micro/util/wrapper/wrapper.go

package wrapper

import (
	"context"
	"strings"
	"time"

	"github.com/micro/go-micro/v2/auth"
	"github.com/micro/go-micro/v2/client"
	"github.com/micro/go-micro/v2/debug/stats"
	"github.com/micro/go-micro/v2/debug/trace"
	"github.com/micro/go-micro/v2/errors"
	"github.com/micro/go-micro/v2/metadata"
	"github.com/micro/go-micro/v2/server"
)

type fromServiceWrapper struct {
	client.Client

	// headers to inject
	headers metadata.Metadata
}

var (
	HeaderPrefix = "Micro-"
)

func (f *fromServiceWrapper) setHeaders(ctx context.Context) context.Context {
	// don't overwrite keys
	return metadata.MergeContext(ctx, f.headers, false)
}

func (f *fromServiceWrapper) Call(ctx context.Context, req client.Request, rsp interface{}, opts ...client.CallOption) error {
	ctx = f.setHeaders(ctx)
	return f.Client.Call(ctx, req, rsp, opts...)
}

func (f *fromServiceWrapper) Stream(ctx context.Context, req client.Request, opts ...client.CallOption) (client.Stream, error) {
	ctx = f.setHeaders(ctx)
	return f.Client.Stream(ctx, req, opts...)
}

func (f *fromServiceWrapper) Publish(ctx context.Context, p client.Message, opts ...client.PublishOption) error {
	ctx = f.setHeaders(ctx)
	return f.Client.Publish(ctx, p, opts...)
}

// FromService wraps a client to inject service and auth metadata
func FromService(name string, c client.Client) client.Client {
	return &fromServiceWrapper{
		c,
		metadata.Metadata{
			HeaderPrefix + "From-Service": name,
		},
	}
}

// HandlerStats wraps a server handler to generate request/error stats
func HandlerStats(stats stats.Stats) server.HandlerWrapper {
	// return a handler wrapper
	return func(h server.HandlerFunc) server.HandlerFunc {
		// return a function that returns a function
		return func(ctx context.Context, req server.Request, rsp interface{}) error {
			// execute the handler
			err := h(ctx, req, rsp)
			// record the stats
			stats.Record(err)
			// return the error
			return err
		}
	}
}

type traceWrapper struct {
	client.Client

	name  string
	trace trace.Tracer
}

func (c *traceWrapper) Call(ctx context.Context, req client.Request, rsp interface{}, opts ...client.CallOption) error {
	newCtx, s := c.trace.Start(ctx, req.Service()+"."+req.Endpoint())

	s.Type = trace.SpanTypeRequestOutbound
	err := c.Client.Call(newCtx, req, rsp, opts...)
	if err != nil {
		s.Metadata["error"] = err.Error()
	}

	// finish the trace
	c.trace.Finish(s)

	return err
}

// TraceCall is a call tracing wrapper
func TraceCall(name string, t trace.Tracer, c client.Client) client.Client {
	return &traceWrapper{
		name:   name,
		trace:  t,
		Client: c,
	}
}

// TraceHandler wraps a server handler to perform tracing
func TraceHandler(t trace.Tracer) server.HandlerWrapper {
	// return a handler wrapper
	return func(h server.HandlerFunc) server.HandlerFunc {
		// return a function that returns a function
		return func(ctx context.Context, req server.Request, rsp interface{}) error {
			// don't store traces for debug
			if strings.HasPrefix(req.Endpoint(), "Debug.") {
				return h(ctx, req, rsp)
			}

			// get the span
			newCtx, s := t.Start(ctx, req.Service()+"."+req.Endpoint())
			s.Type = trace.SpanTypeRequestInbound

			err := h(newCtx, req, rsp)
			if err != nil {
				s.Metadata["error"] = err.Error()
			}

			// finish
			t.Finish(s)

			return err
		}
	}
}

type authWrapper struct {
	client.Client
	auth func() auth.Auth
}

func (a *authWrapper) Call(ctx context.Context, req client.Request, rsp interface{}, opts ...client.CallOption) error {
	// parse the options
	var options client.CallOptions
	for _, o := range opts {
		o(&options)
	}

