Replace auth account.Namespace with account.Scopes
This commit is contained in:
parent
e61edf6280
commit
dc10f88c12
@ -2,8 +2,6 @@ package resolver
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"net/http"
|
"net/http"
|
||||||
|
|
||||||
"github.com/micro/go-micro/v2/auth"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
// NewOptions returns new initialised options
|
// NewOptions returns new initialised options
|
||||||
@ -14,7 +12,7 @@ func NewOptions(opts ...Option) Options {
|
|||||||
}
|
}
|
||||||
|
|
||||||
if options.Namespace == nil {
|
if options.Namespace == nil {
|
||||||
options.Namespace = StaticNamespace(auth.DefaultNamespace)
|
options.Namespace = StaticNamespace("go.micro")
|
||||||
}
|
}
|
||||||
|
|
||||||
return options
|
return options
|
||||||
|
23
auth/auth.go
23
auth/auth.go
@ -50,8 +50,6 @@ type Resource struct {
|
|||||||
Type string `json:"type"`
|
Type string `json:"type"`
|
||||||
// Endpoint resource e.g NotesService.Create
|
// Endpoint resource e.g NotesService.Create
|
||||||
Endpoint string `json:"endpoint"`
|
Endpoint string `json:"endpoint"`
|
||||||
// Namespace the resource belongs to
|
|
||||||
Namespace string `json:"namespace"`
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// Account provided by an auth provider
|
// Account provided by an auth provider
|
||||||
@ -66,12 +64,27 @@ type Account struct {
|
|||||||
Roles []string `json:"roles"`
|
Roles []string `json:"roles"`
|
||||||
// Any other associated metadata
|
// Any other associated metadata
|
||||||
Metadata map[string]string `json:"metadata"`
|
Metadata map[string]string `json:"metadata"`
|
||||||
// Namespace the account belongs to
|
// Scopes the account has access to
|
||||||
Namespace string `json:"namespace"`
|
Scopes []string `json:"scopes"`
|
||||||
// Secret for the account, e.g. the password
|
// Secret for the account, e.g. the password
|
||||||
Secret string `json:"secret"`
|
Secret string `json:"secret"`
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// HasScope returns a boolean indicating if the account has the given scope
|
||||||
|
func (a *Account) HasScope(scope string) bool {
|
||||||
|
if a.Scopes == nil {
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
|
||||||
|
for _, s := range a.Scopes {
|
||||||
|
if s == scope {
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
|
||||||
// HasRole returns a boolean indicating if the account has the given role
|
// HasRole returns a boolean indicating if the account has the given role
|
||||||
func (a *Account) HasRole(role string) bool {
|
func (a *Account) HasRole(role string) bool {
|
||||||
if a.Roles == nil {
|
if a.Roles == nil {
|
||||||
@ -100,8 +113,6 @@ type Token struct {
|
|||||||
}
|
}
|
||||||
|
|
||||||
const (
|
const (
|
||||||
// DefaultNamespace used for auth
|
|
||||||
DefaultNamespace = "go.micro"
|
|
||||||
// TokenCookieName is the name of the cookie which stores the auth token
|
// TokenCookieName is the name of the cookie which stores the auth token
|
||||||
TokenCookieName = "micro-token"
|
TokenCookieName = "micro-token"
|
||||||
// BearerScheme used for Authorization header
|
// BearerScheme used for Authorization header
|
||||||
|
@ -2,6 +2,19 @@ package auth
|
|||||||
|
|
||||||
import "testing"
|
import "testing"
|
||||||
|
|
||||||
|
func TestHasScope(t *testing.T) {
|
||||||
|
if new(Account).HasScope("namespace.foo") {
|
||||||
|
t.Errorf("Expected the blank account to not have a role")
|
||||||
|
}
|
||||||
|
|
||||||
|
acc := Account{Scopes: []string{"namespace.foo"}}
|
||||||
|
if !acc.HasScope("namespace.foo") {
|
||||||
|
t.Errorf("Expected the account to have the namespace.foo role")
|
||||||
|
}
|
||||||
|
if acc.HasScope("namespace.bar") {
|
||||||
|
t.Errorf("Expected the account to not have the namespace.bar role")
|
||||||
|
}
|
||||||
|
}
|
||||||
func TestHasRole(t *testing.T) {
|
func TestHasRole(t *testing.T) {
|
||||||
if new(Account).HasRole("foo") {
|
if new(Account).HasRole("foo") {
|
||||||
t.Errorf("Expected the blank account to not have a role")
|
t.Errorf("Expected the blank account to not have a role")
|
||||||
|
@ -53,7 +53,7 @@ func (n *noop) Generate(id string, opts ...GenerateOption) (*Account, error) {
