unistack-org/micro
4
0
Fork 3
Code Issues 18 Pull Requests 1 Actions Packages Projects Releases 265 Wiki Activity

some renaming of types in auth

Browse Source
This commit is contained in:
Asim Aslam 2020-07-19 14:41:31 +01:00
parent d3326efd4b
commit 647ce61dec
2 changed files with 40 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
auth/jwt/jwt.go
View File

@ -7,29 +7,29 @@ import (
"github.com/micro/go-micro/v2/auth" "github.com/micro/go-micro/v2/auth"
"github.com/micro/go-micro/v2/util/token" "github.com/micro/go-micro/v2/util/token"
jwtToken "github.com/micro/go-micro/v2/util/token/jwt" "github.com/micro/go-micro/v2/util/token/jwt"
) )
// NewAuth returns a new instance of the Auth service // NewAuth returns a new instance of the Auth service
func NewAuth(opts ...auth.Option) auth.Auth { func NewAuth(opts ...auth.Option) auth.Auth {
j := new(jwt) j := new(jwtAuth)
j.Init(opts...) j.Init(opts...)
return j return j
} }
type jwt struct { type jwtAuth struct {
options auth.Options options auth.Options
jwt token.Provider token token.Provider
rules []*auth.Rule rules []*auth.Rule
sync.Mutex sync.Mutex
} }
func (j *jwt) String() string { func (j *jwtAuth) String() string {
return "jwt" return "jwt"
} }
func (j *jwt) Init(opts ...auth.Option) { func (j *jwtAuth) Init(opts ...auth.Option) {
j.Lock() j.Lock()
defer j.Unlock() defer j.Unlock()
@ -37,19 +37,19 @@ func (j *jwt) Init(opts ...auth.Option) {
o(&j.options) o(&j.options)
} }
j.jwt = jwtToken.NewTokenProvider( j.token = jwt.NewTokenProvider(
token.WithPrivateKey(j.options.PrivateKey), token.WithPrivateKey(j.options.PrivateKey),
token.WithPublicKey(j.options.PublicKey), token.WithPublicKey(j.options.PublicKey),
) )
} }
func (j *jwt) Options() auth.Options { func (j *jwtAuth) Options() auth.Options {
j.Lock() j.Lock()
defer j.Unlock() defer j.Unlock()
return j.options return j.options
} }
func (j *jwt) Generate(id string, opts ...auth.GenerateOption) (*auth.Account, error) { func (j *jwtAuth) Generate(id string, opts ...auth.GenerateOption) (*auth.Account, error) {
options := auth.NewGenerateOptions(opts...) options := auth.NewGenerateOptions(opts...)
if len(options.Issuer) == 0 { if len(options.Issuer) == 0 {
options.Issuer = j.Options().Issuer options.Issuer = j.Options().Issuer
@ -65,7 +65,7 @@ func (j *jwt) Generate(id string, opts ...auth.GenerateOption) (*auth.Account, e
// generate a JWT secret which can be provided to the Token() method // generate a JWT secret which can be provided to the Token() method
// and exchanged for an access token // and exchanged for an access token
secret, err := j.jwt.Generate(account, token.WithExpiry(time.Hour*24*365)) secret, err := j.token.Generate(account, token.WithExpiry(time.Hour*24*365))
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -75,14 +75,14 @@ func (j *jwt) Generate(id string, opts ...auth.GenerateOption) (*auth.Account, e
return account, nil return account, nil
} }
func (j *jwt) Grant(rule *auth.Rule) error { func (j *jwtAuth) Grant(rule *auth.Rule) error {
j.Lock() j.Lock()
defer j.Unlock() defer j.Unlock()
j.rules = append(j.rules, rule) j.rules = append(j.rules, rule)
return nil return nil
} }
func (j *jwt) Revoke(rule *auth.Rule) error { func (j *jwtAuth) Revoke(rule *auth.Rule) error {
j.Lock() j.Lock()
defer j.Unlock() defer j.Unlock()
@ -97,7 +97,7 @@ func (j *jwt) Revoke(rule *auth.Rule) error {
return nil return nil
} }
func (j *jwt) Verify(acc *auth.Account, res *auth.Resource, opts ...auth.VerifyOption) error { func (j *jwtAuth) Verify(acc *auth.Account, res *auth.Resource, opts ...auth.VerifyOption) error {
j.Lock() j.Lock()
defer j.Unlock() defer j.Unlock()
@ -109,17 +109,17 @@ func (j *jwt) Verify(acc *auth.Account, res *auth.Resource, opts ...auth.VerifyO
return auth.VerifyAccess(j.rules, acc, res) return auth.VerifyAccess(j.rules, acc, res)
} }
func (j *jwt) Rules(opts ...auth.RulesOption) ([]*auth.Rule, error) { func (j *jwtAuth) Rules(opts ...auth.RulesOption) ([]*auth.Rule, error) {
j.Lock() j.Lock()
defer j.Unlock() defer j.Unlock()
return j.rules, nil return j.rules, nil
} }
func (j *jwt) Inspect(token string) (*auth.Account, error) { func (j *jwtAuth) Inspect(token string) (*auth.Account, error) {
return j.jwt.Inspect(token) return j.token.Inspect(token)
} }
func (j *jwt) Token(opts ...auth.TokenOption) (*auth.Token, error) { func (j *jwtAuth) Token(opts ...auth.TokenOption) (*auth.Token, error) {
options := auth.NewTokenOptions(opts...) options := auth.NewTokenOptions(opts...)
secret := options.RefreshToken secret := options.RefreshToken
@ -127,17 +127,17 @@ func (j *jwt) Token(opts ...auth.TokenOption) (*auth.Token, error) {
secret = options.Secret secret = options.Secret
} }
account, err := j.jwt.Inspect(secret) account, err := j.token.Inspect(secret)
if err != nil { if err != nil {
return nil, err return nil, err
} }
access, err := j.jwt.Generate(account, token.WithExpiry(options.Expiry)) access, err := j.token.Generate(account, token.WithExpiry(options.Expiry))
if err != nil { if err != nil {
return nil, err return nil, err
} }
refresh, err := j.jwt.Generate(account, token.WithExpiry(options.Expiry+time.Hour)) refresh, err := j.token.Generate(account, token.WithExpiry(options.Expiry+time.Hour))
if err != nil { if err != nil {
return nil, err return nil, err
} }