	// check to see if the authorization header has already been set.
	// We dont't override the header unless the ServiceToken option has
	// been specified or the header wasn't provided
	if _, ok := metadata.Get(ctx, "Authorization"); ok && !options.ServiceToken {
		return a.Client.Call(ctx, req, rsp, opts...)
	}

	// if auth is nil we won't be able to get an access token, so we execute
	// the request without one.
	aa := a.auth()
	if aa == nil {
		return a.Client.Call(ctx, req, rsp, opts...)
	}

	// check to see if we have a valid access token
	aaOpts := aa.Options()
	if aaOpts.Token != nil && aaOpts.Token.Expiry.Unix() > time.Now().Unix() {
		ctx = metadata.Set(ctx, "Authorization", auth.BearerScheme+aaOpts.Token.AccessToken)
		return a.Client.Call(ctx, req, rsp, opts...)
	}

	// call without an auth token
	return a.Client.Call(ctx, req, rsp, opts...)
}

// AuthClient wraps requests with the auth header
func AuthClient(auth func() auth.Auth, c client.Client) client.Client {
	return &authWrapper{c, auth}
}

// AuthHandler wraps a server handler to perform auth
func AuthHandler(fn func() auth.Auth) server.HandlerWrapper {
	return func(h server.HandlerFunc) server.HandlerFunc {
		return func(ctx context.Context, req server.Request, rsp interface{}) error {
			// get the auth.Auth interface
			a := fn()

			// Check for debug endpoints which should be excluded from auth
			if strings.HasPrefix(req.Endpoint(), "Debug.") {
				return h(ctx, req, rsp)
			}

			// Extract the token if present. Note: if noop is being used
			// then the token can be blank without erroring
			var token string
			if header, ok := metadata.Get(ctx, "Authorization"); ok {
				// Ensure the correct scheme is being used
				if !strings.HasPrefix(header, auth.BearerScheme) {
					return errors.Unauthorized(req.Service(), "invalid authorization header. expected Bearer schema")
				}

				token = header[len(auth.BearerScheme):]
			}

			// Inspect the token and get the account
			account, err := a.Inspect(token)
			if err != nil {
				account = &auth.Account{Namespace: a.Options().Namespace}
			}

			// construct the resource
			res := &auth.Resource{
				Type:     "service",
				Name:     req.Service(),
				Endpoint: req.Endpoint(),
			}

			// Verify the caller has access to the resource
			err = a.Verify(account, res)
			if err != nil && len(account.ID) > 0 {
				return errors.Forbidden(req.Service(), "Forbidden call made to %v:%v by %v", req.Service(), req.Endpoint(), account.ID)
			} else if err != nil {
				return errors.Unauthorized(req.Service(), "Unauthorised call made to %v:%v", req.Service(), req.Endpoint())
			}

			// There is an account, set it in the context
			if len(account.ID) > 0 {
				ctx = auth.ContextWithAccount(ctx, account)
			}