|
|||||||
Roles: options.Roles,
|
Roles: options.Roles,
|
||||||
Secret: options.Secret,
|
Secret: options.Secret,
|
||||||
Metadata: options.Metadata,
|
Metadata: options.Metadata,
|
||||||
Namespace: DefaultNamespace,
|
Scopes: options.Scopes,
|
||||||
}, nil
|
}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -74,10 +74,7 @@ func (n *noop) Verify(acc *Account, res *Resource) error {
|
|||||||
|
|
||||||
// Inspect a token
|
// Inspect a token
|
||||||
func (n *noop) Inspect(token string) (*Account, error) {
|
func (n *noop) Inspect(token string) (*Account, error) {
|
||||||
return &Account{
|
return &Account{ID: uuid.New().String()}, nil
|
||||||
ID: uuid.New().String(),
|
|
||||||
Namespace: DefaultNamespace,
|
|
||||||
}, nil
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// Token generation using an account id and secret
|
// Token generation using an account id and secret
|
||||||
|
@ -1,6 +1,7 @@
|
|||||||
package jwt
|
package jwt
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"fmt"
|
||||||
"sync"
|
"sync"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
@ -41,10 +42,6 @@ func (j *jwt) Init(opts ...auth.Option) {
|
|||||||
o(&j.options)
|
o(&j.options)
|
||||||
}
|
}
|
||||||
|
|
||||||
if len(j.options.Namespace) == 0 {
|
|
||||||
j.options.Namespace = auth.DefaultNamespace
|
|
||||||
}
|
|
||||||
|
|
||||||
j.jwt = jwtToken.NewTokenProvider(
|
j.jwt = jwtToken.NewTokenProvider(
|
||||||
token.WithPrivateKey(j.options.PrivateKey),
|
token.WithPrivateKey(j.options.PrivateKey),
|
||||||
token.WithPublicKey(j.options.PublicKey),
|
token.WithPublicKey(j.options.PublicKey),
|
||||||
@ -63,9 +60,9 @@ func (j *jwt) Generate(id string, opts ...auth.GenerateOption) (*auth.Account, e
|
|||||||
ID: id,
|
ID: id,
|
||||||
Type: options.Type,
|
Type: options.Type,
|
||||||
Roles: options.Roles,
|
Roles: options.Roles,
|
||||||
|
Scopes: options.Scopes,
|
||||||
Provider: options.Provider,
|
Provider: options.Provider,
|
||||||
Metadata: options.Metadata,
|
Metadata: options.Metadata,
|
||||||
Namespace: options.Namespace,
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// generate a JWT secret which can be provided to the Token() method
|
// generate a JWT secret which can be provided to the Token() method
|
||||||
@ -111,18 +108,18 @@ func (j *jwt) Revoke(role string, res *auth.Resource) error {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func (j *jwt) Verify(acc *auth.Account, res *auth.Resource) error {
|
func (j *jwt) Verify(acc *auth.Account, res *auth.Resource) error {
|
||||||
j.Lock()
|
// check the scope
|
||||||
if len(res.Namespace) == 0 {
|
scope := "namespace." + j.options.Namespace
|
||||||
res.Namespace = j.options.Namespace
|
if acc != nil && !acc.HasScope(scope) {
|
||||||
|
return fmt.Errorf("Missing required scope: %v", scope)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
j.Lock()
|
||||||
rules := j.rules
|
rules := j.rules
|
||||||
j.Unlock()
|
j.Unlock()
|
||||||
|
|
||||||
for _, rule := range rules {
|
for _, rule := range rules {
|
||||||
// validate the rule applies to the requested resource
|
// validate the rule applies to the requested resource
|
||||||
if rule.resource.Namespace != "*" && rule.resource.Namespace != res.Namespace {
|
|
||||||
continue
|
|
||||||
}
|
|
||||||
if rule.resource.Type != "*" && rule.resource.Type != res.Type {
|
if rule.resource.Type != "*" && rule.resource.Type != res.Type {
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
@ -13,9 +13,6 @@ func NewOptions(opts ...Option) Options {
|
|||||||
for _, o := range opts {
|
for _, o := range opts {
|
||||||
o(&options)
|
o(&options)
|
||||||
}
|
}
|
||||||
if len(options.Namespace) == 0 {
|
|
||||||
options.Namespace = DefaultNamespace
|
|
||||||
}
|
|
||||||
if options.Client == nil {
|
if options.Client == nil {
|
||||||
options.Client = client.DefaultClient
|
options.Client = client.DefaultClient
|
||||||
}
|
}
|
||||||
@ -126,8 +123,8 @@ type GenerateOptions struct {
|
|||||||
Metadata map[string]string
|
Metadata map[string]string
|
||||||
// Roles/scopes associated with the account
|
// Roles/scopes associated with the account
|
||||||
Roles []string
|
Roles []string
|
||||||
