2019-11-16 18:48:24 +00:00
|
|
|
package wrapper
|
2015-12-20 23:50:16 +00:00
|
|
|
|
|
|
|
import (
|
2018-03-03 11:53:52 +00:00
|
|
|
"context"
|
2020-05-24 20:26:37 +01:00
|
|
|
"reflect"
|
2020-02-07 20:58:03 +00:00
|
|
|
"strings"
|
2018-03-03 11:53:52 +00:00
|
|
|
|
2020-02-10 08:26:28 +00:00
|
|
|
"github.com/micro/go-micro/v2/auth"
|
2020-01-30 14:39:00 +03:00
|
|
|
"github.com/micro/go-micro/v2/client"
|
|
|
|
"github.com/micro/go-micro/v2/debug/stats"
|
|
|
|
"github.com/micro/go-micro/v2/debug/trace"
|
2020-02-10 08:26:28 +00:00
|
|
|
"github.com/micro/go-micro/v2/errors"
|
2020-01-30 14:39:00 +03:00
|
|
|
"github.com/micro/go-micro/v2/metadata"
|
|
|
|
"github.com/micro/go-micro/v2/server"
|
2015-12-20 23:50:16 +00:00
|
|
|
)
|
|
|
|
|
2020-04-29 15:11:06 +01:00
|
|
|
type fromServiceWrapper struct {
|
2015-12-20 23:50:16 +00:00
|
|
|
client.Client
|
2020-02-25 22:15:44 +00:00
|
|
|
|
|
|
|
// headers to inject
|
2016-01-28 17:55:28 +00:00
|
|
|
headers metadata.Metadata
|
2015-12-20 23:50:16 +00:00
|
|
|
}
|
|
|
|
|
2019-11-16 18:48:24 +00:00
|
|
|
var (
|
|
|
|
HeaderPrefix = "Micro-"
|
|
|
|
)
|
|
|
|
|
2020-04-29 15:11:06 +01:00
|
|
|
func (f *fromServiceWrapper) setHeaders(ctx context.Context) context.Context {
|
2020-04-08 12:50:19 +03:00
|
|
|
// don't overwrite keys
|
2020-04-29 15:11:06 +01:00
|
|
|
return metadata.MergeContext(ctx, f.headers, false)
|
2015-12-20 23:50:16 +00:00
|
|
|
}
|
|
|
|
|
2020-04-29 15:11:06 +01:00
|
|
|
func (f *fromServiceWrapper) Call(ctx context.Context, req client.Request, rsp interface{}, opts ...client.CallOption) error {
|
|
|
|
ctx = f.setHeaders(ctx)
|
|
|
|
return f.Client.Call(ctx, req, rsp, opts...)
|
2015-12-20 23:50:16 +00:00
|
|
|
}
|
|
|
|
|
2020-04-29 15:11:06 +01:00
|
|
|
func (f *fromServiceWrapper) Stream(ctx context.Context, req client.Request, opts ...client.CallOption) (client.Stream, error) {
|
|
|
|
ctx = f.setHeaders(ctx)
|
|
|
|
return f.Client.Stream(ctx, req, opts...)
|
2015-12-20 23:50:16 +00:00
|
|
|
}
|
2019-11-16 18:48:24 +00:00
|
|
|
|
2020-04-29 15:11:06 +01:00
|
|
|
func (f *fromServiceWrapper) Publish(ctx context.Context, p client.Message, opts ...client.PublishOption) error {
|
|
|
|
ctx = f.setHeaders(ctx)
|
|
|
|
return f.Client.Publish(ctx, p, opts...)