			// The user is authorised, allow the call
			return h(ctx, req, rsp)
		}
	}
}
Move wrapper internally since its not top level relevant 2019-11-16 21:48:24 +03:00			`package wrapper`
Experimental top level init 2015-12-21 02:50:16 +03:00
			`import (`
switch to stdlib context 2018-03-03 14:53:52 +03:00			`"context"`
Don't store traces for Debug endpoints 2020-02-07 23:58:03 +03:00			`"strings"`
Auth Client Wrapper 2020-04-29 17:11:06 +03:00			`"time"`
switch to stdlib context 2018-03-03 14:53:52 +03:00
Auth Wrapper (#1174) * Auth Wrapper * Tweak cmd flag * auth_excludes => auth_exclude * Make Auth.Excludes variadic * Use metadata.Get (passes through http and http2 it will go through various case formats) * fix auth wrapper auth.Auth interface initialisation Co-authored-by: Asim Aslam <asim@aslam.me> 2020-02-10 11:26:28 +03:00			`"github.com/micro/go-micro/v2/auth"`
fix import paths for v2 release Signed-off-by: Vasiliy Tolstov <v.tolstov@unistack.org> 2020-01-30 14:39:00 +03:00			`"github.com/micro/go-micro/v2/client"`
			`"github.com/micro/go-micro/v2/debug/stats"`
			`"github.com/micro/go-micro/v2/debug/trace"`
Auth Wrapper (#1174) * Auth Wrapper * Tweak cmd flag * auth_excludes => auth_exclude * Make Auth.Excludes variadic * Use metadata.Get (passes through http and http2 it will go through various case formats) * fix auth wrapper auth.Auth interface initialisation Co-authored-by: Asim Aslam <asim@aslam.me> 2020-02-10 11:26:28 +03:00			`"github.com/micro/go-micro/v2/errors"`
fix import paths for v2 release Signed-off-by: Vasiliy Tolstov <v.tolstov@unistack.org> 2020-01-30 14:39:00 +03:00			`"github.com/micro/go-micro/v2/metadata"`
			`"github.com/micro/go-micro/v2/server"`
Experimental top level init 2015-12-21 02:50:16 +03:00			`)`

Auth Client Wrapper 2020-04-29 17:11:06 +03:00			`type fromServiceWrapper struct {`
Experimental top level init 2015-12-21 02:50:16 +03:00			`client.Client`
add MICRO_AUTH_TOKEN, parse token in wrapper, preload config and othe… (#1261) * add MICRO_AUTH_TOKEN, parse token in wrapper, preload config and other things * fix wrapper panic 2020-02-26 01:15:44 +03:00
			`// headers to inject`
Move context to metadata 2016-01-28 20:55:28 +03:00			`headers metadata.Metadata`
Experimental top level init 2015-12-21 02:50:16 +03:00			`}`

Move wrapper internally since its not top level relevant 2019-11-16 21:48:24 +03:00			`var (`
			`HeaderPrefix = "Micro-"`
			`)`

Auth Client Wrapper 2020-04-29 17:11:06 +03:00			`func (f *fromServiceWrapper) setHeaders(ctx context.Context) context.Context {`
minimize allocations (#1472) * server: minimize allocations on re-register Signed-off-by: Vasiliy Tolstov <v.tolstov@unistack.org> * server: stop old instance before Init() Signed-off-by: Vasiliy Tolstov <v.tolstov@unistack.org> * client/grpc: fix allocations in protobuf marshal Signed-off-by: Vasiliy Tolstov <v.tolstov@unistack.org> * codec/json: fix allocations in protobuf marshal Signed-off-by: Vasiliy Tolstov <v.tolstov@unistack.org> * remove stop from init Signed-off-by: Vasiliy Tolstov <v.tolstov@unistack.org> * codec/grpc: expose MaxMessageSize Signed-off-by: Vasiliy Tolstov <v.tolstov@unistack.org> * codec: use buffer pool Signed-off-by: Vasiliy Tolstov <v.tolstov@unistack.org> * metadata: minimize reallocations Signed-off-by: Vasiliy Tolstov <v.tolstov@unistack.org> * util/wrapper: use metadata helper Signed-off-by: Vasiliy Tolstov <v.tolstov@unistack.org> * registry/cache: move logs to debug level Signed-off-by: Vasiliy Tolstov <v.tolstov@unistack.org> * server: move logs to debug level Signed-off-by: Vasiliy Tolstov <v.tolstov@unistack.org> * server: cache service only when Advertise is ip addr Signed-off-by: Vasiliy Tolstov <v.tolstov@unistack.org> * server: use metadata.Copy Signed-off-by: Vasiliy Tolstov <v.tolstov@unistack.org> 2020-04-08 12:50:19 +03:00			`// don't overwrite keys`
Auth Client Wrapper 2020-04-29 17:11:06 +03:00			`return metadata.MergeContext(ctx, f.headers, false)`
Experimental top level init 2015-12-21 02:50:16 +03:00			`}`