40
auth/service/service.go
View File

@ -14,18 +14,18 @@ import (
) )
// svc is the service implementation of the Auth interface // svc is the service implementation of the Auth interface
type svc struct { type svcAuth struct {
options auth.Options options auth.Options
auth pb.AuthService auth pb.AuthService
rules pb.RulesService rules pb.RulesService
jwt token.Provider token token.Provider
} }
func (s *svc) String() string { func (s *svcAuth) String() string {
return "service" return "service"
} }
func (s *svc) Init(opts ...auth.Option) { func (s *svcAuth) Init(opts ...auth.Option) {
for _, o := range opts { for _, o := range opts {
o(&s.options) o(&s.options)
} }
@ -36,12 +36,12 @@ func (s *svc) Init(opts ...auth.Option) {
s.setupJWT() s.setupJWT()
} }
func (s *svc) Options() auth.Options { func (s *svcAuth) Options() auth.Options {
return s.options return s.options
} }
// Generate a new account // Generate a new account
func (s *svc) Generate(id string, opts ...auth.GenerateOption) (*auth.Account, error) { func (s *svcAuth) Generate(id string, opts ...auth.GenerateOption) (*auth.Account, error) {
options := auth.NewGenerateOptions(opts...) options := auth.NewGenerateOptions(opts...)
if len(options.Issuer) == 0 { if len(options.Issuer) == 0 {
options.Issuer = s.options.Issuer options.Issuer = s.options.Issuer
@ -57,7 +57,7 @@ func (s *svc) Generate(id string, opts ...auth.GenerateOption) (*auth.Account, e
Issuer: options.Issuer, Issuer: options.Issuer,
} }
tok, err := s.jwt.Generate(acc, token.WithExpiry(time.Hour*24*365)) tok, err := s.token.Generate(acc, token.WithExpiry(time.Hour*24*365))
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -87,7 +87,7 @@ func (s *svc) Generate(id string, opts ...auth.GenerateOption) (*auth.Account, e
} }
// Grant access to a resource // Grant access to a resource
func (s *svc) Grant(rule *auth.Rule) error { func (s *svcAuth) Grant(rule *auth.Rule) error {
access := pb.Access_UNKNOWN access := pb.Access_UNKNOWN
if rule.Access == auth.AccessGranted { if rule.Access == auth.AccessGranted {
access = pb.Access_GRANTED access = pb.Access_GRANTED
@ -116,7 +116,7 @@ func (s *svc) Grant(rule *auth.Rule) error {
} }
// Revoke access to a resource // Revoke access to a resource
func (s *svc) Revoke(rule *auth.Rule) error { func (s *svcAuth) Revoke(rule *auth.Rule) error {
_, err := s.rules.Delete(context.TODO(), &pb.DeleteRequest{ _, err := s.rules.Delete(context.TODO(), &pb.DeleteRequest{
Id: rule.ID, Options: &pb.Options{ Id: rule.ID, Options: &pb.Options{
Namespace: s.Options().Issuer, Namespace: s.Options().Issuer,
@ -126,7 +126,7 @@ func (s *svc) Revoke(rule *auth.Rule) error {
return err return err
} }
func (s *svc) Rules(opts ...auth.RulesOption) ([]*auth.Rule, error) { func (s *svcAuth) Rules(opts ...auth.RulesOption) ([]*auth.Rule, error) {
var options auth.RulesOptions var options auth.RulesOptions
for _, o := range opts { for _, o := range opts {
o(&options) o(&options)
@ -155,7 +155,7 @@ func (s *svc) Rules(opts ...auth.RulesOption) ([]*auth.Rule, error) {
} }
// Verify an account has access to a resource // Verify an account has access to a resource
func (s *svc) Verify(acc *auth.Account, res *auth.Resource, opts ...auth.VerifyOption) error { func (s *svcAuth) Verify(acc *auth.Account, res *auth.Resource, opts ...auth.VerifyOption) error {