// Namespace the account belongs too
|
// Scopes the account hasaccess too
|
||||||
Namespace string
|
Scopes []string
|
||||||
// Provider of the account, e.g. oauth
|
// Provider of the account, e.g. oauth
|
||||||
Provider string
|
Provider string
|
||||||
// Type of the account, e.g. user
|
// Type of the account, e.g. user
|
||||||
@ -166,10 +163,10 @@ func WithRoles(rs ...string) GenerateOption {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// WithNamespace for the generated account
|
// WithScopes for the generated account
|
||||||
func WithNamespace(n string) GenerateOption {
|
func WithScopes(s ...string) GenerateOption {
|
||||||
return func(o *GenerateOptions) {
|
return func(o *GenerateOptions) {
|
||||||
o.Namespace = n
|
o.Scopes = s
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -190,7 +190,7 @@ type Account struct {
|
|||||||
Type string `protobuf:"bytes,2,opt,name=type,proto3" json:"type,omitempty"`
|
Type string `protobuf:"bytes,2,opt,name=type,proto3" json:"type,omitempty"`
|
||||||
Roles []string `protobuf:"bytes,3,rep,name=roles,proto3" json:"roles,omitempty"`
|
Roles []string `protobuf:"bytes,3,rep,name=roles,proto3" json:"roles,omitempty"`
|
||||||
Metadata map[string]string `protobuf:"bytes,4,rep,name=metadata,proto3" json:"metadata,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
|
Metadata map[string]string `protobuf:"bytes,4,rep,name=metadata,proto3" json:"metadata,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
|
||||||
Namespace string `protobuf:"bytes,5,opt,name=namespace,proto3" json:"namespace,omitempty"`
|
Scopes []string `protobuf:"bytes,5,rep,name=scopes,proto3" json:"scopes,omitempty"`
|
||||||
Provider string `protobuf:"bytes,6,opt,name=provider,proto3" json:"provider,omitempty"`
|
Provider string `protobuf:"bytes,6,opt,name=provider,proto3" json:"provider,omitempty"`
|
||||||
Secret string `protobuf:"bytes,7,opt,name=secret,proto3" json:"secret,omitempty"`
|
Secret string `protobuf:"bytes,7,opt,name=secret,proto3" json:"secret,omitempty"`
|
||||||
XXX_NoUnkeyedLiteral struct{} `json:"-"`
|
XXX_NoUnkeyedLiteral struct{} `json:"-"`
|
||||||
@ -251,11 +251,11 @@ func (m *Account) GetMetadata() map[string]string {
|
|||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (m *Account) GetNamespace() string {
|
func (m *Account) GetScopes() []string {
|
||||||
if m != nil {
|
if m != nil {
|
||||||
return m.Namespace
|
return m.Scopes
|
||||||
}
|
}
|
||||||
return ""
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (m *Account) GetProvider() string {
|
func (m *Account) GetProvider() string {
|
||||||
@ -276,7 +276,6 @@ type Resource struct {
|
|||||||
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
|
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
|
||||||
Type string `protobuf:"bytes,2,opt,name=type,proto3" json:"type,omitempty"`
|
Type string `protobuf:"bytes,2,opt,name=type,proto3" json:"type,omitempty"`
|
||||||
Endpoint string `protobuf:"bytes,3,opt,name=endpoint,proto3" json:"endpoint,omitempty"`
|
Endpoint string `protobuf:"bytes,3,opt,name=endpoint,proto3" json:"endpoint,omitempty"`
|
||||||
Namespace string `protobuf:"bytes,4,opt,name=namespace,proto3" json:"namespace,omitempty"`
|
|
||||||
XXX_NoUnkeyedLiteral struct{} `json:"-"`
|
XXX_NoUnkeyedLiteral struct{} `json:"-"`
|
||||||
XXX_unrecognized []byte `json:"-"`
|
XXX_unrecognized []byte `json:"-"`
|
||||||
XXX_sizecache int32 `json:"-"`
|
XXX_sizecache int32 `json:"-"`
|
||||||
@ -328,18 +327,11 @@ func (m *Resource) GetEndpoint() string {
|
|||||||
return ""
|
return ""
|
||||||
}
|
}
|
||||||
|
|
||||||
func (m *Resource) GetNamespace() string {
|
|
||||||
if m != nil {
|
|
||||||
return m.Namespace
|
|
||||||
}
|
|
||||||
return ""
|
|
||||||
}
|
|
||||||
|
|
||||||
type GenerateRequest struct {
|
type GenerateRequest struct {
|
||||||
Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
|
Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
|
||||||
Roles []string `protobuf:"bytes,2,rep,name=roles,proto3" json:"roles,omitempty"`
|
Roles []string `protobuf:"bytes,2,rep,name=roles,proto3" json:"roles,omitempty"`
|
||||||
Metadata map[string]string `protobuf:"bytes,3,rep,name=metadata,proto3" json:"metadata,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