|
2020-01-24 21:58:29 +00:00
|
|
|
}
|
|
|
|
|
2020-02-25 22:15:44 +00:00
|
|
|
// FromService wraps a client to inject service and auth metadata
|
2020-04-29 15:11:06 +01:00
|
|
|
func FromService(name string, c client.Client) client.Client {
|
|
|
|
return &fromServiceWrapper{
|
2019-11-16 18:52:27 +00:00
|
|
|
c,
|
|
|
|
metadata.Metadata{
|
|
|
|
HeaderPrefix + "From-Service": name,
|
|
|
|
},
|
|
|
|
}
|
2019-11-16 18:48:24 +00:00
|
|
|
}
|
2019-12-18 18:36:42 +00:00
|
|
|
|
|
|
|
// HandlerStats wraps a server handler to generate request/error stats
|
|
|
|
func HandlerStats(stats stats.Stats) server.HandlerWrapper {
|
|
|
|
// return a handler wrapper
|
|
|
|
return func(h server.HandlerFunc) server.HandlerFunc {
|
|
|
|
// return a function that returns a function
|
|
|
|
return func(ctx context.Context, req server.Request, rsp interface{}) error {
|
|
|
|
// execute the handler
|
|
|
|
err := h(ctx, req, rsp)
|
|
|
|
// record the stats
|
|
|
|
stats.Record(err)
|
|
|
|
// return the error
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2020-01-24 21:58:29 +00:00
|
|
|
|
2020-04-29 15:11:06 +01:00
|
|
|
type traceWrapper struct {
|
|
|
|
client.Client
|
|
|
|
|
|
|
|
name string
|
|
|
|
trace trace.Tracer
|
|
|
|
}
|
|
|
|
|
|
|
|
func (c *traceWrapper) Call(ctx context.Context, req client.Request, rsp interface{}, opts ...client.CallOption) error {
|
|
|
|
newCtx, s := c.trace.Start(ctx, req.Service()+"."+req.Endpoint())
|
|
|
|
|
|
|
|
s.Type = trace.SpanTypeRequestOutbound
|
|
|
|
err := c.Client.Call(newCtx, req, rsp, opts...)
|
|
|
|
if err != nil {
|
|
|
|
s.Metadata["error"] = err.Error()
|
|
|
|
}
|
|
|
|
|
|
|
|
// finish the trace
|
|
|
|
c.trace.Finish(s)
|
|
|
|
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
2020-01-24 21:58:29 +00:00
|
|
|
// TraceCall is a call tracing wrapper
|
2020-01-29 15:45:11 +00:00
|
|
|
func TraceCall(name string, t trace.Tracer, c client.Client) client.Client {
|
2020-01-24 21:58:29 +00:00
|
|
|
return &traceWrapper{
|
|
|
|
name: name,
|
|
|
|
trace: t,
|
|
|
|
Client: c,
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// TraceHandler wraps a server handler to perform tracing
|
2020-01-29 15:45:11 +00:00
|
|
|
func TraceHandler(t trace.Tracer) server.HandlerWrapper {
|
2020-01-24 21:58:29 +00:00
|
|
|
// return a handler wrapper
|
|
|
|
return func(h server.HandlerFunc) server.HandlerFunc {
|
|
|
|
// return a function that returns a function
|
|
|
|
return func(ctx context.Context, req server.Request, rsp interface{}) error {
|
2020-02-07 20:58:03 +00:00
|
|
|
// don't store traces for debug
|
|
|
|
if strings.HasPrefix(req.Endpoint(), "Debug.") {
|
|
|
|
return h(ctx, req, rsp)
|
|
|
|
}
|
|
|
|
|
2020-01-24 21:58:29 +00:00
|
|
|
// get the span
|
|
|
|
newCtx, s := t.Start(ctx, req.Service()+"."+req.Endpoint())
|
2020-02-12 11:57:17 +01:00
|
|
|
s.Type = trace.SpanTypeRequestInbound
|
2020-01-24 21:58:29 +00:00
|
|
|
|
|
|
|
err := h(newCtx, req, rsp)
|
|
|
|
if err != nil {
|
|
|
|
s.Metadata["error"] = err.Error()
|
|
|
|
}
|
|
|
|
|
|
|
|
// finish
|
|
|
|
t.Finish(s)
|
|
|
|
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2020-02-10 08:26:28 +00:00
|
|
|
|
2020-04-29 15:11:06 +01:00
|
|
|
type authWrapper struct {
|
|
|
|
client.Client
|
|
|
|
auth func() auth.Auth
|
|
|
|
}
|
|
|
|
|
|
|
|
func (a *authWrapper) Call(ctx context.Context, req client.Request, rsp interface{}, opts ...client.CallOption) error {
|
2020-06-24 16:45:34 +01:00
|
|
|
ctx = a.wrapContext(ctx, opts...)
|
|
|
|
return a.Client.Call(ctx, req, rsp, opts...)
|
|
|
|
}
|
|
|
|
|
|
|
|
func (a *authWrapper) Stream(ctx context.Context, req client.Request, opts ...client.CallOption) (client.Stream, error) {
|
|
|
|
ctx = a.wrapContext(ctx, opts...)
|
|
|
|
return a.Client.Stream(ctx, req, opts...)