Auth Client Wrapper 2020-04-29 17:11:06 +03:00			`func (f *fromServiceWrapper) Call(ctx context.Context, req client.Request, rsp interface{}, opts ...client.CallOption) error {`
			`ctx = f.setHeaders(ctx)`
			`return f.Client.Call(ctx, req, rsp, opts...)`
Experimental top level init 2015-12-21 02:50:16 +03:00			`}`

Auth Client Wrapper 2020-04-29 17:11:06 +03:00			`func (f *fromServiceWrapper) Stream(ctx context.Context, req client.Request, opts ...client.CallOption) (client.Stream, error) {`
			`ctx = f.setHeaders(ctx)`
			`return f.Client.Stream(ctx, req, opts...)`
Experimental top level init 2015-12-21 02:50:16 +03:00			`}`
Move wrapper internally since its not top level relevant 2019-11-16 21:48:24 +03:00
Auth Client Wrapper 2020-04-29 17:11:06 +03:00			`func (f *fromServiceWrapper) Publish(ctx context.Context, p client.Message, opts ...client.PublishOption) error {`
			`ctx = f.setHeaders(ctx)`
			`return f.Client.Publish(ctx, p, opts...)`
trace wrapper 2020-01-25 00:58:29 +03:00			`}`

add MICRO_AUTH_TOKEN, parse token in wrapper, preload config and othe… (#1261) * add MICRO_AUTH_TOKEN, parse token in wrapper, preload config and other things * fix wrapper panic 2020-02-26 01:15:44 +03:00			`// FromService wraps a client to inject service and auth metadata`
Auth Client Wrapper 2020-04-29 17:11:06 +03:00			`func FromService(name string, c client.Client) client.Client {`
			`return &fromServiceWrapper{`
move test data 2019-11-16 21:52:27 +03:00			`c,`
			`metadata.Metadata{`
			`HeaderPrefix + "From-Service": name,`
			`},`
			`}`
Move wrapper internally since its not top level relevant 2019-11-16 21:48:24 +03:00			`}`
add requests/errors to stats 2019-12-18 21:36:42 +03:00
			`// HandlerStats wraps a server handler to generate request/error stats`
			`func HandlerStats(stats stats.Stats) server.HandlerWrapper {`
			`// return a handler wrapper`
			`return func(h server.HandlerFunc) server.HandlerFunc {`
			`// return a function that returns a function`
			`return func(ctx context.Context, req server.Request, rsp interface{}) error {`
			`// execute the handler`
			`err := h(ctx, req, rsp)`
			`// record the stats`
			`stats.Record(err)`
			`// return the error`
			`return err`
			`}`
			`}`
			`}`
trace wrapper 2020-01-25 00:58:29 +03:00
Auth Client Wrapper 2020-04-29 17:11:06 +03:00			`type traceWrapper struct {`
			`client.Client`

			`name string`
			`trace trace.Tracer`
			`}`

			`func (c *traceWrapper) Call(ctx context.Context, req client.Request, rsp interface{}, opts ...client.CallOption) error {`
			`newCtx, s := c.trace.Start(ctx, req.Service()+"."+req.Endpoint())`

			`s.Type = trace.SpanTypeRequestOutbound`
			`err := c.Client.Call(newCtx, req, rsp, opts...)`
			`if err != nil {`
			`s.Metadata["error"] = err.Error()`
			`}`

			`// finish the trace`
			`c.trace.Finish(s)`

			`return err`
			`}`

trace wrapper 2020-01-25 00:58:29 +03:00			`// TraceCall is a call tracing wrapper`
Refactor debug/trace ready for Jaeger 2020-01-29 18:45:11 +03:00			`func TraceCall(name string, t trace.Tracer, c client.Client) client.Client {`
trace wrapper 2020-01-25 00:58:29 +03:00			`return &traceWrapper{`
			`name: name,`
			`trace: t,`
			`Client: c,`
			`}`
			`}`