|
Metadata map[string]string `protobuf:"bytes,3,rep,name=metadata,proto3" json:"metadata,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
|
||||||
Namespace string `protobuf:"bytes,4,opt,name=namespace,proto3" json:"namespace,omitempty"`
|
Scopes []string `protobuf:"bytes,4,rep,name=scopes,proto3" json:"scopes,omitempty"`
|
||||||
Secret string `protobuf:"bytes,5,opt,name=secret,proto3" json:"secret,omitempty"`
|
Secret string `protobuf:"bytes,5,opt,name=secret,proto3" json:"secret,omitempty"`
|
||||||
Type string `protobuf:"bytes,6,opt,name=type,proto3" json:"type,omitempty"`
|
Type string `protobuf:"bytes,6,opt,name=type,proto3" json:"type,omitempty"`
|
||||||
Provider string `protobuf:"bytes,7,opt,name=provider,proto3" json:"provider,omitempty"`
|
Provider string `protobuf:"bytes,7,opt,name=provider,proto3" json:"provider,omitempty"`
|
||||||
@ -394,11 +386,11 @@ func (m *GenerateRequest) GetMetadata() map[string]string {
|
|||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (m *GenerateRequest) GetNamespace() string {
|
func (m *GenerateRequest) GetScopes() []string {
|
||||||
if m != nil {
|
if m != nil {
|
||||||
return m.Namespace
|
return m.Scopes
|
||||||
}
|
}
|
||||||
return ""
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (m *GenerateRequest) GetSecret() string {
|
func (m *GenerateRequest) GetSecret() string {
|
||||||
@ -1157,64 +1149,63 @@ func init() {
|
|||||||
func init() { proto.RegisterFile("auth/service/proto/auth.proto", fileDescriptor_21300bfacc51fc2a) }
|
func init() { proto.RegisterFile("auth/service/proto/auth.proto", fileDescriptor_21300bfacc51fc2a) }
|
||||||
|
|
||||||
var fileDescriptor_21300bfacc51fc2a = []byte{
|
var fileDescriptor_21300bfacc51fc2a = []byte{
|
||||||
// 900 bytes of a gzipped FileDescriptorProto
|
// 892 bytes of a gzipped FileDescriptorProto
|
||||||
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xcc, 0x56, 0xdd, 0x8e, 0xdb, 0x44,
|
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xcc, 0x56, 0xdd, 0x8e, 0xdb, 0x44,
|
||||||
0x14, 0x5e, 0xff, 0xc4, 0xc9, 0x9e, 0xfc, 0x6c, 0x34, 0xdd, 0x16, 0x2b, 0xed, 0x96, 0xad, 0x8b,
|
0x14, 0x5e, 0xff, 0xc4, 0xc9, 0x9e, 0xc4, 0xd9, 0x68, 0xba, 0x2d, 0x96, 0xcb, 0x96, 0xad, 0x8b,
|
||||||
0xd0, 0x52, 0x41, 0x16, 0xa5, 0x37, 0x40, 0x6f, 0x58, 0x35, 0x51, 0x68, 0xa1, 0x41, 0x58, 0x45,
|
0xd0, 0x52, 0x41, 0x16, 0xa5, 0x37, 0x40, 0x6f, 0x58, 0x35, 0x51, 0x68, 0xa1, 0x41, 0x58, 0x45,
|
||||||
0xe5, 0x06, 0x55, 0xc6, 0x39, 0xb0, 0xd6, 0x66, 0x6d, 0x33, 0x33, 0x5e, 0x91, 0x1b, 0x24, 0xde,
|
0xe5, 0x06, 0x55, 0xc6, 0x39, 0xb0, 0xd6, 0x66, 0x6d, 0x33, 0x33, 0x5e, 0x91, 0x1b, 0x24, 0x5e,
|
||||||
0x81, 0x37, 0x80, 0x2b, 0x9e, 0x89, 0x7b, 0x5e, 0x03, 0xcd, 0x9f, 0x37, 0x76, 0x9c, 0xaa, 0x40,
|
0x80, 0x47, 0xe0, 0x86, 0x3b, 0x9e, 0x89, 0x7b, 0x5e, 0x03, 0x79, 0x7e, 0xbc, 0xb1, 0xe3, 0x54,
|
||||||
0x2f, 0xb8, 0x9b, 0x33, 0xe7, 0xf8, 0xcc, 0xf7, 0x7d, 0xe7, 0xcc, 0xf1, 0xc0, 0x51, 0x54, 0xf0,
|
0x05, 0x7a, 0xd1, 0xbb, 0x39, 0x33, 0x67, 0xce, 0x7c, 0xdf, 0x77, 0x7e, 0x6c, 0x38, 0x8a, 0x0a,
|
||||||
0xf3, 0x53, 0x86, 0xf4, 0x2a, 0x89, 0xf1, 0x34, 0xa7, 0x19, 0xcf, 0x4e, 0xc5, 0xd6, 0x58, 0x2e,
|
0x7e, 0x7e, 0xca, 0x90, 0x5e, 0x25, 0x31, 0x9e, 0xe6, 0x34, 0xe3, 0xd9, 0x69, 0xb9, 0x35, 0x16,
|
||||||
0x49, 0xff, 0x87, 0x6c, 0x7c, 0x99, 0xc4, 0x34, 0x1b, 0x8b, 0xcd, 0xe0, 0x26, 0xdc, 0xf8, 0x22,
|
0x4b, 0xe2, 0xfe, 0x98, 0x8d, 0x2f, 0x93, 0x98, 0x66, 0xe3, 0x72, 0x33, 0xb8, 0x09, 0x37, 0xbe,
|
||||||
0x61, 0xfc, 0x2c, 0x8e, 0xb3, 0x22, 0xe5, 0x2c, 0xc4, 0x1f, 0x0b, 0x64, 0x3c, 0x78, 0x0a, 0x87,
|
0x4c, 0x18, 0x3f, 0x8b, 0xe3, 0xac, 0x48, 0x39, 0x0b, 0xf1, 0xa7, 0x02, 0x19, 0x0f, 0x9e, 0xc0,
|
||||||
0xd5, 0x6d, 0x96, 0x67, 0x29, 0x43, 0x32, 0x81, 0x4e, 0xa4, 0xf7, 0x7c, 0xeb, 0xd8, 0x39, 0xe9,
|
0x61, 0x7d, 0x9b, 0xe5, 0x59, 0xca, 0x90, 0x4c, 0xa0, 0x17, 0xa9, 0x3d, 0xcf, 0x38, 0xb6, 0x4e,
|
||||||
0x4e, 0x6e, 0x8d, 0x2b, 0x09, 0xc7, 0xfa, 0x93, 0xb0, 0x8c, 0x0b, 0x7e, 0xb1, 0xa0, 0xf5, 0x3c,
|
0xfa, 0x93, 0x5b, 0xe3, 0x5a, 0xc0, 0xb1, 0xba, 0x12, 0x56, 0x7e, 0xc1, 0xaf, 0x06, 0x74, 0x9e,
|
||||||
0xbb, 0xc0, 0x94, 0xdc, 0x83, 0x5e, 0x14, 0xc7, 0xc8, 0xd8, 0x4b, 0x2e, 0x6c, 0xdf, 0x3a, 0xb6,
|
