Merge pull request #1636 from micro/auth-util
Refactor auth setup to util/auth
This commit is contained in:
commit
331ab3715c
75
service.go
75
service.go
@ -1,13 +1,11 @@
|
|||||||
package micro
|
package micro
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"fmt"
|
|
||||||
"os"
|
"os"
|
||||||
"os/signal"
|
"os/signal"
|
||||||
rtime "runtime"
|
rtime "runtime"
|
||||||
"strings"
|
"strings"
|
||||||
"sync"
|
"sync"
|
||||||
"time"
|
|
||||||
|
|
||||||
"github.com/micro/go-micro/v2/auth"
|
"github.com/micro/go-micro/v2/auth"
|
||||||
"github.com/micro/go-micro/v2/client"
|
"github.com/micro/go-micro/v2/client"
|
||||||
@ -19,6 +17,7 @@ import (
|
|||||||
"github.com/micro/go-micro/v2/plugin"
|
"github.com/micro/go-micro/v2/plugin"
|
||||||
"github.com/micro/go-micro/v2/server"
|
"github.com/micro/go-micro/v2/server"
|
||||||
"github.com/micro/go-micro/v2/store"
|
"github.com/micro/go-micro/v2/store"
|
||||||
|
authutil "github.com/micro/go-micro/v2/util/auth"
|
||||||
signalutil "github.com/micro/go-micro/v2/util/signal"
|
signalutil "github.com/micro/go-micro/v2/util/signal"
|
||||||
"github.com/micro/go-micro/v2/util/wrapper"
|
"github.com/micro/go-micro/v2/util/wrapper"
|
||||||
)
|
)
|
||||||
@ -177,7 +176,7 @@ func (s *service) Stop() error {
|
|||||||
|
|
||||||
func (s *service) Run() error {
|
func (s *service) Run() error {
|
||||||
// generate an auth account
|
// generate an auth account
|
||||||
if err := s.generateAccount(); err != nil {
|
if err := authutil.Generate(s.Server().Options().Id, s.Name(), s.Options().Auth); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -224,73 +223,3 @@ func (s *service) Run() error {
|
|||||||
|
|
||||||
return s.Stop()
|
return s.Stop()
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *service) generateAccount() error {
|
|
||||||
// extract the account creds from options, these can be set by flags
|
|
||||||
accID := s.Options().Auth.Options().ID
|
|
||||||
accSecret := s.Options().Auth.Options().Secret
|
|
||||||
|
|
||||||
// if no credentials were provided, generate an account
|
|
||||||
if len(accID) == 0 || len(accSecret) == 0 {
|
|
||||||
name := fmt.Sprintf("%v-%v", s.Name(), s.Server().Options().Id)
|
|
||||||
opts := []auth.GenerateOption{
|
|
||||||
auth.WithType("service"),
|
|
||||||
auth.WithRoles("service"),
|
|
||||||
auth.WithNamespace(s.Options().Auth.Options().Namespace),
|
|
||||||
}
|
|
||||||
|
|
||||||
acc, err := s.Options().Auth.Generate(name, opts...)
|
|
||||||
if err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
logger.Infof("Auth [%v] Authenticated as %v", s.Options().Auth, name)
|
|
||||||
|
|
||||||
accID = acc.ID
|
|
||||||
accSecret = acc.Secret
|
|
||||||
}
|
|
||||||
|
|
||||||
// generate the first token
|
|
||||||
token, err := s.Options().Auth.Token(
|
|
||||||
auth.WithCredentials(accID, accSecret),
|
|
||||||
auth.WithExpiry(time.Minute*10),
|
|
||||||
)
|
|
||||||
if err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
|
|
||||||
// set the credentials and token in auth options
|
|
||||||
s.Options().Auth.Init(
|
|
||||||
auth.ClientToken(token),
|
|
||||||
auth.Credentials(accID, accSecret),
|
|
||||||
)
|
|
||||||
|
|
||||||
// periodically check to see if the token needs refreshing
|
|
||||||
go func() {
|
|
||||||
timer := time.NewTicker(time.Second * 15)
|
|
||||||
|
|
||||||
for {
|
|
||||||
<-timer.C
|
|
||||||
|
|
||||||
// don't refresh the token if it's not close to expiring
|
|
||||||
tok := s.Options().Auth.Options().Token
|
|
||||||
if tok.Expiry.Unix() > time.Now().Add(time.Minute).Unix() {
|
|
||||||
continue
|
|
||||||
}
|
|
||||||
|
|
||||||
// generate the first token
|
|
||||||
tok, err := s.Options().Auth.Token(
|
|
||||||
auth.WithCredentials(accID, accSecret),
|
|
||||||
auth.WithExpiry(time.Minute*10),
|
|
||||||
)
|
|
||||||
if err != nil {
|
|
||||||
logger.Warnf("[Auth] Error refreshing token: %v", err)
|
|
||||||
continue
|
|
||||||
}
|
|
||||||
|
|
||||||
// set the token
|
|
||||||
s.Options().Auth.Init(auth.ClientToken(tok))
|
|
||||||
}
|
|
||||||
}()
|
|
||||||
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
81
util/auth/auth.go
Normal file
81
util/auth/auth.go
Normal file
@ -0,0 +1,81 @@
|
|||||||
|
package auth
|
||||||
|
|
||||||
|
import (
|
||||||
|
"fmt"
|
||||||
|
"time"
|
||||||
|
|
||||||
|
"github.com/micro/go-micro/v2/auth"
|
||||||
|
"github.com/micro/go-micro/v2/logger"
|
||||||
|
)
|
||||||
|
|
||||||
|
// Generate generates a service account for and continually
|
||||||
|
// refreshes the access token.
