2021-10-02 19:55:07 +03:00
|
|
|
package auth // import "go.unistack.org/micro/v3/util/auth"
|
2020-05-14 16:10:14 +01:00
|
|
|
|
|
|
|
import (
|
2021-01-10 19:24:03 +03:00
|
|
|
"context"
|
2020-05-14 16:10:14 +01:00
|
|
|
"time"
|
|
|
|
|
2021-10-02 19:55:07 +03:00
|
|
|
"go.unistack.org/micro/v3/auth"
|
|
|
|
"go.unistack.org/micro/v3/logger"
|
|
|
|
"go.unistack.org/micro/v3/util/id"
|
2020-05-14 16:10:14 +01:00
|
|
|
)
|
|
|
|
|
2020-07-16 23:33:11 +08:00
|
|
|
// Verify the auth credentials and refresh the auth token periodically
|
2020-07-10 16:25:46 +01:00
|
|
|
func Verify(a auth.Auth) error {
|
2020-05-14 16:10:14 +01:00
|
|
|
// extract the account creds from options, these can be set by flags
|
|
|
|
accID := a.Options().ID
|
|
|
|
accSecret := a.Options().Secret
|
|
|
|
|
2020-07-10 16:25:46 +01:00
|
|
|
// if no credentials were provided, self generate an account
|
|
|
|
if len(accID) == 0 && len(accSecret) == 0 {
|
2020-05-14 16:10:14 +01:00
|
|
|
opts := []auth.GenerateOption{
|
|
|
|
auth.WithType("service"),
|
2020-05-21 14:56:17 +01:00
|
|
|
auth.WithScopes("service"),
|
2020-05-14 16:10:14 +01:00
|
|
|
}
|
|
|
|
|
2021-08-20 22:40:48 +03:00
|
|
|
id, err := id.New()
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
acc, err := a.Generate(id, opts...)
|
2020-05-14 16:10:14 +01:00
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2020-09-05 02:11:29 +03:00
|
|
|
if logger.V(logger.DebugLevel) {
|
2021-01-10 19:24:03 +03:00
|
|
|
logger.Debug(context.TODO(), "Auth [%v] Generated an auth account: %s", a.String())
|
2020-07-13 12:52:54 +01:00
|
|
|
}
|
2020-05-14 16:10:14 +01:00
|
|
|
|
|
|
|
accID = acc.ID
|
|
|
|
accSecret = acc.Secret
|
|
|
|
}
|
|
|
|
|
|
|
|
// generate the first token
|
|
|
|
token, err := a.Token(
|
|
|
|
auth.WithCredentials(accID, accSecret),
|
|
|
|
auth.WithExpiry(time.Minute*10),
|
|
|
|
)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
// set the credentials and token in auth options
|
2021-09-30 21:13:13 +03:00
|
|
|
_ = a.Init(
|
2020-05-14 16:10:14 +01:00
|
|
|
auth.ClientToken(token),
|
|
|
|
auth.Credentials(accID, accSecret),
|
|
|
|
)
|
|
|
|
|
|
|
|
// periodically check to see if the token needs refreshing
|
|
|
|
go func() {
|
|
|
|
timer := time.NewTicker(time.Second * 15)
|
|
|
|
|
|
|
|
for {
|
|
|
|
<-timer.C
|
|
|
|
|
|
|
|
// don't refresh the token if it's not close to expiring
|
|
|
|
tok := a.Options().Token
|
|
|
|
if tok.Expiry.Unix() > time.Now().Add(time.Minute).Unix() {
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
|
|
|
|
// generate the first token
|
|
|
|
tok, err := a.Token(
|
2020-05-20 11:59:01 +01:00
|
|
|
auth.WithToken(tok.RefreshToken),
|
2020-05-14 16:10:14 +01:00
|
|
|
auth.WithExpiry(time.Minute*10),
|
|
|
|
)
|
|
|
|
if err != nil {
|
2020-09-05 02:11:29 +03:00
|
|
|
if logger.V(logger.WarnLevel) {
|
2021-01-10 19:24:03 +03:00
|
|
|
logger.Warn(context.TODO(), "[Auth] Error refreshing token: %v", err)
|
2020-09-05 02:11:29 +03:00
|
|
|
}
|
2020-05-14 16:10:14 +01:00
|
|
|
continue
|
|
|
|
}
|
|
|
|
|
|
|
|
// set the token
|
2021-09-30 21:13:13 +03:00
|
|
|
_ = a.Init(auth.ClientToken(tok))
|
2020-05-14 16:10:14 +01:00
|
|
|
}
|
|
|
|
}()
|
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|