0x65, 0x17, 0x98, 0x92, 0xbb, 0x30, 0x88, 0xe2, 0x18, 0x19, 0x7b, 0xc1, 0x4b, 0xdb, 0x33, 0x8e,
|
||||||
0x4e, 0xf6, 0xc3, 0xae, 0xda, 0x53, 0x21, 0xf7, 0xa1, 0x4f, 0xf1, 0x7b, 0x8a, 0xec, 0x5c, 0xc7,
|
0x8d, 0x93, 0xfd, 0xb0, 0x2f, 0xf7, 0xa4, 0xcb, 0x3d, 0x70, 0x29, 0xfe, 0x40, 0x91, 0x9d, 0x2b,
|
||||||
0xd8, 0x32, 0xa6, 0xa7, 0x37, 0x55, 0x90, 0x0f, 0xed, 0x98, 0x62, 0xc4, 0x71, 0xe9, 0x3b, 0xc7,
|
0x1f, 0x53, 0xf8, 0x0c, 0xd4, 0xa6, 0x74, 0xf2, 0xa0, 0x1b, 0x53, 0x8c, 0x38, 0x2e, 0x3d, 0xeb,
|
||||||
0xd6, 0x89, 0x13, 0x1a, 0x93, 0xdc, 0x02, 0x0f, 0x7f, 0xca, 0x13, 0xba, 0xf6, 0x5d, 0xe9, 0xd0,
|
0xd8, 0x38, 0xb1, 0x42, 0x6d, 0x92, 0x5b, 0xe0, 0xe0, 0xcf, 0x79, 0x42, 0xd7, 0x9e, 0x2d, 0x0e,
|
||||||
0x56, 0xf0, 0xab, 0x0d, 0x6d, 0x8d, 0x8c, 0x0c, 0xc0, 0x4e, 0x96, 0xfa, 0x6c, 0x3b, 0x59, 0x12,
|
0x94, 0x15, 0xfc, 0x66, 0x42, 0x57, 0x21, 0x23, 0x43, 0x30, 0x93, 0xa5, 0x7a, 0xdb, 0x4c, 0x96,
|
||||||
0x02, 0x2e, 0x5f, 0xe7, 0xa8, 0x4f, 0x92, 0x6b, 0x72, 0x08, 0x2d, 0x9a, 0xad, 0x90, 0xf9, 0xce,
|
0x84, 0x80, 0xcd, 0xd7, 0x39, 0xaa, 0x97, 0xc4, 0x9a, 0x1c, 0x42, 0x87, 0x66, 0x2b, 0x64, 0x9e,
|
||||||
0xb1, 0x73, 0xb2, 0x1f, 0x2a, 0x83, 0x7c, 0x0a, 0x9d, 0x4b, 0xe4, 0xd1, 0x32, 0xe2, 0x91, 0xef,
|
0x75, 0x6c, 0x9d, 0xec, 0x87, 0xd2, 0x20, 0x9f, 0x41, 0xef, 0x12, 0x79, 0xb4, 0x8c, 0x78, 0xe4,
|
||||||
0x4a, 0xf6, 0xef, 0x34, 0xb3, 0x1f, 0x3f, 0xd3, 0x61, 0xb3, 0x94, 0xd3, 0x75, 0x58, 0x7e, 0x45,
|
0xd9, 0x82, 0xfd, 0xbb, 0xed, 0xec, 0xc7, 0x4f, 0x95, 0xdb, 0x2c, 0xe5, 0x74, 0x1d, 0x56, 0xb7,
|
||||||
0xee, 0xc0, 0x7e, 0x1a, 0x5d, 0x22, 0xcb, 0xa3, 0x18, 0xfd, 0x96, 0x3c, 0xf0, 0x7a, 0x83, 0x8c,
|
0x4a, 0x7c, 0x2c, 0xce, 0x72, 0x64, 0x5e, 0x47, 0x04, 0x56, 0x16, 0xf1, 0xa1, 0x97, 0xd3, 0xec,
|
||||||
0xa0, 0x93, 0xd3, 0xec, 0x2a, 0x59, 0x22, 0xf5, 0x3d, 0xe9, 0x2c, 0x6d, 0xc1, 0x8c, 0x61, 0x4c,
|
0x2a, 0x59, 0x22, 0xf5, 0x1c, 0x81, 0xa3, 0xb2, 0xc5, 0x1d, 0x8c, 0x29, 0x72, 0xaf, 0x2b, 0x4e,
|
||||||
0x91, 0xfb, 0x6d, 0xe9, 0xd1, 0xd6, 0xe8, 0x11, 0xf4, 0x2b, 0x87, 0x91, 0x21, 0x38, 0x17, 0xb8,
|
0x94, 0xe5, 0x3f, 0x04, 0xb7, 0xf6, 0x0c, 0x19, 0x81, 0x75, 0x81, 0x6b, 0xc5, 0xac, 0x5c, 0x96,
|
||||||
0xd6, 0xfc, 0xc4, 0x52, 0x90, 0xb9, 0x8a, 0x56, 0x85, 0x61, 0xa8, 0x8c, 0x4f, 0xec, 0x8f, 0xac,
|
0x34, 0xae, 0xa2, 0x55, 0xa1, 0xb9, 0x49, 0xe3, 0x53, 0xf3, 0x63, 0x23, 0x58, 0x40, 0x2f, 0x44,
|
||||||
0x60, 0x05, 0x9d, 0x10, 0x59, 0x56, 0xd0, 0x18, 0x85, 0x0c, 0x02, 0x89, 0xfe, 0x50, 0xae, 0x1b,
|
0x96, 0x15, 0x34, 0xc6, 0x52, 0x80, 0x34, 0xba, 0x44, 0x75, 0x51, 0xac, 0x5b, 0x45, 0xf1, 0xa1,
|
||||||
0xa5, 0x19, 0x41, 0x07, 0xd3, 0x65, 0x9e, 0x25, 0x29, 0x97, 0xea, 0xef, 0x87, 0xa5, 0x5d, 0xa5,
|
0x87, 0xe9, 0x32, 0xcf, 0x92, 0x94, 0x0b, 0xdd, 0xf7, 0xc3, 0xca, 0x0e, 0x7e, 0x37, 0xe1, 0x60,
|
||||||
0xe7, 0xd6, 0xe8, 0x05, 0xbf, 0xdb, 0x70, 0x30, 0xc7, 0x14, 0x69, 0xc4, 0x51, 0x37, 0xda, 0x56,
|
0x8e, 0x29, 0xd2, 0x88, 0xa3, 0x2a, 0xa2, 0x2d, 0xa1, 0x2b, 0x51, 0xcd, 0x4d, 0x51, 0x3f, 0xdf,
|
||||||
0x31, 0x4a, 0xe1, 0xed, 0x4d, 0xe1, 0x3f, 0xdb, 0x10, 0xde, 0x91, 0xc2, 0xbf, 0x5f, 0x13, 0xbe,
|
0x10, 0xd5, 0x12, 0xa2, 0x7e, 0xd0, 0x10, 0xb5, 0x11, 0xf7, 0x15, 0xc4, 0xb5, 0x6b, 0xe2, 0x5e,
|
||||||
0x96, 0xf7, 0xf5, 0x0a, 0x50, 0x47, 0xb8, 0x21, 0x72, 0x6b, 0x53, 0xe4, 0x52, 0x07, 0xaf, 0xaa,
|
0x0b, 0xd8, 0xd9, 0x14, 0xb0, 0xe2, 0xe8, 0xd4, 0x39, 0x56, 0x89, 0xe8, 0xd6, 0x13, 0xf1, 0xff,
|
||||||
0x43, 0x59, 0xac, 0x76, 0xb5, 0x58, 0xff, 0xad, 0x28, 0x53, 0x18, 0x5e, 0xb3, 0xd1, 0xf7, 0xee,
|
0x04, 0x9f, 0xc2, 0xe8, 0x9a, 0x87, 0xea, 0xa6, 0x8f, 0xa0, 0xab, 0xba, 0x44, 0xc4, 0xd8, 0xdd,
|
||||||
0x43, 0x68, 0xeb, 0xfb, 0x24, 0x73, 0xec, 0xbe, 0x76, 0x26, 0x2c, 0x78, 0x01, 0xbd, 0x39, 0x8d,
|
0x4c, 0xda, 0x2d, 0x78, 0x0e, 0x83, 0x39, 0x8d, 0x52, 0xae, 0x25, 0x26, 0x60, 0x97, 0x2a, 0xea,
|
||||||
0x52, 0x6e, 0x84, 0x26, 0xe0, 0x0a, 0x2d, 0x4d, 0x79, 0xc5, 0x9a, 0x3c, 0x84, 0x0e, 0xd5, 0xe5,
|
0xd4, 0x95, 0x6b, 0xf2, 0x00, 0x7a, 0x54, 0xa5, 0x56, 0xc0, 0xe8, 0x4f, 0xde, 0x6a, 0x84, 0xd5,
|
||||||
0x97, 0x30, 0xba, 0x93, 0xb7, 0x6a, 0x69, 0x4d, 0x77, 0x84, 0x65, 0x60, 0x70, 0x00, 0x7d, 0x9d,
|
0x99, 0x0f, 0x2b, 0xc7, 0xe0, 0x00, 0x5c, 0x15, 0x58, 0x62, 0x0b, 0xbe, 0x05, 0x37, 0xc4, 0xab,
|
||||||
0x58, 0x61, 0x0b, 0xbe, 0x81, 0x7e, 0x88, 0x57, 0xd9, 0x05, 0xbe, 0xf1, 0xa3, 0x86, 0x30, 0x30,
