micro/util/auth/auth.go

package auth

import (
	"time"

	"github.com/google/uuid"
	"github.com/micro/go-micro/v2/auth"
	"github.com/micro/go-micro/v2/logger"
)

// Verify the auth credentials and refresh the auth token periodicallay
func Verify(a auth.Auth) error {
	// extract the account creds from options, these can be set by flags
	accID := a.Options().ID
	accSecret := a.Options().Secret

	// if no credentials were provided, self generate an account
	if len(accID) == 0 && len(accSecret) == 0 {
		opts := []auth.GenerateOption{
			auth.WithType("service"),
			auth.WithScopes("service"),
		}

		acc, err := a.Generate(uuid.New().String(), opts...)
		if err != nil {
			return err
		}
		logger.Debugf("Auth [%v] Generated an auth account", a.String())

		accID = acc.ID
		accSecret = acc.Secret
	}

	// generate the first token
	token, err := a.Token(
		auth.WithCredentials(accID, accSecret),
		auth.WithExpiry(time.Minute*10),
	)
	if err != nil {
		return err
	}

	// set the credentials and token in auth options
	a.Init(
		auth.ClientToken(token),
		auth.Credentials(accID, accSecret),
	)

	// periodically check to see if the token needs refreshing
	go func() {
		timer := time.NewTicker(time.Second * 15)

		for {
			<-timer.C

			// don't refresh the token if it's not close to expiring
			tok := a.Options().Token
			if tok.Expiry.Unix() > time.Now().Add(time.Minute).Unix() {
				continue
			}

			// generate the first token
			tok, err := a.Token(
				auth.WithToken(tok.RefreshToken),
				auth.WithExpiry(time.Minute*10),
			)
			if err != nil {
				logger.Warnf("[Auth] Error refreshing token: %v", err)
				continue
			}

			// set the token
			a.Init(auth.ClientToken(tok))
		}
	}()

	return nil
}
Refactor auth setup to util/auth 2020-05-14 18:10:14 +03:00			`package auth`

			`import (`
			`"time"`

runtime: provide credentials to services (#1817) * runtime: inject credentials into service * util/auth: self generate accounts (needed for jwt) * runtime/kubernetes: add logging for creds * runtime/kubernetes: serialize secret name * runtime/kubernetes: remove unused code * runtime/kubernetes: base64 encode secret * runtime/kubernetes: remove metadata from secret * util/kubernetes/client: omit empty secret metadata * util/kubernetes/client: fix secret template * util/kubernetes/client: fix secrets * web: update auth util * util/auth: fix missing arg * extend token expiry * extend token expiry 2020-07-10 18:25:46 +03:00			`"github.com/google/uuid"`
Refactor auth setup to util/auth 2020-05-14 18:10:14 +03:00			`"github.com/micro/go-micro/v2/auth"`
			`"github.com/micro/go-micro/v2/logger"`
			`)`

runtime: provide credentials to services (#1817) * runtime: inject credentials into service * util/auth: self generate accounts (needed for jwt) * runtime/kubernetes: add logging for creds * runtime/kubernetes: serialize secret name * runtime/kubernetes: remove unused code * runtime/kubernetes: base64 encode secret * runtime/kubernetes: remove metadata from secret * util/kubernetes/client: omit empty secret metadata * util/kubernetes/client: fix secret template * util/kubernetes/client: fix secrets * web: update auth util * util/auth: fix missing arg * extend token expiry * extend token expiry 2020-07-10 18:25:46 +03:00			`// Verify the auth credentials and refresh the auth token periodicallay`
			`func Verify(a auth.Auth) error {`
Refactor auth setup to util/auth 2020-05-14 18:10:14 +03:00			`// extract the account creds from options, these can be set by flags`
			`accID := a.Options().ID`
			`accSecret := a.Options().Secret`

runtime: provide credentials to services (#1817) * runtime: inject credentials into service * util/auth: self generate accounts (needed for jwt) * runtime/kubernetes: add logging for creds * runtime/kubernetes: serialize secret name * runtime/kubernetes: remove unused code * runtime/kubernetes: base64 encode secret * runtime/kubernetes: remove metadata from secret * util/kubernetes/client: omit empty secret metadata * util/kubernetes/client: fix secret template * util/kubernetes/client: fix secrets * web: update auth util * util/auth: fix missing arg * extend token expiry * extend token expiry 2020-07-10 18:25:46 +03:00			`// if no credentials were provided, self generate an account`
			`if len(accID) == 0 && len(accSecret) == 0 {`
Refactor auth setup to util/auth 2020-05-14 18:10:14 +03:00			`opts := []auth.GenerateOption{`
			`auth.WithType("service"),`
Remove roles (replaced with scope) 2020-05-21 16:56:17 +03:00			`auth.WithScopes("service"),`
Refactor auth setup to util/auth 2020-05-14 18:10:14 +03:00			`}`

runtime: provide credentials to services (#1817) * runtime: inject credentials into service * util/auth: self generate accounts (needed for jwt) * runtime/kubernetes: add logging for creds * runtime/kubernetes: serialize secret name * runtime/kubernetes: remove unused code * runtime/kubernetes: base64 encode secret * runtime/kubernetes: remove metadata from secret * util/kubernetes/client: omit empty secret metadata * util/kubernetes/client: fix secret template * util/kubernetes/client: fix secrets * web: update auth util * util/auth: fix missing arg * extend token expiry * extend token expiry 2020-07-10 18:25:46 +03:00			`acc, err := a.Generate(uuid.New().String(), opts...)`
Refactor auth setup to util/auth 2020-05-14 18:10:14 +03:00			`if err != nil {`
			`return err`
			`}`
auth/service: generate accounts client side if JWT credentials present (#1823) 2020-07-13 12:20:31 +03:00			`logger.Debugf("Auth [%v] Generated an auth account", a.String())`
Refactor auth setup to util/auth 2020-05-14 18:10:14 +03:00
			`accID = acc.ID`
			`accSecret = acc.Secret`
			`}`

			`// generate the first token`
			`token, err := a.Token(`
			`auth.WithCredentials(accID, accSecret),`
			`auth.WithExpiry(time.Minute*10),`
			`)`
			`if err != nil {`
			`return err`
			`}`

			`// set the credentials and token in auth options`
			`a.Init(`
			`auth.ClientToken(token),`
			`auth.Credentials(accID, accSecret),`
			`)`

			`// periodically check to see if the token needs refreshing`
			`go func() {`
			`timer := time.NewTicker(time.Second * 15)`

			`for {`
			`<-timer.C`

			`// don't refresh the token if it's not close to expiring`
			`tok := a.Options().Token`
			`if tok.Expiry.Unix() > time.Now().Add(time.Minute).Unix() {`
			`continue`
			`}`

			`// generate the first token`
			`tok, err := a.Token(`
Add Rule to Auth interface 2020-05-20 13:59:01 +03:00			`auth.WithToken(tok.RefreshToken),`
Refactor auth setup to util/auth 2020-05-14 18:10:14 +03:00			`auth.WithExpiry(time.Minute*10),`
			`)`
			`if err != nil {`
			`logger.Warnf("[Auth] Error refreshing token: %v", err)`
			`continue`
			`}`

			`// set the token`
			`a.Init(auth.ClientToken(tok))`
			`}`
			`}()`

			`return nil`
			`}`