From 8b35c264eb9980a29152e0bc31b57e5eb61cec03 Mon Sep 17 00:00:00 2001 From: Ben Toogood Date: Thu, 2 Apr 2020 17:44:48 +0100 Subject: [PATCH] Pass resolver to api auth handler --- api/server/auth/auth.go | 30 +++++++++++++++++++++++------- api/server/http/http.go | 14 +++++++++----- api/server/options.go | 15 +++++++++++++++ 3 files changed, 47 insertions(+), 12 deletions(-) diff --git a/api/server/auth/auth.go b/api/server/auth/auth.go index 1bd60508..7e86f651 100644 --- a/api/server/auth/auth.go +++ b/api/server/auth/auth.go @@ -6,20 +6,25 @@ import ( "net/url" "strings" + "github.com/micro/go-micro/v2/api/resolver" "github.com/micro/go-micro/v2/auth" ) // CombinedAuthHandler wraps a server and authenticates requests -func CombinedAuthHandler(h http.Handler) http.Handler { +func CombinedAuthHandler(namespace string, r resolver.Resolver, h http.Handler) http.Handler { return authHandler{ - handler: h, - auth: auth.DefaultAuth, + handler: h, + resolver: r, + auth: auth.DefaultAuth, + namespace: namespace, } } type authHandler struct { - handler http.Handler - auth auth.Auth + handler http.Handler + auth auth.Auth + resolver resolver.Resolver + namespace string } func (h authHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) { @@ -45,10 +50,21 @@ func (h authHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) { if err != nil { acc = &auth.Account{} } + + // Determine the name of the service being requested + endpoint, err := h.resolver.Resolve(req) + if err != nil { + w.WriteHeader(http.StatusInternalServerError) + return + } + resName := h.namespace + "." + endpoint.Name + + // Perform the verification check to see if the account has access to + // the resource they're requesting err = h.auth.Verify(acc, &auth.Resource{ Type: "service", - Name: "go.micro.web", - Endpoint: req.URL.Path, + Name: resName, + Endpoint: endpoint.Path, }) // The account has the necessary permissions to access the diff --git a/api/server/http/http.go b/api/server/http/http.go index 0af91256..2599d2db 100644 --- a/api/server/http/http.go +++ b/api/server/http/http.go @@ -8,10 +8,9 @@ import ( "os" "sync" - "github.com/micro/go-micro/v2/api/server/auth" - "github.com/gorilla/handlers" "github.com/micro/go-micro/v2/api/server" + "github.com/micro/go-micro/v2/api/server/auth" "github.com/micro/go-micro/v2/api/server/cors" "github.com/micro/go-micro/v2/logger" ) @@ -25,9 +24,14 @@ type httpServer struct { exit chan chan error } -func NewServer(address string) server.Server { +func NewServer(address string, opts ...server.Option) server.Server { + var options server.Options + for _, o := range opts { + o(&options) + } + return &httpServer{ - opts: server.Options{}, + opts: options, mux: http.NewServeMux(), address: address, exit: make(chan chan error), @@ -49,7 +53,7 @@ func (s *httpServer) Init(opts ...server.Option) error { func (s *httpServer) Handle(path string, handler http.Handler) { h := handlers.CombinedLoggingHandler(os.Stdout, handler) - h = auth.CombinedAuthHandler(handler) + h = auth.CombinedAuthHandler(s.opts.Namespace, s.opts.Resolver, handler) if s.opts.EnableCORS { h = cors.CombinedCORSHandler(h) diff --git a/api/server/options.go b/api/server/options.go index 99be1a03..5d167ced 100644 --- a/api/server/options.go +++ b/api/server/options.go @@ -3,6 +3,7 @@ package server import ( "crypto/tls" + "github.com/micro/go-micro/v2/api/resolver" "github.com/micro/go-micro/v2/api/server/acme" ) @@ -15,6 +16,8 @@ type Options struct { EnableTLS bool ACMEHosts []string TLSConfig *tls.Config + Namespace string + Resolver resolver.Resolver } func EnableCORS(b bool) Option { @@ -52,3 +55,15 @@ func TLSConfig(t *tls.Config) Option { o.TLSConfig = t } } + +func Namespace(n string) Option { + return func(o *Options) { + o.Namespace = n + } +} + +func Resolver(r resolver.Resolver) Option { + return func(o *Options) { + o.Resolver = r + } +}