|
|
|
|
}
|
|
|
|
|
|
|
|
func (a *authWrapper) wrapContext(ctx context.Context, opts ...client.CallOption) context.Context {
|
2020-04-29 15:11:06 +01:00
|
|
|
// parse the options
|
|
|
|
var options client.CallOptions
|
|
|
|
for _, o := range opts {
|
|
|
|
o(&options)
|
|
|
|
}
|
|
|
|
|
|
|
|
// check to see if the authorization header has already been set.
|
|
|
|
// We dont't override the header unless the ServiceToken option has
|
2020-04-29 15:15:38 +01:00
|
|
|
// been specified or the header wasn't provided
|
2020-04-29 15:11:06 +01:00
|
|
|
if _, ok := metadata.Get(ctx, "Authorization"); ok && !options.ServiceToken {
|
2020-06-24 16:45:34 +01:00
|
|
|
return ctx
|
2020-04-29 15:11:06 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
// if auth is nil we won't be able to get an access token, so we execute
|
|
|
|
// the request without one.
|
|
|
|
aa := a.auth()
|
2020-05-13 16:13:23 +02:00
|
|
|
if aa == nil {
|
2020-06-24 16:45:34 +01:00
|
|
|
return ctx
|
2020-04-29 15:11:06 +01:00
|
|
|
}
|
|
|
|
|
2020-05-21 11:35:07 +01:00
|
|
|
// set the namespace header if it has not been set (e.g. on a service to service request)
|
|
|
|
if _, ok := metadata.Get(ctx, "Micro-Namespace"); !ok {
|
2020-06-17 12:26:27 +01:00
|
|
|
ctx = metadata.Set(ctx, "Micro-Namespace", aa.Options().Issuer)
|
2020-05-21 11:35:07 +01:00
|
|
|
}
|
|
|
|
|
2020-04-29 15:11:06 +01:00
|
|
|
// check to see if we have a valid access token
|
|
|
|
aaOpts := aa.Options()
|
2020-05-21 11:35:07 +01:00
|
|
|
if aaOpts.Token != nil && !aaOpts.Token.Expired() {
|
2020-05-14 11:06:22 +01:00
|
|
|
ctx = metadata.Set(ctx, "Authorization", auth.BearerScheme+aaOpts.Token.AccessToken)
|
2020-06-24 16:45:34 +01:00
|
|
|
return ctx
|
2020-05-13 18:17:04 +01:00
|
|
|
}
|
|
|
|
|
2020-05-13 13:13:11 +01:00
|
|
|
// call without an auth token
|
2020-06-24 16:45:34 +01:00
|
|
|
return ctx
|
2020-04-29 15:11:06 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
// AuthClient wraps requests with the auth header
|
2020-05-14 11:25:19 +01:00
|
|
|
func AuthClient(auth func() auth.Auth, c client.Client) client.Client {
|
|
|
|
return &authWrapper{c, auth}
|
2020-04-29 15:11:06 +01:00
|
|
|
}
|
|
|
|
|
2020-07-14 10:27:15 +01:00
|
|
|
func AuthHandlerNamespace(ns string) AuthHandlerOption {
|
|
|
|
return func(o *AuthHandlerOptions) {
|
|
|
|
o.Namespace = ns
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
type AuthHandlerOption func(o *AuthHandlerOptions)
|
|
|
|
|
|
|
|
type AuthHandlerOptions struct {
|
|
|
|
Namespace string
|
|
|
|
}
|
|
|
|
|
2020-02-10 08:26:28 +00:00
|
|
|
// AuthHandler wraps a server handler to perform auth
|
2020-07-14 10:27:15 +01:00
|
|
|
func AuthHandler(fn func() auth.Auth, opts ...AuthHandlerOption) server.HandlerWrapper {
|
2020-02-10 08:26:28 +00:00
|
|
|
return func(h server.HandlerFunc) server.HandlerFunc {
|
|
|
|
return func(ctx context.Context, req server.Request, rsp interface{}) error {
|
2020-07-14 10:27:15 +01:00
|
|
|
// parse the options
|
|
|
|
options := AuthHandlerOptions{}
|
|
|
|
for _, o := range opts {
|
|
|
|
o(&options)
|
|
|
|
}
|
|
|
|
|
2020-02-10 08:26:28 +00:00
|
|
|
// get the auth.Auth interface
|
|
|
|
a := fn()
|
|
|
|
|
2020-02-13 14:07:14 +00:00
|
|
|
// Check for debug endpoints which should be excluded from auth
|
|
|
|
if strings.HasPrefix(req.Endpoint(), "Debug.") {
|
|
|
|
return h(ctx, req, rsp)
|
2020-02-10 08:26:28 +00:00
|
|
|
}
|
|
|
|
|
2020-06-19 12:16:39 +01:00
|
|
|
// Extract the token if the header is present. We will inspect the token regardless of if it's
|
|
|
|
// present or not since noop auth will return a blank account upon Inspecting a blank token.