			`// TraceHandler wraps a server handler to perform tracing`
Refactor debug/trace ready for Jaeger 2020-01-29 18:45:11 +03:00			`func TraceHandler(t trace.Tracer) server.HandlerWrapper {`
trace wrapper 2020-01-25 00:58:29 +03:00			`// return a handler wrapper`
			`return func(h server.HandlerFunc) server.HandlerFunc {`
			`// return a function that returns a function`
			`return func(ctx context.Context, req server.Request, rsp interface{}) error {`
Don't store traces for Debug endpoints 2020-02-07 23:58:03 +03:00			`// don't store traces for debug`
			`if strings.HasPrefix(req.Endpoint(), "Debug.") {`
			`return h(ctx, req, rsp)`
			`}`

trace wrapper 2020-01-25 00:58:29 +03:00			`// get the span`
			`newCtx, s := t.Start(ctx, req.Service()+"."+req.Endpoint())`
Trace type is now being recorded (#1188) 2020-02-12 13:57:17 +03:00			`s.Type = trace.SpanTypeRequestInbound`
trace wrapper 2020-01-25 00:58:29 +03:00
			`err := h(newCtx, req, rsp)`
			`if err != nil {`
			`s.Metadata["error"] = err.Error()`
			`}`

			`// finish`
			`t.Finish(s)`

			`return err`
			`}`
			`}`
			`}`
Auth Wrapper (#1174) * Auth Wrapper * Tweak cmd flag * auth_excludes => auth_exclude * Make Auth.Excludes variadic * Use metadata.Get (passes through http and http2 it will go through various case formats) * fix auth wrapper auth.Auth interface initialisation Co-authored-by: Asim Aslam <asim@aslam.me> 2020-02-10 11:26:28 +03:00
Auth Client Wrapper 2020-04-29 17:11:06 +03:00			`type authWrapper struct {`
			`client.Client`
			`auth func() auth.Auth`
			`}`

			`func (a *authWrapper) Call(ctx context.Context, req client.Request, rsp interface{}, opts ...client.CallOption) error {`
			`// parse the options`
			`var options client.CallOptions`
			`for _, o := range opts {`
			`o(&options)`
			`}`

			`// check to see if the authorization header has already been set.`
			`// We dont't override the header unless the ServiceToken option has`
Improve Comments 2020-04-29 17:15:38 +03:00			`// been specified or the header wasn't provided`
Auth Client Wrapper 2020-04-29 17:11:06 +03:00			`if _, ok := metadata.Get(ctx, "Authorization"); ok && !options.ServiceToken {`
			`return a.Client.Call(ctx, req, rsp, opts...)`
			`}`

			`// if auth is nil we won't be able to get an access token, so we execute`
			`// the request without one.`
			`aa := a.auth()`
Check if auth is nil to prevent nilpointer 2020-05-13 17:13:23 +03:00			`if aa == nil {`
Auth Client Wrapper 2020-04-29 17:11:06 +03:00			`return a.Client.Call(ctx, req, rsp, opts...)`
			`}`

			`// check to see if we have a valid access token`
			`aaOpts := aa.Options()`
			`if aaOpts.Token != nil && aaOpts.Token.Expiry.Unix() > time.Now().Unix() {`
Refactor auth to load token outside wrappers 2020-05-14 13:06:22 +03:00			`ctx = metadata.Set(ctx, "Authorization", auth.BearerScheme+aaOpts.Token.AccessToken)`
Auth: Fix recursive bug 2020-05-13 20:17:04 +03:00			`return a.Client.Call(ctx, req, rsp, opts...)`
			`}`

Authenticate on service start 2020-05-13 15:13:11 +03:00			`// call without an auth token`
			`return a.Client.Call(ctx, req, rsp, opts...)`
Auth Client Wrapper 2020-04-29 17:11:06 +03:00			`}`

			`// AuthClient wraps requests with the auth header`
Custom micro client 2020-05-14 13:25:19 +03:00			`func AuthClient(auth func() auth.Auth, c client.Client) client.Client {`
			`return &authWrapper{c, auth}`
Auth Client Wrapper 2020-04-29 17:11:06 +03:00			`}`