|
0xec, 0x02, 0x5f, 0xfb, 0x53, 0x23, 0x18, 0xea, 0xc8, 0xea, 0xad, 0xf7, 0x60, 0xf8, 0x38, 0x65,
|
||||||
0x99, 0xf5, 0x59, 0xef, 0xc2, 0xe0, 0x49, 0xca, 0x72, 0x8c, 0x4b, 0x5e, 0x87, 0xd0, 0xda, 0x1c,
|
0x39, 0xc6, 0x15, 0xaf, 0x43, 0xe8, 0x6c, 0x8e, 0x08, 0x69, 0x04, 0x8f, 0xe0, 0xa0, 0xf2, 0xfb,
|
||||||
0x26, 0xca, 0x08, 0x1e, 0xc3, 0x41, 0x19, 0xf7, 0xaf, 0x25, 0xfc, 0x19, 0x7a, 0x72, 0xde, 0xec,
|
0xcf, 0x12, 0xfe, 0x02, 0x03, 0x31, 0x45, 0x76, 0x55, 0xe9, 0x75, 0xb5, 0x98, 0xb5, 0x6a, 0xd9,
|
||||||
0xea, 0xd5, 0xeb, 0x6e, 0xb1, 0x2b, 0xdd, 0xb2, 0x35, 0xc3, 0x9c, 0x86, 0x19, 0x76, 0x0f, 0x7a,
|
0x9a, 0x4c, 0x56, 0xcb, 0x64, 0xba, 0x0b, 0x03, 0x71, 0xf8, 0xa2, 0x36, 0x85, 0xfa, 0x62, 0x6f,
|
||||||
0xd2, 0xf9, 0xb2, 0x32, 0xaf, 0xba, 0x72, 0x6f, 0xa6, 0x86, 0xd6, 0x23, 0xe8, 0xeb, 0xf3, 0x35,
|
0x26, 0x47, 0xd1, 0x43, 0x70, 0xd5, 0xfb, 0x8a, 0xc2, 0xfd, 0x4d, 0xae, 0xfd, 0xc9, 0x61, 0x83,
|
||||||
0x85, 0x07, 0x9b, 0x5c, 0xbb, 0x93, 0xc3, 0x1a, 0x01, 0x15, 0xac, 0x15, 0xf8, 0xc3, 0x02, 0x37,
|
0x80, 0x74, 0x56, 0x0a, 0xfc, 0x69, 0x80, 0x1d, 0x16, 0x2b, 0x6c, 0x1b, 0x62, 0x22, 0x3b, 0xe6,
|
||||||
0x2c, 0x56, 0xd8, 0x34, 0xee, 0x64, 0x75, 0xec, 0x1d, 0xd5, 0x71, 0x5e, 0xb3, 0x3a, 0xe4, 0x03,
|
0x8e, 0xec, 0x58, 0xaf, 0x98, 0x1d, 0xf2, 0x21, 0x38, 0x72, 0x1e, 0x0b, 0xec, 0xc3, 0xc9, 0xcd,
|
||||||
0xf0, 0xd4, 0xe4, 0x96, 0xd8, 0x07, 0x93, 0x9b, 0xdb, 0x7a, 0x22, 0x63, 0xa1, 0x0e, 0x52, 0xf7,
|
0x6d, 0x3d, 0x91, 0xb1, 0x50, 0x39, 0xc9, 0x7e, 0x49, 0x32, 0x9a, 0xf0, 0xb5, 0xe8, 0xae, 0x4e,
|
||||||
0x25, 0xc9, 0x68, 0xc2, 0xd7, 0xf2, 0x76, 0xb5, 0xc2, 0xd2, 0x0e, 0x7e, 0xb3, 0xa0, 0xff, 0x58,
|
0x58, 0xd9, 0xc1, 0x1f, 0x06, 0xb8, 0x8f, 0xc4, 0x60, 0x7e, 0xdd, 0x35, 0xb4, 0x81, 0xd2, 0xfa,
|
||||||
0x8e, 0xf0, 0x37, 0xdd, 0x43, 0x1b, 0x28, 0x9d, 0x7f, 0x8a, 0xd2, 0xad, 0xa1, 0x1c, 0xc2, 0xc0,
|
0xb7, 0x28, 0xed, 0x06, 0xca, 0x11, 0x0c, 0x35, 0x48, 0x55, 0x8e, 0x25, 0xee, 0x29, 0xae, 0xf0,
|
||||||
0x80, 0xd4, 0xed, 0x28, 0x70, 0x4f, 0x71, 0x85, 0xff, 0x7b, 0xdc, 0x06, 0xa4, 0xc6, 0xdd, 0x87,
|
0x8d, 0xc7, 0xad, 0x41, 0x2a, 0xdc, 0x2e, 0xf4, 0xcb, 0x8f, 0xb6, 0xfe, 0x86, 0x7f, 0x02, 0x03,
|
||||||
0xae, 0xf8, 0xbd, 0x9b, 0xbf, 0xfd, 0xc7, 0xd0, 0x53, 0xa6, 0xee, 0xb3, 0xf7, 0xa0, 0x45, 0x0b,
|
0x69, 0xaa, 0x3a, 0x7b, 0x1f, 0x3a, 0xb4, 0x28, 0xc7, 0xaf, 0xfc, 0x70, 0xdf, 0x68, 0xa2, 0x2d,
|
||||||
0x31, 0x84, 0xd5, 0x2f, 0xfe, 0x46, 0x1d, 0x6d, 0xb1, 0xc2, 0x50, 0x45, 0x3c, 0x18, 0x83, 0xa7,
|
0x56, 0x18, 0x4a, 0x8f, 0xfb, 0x63, 0x70, 0x24, 0x12, 0xd2, 0x87, 0xee, 0x37, 0x8b, 0x2f, 0x16,
|
||||||
0x90, 0x90, 0x2e, 0xb4, 0xbf, 0x5e, 0x7c, 0xbe, 0xf8, 0xf2, 0xc5, 0x62, 0xb8, 0x27, 0x8c, 0x79,
|
0x5f, 0x3d, 0x5f, 0x8c, 0xf6, 0x4a, 0x63, 0x1e, 0x9e, 0x2d, 0x9e, 0xcd, 0xa6, 0x23, 0x83, 0x00,
|
||||||
0x78, 0xb6, 0x78, 0x3e, 0x9b, 0x0e, 0x2d, 0x02, 0xe0, 0x4d, 0x67, 0x8b, 0x27, 0xb3, 0xe9, 0xd0,
|
0x38, 0xd3, 0xd9, 0xe2, 0xf1, 0x6c, 0x3a, 0x32, 0x27, 0x7f, 0x1b, 0x60, 0x9f, 0x15, 0xfc, 0x9c,
|
||||||
0x9e, 0xfc, 0x65, 0x81, 0x7b, 0x56, 0xf0, 0x73, 0xf2, 0x0c, 0x3a, 0x66, 0xca, 0x91, 0xbb, 0xaf,
|
0x3c, 0x85, 0x9e, 0x9e, 0x72, 0xe4, 0xce, 0xcb, 0xc7, 0xb8, 0xff, 0xce, 0xce, 0x73, 0xc5, 0x67,
|
||||||
0x1e, 0xe6, 0xa3, 0xb7, 0x77, 0xfa, 0x35, 0x9f, 0x3d, 0xf2, 0x14, 0xda, 0xfa, 0xc2, 0x93, 0xa3,
|
0x8f, 0x3c, 0x81, 0xae, 0x6a, 0x78, 0x72, 0xd4, 0xf0, 0xae, 0x0f, 0x0c, 0xff, 0xce, 0xae, 0xe3,
|
||||||
0x5a, 0x74, 0x75, 0x60, 0x8c, 0xee, 0xee, 0x72, 0x97, 0xb9, 0xa6, 0xe6, 0xbd, 0x72, 0xbb, 0xf1,
|
0x2a, 0xd6, 0x54, 0xff, 0x85, 0xdc, 0x6e, 0x6d, 0x30, 0x15, 0xe7, 0xed, 0xf6, 0x43, 0x1d, 0x65,
|
||||||
0x82, 0xe9, 0x3c, 0x77, 0x9a, 0x9d, 0x26, 0xcb, 0xe4, 0x5b, 0xe8, 0x98, 0xe7, 0x13, 0xf9, 0x0a,
|
0xf2, 0x1d, 0xf4, 0xf4, 0x4f, 0x11, 0xf9, 0x1a, 0xec, 0x52, 0x60, 0x12, 0x34, 0xee, 0xb4, 0xfc,
|
||||||
0x5c, 0x21, 0x30, 0x09, 0x6a, 0xdf, 0x34, 0x3c, 0xbd, 0x46, 0xf7, 0x5f, 0x19, 0x53, 0xa6, 0xff,
|
0x50, 0xf9, 0xf7, 0x5e, 0xea, 0x53, 0x85, 0xff, 0xcb, 0x80, 0x4e, 0x99, 0x08, 0x46, 0xe6, 0xe0,
|
||||||
0xd3, 0x82, 0x96, 0x28, 0x04, 0x23, 0x73, 0xf0, 0x54, 0x5b, 0x92, 0x3a, 0xa4, 0xca, 0x95, 0x1a,
|
0xc8, 0xb2, 0x24, 0x4d, 0x48, 0xb5, 0x96, 0xf2, 0x8f, 0x76, 0x9c, 0x56, 0xbc, 0xe7, 0xe0, 0xc8,
|
||||||
