|
|
2020-03-25 09:35:29 +00:00
|
|
|
// Inspect the token and get the account
|
2020-03-23 16:19:30 +00:00
|
|
|
account, err := a.Inspect(token)
|
|
|
|
if err != nil {
|
2020-03-25 10:31:33 +00:00
|
|
|
account = &auth.Account{}
|
2020-03-25 09:35:29 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// Verify the caller has access to the resource
|
2020-03-25 20:59:37 +00:00
|
|
|
err = a.Verify(account, &auth.Resource{Type: "service", Name: req.Service(), Endpoint: req.Endpoint()})
|
2020-03-25 10:31:33 +00:00
|
|
|
if err != nil && len(account.ID) > 0 {
|
2020-03-25 20:59:37 +00:00
|
|
|
return errors.Forbidden("go.micro.auth", "Forbidden call made to %v:%v by %v", req.Service(), req.Endpoint(), account.ID)
|
2020-03-25 10:31:33 +00:00
|
|
|
} else if err != nil {
|
2020-03-25 20:59:37 +00:00
|
|
|
return errors.Unauthorized("go.micro.auth", "Unauthorised call made to %v:%v", req.Service(), req.Endpoint())
|
2020-03-04 09:54:52 +00:00
|
|
|
}
|
|
|
|
|
2020-03-23 16:19:30 +00:00
|
|
|
// There is an account, set it in the context
|
|
|
|
ctx, err = auth.ContextWithAccount(ctx, account)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
2020-02-10 08:26:28 +00:00
|
|
|
}
|
|
|
|
|
2020-03-04 09:54:52 +00:00
|
|
|
// The user is authorised, allow the call
|
2020-02-10 08:26:28 +00:00
|
|
|
return h(ctx, req, rsp)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|