Service => Service Auth
This commit is contained in:
Ben Toogood
@@ -8,8 +8,12 @@ import (
|
||||
)
|
||||
|
||||
type Options struct {
|
||||
// Token is an auth token
|
||||
Token string
|
||||
// ID is the services auth ID
|
||||
ID string
|
||||
// Secret is used to generate new tokens
|
||||
Secret string
|
||||
// Token is the services token used to authenticate itself
|
||||
Token *Token
|
||||
// Public key base64 encoded
|
||||
PublicKey string
|
||||
// Private key base64 encoded
|
||||
@@ -45,10 +49,11 @@ func PrivateKey(key string) Option {
|
||||
}
|
||||
}
|
||||
|
||||
// ServiceToken sets an auth token
|
||||
func ServiceToken(t string) Option {
|
||||
// Credentials sets the auth credentials
|
||||
func Credentials(id, secret string) Option {
|
||||
return func(o *Options) {
|
||||
o.Token = t
|
||||
o.ID = id
|
||||
o.Secret = secret
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -55,13 +55,13 @@ func (s *svc) Init(opts ...auth.Option) {
|
||||
}
|
||||
|
||||
// load rules periodically from the auth service
|
||||
timer := time.NewTicker(time.Second * 30)
|
||||
ruleTimer := time.NewTicker(time.Second * 30)
|
||||
go func() {
|
||||
// load rules immediately on startup
|
||||
s.loadRules()
|
||||
|
||||
for {
|
||||
<-timer.C
|
||||
<-ruleTimer.C
|
||||
|
||||
// jitter for up to 5 seconds, this stops
|
||||
// all the services calling the auth service
|
||||
@@ -70,9 +70,39 @@ func (s *svc) Init(opts ...auth.Option) {
|
||||
s.loadRules()
|
||||
}
|
||||
}()
|
||||
|
||||
// we have client credentials and must load a new token
|
||||
// periodically
|
||||
if len(s.options.ID) > 0 || len(s.options.Secret) > 0 {
|
||||
tokenTimer := time.NewTicker(time.Minute)
|
||||
|
||||
go func() {
|
||||
s.loadToken()
|
||||
|
||||
for {
|
||||
<-tokenTimer.C
|
||||
|
||||
// Do not get a new token if the current one has more than three
|
||||
// minutes remaining. We do 3 minutes to allow multiple retires in
|
||||
// the case one request fails
|
||||
t := s.Options().Token
|
||||
if t != nil && t.Expiry.Unix() > time.Now().Add(time.Minute*3).Unix() {
|
||||
continue
|
||||
}
|
||||
|
||||
// jitter for up to 5 seconds, this stops
|
||||
// all the services calling the auth service
|
||||
// at the exact same time
|
||||
time.Sleep(jitter.Do(time.Second * 5))
|
||||
s.loadToken()
|
||||
}
|
||||
}()
|
||||
}
|
||||
}
|
||||
|
||||
func (s *svc) Options() auth.Options {
|
||||
s.Lock()
|
||||
defer s.Unlock()
|
||||
return s.options
|
||||
}
|
||||
|
||||
@@ -256,6 +286,24 @@ func (s *svc) loadRules() {
|
||||
s.rules = rsp.Rules
|
||||
}
|
||||
|
||||
// loadToken generates a new token for the service to use when making calls
|
||||
func (s *svc) loadToken() {
|
||||
rsp, err := s.auth.Token(context.TODO(), &pb.TokenRequest{
|
||||
Id: s.Options().ID,
|
||||
Secret: s.Options().Secret,
|
||||
TokenExpiry: int64((time.Minute * 15).Seconds()),
|
||||
})
|
||||
s.Lock()
|
||||
defer s.Unlock()
|
||||
|
||||
if err != nil {
|
||||
log.Errorf("Error generating token: %v", err)
|
||||
return
|
||||
}
|
||||
|
||||
s.options.Token = serializeToken(rsp.Token)
|
||||
}
|
||||
|
||||
func serializeToken(t *pb.Token) *auth.Token {
|
||||
return &auth.Token{
|
||||
Token: t.Token,
|
||||
|
||||
Reference in New Issue
Block a user