ben-toogood
GitHub
@@ -44,10 +44,19 @@ type Options struct {
|
|||||||
Store store.Store
|
Store store.Store
|
||||||
// Client to use for RPC
|
// Client to use for RPC
|
||||||
Client client.Client
|
Client client.Client
|
||||||
|
// Addrs sets the addresses of auth
|
||||||
|
Addrs []string
|
||||||
}
|
}
|
||||||
|
|
||||||
type Option func(o *Options)
|
type Option func(o *Options)
|
||||||
|
|
||||||
|
// Addrs is the auth addresses to use
|
||||||
|
func Addrs(addrs ...string) Option {
|
||||||
|
return func(o *Options) {
|
||||||
|
o.Addrs = addrs
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// Namespace the service belongs to
|
// Namespace the service belongs to
|
||||||
func Namespace(n string) Option {
|
func Namespace(n string) Option {
|
||||||
return func(o *Options) {
|
return func(o *Options) {
|
||||||
|
|||||||
@@ -23,6 +23,7 @@ type svc struct {
|
|||||||
auth pb.AuthService
|
auth pb.AuthService
|
||||||
rule pb.RulesService
|
rule pb.RulesService
|
||||||
jwt token.Provider
|
jwt token.Provider
|
||||||
|
addrs []string
|
||||||
|
|
||||||
rules []*pb.Rule
|
rules []*pb.Rule
|
||||||
sync.Mutex
|
sync.Mutex
|
||||||
@@ -50,21 +51,6 @@ func (s *svc) Init(opts ...auth.Option) {
|
|||||||
if key := s.options.PublicKey; len(key) > 0 {
|
if key := s.options.PublicKey; len(key) > 0 {
|
||||||
s.jwt = jwt.NewTokenProvider(token.WithPublicKey(key))
|
s.jwt = jwt.NewTokenProvider(token.WithPublicKey(key))
|
||||||
}
|
}
|
||||||
|
|
||||||
// load rules periodically from the auth service
|
|
||||||
go func() {
|
|
||||||
ruleTimer := time.NewTicker(time.Second * 30)
|
|
||||||
|
|
||||||
for {
|
|
||||||
// jitter for up to 5 seconds, this stops
|
|
||||||
// all the services calling the auth service
|
|
||||||
// at the exact same time
|
|
||||||
time.Sleep(jitter.Do(time.Second * 5))
|
|
||||||
s.loadRules()
|
|
||||||
|
|
||||||
<-ruleTimer.C
|
|
||||||
}
|
|
||||||
}()
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *svc) Options() auth.Options {
|
func (s *svc) Options() auth.Options {
|
||||||
@@ -85,7 +71,7 @@ func (s *svc) Generate(id string, opts ...auth.GenerateOption) (*auth.Account, e
|
|||||||
Metadata: options.Metadata,
|
Metadata: options.Metadata,
|
||||||
Provider: options.Provider,
|
Provider: options.Provider,
|
||||||
Namespace: options.Namespace,
|
Namespace: options.Namespace,
|
||||||
})
|
}, client.WithAddress(s.addrs...))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
@@ -104,7 +90,7 @@ func (s *svc) Grant(role string, res *auth.Resource) error {
|
|||||||
Name: res.Name,
|
Name: res.Name,
|
||||||
Endpoint: res.Endpoint,
|
Endpoint: res.Endpoint,
|
||||||
},
|
},
|
||||||
})
|
}, client.WithAddress(s.addrs...))
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -119,7 +105,7 @@ func (s *svc) Revoke(role string, res *auth.Resource) error {
|
|||||||
Name: res.Name,
|
Name: res.Name,
|
||||||
Endpoint: res.Endpoint,
|
Endpoint: res.Endpoint,
|
||||||
},
|
},
|
||||||
})
|
}, client.WithAddress(s.addrs...))
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -189,7 +175,7 @@ func (s *svc) Inspect(token string) (*auth.Account, error) {
|
|||||||
|
|
||||||
// the token is not a JWT or we do not have the keys to decode it,
|
// the token is not a JWT or we do not have the keys to decode it,
|
||||||
// fall back to the auth service
|
// fall back to the auth service
|
||||||
rsp, err := s.auth.Inspect(context.TODO(), &pb.InspectRequest{Token: token})
|
rsp, err := s.auth.Inspect(context.TODO(), &pb.InspectRequest{Token: token}, client.WithAddress(s.addrs...))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
@@ -205,7 +191,7 @@ func (s *svc) Token(opts ...auth.TokenOption) (*auth.Token, error) {
|
|||||||
Secret: options.Secret,
|
Secret: options.Secret,
|
||||||
RefreshToken: options.RefreshToken,
|
RefreshToken: options.RefreshToken,
|
||||||
TokenExpiry: int64(options.Expiry.Seconds()),
|
TokenExpiry: int64(options.Expiry.Seconds()),
|
||||||
})
|
}, client.WithAddress(s.addrs...))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
@@ -270,7 +256,7 @@ func (s *svc) listRules(filters ...string) []*pb.Rule {
|
|||||||
|
|
||||||
// loadRules retrieves the rules from the auth service
|
// loadRules retrieves the rules from the auth service
|
||||||
func (s *svc) loadRules() {
|
func (s *svc) loadRules() {
|
||||||
rsp, err := s.rule.List(context.TODO(), &pb.ListRequest{})
|
rsp, err := s.rule.List(context.TODO(), &pb.ListRequest{}, client.WithAddress(s.addrs...))
|
||||||
s.Lock()
|
s.Lock()
|
||||||
defer s.Unlock()
|
defer s.Unlock()
|
||||||
|
|
||||||
@@ -320,9 +306,28 @@ func NewAuth(opts ...auth.Option) auth.Auth {
|
|||||||
options.Client = client.DefaultClient
|
options.Client = client.DefaultClient
|
||||||
}
|
}
|
||||||
|
|
||||||
return &svc{
|
addrs := options.Addrs
|
||||||
|
if len(addrs) == 0 {
|
||||||
|
addrs = []string{"127.0.0.1:8010"}
|
||||||
|
}
|
||||||
|
|
||||||
|
service := &svc{
|
||||||
auth: pb.NewAuthService("go.micro.auth", options.Client),
|
auth: pb.NewAuthService("go.micro.auth", options.Client),
|
||||||
rule: pb.NewRulesService("go.micro.auth", options.Client),
|
rule: pb.NewRulesService("go.micro.auth", options.Client),
|
||||||
options: options,
|
options: options,
|
||||||
|
addrs: addrs,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// load rules periodically from the auth service
|
||||||
|
go func() {
|
||||||
|
ruleTimer := time.NewTicker(time.Second * 30)
|
||||||
|
|
||||||
|
for {
|
||||||
|
time.Sleep(jitter.Do(time.Second * 5))
|
||||||
|
service.loadRules()
|
||||||
|
<-ruleTimer.C
|
||||||
|
}
|
||||||
|
}()
|
||||||
|
|
||||||
|
return service
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user