micro/util/wrapper/wrapper.go

223 lines
6.0 KiB
Go
Raw Normal View History

package wrapper
2015-12-21 02:50:16 +03:00
import (
2018-03-03 14:53:52 +03:00
"context"
2020-02-07 23:58:03 +03:00
"strings"
2018-03-03 14:53:52 +03:00
"github.com/micro/go-micro/v2/auth"
"github.com/micro/go-micro/v2/client"
"github.com/micro/go-micro/v2/debug/stats"
"github.com/micro/go-micro/v2/debug/trace"
"github.com/micro/go-micro/v2/errors"
2020-04-02 20:41:06 +03:00
"github.com/micro/go-micro/v2/logger"
"github.com/micro/go-micro/v2/metadata"
"github.com/micro/go-micro/v2/server"
2015-12-21 02:50:16 +03:00
)
2015-12-23 03:02:42 +03:00
type clientWrapper struct {
2015-12-21 02:50:16 +03:00
client.Client
// Auth interface
auth func() auth.Auth
// headers to inject
2016-01-28 20:55:28 +03:00
headers metadata.Metadata
2015-12-21 02:50:16 +03:00
}
2020-01-25 00:58:29 +03:00
type traceWrapper struct {
client.Client
name string
2020-01-29 18:45:11 +03:00
trace trace.Tracer
2020-01-25 00:58:29 +03:00
}
var (
HeaderPrefix = "Micro-"
)
func (c *clientWrapper) setHeaders(ctx context.Context) context.Context {
2019-01-17 12:40:49 +03:00
// copy metadata
mda, _ := metadata.FromContext(ctx)
md := metadata.Copy(mda)
2016-11-02 20:21:53 +03:00
2019-01-17 12:40:49 +03:00
// set headers
for k, v := range c.headers {
if _, ok := md[k]; !ok {
md[k] = v
}
}
2016-11-02 20:21:53 +03:00
return metadata.NewContext(ctx, md)
}
2015-12-23 03:02:42 +03:00
func (c *clientWrapper) Call(ctx context.Context, req client.Request, rsp interface{}, opts ...client.CallOption) error {
ctx = c.setHeaders(ctx)
2015-12-21 02:50:16 +03:00
return c.Client.Call(ctx, req, rsp, opts...)
}
2018-04-14 20:15:09 +03:00
func (c *clientWrapper) Stream(ctx context.Context, req client.Request, opts ...client.CallOption) (client.Stream, error) {
ctx = c.setHeaders(ctx)
2015-12-21 02:50:16 +03:00
return c.Client.Stream(ctx, req, opts...)
}
2018-04-14 20:15:09 +03:00
func (c *clientWrapper) Publish(ctx context.Context, p client.Message, opts ...client.PublishOption) error {
ctx = c.setHeaders(ctx)
2015-12-21 02:50:16 +03:00
return c.Client.Publish(ctx, p, opts...)
}
2020-01-25 00:58:29 +03:00
func (c *traceWrapper) Call(ctx context.Context, req client.Request, rsp interface{}, opts ...client.CallOption) error {
newCtx, s := c.trace.Start(ctx, req.Service()+"."+req.Endpoint())
s.Type = trace.SpanTypeRequestOutbound
2020-01-25 00:58:29 +03:00
err := c.Client.Call(newCtx, req, rsp, opts...)