|
||||||
|
func Generate(id string, name string, a auth.Auth) error {
|
||||||
|
// extract the account creds from options, these can be set by flags
|
||||||
|
accID := a.Options().ID
|
||||||
|
accSecret := a.Options().Secret
|
||||||
|
|
||||||
|
// if no credentials were provided, generate an account
|
||||||
|
if len(accID) == 0 || len(accSecret) == 0 {
|
||||||
|
name := fmt.Sprintf("%v-%v", name, id)
|
||||||
|
opts := []auth.GenerateOption{
|
||||||
|
auth.WithType("service"),
|
||||||
|
auth.WithRoles("service"),
|
||||||
|
auth.WithNamespace(a.Options().Namespace),
|
||||||
|
}
|
||||||
|
|
||||||
|
acc, err := a.Generate(name, opts...)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
logger.Infof("Auth [%v] Authenticated as %v in the %v namespace", a, name, acc.Namespace)
|
||||||
|
|
||||||
|
accID = acc.ID
|
||||||
|
accSecret = acc.Secret
|
||||||
|
}
|
||||||
|
|
||||||
|
// generate the first token
|
||||||
|
token, err := a.Token(
|
||||||
|
auth.WithCredentials(accID, accSecret),
|
||||||
|
auth.WithExpiry(time.Minute*10),
|
||||||
|
)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
// set the credentials and token in auth options
|
||||||
|
a.Init(
|
||||||
|
auth.ClientToken(token),
|
||||||
|
auth.Credentials(accID, accSecret),
|
||||||
|
)
|
||||||
|
|
||||||
|
// periodically check to see if the token needs refreshing
|
||||||
|
go func() {
|
||||||
|
timer := time.NewTicker(time.Second * 15)
|
||||||
|
|
||||||
|
for {
|
||||||
|
<-timer.C
|
||||||
|
|
||||||
|
// don't refresh the token if it's not close to expiring
|
||||||
|
tok := a.Options().Token
|
||||||
|
if tok.Expiry.Unix() > time.Now().Add(time.Minute).Unix() {
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
|
||||||
|
// generate the first token
|
||||||
|
tok, err := a.Token(
|
||||||
|
auth.WithCredentials(accID, accSecret),
|
||||||
|
auth.WithExpiry(time.Minute*10),
|
||||||
|
)
|
||||||
|
if err != nil {
|
||||||
|
logger.Warnf("[Auth] Error refreshing token: %v", err)
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
|
||||||
|
// set the token
|
||||||
|
a.Init(auth.ClientToken(tok))
|
||||||
|
}
|
||||||
|
}()
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
@ -17,6 +17,7 @@ import (
|
|||||||
"github.com/micro/go-micro/v2/logger"
|
"github.com/micro/go-micro/v2/logger"
|
||||||
"github.com/micro/go-micro/v2/registry"
|
"github.com/micro/go-micro/v2/registry"
|
||||||
maddr "github.com/micro/go-micro/v2/util/addr"
|
maddr "github.com/micro/go-micro/v2/util/addr"
|
||||||
|
authutil "github.com/micro/go-micro/v2/util/auth"
|
||||||
mhttp "github.com/micro/go-micro/v2/util/http"
|
mhttp "github.com/micro/go-micro/v2/util/http"
|
||||||
mnet "github.com/micro/go-micro/v2/util/net"
|
mnet "github.com/micro/go-micro/v2/util/net"
|
||||||
signalutil "github.com/micro/go-micro/v2/util/signal"
|
signalutil "github.com/micro/go-micro/v2/util/signal"
|
||||||
@ -421,6 +422,13 @@ func (s *service) Init(opts ...Option) error {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func (s *service) Run() error {
|
func (s *service) Run() error {
|
||||||
|
// generate an auth account
|
||||||
|
srvID := s.opts.Service.Server().Options().Id
|
||||||
|
srvName := s.opts.Service.Name()
|
||||||
|
if err := authutil.Generate(srvID, srvName, s.opts.Service.Options().Auth); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
if err := s.start(); err != nil {
|
if err := s.start(); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user