0x1d, 0xed, 0xf0, 0x96, 0xbc, 0xe7, 0xe0, 0xa9, 0x3e, 0xd9, 0x4a, 0x54, 0xe9, 0xf1, 0xad, 0x44,
|
0x3a, 0xd9, 0x0a, 0x54, 0xab, 0xf1, 0xad, 0x40, 0x8d, 0xe2, 0xda, 0x23, 0x67, 0x8a, 0xae, 0xdf,
|
||||||
0xb5, 0xe6, 0xda, 0x23, 0x67, 0x9a, 0xee, 0xa8, 0x81, 0x8a, 0x49, 0x72, 0xbb, 0xd1, 0x67, 0x52,
|
0x42, 0x45, 0x07, 0xb9, 0xdd, 0x7a, 0xa6, 0x43, 0x7c, 0xef, 0x88, 0x7f, 0xd0, 0x07, 0xff, 0x04,
|
||||||
0x7c, 0xe7, 0xc9, 0xd7, 0xea, 0xc3, 0xbf, 0x03, 0x00, 0x00, 0xff, 0xff, 0xdf, 0x67, 0x3c, 0x6e,
|
0x00, 0x00, 0xff, 0xff, 0x60, 0xd4, 0x97, 0x04, 0xa4, 0x0a, 0x00, 0x00,
|
||||||
0xce, 0x0a, 0x00, 0x00,
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// Reference imports to suppress errors if they are not otherwise used.
|
// Reference imports to suppress errors if they are not otherwise used.
|
||||||
|
@ -37,7 +37,7 @@ message Account {
|
|||||||
string type = 2;
|
string type = 2;
|
||||||
repeated string roles = 3;
|
repeated string roles = 3;
|
||||||
map<string, string> metadata = 4;
|
map<string, string> metadata = 4;
|
||||||
string namespace = 5;
|
repeated string scopes = 5;
|
||||||
string provider = 6;
|
string provider = 6;
|
||||||
string secret = 7;
|
string secret = 7;
|
||||||
}
|
}
|
||||||
@ -46,14 +46,13 @@ message Resource{
|
|||||||
string name = 1;
|
string name = 1;
|
||||||
string type = 2;
|
string type = 2;
|
||||||
string endpoint = 3;
|
string endpoint = 3;
|
||||||
string namespace = 4;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
message GenerateRequest {
|
message GenerateRequest {
|
||||||
string id = 1;
|
string id = 1;
|
||||||
repeated string roles = 2;
|
repeated string roles = 2;
|
||||||
map<string, string> metadata = 3;
|
map<string, string> metadata = 3;
|
||||||
string namespace = 4;
|
repeated string scopes = 4;
|
||||||
string secret = 5;
|
string secret = 5;
|
||||||
string type = 6;
|
string type = 6;
|
||||||
string provider = 7;
|
string provider = 7;
|
||||||
|
@ -67,9 +67,9 @@ func (s *svc) Generate(id string, opts ...auth.GenerateOption) (*auth.Account, e
|
|||||||
Type: options.Type,
|
Type: options.Type,
|
||||||
Secret: options.Secret,
|
Secret: options.Secret,
|
||||||
Roles: options.Roles,
|
Roles: options.Roles,
|
||||||
|
Scopes: options.Scopes,
|
||||||
Metadata: options.Metadata,
|
Metadata: options.Metadata,
|
||||||
Provider: options.Provider,
|
Provider: options.Provider,
|
||||||
Namespace: options.Namespace,
|
|
||||||
})
|
})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
@ -84,7 +84,6 @@ func (s *svc) Grant(role string, res *auth.Resource) error {
|
|||||||
Role: role,
|
Role: role,
|
||||||
Access: pb.Access_GRANTED,
|
Access: pb.Access_GRANTED,
|
||||||
Resource: &pb.Resource{
|
Resource: &pb.Resource{
|
||||||
Namespace: res.Namespace,
|
|
||||||
Type: res.Type,
|
Type: res.Type,
|
||||||
Name: res.Name,
|
Name: res.Name,
|
||||||
Endpoint: res.Endpoint,
|
Endpoint: res.Endpoint,
|
||||||
@ -99,7 +98,6 @@ func (s *svc) Revoke(role string, res *auth.Resource) error {
|
|||||||
Role: role,
|
Role: role,
|
||||||
Access: pb.Access_GRANTED,
|
Access: pb.Access_GRANTED,
|
||||||
Resource: &pb.Resource{
|
Resource: &pb.Resource{
|
||||||
Namespace: res.Namespace,
|
|
||||||
Type: res.Type,
|
Type: res.Type,
|
||||||
Name: res.Name,
|
Name: res.Name,
|
||||||
Endpoint: res.Endpoint,
|
Endpoint: res.Endpoint,
|
||||||
@ -110,20 +108,20 @@ func (s *svc) Revoke(role string, res *auth.Resource) error {
|
|||||||
|
|
||||||
// Verify an account has access to a resource
|
// Verify an account has access to a resource
|
||||||
func (s *svc) Verify(acc *auth.Account, res *auth.Resource) error {
|
func (s *svc) Verify(acc *auth.Account, res *auth.Resource) error {
|
||||||
|
// check the scope
|
||||||
|
scope := "namespace." + s.options.Namespace
|
||||||
|
if acc != nil && !acc.HasScope(scope) {
|
||||||
|
return fmt.Errorf("Missing required scope: %v", scope)
|
||||||
|
}
|
||||||
|
|
||||||
// load the rules if none are loaded
|
// load the rules if none are loaded
|
||||||
s.loadRulesIfEmpty()
|
s.loadRulesIfEmpty()
|
||||||
|
|
||||||
// set the namespace on the resource
|
|
||||||
if len(res.Namespace) == 0 {
|
|
||||||
res.Namespace = s.Options().Namespace
|
|
||||||
}
|
|
||||||
|
|
||||||
