some renaming of types in auth
This commit is contained in:
parent
d3326efd4b
commit
647ce61dec
@ -7,29 +7,29 @@ import (
|
||||
|
||||
"github.com/micro/go-micro/v2/auth"
|
||||
"github.com/micro/go-micro/v2/util/token"
|
||||
jwtToken "github.com/micro/go-micro/v2/util/token/jwt"
|
||||
"github.com/micro/go-micro/v2/util/token/jwt"
|
||||
)
|
||||
|
||||
// NewAuth returns a new instance of the Auth service
|
||||
func NewAuth(opts ...auth.Option) auth.Auth {
|
||||
j := new(jwt)
|
||||
j := new(jwtAuth)
|
||||
j.Init(opts...)
|
||||
return j
|
||||
}
|
||||
|
||||
type jwt struct {
|
||||
type jwtAuth struct {
|
||||
options auth.Options
|
||||
jwt token.Provider
|
||||
token token.Provider
|
||||
rules []*auth.Rule
|
||||
|
||||
sync.Mutex
|
||||
}
|
||||
|
||||
func (j *jwt) String() string {
|
||||
func (j *jwtAuth) String() string {
|
||||
return "jwt"
|
||||
}
|
||||
|
||||
func (j *jwt) Init(opts ...auth.Option) {
|
||||
func (j *jwtAuth) Init(opts ...auth.Option) {
|
||||
j.Lock()
|
||||
defer j.Unlock()
|
||||
|
||||
@ -37,19 +37,19 @@ func (j *jwt) Init(opts ...auth.Option) {
|
||||
o(&j.options)
|
||||
}
|
||||
|
||||
j.jwt = jwtToken.NewTokenProvider(
|
||||
j.token = jwt.NewTokenProvider(
|
||||
token.WithPrivateKey(j.options.PrivateKey),
|
||||
token.WithPublicKey(j.options.PublicKey),
|
||||
)
|
||||
}
|
||||
|
||||
func (j *jwt) Options() auth.Options {
|
||||
func (j *jwtAuth) Options() auth.Options {
|
||||
j.Lock()
|
||||
defer j.Unlock()
|
||||
return j.options
|
||||
}
|
||||
|
||||
func (j *jwt) Generate(id string, opts ...auth.GenerateOption) (*auth.Account, error) {
|
||||
func (j *jwtAuth) Generate(id string, opts ...auth.GenerateOption) (*auth.Account, error) {
|
||||
options := auth.NewGenerateOptions(opts...)
|
||||
if len(options.Issuer) == 0 {
|
||||
options.Issuer = j.Options().Issuer
|
||||
@ -65,7 +65,7 @@ func (j *jwt) Generate(id string, opts ...auth.GenerateOption) (*auth.Account, e
|
||||
|
||||
// generate a JWT secret which can be provided to the Token() method
|
||||
// and exchanged for an access token
|
||||
secret, err := j.jwt.Generate(account, token.WithExpiry(time.Hour*24*365))
|
||||
secret, err := j.token.Generate(account, token.WithExpiry(time.Hour*24*365))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@ -75,14 +75,14 @@ func (j *jwt) Generate(id string, opts ...auth.GenerateOption) (*auth.Account, e
|
||||
return account, nil
|
||||
}
|
||||
|
||||
func (j *jwt) Grant(rule *auth.Rule) error {
|
||||
func (j *jwtAuth) Grant(rule *auth.Rule) error {
|
||||
j.Lock()
|
||||
defer j.Unlock()
|
||||
j.rules = append(j.rules, rule)
|
||||
return nil
|
||||
}
|
||||
|
||||
func (j *jwt) Revoke(rule *auth.Rule) error {
|
||||
func (j *jwtAuth) Revoke(rule *auth.Rule) error {
|
||||
j.Lock()
|
||||
defer j.Unlock()
|
||||
|
||||
@ -97,7 +97,7 @@ func (j *jwt) Revoke(rule *auth.Rule) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
func (j *jwt) Verify(acc *auth.Account, res *auth.Resource, opts ...auth.VerifyOption) error {
|
||||
func (j *jwtAuth) Verify(acc *auth.Account, res *auth.Resource, opts ...auth.VerifyOption) error {
|
||||
j.Lock()
|
||||
defer j.Unlock()
|
||||
|
||||
@ -109,17 +109,17 @@ func (j *jwt) Verify(acc *auth.Account, res *auth.Resource, opts ...auth.VerifyO
|
||||
return auth.VerifyAccess(j.rules, acc, res)
|
||||
}
|
||||
|
||||
func (j *jwt) Rules(opts ...auth.RulesOption) ([]*auth.Rule, error) {
|
||||
func (j *jwtAuth) Rules(opts ...auth.RulesOption) ([]*auth.Rule, error) {
|
||||
j.Lock()
|
||||
defer j.Unlock()
|
||||
return j.rules, nil
|
||||
}
|
||||
|
||||
func (j *jwt) Inspect(token string) (*auth.Account, error) {
|
||||
return j.jwt.Inspect(token)
|
||||
func (j *jwtAuth) Inspect(token string) (*auth.Account, error) {
|
||||
return j.token.Inspect(token)
|
||||
}
|
||||
|
||||
func (j *jwt) Token(opts ...auth.TokenOption) (*auth.Token, error) {
|
||||
func (j *jwtAuth) Token(opts ...auth.TokenOption) (*auth.Token, error) {
|
||||
options := auth.NewTokenOptions(opts...)