if err != nil {
s.Metadata["error"] = err.Error()
}
// finish the trace
c.trace.Finish(s)
return err
}
// FromService wraps a client to inject service and auth metadata
func FromService(name string, c client.Client, fn func() auth.Auth) client.Client {
return &clientWrapper{
2019-11-16 21:52:27 +03:00
c,
fn,
2019-11-16 21:52:27 +03:00
metadata.Metadata{
HeaderPrefix + "From-Service": name,
},
}
}
2019-12-18 21:36:42 +03:00
// HandlerStats wraps a server handler to generate request/error stats
func HandlerStats(stats stats.Stats) server.HandlerWrapper {
// return a handler wrapper
return func(h server.HandlerFunc) server.HandlerFunc {
// return a function that returns a function
return func(ctx context.Context, req server.Request, rsp interface{}) error {
// execute the handler
err := h(ctx, req, rsp)
// record the stats
stats.Record(err)
// return the error
return err
}
}
}
2020-01-25 00:58:29 +03:00
// TraceCall is a call tracing wrapper
2020-01-29 18:45:11 +03:00
func TraceCall(name string, t trace.Tracer, c client.Client) client.Client {
2020-01-25 00:58:29 +03:00
return &traceWrapper{
name: name,
trace: t,
Client: c,
}
}
// TraceHandler wraps a server handler to perform tracing
2020-01-29 18:45:11 +03:00
func TraceHandler(t trace.Tracer) server.HandlerWrapper {
2020-01-25 00:58:29 +03:00
// return a handler wrapper
return func(h server.HandlerFunc) server.HandlerFunc {
// return a function that returns a function
return func(ctx context.Context, req server.Request, rsp interface{}) error {
2020-02-07 23:58:03 +03:00
// don't store traces for debug
if strings.HasPrefix(req.Endpoint(), "Debug.") {
return h(ctx, req, rsp)
}
2020-01-25 00:58:29 +03:00
// get the span
newCtx, s := t.Start(ctx, req.Service()+"."+req.Endpoint())
s.Type = trace.SpanTypeRequestInbound
2020-01-25 00:58:29 +03:00
err := h(newCtx, req, rsp)
if err != nil {
s.Metadata["error"] = err.Error()
}
// finish
t.Finish(s)
return err
}
}
}
// AuthHandler wraps a server handler to perform auth
2020-03-25 23:59:37 +03:00
func AuthHandler(fn func() auth.Auth) server.HandlerWrapper {
return func(h server.HandlerFunc) server.HandlerFunc {
return func(ctx context.Context, req server.Request, rsp interface{}) error {
// get the auth.Auth interface
a := fn()
// Check for debug endpoints which should be excluded from auth
if strings.HasPrefix(req.Endpoint(), "Debug.") {
return h(ctx, req, rsp)
}
// Check for auth service endpoints which should be excluded from auth
if strings.HasPrefix(req.Endpoint(), "Auth.") {
return h(ctx, req, rsp)
}
// Extract the token if present. Note: if noop is being used
// then the token can be blank without erroring
var token string
if header, ok := metadata.Get(ctx, "Authorization"); ok {
// Ensure the correct scheme is being used
if !strings.HasPrefix(header, auth.BearerScheme) {
2020-04-02 20:41:06 +03:00
return errors.Unauthorized(req.Service(), "invalid authorization header. expected Bearer schema")
}
token = header[len(auth.BearerScheme):]
}
2020-04-02 20:41:06 +03:00
// Get the namespace for the request
namespace, ok := metadata.Get(ctx, auth.NamespaceKey)
if !ok {
logger.Errorf("Missing request namespace")
namespace = auth.DefaultNamespace
}
// Inspect the token and get the account
account, err := a.Inspect(token)
if err != nil {
2020-04-03 15:03:27 +03:00
account = &auth.Account{Namespace: namespace}
2020-04-02 20:41:06 +03:00
}
// Check the accounts namespace matches the namespace we're operating
// within. If not forbid the request and log the occurance.
if account.Namespace != namespace {
2020-04-06 14:50:04 +03:00
logger.Debugf("Cross namespace request forbidden: account %v (%v) requested access to %v %v in the %v namespace",
2020-04-02 20:41:06 +03:00
account.ID, account.Namespace, req.Service(), req.Endpoint(), namespace)
2020-04-06 14:50:04 +03:00
// return errors.Forbidden(req.Service(), "cross namespace request")
2020-04-02 20:41:06 +03:00
}
// construct the resource
res := &auth.Resource{
Type: "service",
Name: req.Service(),
Endpoint: req.Endpoint(),
Namespace: namespace,
}
// Verify the caller has access to the resource
2020-04-02 20:41:06 +03:00
err = a.Verify(account, res)
if err != nil && len(account.ID) > 0 {
2020-04-02 20:41:06 +03:00
return errors.Forbidden(req.Service(), "Forbidden call made to %v:%v by %v", req.Service(), req.Endpoint(), account.ID)
} else if err != nil {
2020-04-02 20:41:06 +03:00
return errors.Unauthorized(req.Service(), "Unauthorised call made to %v:%v", req.Service(), req.Endpoint())
2020-03-04 12:54:52 +03:00
}
// There is an account, set it in the context
ctx, err = auth.ContextWithAccount(ctx, account)
if err != nil {
return err
}
2020-03-04 12:54:52 +03:00
// The user is authorised, allow the call
return h(ctx, req, rsp)
}
}
}