unistack-org/micro
4
0
Fork 3
Code Issues 19 Pull Requests 1 Actions Packages Projects Releases 259 Wiki Activity

Set auth account in context (#1293)

Browse Source
This commit is contained in:
ben-toogood 2020-03-04 09:54:52 +00:00 committed by GitHub
parent 3f0c28a815
commit 6a9001bdb1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 65 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
auth/auth.go
View File

@ -2,7 +2,11 @@
package auth package auth
import ( import (
"context"
"encoding/json"
"time" "time"
"github.com/micro/go-micro/v2/metadata"
) )
// Auth providers authentication and authorization // Auth providers authentication and authorization
@ -53,3 +57,41 @@ type Account struct {
// Any other associated metadata // Any other associated metadata
Metadata map[string]string `json:"metadata"` Metadata map[string]string `json:"metadata"`
} }
const (
// MetadataKey is the key used when storing the account
// in metadata
MetadataKey = "auth-account"
)
// AccountFromContext gets the account from the context, which
// is set by the auth wrapper at the start of a call. If the account
// is not set, a nil account will be returned. The error is only returned
// when there was a problem retrieving an account
func AccountFromContext(ctx context.Context) (*Account, error) {
str, ok := metadata.Get(ctx, MetadataKey)
// there was no account set
if !ok {
return nil, nil
}
var acc *Account
// metadata is stored as a string, so unmarshal to an account
if err := json.Unmarshal([]byte(str), &acc); err != nil {
return nil, err
}
return acc, nil
}
// ContextWithAccount sets the account in the context
func ContextWithAccount(ctx context.Context, account *Account) (context.Context, error) {
// metadata is stored as a string, so marshal to bytes
bytes, err := json.Marshal(account)
if err != nil {
return ctx, err
}
// generate a new context with the MetadataKey set
return metadata.Set(ctx, MetadataKey, string(bytes)), nil
}

32
util/wrapper/wrapper.go
View File

@ -164,13 +164,6 @@ func AuthHandler(fn func() auth.Auth) server.HandlerWrapper {
return h(ctx, req, rsp) return h(ctx, req, rsp)
} }
// Exclude any user excluded endpoints
for _, e := range a.Options().Exclude {
if e == req.Endpoint() {
return h(ctx, req, rsp)
}
}
// Extract the token if present. Note: if noop is being used // Extract the token if present. Note: if noop is being used
// then the token can be blank without erroring // then the token can be blank without erroring
var token string var token string
@ -184,10 +177,31 @@ func AuthHandler(fn func() auth.Auth) server.HandlerWrapper {
} }
// Verify the token // Verify the token
if _, err := a.Verify(token); err != nil { account, authErr := a.Verify(token)
return errors.Unauthorized("go.micro.auth", err.Error())
// If there is an account, set it in the context
if authErr == nil {
var err error
ctx, err = auth.ContextWithAccount(ctx, account)
if err != nil {
return err
}
} }
// Return if the user disabled auth on this endpoint
for _, e := range a.Options().Exclude {
if e == req.Endpoint() {
return h(ctx, req, rsp)
}
}
// If the authErr is set, prevent the user from calling the endpoint
if authErr != nil {
return errors.Unauthorized("go.micro.auth", authErr.Error())
}
// The user is authorised, allow the call
return h(ctx, req, rsp) return h(ctx, req, rsp)
} }
} }