Auth Wrapper (#1174) * Auth Wrapper * Tweak cmd flag * auth_excludes => auth_exclude * Make Auth.Excludes variadic * Use metadata.Get (passes through http and http2 it will go through various case formats) * fix auth wrapper auth.Auth interface initialisation Co-authored-by: Asim Aslam <asim@aslam.me> 2020-02-10 11:26:28 +03:00			`// AuthHandler wraps a server handler to perform auth`
use requested service (#1413) 2020-03-25 23:59:37 +03:00			`func AuthHandler(fn func() auth.Auth) server.HandlerWrapper {`
Auth Wrapper (#1174) * Auth Wrapper * Tweak cmd flag * auth_excludes => auth_exclude * Make Auth.Excludes variadic * Use metadata.Get (passes through http and http2 it will go through various case formats) * fix auth wrapper auth.Auth interface initialisation Co-authored-by: Asim Aslam <asim@aslam.me> 2020-02-10 11:26:28 +03:00			`return func(h server.HandlerFunc) server.HandlerFunc {`
			`return func(ctx context.Context, req server.Request, rsp interface{}) error {`
			`// get the auth.Auth interface`
			`a := fn()`

Auth Improvements (#1195) * Exclude Stats & Trace from Auth * Update Excluded Endpoints Format * Tweak Implementation 2020-02-13 17:07:14 +03:00			`// Check for debug endpoints which should be excluded from auth`
			`if strings.HasPrefix(req.Endpoint(), "Debug.") {`
			`return h(ctx, req, rsp)`
Auth Wrapper (#1174) * Auth Wrapper * Tweak cmd flag * auth_excludes => auth_exclude * Make Auth.Excludes variadic * Use metadata.Get (passes through http and http2 it will go through various case formats) * fix auth wrapper auth.Auth interface initialisation Co-authored-by: Asim Aslam <asim@aslam.me> 2020-02-10 11:26:28 +03:00			`}`

			`// Extract the token if present. Note: if noop is being used`
			`// then the token can be blank without erroring`
			`var token string`
			`if header, ok := metadata.Get(ctx, "Authorization"); ok {`
			`// Ensure the correct scheme is being used`
Add ContextWithToken (#1407) * Add ContextWithToken * Tidying up BearerScheme Co-authored-by: Ben Toogood <ben@micro.mu> 2020-03-25 14:20:53 +03:00			`if !strings.HasPrefix(header, auth.BearerScheme) {`
Improve Err Handling 2020-04-02 20:41:06 +03:00			`return errors.Unauthorized(req.Service(), "invalid authorization header. expected Bearer schema")`
Auth Wrapper (#1174) * Auth Wrapper * Tweak cmd flag * auth_excludes => auth_exclude * Make Auth.Excludes variadic * Use metadata.Get (passes through http and http2 it will go through various case formats) * fix auth wrapper auth.Auth interface initialisation Co-authored-by: Asim Aslam <asim@aslam.me> 2020-02-10 11:26:28 +03:00			`}`

Add ContextWithToken (#1407) * Add ContextWithToken * Tidying up BearerScheme Co-authored-by: Ben Toogood <ben@micro.mu> 2020-03-25 14:20:53 +03:00			`token = header[len(auth.BearerScheme):]`
Auth Wrapper (#1174) * Auth Wrapper * Tweak cmd flag * auth_excludes => auth_exclude * Make Auth.Excludes variadic * Use metadata.Get (passes through http and http2 it will go through various case formats) * fix auth wrapper auth.Auth interface initialisation Co-authored-by: Asim Aslam <asim@aslam.me> 2020-02-10 11:26:28 +03:00			`}`