var options auth.VerifyOptions var options auth.VerifyOptions
for _, o := range opts { for _, o := range opts {
o(&options) o(&options)
@ -173,10 +173,10 @@ func (s *svc) Verify(acc *auth.Account, res *auth.Resource, opts ...auth.VerifyO
} }
// Inspect a token // Inspect a token
func (s *svc) Inspect(token string) (*auth.Account, error) { func (s *svcAuth) Inspect(token string) (*auth.Account, error) {
// try to decode JWT locally and fall back to srv if an error occurs // try to decode JWT locally and fall back to srv if an error occurs
if len(strings.Split(token, ".")) == 3 && len(s.options.PublicKey) > 0 { if len(strings.Split(token, ".")) == 3 && len(s.options.PublicKey) > 0 {
return s.jwt.Inspect(token) return s.token.Inspect(token)
} }
// the token is not a JWT or we do not have the keys to decode it, // the token is not a JWT or we do not have the keys to decode it,
@ -191,7 +191,7 @@ func (s *svc) Inspect(token string) (*auth.Account, error) {
} }
// Token generation using an account ID and secret // Token generation using an account ID and secret
func (s *svc) Token(opts ...auth.TokenOption) (*auth.Token, error) { func (s *svcAuth) Token(opts ...auth.TokenOption) (*auth.Token, error) {
options := auth.NewTokenOptions(opts...) options := auth.NewTokenOptions(opts...)
if len(options.Issuer) == 0 { if len(options.Issuer) == 0 {
options.Issuer = s.options.Issuer options.Issuer = s.options.Issuer
@ -204,12 +204,12 @@ func (s *svc) Token(opts ...auth.TokenOption) (*auth.Token, error) {
tok = options.Secret tok = options.Secret
} }
acc, err := s.jwt.Inspect(tok) acc, err := s.token.Inspect(tok)
if err != nil { if err != nil {
return nil, err return nil, err
} }
token, err := s.jwt.Generate(acc, token.WithExpiry(options.Expiry)) token, err := s.token.Generate(acc, token.WithExpiry(options.Expiry))
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -277,7 +277,7 @@ func serializeRule(r *pb.Rule) *auth.Rule {
} }
} }
func (s *svc) callOpts() []client.CallOption { func (s *svcAuth) callOpts() []client.CallOption {
return []client.CallOption{ return []client.CallOption{
client.WithAddress(s.options.Addrs...), client.WithAddress(s.options.Addrs...),
} }
@ -293,7 +293,7 @@ func NewAuth(opts ...auth.Option) auth.Auth {
options.Addrs = []string{"127.0.0.1:8010"} options.Addrs = []string{"127.0.0.1:8010"}
} }
service := &svc{ service := &svcAuth{
auth: pb.NewAuthService("go.micro.auth", options.Client), auth: pb.NewAuthService("go.micro.auth", options.Client),
rules: pb.NewRulesService("go.micro.auth", options.Client), rules: pb.NewRulesService("go.micro.auth", options.Client),
options: options, options: options,
@ -303,7 +303,7 @@ func NewAuth(opts ...auth.Option) auth.Auth {
return service return service
} }
func (s *svc) setupJWT() { func (s *svcAuth) setupJWT() {
tokenOpts := []token.Option{} tokenOpts := []token.Option{}
// if we have a JWT public key passed as an option, // if we have a JWT public key passed as an option,
@ -321,5 +321,5 @@ func (s *svc) setupJWT() {
tokenOpts = append(tokenOpts, token.WithPrivateKey(key)) tokenOpts = append(tokenOpts, token.WithPrivateKey(key))
} }
s.jwt = jwt.NewTokenProvider(tokenOpts...) s.token = jwt.NewTokenProvider(tokenOpts...)
} }