|
|
|
|
var token string
|
2020-02-10 08:26:28 +00:00
|
|
|
if header, ok := metadata.Get(ctx, "Authorization"); ok {
|
|
|
|
// Ensure the correct scheme is being used
|
2020-03-25 11:20:53 +00:00
|
|
|
if !strings.HasPrefix(header, auth.BearerScheme) {
|
2020-04-02 18:41:06 +01:00
|
|
|
return errors.Unauthorized(req.Service(), "invalid authorization header. expected Bearer schema")
|
2020-02-10 08:26:28 +00:00
|
|
|
}
|
|
|
|
|
2020-06-19 12:16:39 +01:00
|
|
|
// Strip the bearer scheme prefix
|
|
|
|
token = strings.TrimPrefix(header, auth.BearerScheme)
|
2020-02-10 08:26:28 +00:00
|
|
|
}
|
|
|
|
|
2020-06-19 12:16:39 +01:00
|
|
|
// Inspect the token and decode an account
|
|
|
|
account, _ := a.Inspect(token)
|
|
|
|
|
2020-05-21 16:41:55 +01:00
|
|
|
// Extract the namespace header
|
|
|
|
ns, ok := metadata.Get(ctx, "Micro-Namespace")
|
|
|
|
if !ok {
|
2020-06-17 12:26:27 +01:00
|
|
|
ns = a.Options().Issuer
|
2020-05-21 16:41:55 +01:00
|
|
|
ctx = metadata.Set(ctx, "Micro-Namespace", ns)
|
|
|
|
}
|
|
|
|
|
2020-06-30 10:07:52 +01:00
|
|
|
// Check the issuer matches the services namespace. TODO: Stop allowing micro to access
|
2020-05-26 17:35:06 +01:00
|
|
|
// any namespace and instead check for the server issuer.
|
2020-06-25 10:19:03 +01:00
|
|
|
if account != nil && account.Issuer != ns && account.Issuer != "micro" {
|
2020-06-30 10:07:52 +01:00
|
|
|
return errors.Forbidden(req.Service(), "Account was issued by %v, not %v", account.Issuer, ns)
|
2020-05-21 16:41:55 +01:00
|
|
|
}
|
2020-04-02 18:41:06 +01:00
|
|
|
|
|
|
|
// construct the resource
|
|
|
|
res := &auth.Resource{
|
2020-04-07 16:24:51 +01:00
|
|
|
Type: "service",
|
|
|
|
Name: req.Service(),
|
|
|
|
Endpoint: req.Endpoint(),
|
2020-03-25 09:35:29 +00:00
|
|
|
}
|
|
|
|
|
2020-07-14 10:27:15 +01:00
|
|
|
// Normal services set the namespace to prevent it being overriden
|
|
|
|
// by setting the Namespace header, however this isn't the case for
|
|
|
|
// the proxy which uses the namespace header when routing requests
|
|
|
|
// to a specific network.
|
|
|
|
if len(options.Namespace) == 0 {
|
|
|
|
options.Namespace = ns
|
|
|
|
}
|
|
|
|
|
|
|
|
// Verify the caller has access to the resource.