|
||||
|
||||
secret := options.RefreshToken
|
||||
@ -127,17 +127,17 @@ func (j *jwt) Token(opts ...auth.TokenOption) (*auth.Token, error) {
|
||||
secret = options.Secret
|
||||
}
|
||||
|
||||
account, err := j.jwt.Inspect(secret)
|
||||
account, err := j.token.Inspect(secret)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
access, err := j.jwt.Generate(account, token.WithExpiry(options.Expiry))
|
||||
access, err := j.token.Generate(account, token.WithExpiry(options.Expiry))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
refresh, err := j.jwt.Generate(account, token.WithExpiry(options.Expiry+time.Hour))
|
||||
refresh, err := j.token.Generate(account, token.WithExpiry(options.Expiry+time.Hour))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
@ -14,18 +14,18 @@ import (
|
||||
)
|
||||
|
||||
// svc is the service implementation of the Auth interface
|
||||
type svc struct {
|
||||
type svcAuth struct {
|
||||
options auth.Options
|
||||
auth pb.AuthService
|
||||
rules pb.RulesService
|
||||
jwt token.Provider
|
||||
token token.Provider
|
||||
}
|
||||
|
||||
func (s *svc) String() string {
|
||||
func (s *svcAuth) String() string {
|
||||
return "service"
|
||||
}
|
||||
|
||||
func (s *svc) Init(opts ...auth.Option) {
|
||||
func (s *svcAuth) Init(opts ...auth.Option) {
|
||||
for _, o := range opts {
|
||||
o(&s.options)
|
||||
}
|
||||
@ -36,12 +36,12 @@ func (s *svc) Init(opts ...auth.Option) {
|
||||
s.setupJWT()
|
||||
}
|
||||
|
||||
func (s *svc) Options() auth.Options {
|
||||
func (s *svcAuth) Options() auth.Options {
|
||||
return s.options
|
||||
}
|
||||
|
||||
// Generate a new account
|
||||
func (s *svc) Generate(id string, opts ...auth.GenerateOption) (*auth.Account, error) {
|
||||
func (s *svcAuth) Generate(id string, opts ...auth.GenerateOption) (*auth.Account, error) {
|
||||
options := auth.NewGenerateOptions(opts...)
|
||||
if len(options.Issuer) == 0 {
|
||||
options.Issuer = s.options.Issuer
|
||||
@ -57,7 +57,7 @@ func (s *svc) Generate(id string, opts ...auth.GenerateOption) (*auth.Account, e
|
||||
Issuer: options.Issuer,
|
||||
}
|
||||
|
||||
tok, err := s.jwt.Generate(acc, token.WithExpiry(time.Hour*24*365))
|
||||
tok, err := s.token.Generate(acc, token.WithExpiry(time.Hour*24*365))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@ -87,7 +87,7 @@ func (s *svc) Generate(id string, opts ...auth.GenerateOption) (*auth.Account, e
|
||||
}
|
||||
|
||||
// Grant access to a resource
|
||||
func (s *svc) Grant(rule *auth.Rule) error {
|
||||
func (s *svcAuth) Grant(rule *auth.Rule) error {
|
||||
access := pb.Access_UNKNOWN
|
||||
if rule.Access == auth.AccessGranted {
|
||||
access = pb.Access_GRANTED
|
||||
@ -116,7 +116,7 @@ func (s *svc) Grant(rule *auth.Rule) error {
|
||||
}
|
||||
|
||||
// Revoke access to a resource
|
||||
func (s *svc) Revoke(rule *auth.Rule) error {
|
||||
func (s *svcAuth) Revoke(rule *auth.Rule) error {
|
||||
_, err := s.rules.Delete(context.TODO(), &pb.DeleteRequest{
|
||||
Id: rule.ID, Options: &pb.Options{
|
||||
Namespace: s.Options().Issuer,
|
||||
@ -126,7 +126,7 @@ func (s *svc) Revoke(rule *auth.Rule) error {
|
||||
return err
|
||||
}
|
||||
|
||||
func (s *svc) Rules(opts ...auth.RulesOption) ([]*auth.Rule, error) {
|
||||
func (s *svcAuth) Rules(opts ...auth.RulesOption) ([]*auth.Rule, error) {