Fix service level auth, add improved error descriptions to aid with debugging (#1403) Co-authored-by: Ben Toogood <ben@micro.mu> 2020-03-25 12:35:29 +03:00			`// Inspect the token and get the account`
Updated auth interface (#1384) * Updated auth interface * Add Rule * Remove Rule * Return token from Renew * Renew => Refresh * Implement Tokens & Default Auth Implementation * Change default auth to noop * Change default auth to noop * Move token.Token to auth.Token * Remove Token from Account * Auth service implementation * Decode JWT locally * Cookie for secret * Move string to bottom of interface definition * Depricate auth_exclude * Update auth wrappers * Update go.sum Co-authored-by: Ben Toogood <ben@micro.mu> 2020-03-23 19:19:30 +03:00			`account, err := a.Inspect(token)`
			`if err != nil {`
Inject Namespace into Context 2020-04-14 11:14:07 +03:00			`account = &auth.Account{Namespace: a.Options().Namespace}`
Improve Err Handling 2020-04-02 20:41:06 +03:00			`}`

			`// construct the resource`
			`res := &auth.Resource{`
Refactor Namespace Resolver 2020-04-07 18:24:51 +03:00			`Type: "service",`
			`Name: req.Service(),`
			`Endpoint: req.Endpoint(),`
Fix service level auth, add improved error descriptions to aid with debugging (#1403) Co-authored-by: Ben Toogood <ben@micro.mu> 2020-03-25 12:35:29 +03:00			`}`

			`// Verify the caller has access to the resource`
Improve Err Handling 2020-04-02 20:41:06 +03:00			`err = a.Verify(account, res)`
Fix auth bug restricting access to unauthorised endpoints (#1405) Co-authored-by: Ben Toogood <ben@micro.mu> 2020-03-25 13:31:33 +03:00			`if err != nil && len(account.ID) > 0 {`
Improve Err Handling 2020-04-02 20:41:06 +03:00			`return errors.Forbidden(req.Service(), "Forbidden call made to %v:%v by %v", req.Service(), req.Endpoint(), account.ID)`
Fix auth bug restricting access to unauthorised endpoints (#1405) Co-authored-by: Ben Toogood <ben@micro.mu> 2020-03-25 13:31:33 +03:00			`} else if err != nil {`
Improve Err Handling 2020-04-02 20:41:06 +03:00			`return errors.Unauthorized(req.Service(), "Unauthorised call made to %v:%v", req.Service(), req.Endpoint())`
Set auth account in context (#1293) 2020-03-04 12:54:52 +03:00			`}`

Updated auth interface (#1384) * Updated auth interface * Add Rule * Remove Rule * Return token from Renew * Renew => Refresh * Implement Tokens & Default Auth Implementation * Change default auth to noop * Change default auth to noop * Move token.Token to auth.Token * Remove Token from Account * Auth service implementation * Decode JWT locally * Cookie for secret * Move string to bottom of interface definition * Depricate auth_exclude * Update auth wrappers * Update go.sum Co-authored-by: Ben Toogood <ben@micro.mu> 2020-03-23 19:19:30 +03:00			`// There is an account, set it in the context`
Add mutli-tenancy support to the registry 2020-05-13 12:40:08 +03:00			`if len(account.ID) > 0 {`
			`ctx = auth.ContextWithAccount(ctx, account)`
			`}`
Auth Wrapper (#1174) * Auth Wrapper * Tweak cmd flag * auth_excludes => auth_exclude * Make Auth.Excludes variadic * Use metadata.Get (passes through http and http2 it will go through various case formats) * fix auth wrapper auth.Auth interface initialisation Co-authored-by: Asim Aslam <asim@aslam.me> 2020-02-10 11:26:28 +03:00
Set auth account in context (#1293) 2020-03-04 12:54:52 +03:00			`// The user is authorised, allow the call`
Auth Wrapper (#1174) * Auth Wrapper * Tweak cmd flag * auth_excludes => auth_exclude * Make Auth.Excludes variadic * Use metadata.Get (passes through http and http2 it will go through various case formats) * fix auth wrapper auth.Auth interface initialisation Co-authored-by: Asim Aslam <asim@aslam.me> 2020-02-10 11:26:28 +03:00			`return h(ctx, req, rsp)`
			`}`
			`}`
			`}`