|
|
|
|
err := a.Verify(account, res, auth.VerifyNamespace(options.Namespace))
|
|
|
|
if err == auth.ErrForbidden && account != nil {
|
2020-04-02 18:41:06 +01:00
|
|
|
return errors.Forbidden(req.Service(), "Forbidden call made to %v:%v by %v", req.Service(), req.Endpoint(), account.ID)
|
2020-07-14 10:27:15 +01:00
|
|
|
} else if err == auth.ErrForbidden {
|
2020-05-30 00:49:22 +08:00
|
|
|
return errors.Unauthorized(req.Service(), "Unauthorized call made to %v:%v", req.Service(), req.Endpoint())
|
2020-07-14 10:27:15 +01:00
|
|
|
} else if err != nil {
|
|
|
|
return errors.InternalServerError(req.Service(), "Error authorizing request: %v", err)
|
2020-03-04 09:54:52 +00:00
|
|
|
}
|
|
|
|
|
2020-03-23 16:19:30 +00:00
|
|
|
// There is an account, set it in the context
|
2020-05-20 16:11:34 +01:00
|
|
|
if account != nil {
|
2020-05-13 10:40:08 +01:00
|
|
|
ctx = auth.ContextWithAccount(ctx, account)
|
|
|
|
}
|
2020-02-10 08:26:28 +00:00
|
|
|
|
2020-03-04 09:54:52 +00:00
|
|
|
// The user is authorised, allow the call
|
2020-02-10 08:26:28 +00:00
|
|
|
return h(ctx, req, rsp)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2020-05-22 16:52:24 +01:00
|
|
|
|
|
|
|
type cacheWrapper struct {
|
2020-05-24 20:26:37 +01:00
|
|
|
cacheFn func() *client.Cache
|
2020-05-22 16:52:24 +01:00
|
|
|
client.Client
|
|
|
|
}
|
|
|
|
|
|
|
|
// Call executes the request. If the CacheExpiry option was set, the response will be cached using
|
|
|
|
// a hash of the metadata and request as the key.
|
|
|
|
func (c *cacheWrapper) Call(ctx context.Context, req client.Request, rsp interface{}, opts ...client.CallOption) error {
|
|
|
|
// parse the options
|
|
|
|
var options client.CallOptions
|
|
|
|
for _, o := range opts {
|
|
|
|
o(&options)
|
|
|
|
}
|
|
|
|
|
|
|
|
// if the client doesn't have a cacbe setup don't continue
|
2020-05-24 20:26:37 +01:00
|
|
|
cache := c.cacheFn()
|
2020-05-22 16:52:24 +01:00
|
|
|
if cache == nil {
|
|
|
|
return c.Client.Call(ctx, req, rsp, opts...)
|
|
|
|
}
|
|
|
|
|
|
|
|
// if the cache expiry is not set, execute the call without the cache
|
|
|
|
if options.CacheExpiry == 0 {
|
|
|
|
return c.Client.Call(ctx, req, rsp, opts...)
|
|
|
|
}
|
|
|
|
|
2020-05-24 20:26:37 +01:00
|
|
|
// if the response is nil don't call the cache since we can't assign the response
|
|
|
|
if rsp == nil {
|
|
|
|
return c.Client.Call(ctx, req, rsp, opts...)
|
|
|
|
}
|
|
|
|
|
|
|
|
// check to see if there is a response cached, if there is assign it
|
2020-05-23 11:34:44 +01:00
|
|
|
if r, ok := cache.Get(ctx, &req); ok {
|
2020-05-24 20:26:37 +01:00
|
|
|
val := reflect.ValueOf(rsp).Elem()
|
|
|
|
val.Set(reflect.ValueOf(r).Elem())
|
2020-05-22 16:52:24 +01:00
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// don't cache the result if there was an error
|
|
|
|
if err := c.Client.Call(ctx, req, rsp, opts...); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
// set the result in the cache
|
|
|
|
cache.Set(ctx, &req, rsp, options.CacheExpiry)
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// CacheClient wraps requests with the cache wrapper
|
2020-05-24 18:45:57 +01:00
|
|
|
func CacheClient(cacheFn func() *client.Cache, c client.Client) client.Client {
|
|
|
|
return &cacheWrapper{cacheFn, c}
|
2020-05-22 16:52:24 +01:00
|
|
|
}
|
2020-06-05 10:18:35 +01:00
|
|
|
|
|
|
|
type staticClient struct {
|
|
|
|
address string
|
|
|
|
client.Client
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s *staticClient) Call(ctx context.Context, req client.Request, rsp interface{}, opts ...client.CallOption) error {
|
|
|
|
return s.Client.Call(ctx, req, rsp, append(opts, client.WithAddress(s.address))...)
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s *staticClient) Stream(ctx context.Context, req client.Request, opts ...client.CallOption) (client.Stream, error) {
|
|
|
|
return s.Client.Stream(ctx, req, append(opts, client.WithAddress(s.address))...)
|
|
|
|
}
|
|
|
|
|
|
|
|
// StaticClient sets an address on every call
|
|
|
|
func StaticClient(address string, c client.Client) client.Client {
|
|
|
|
return &staticClient{address, c}
|
|
|
|
}
|