|
||||
var options auth.RulesOptions
|
||||
for _, o := range opts {
|
||||
o(&options)
|
||||
@ -155,7 +155,7 @@ func (s *svc) Rules(opts ...auth.RulesOption) ([]*auth.Rule, error) {
|
||||
}
|
||||
|
||||
// Verify an account has access to a resource
|
||||
func (s *svc) Verify(acc *auth.Account, res *auth.Resource, opts ...auth.VerifyOption) error {
|
||||
func (s *svcAuth) Verify(acc *auth.Account, res *auth.Resource, opts ...auth.VerifyOption) error {
|
||||
var options auth.VerifyOptions
|
||||
for _, o := range opts {
|
||||
o(&options)
|
||||
@ -173,10 +173,10 @@ func (s *svc) Verify(acc *auth.Account, res *auth.Resource, opts ...auth.VerifyO
|
||||
}
|
||||
|
||||
// Inspect a token
|
||||
func (s *svc) Inspect(token string) (*auth.Account, error) {
|
||||
func (s *svcAuth) Inspect(token string) (*auth.Account, error) {
|
||||
// try to decode JWT locally and fall back to srv if an error occurs
|
||||
if len(strings.Split(token, ".")) == 3 && len(s.options.PublicKey) > 0 {
|
||||
return s.jwt.Inspect(token)
|
||||
return s.token.Inspect(token)
|
||||
}
|
||||
|
||||
// the token is not a JWT or we do not have the keys to decode it,
|
||||
@ -191,7 +191,7 @@ func (s *svc) Inspect(token string) (*auth.Account, error) {
|
||||
}
|
||||
|
||||
// Token generation using an account ID and secret
|
||||
func (s *svc) Token(opts ...auth.TokenOption) (*auth.Token, error) {
|
||||
func (s *svcAuth) Token(opts ...auth.TokenOption) (*auth.Token, error) {
|
||||
options := auth.NewTokenOptions(opts...)
|
||||
if len(options.Issuer) == 0 {
|
||||
options.Issuer = s.options.Issuer
|
||||
@ -204,12 +204,12 @@ func (s *svc) Token(opts ...auth.TokenOption) (*auth.Token, error) {
|
||||
tok = options.Secret
|
||||
}
|
||||
|
||||
acc, err := s.jwt.Inspect(tok)
|
||||
acc, err := s.token.Inspect(tok)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
token, err := s.jwt.Generate(acc, token.WithExpiry(options.Expiry))
|
||||
token, err := s.token.Generate(acc, token.WithExpiry(options.Expiry))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@ -277,7 +277,7 @@ func serializeRule(r *pb.Rule) *auth.Rule {
|
||||
}
|
||||
}
|
||||
|
||||
func (s *svc) callOpts() []client.CallOption {
|
||||
func (s *svcAuth) callOpts() []client.CallOption {
|
||||
return []client.CallOption{
|
||||
client.WithAddress(s.options.Addrs...),
|
||||
}
|
||||
@ -293,7 +293,7 @@ func NewAuth(opts ...auth.Option) auth.Auth {
|
||||
options.Addrs = []string{"127.0.0.1:8010"}
|
||||
}
|
||||
|
||||
service := &svc{
|
||||
service := &svcAuth{
|
||||
auth: pb.NewAuthService("go.micro.auth", options.Client),
|
||||
rules: pb.NewRulesService("go.micro.auth", options.Client),
|
||||
options: options,
|
||||
@ -303,7 +303,7 @@ func NewAuth(opts ...auth.Option) auth.Auth {
|
||||
return service
|
||||
}
|
||||
|
||||
func (s *svc) setupJWT() {
|
||||
func (s *svcAuth) setupJWT() {
|
||||
tokenOpts := []token.Option{}
|
||||
|
||||
// if we have a JWT public key passed as an option,
|
||||
@ -321,5 +321,5 @@ func (s *svc) setupJWT() {
|
||||
tokenOpts = append(tokenOpts, token.WithPrivateKey(key))
|
||||
}
|
||||
|
||||
s.jwt = jwt.NewTokenProvider(tokenOpts...)
|
||||
s.token = jwt.NewTokenProvider(tokenOpts...)
|
||||
}
|
||||
|
Loading…
x
Reference in New Issue
Block a user