queries := [][]string{
|
queries := [][]string{
|
||||||
{res.Namespace, res.Type, res.Name, res.Endpoint}, // check for specific role, e.g. service.foo.ListFoo:admin (role is checked in accessForRule)
|
{res.Type, res.Name, res.Endpoint}, // check for specific role, e.g. service.foo.ListFoo:admin (role is checked in accessForRule)
|
||||||
{res.Namespace, res.Type, res.Name, "*"}, // check for wildcard endpoint, e.g. service.foo*
|
{res.Type, res.Name, "*"}, // check for wildcard endpoint, e.g. service.foo*
|
||||||
{res.Namespace, res.Type, "*"}, // check for wildcard name, e.g. service.*
|
{res.Type, "*"}, // check for wildcard name, e.g. service.*
|
||||||
{res.Namespace, "*"}, // check for wildcard type, e.g. *
|
{"*"}, // check for wildcard type, e.g. *
|
||||||
{"*"}, // check for wildcard namespace
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// endpoint is a url which can have wildcard excludes, e.g.
|
// endpoint is a url which can have wildcard excludes, e.g.
|
||||||
@ -140,10 +138,6 @@ func (s *svc) Verify(acc *auth.Account, res *auth.Resource) error {
|
|||||||
if len(logID) == 0 {
|
if len(logID) == 0 {
|
||||||
logID = "[no account]"
|
logID = "[no account]"
|
||||||
}
|
}
|
||||||
logNamespace := acc.Namespace
|
|
||||||
if len(logNamespace) == 0 {
|
|
||||||
logNamespace = "[no namespace]"
|
|
||||||
}
|
|
||||||
|
|
||||||
for _, q := range queries {
|
for _, q := range queries {
|
||||||
for _, rule := range s.listRules(q...) {
|
for _, rule := range s.listRules(q...) {
|
||||||
@ -151,17 +145,17 @@ func (s *svc) Verify(acc *auth.Account, res *auth.Resource) error {
|
|||||||
case pb.Access_UNKNOWN:
|
case pb.Access_UNKNOWN:
|
||||||
continue // rule did not specify access, check the next rule
|
continue // rule did not specify access, check the next rule
|
||||||
case pb.Access_GRANTED:
|
case pb.Access_GRANTED:
|
||||||
log.Tracef("%v:%v granted access to %v:%v:%v:%v by rule %v", logNamespace, logID, res.Namespace, res.Type, res.Name, res.Endpoint, rule.Id)
|
log.Tracef("%v granted access to %v:%v:%v by rule %v", logID, res.Type, res.Name, res.Endpoint, rule.Id)
|
||||||
return nil // rule grants the account access to the resource
|
return nil // rule grants the account access to the resource
|
||||||
case pb.Access_DENIED:
|
case pb.Access_DENIED:
|
||||||
log.Tracef("%v:%v denied access to %v:%v:%v:%v by rule %v", logNamespace, logID, res.Namespace, res.Type, res.Name, res.Endpoint, rule.Id)
|
log.Tracef("%v denied access to %v:%v:%v by rule %v", logID, res.Type, res.Name, res.Endpoint, rule.Id)
|
||||||
return auth.ErrForbidden // rule denies access to the resource
|
return auth.ErrForbidden // rule denies access to the resource
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// no rules were found for the resource, default to denying access
|
// no rules were found for the resource, default to denying access
|
||||||
log.Tracef("%v:%v denied access to %v:%v:%v:%v by lack of rule (%v rules found for namespace)", logNamespace, logID, res.Namespace, res.Type, res.Name, res.Endpoint, len(s.listRules(res.Namespace)))
|
log.Tracef("%v denied access to %v:%v:%v by lack of rule", logID, res.Type, res.Name, res.Endpoint)
|
||||||
return auth.ErrForbidden
|
return auth.ErrForbidden
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -235,16 +229,13 @@ func (s *svc) listRules(filters ...string) []*pb.Rule {
|
|||||||
|
|
||||||
var rules []*pb.Rule
|
var rules []*pb.Rule
|
||||||
for _, r := range s.rules {
|
for _, r := range s.rules {
|
||||||
if len(filters) > 0 && r.Resource.Namespace != filters[0] {
|
if len(filters) > 1 && r.Resource.Type != filters[0] {
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
if len(filters) > 1 && r.Resource.Type != filters[1] {
|
if len(filters) > 2 && r.Resource.Name != filters[1] {
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
if len(filters) > 2 && r.Resource.Name != filters[2] {
|
if len(filters) > 3 && r.Resource.Endpoint != filters[2] {
|
||||||
continue
|
|
||||||
}
|
|
||||||
if len(filters) > 3 && r.Resource.Endpoint != filters[3] {
|
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -299,7 +290,7 @@ func serializeAccount(a *pb.Account) *auth.Account {
|
|||||||
Secret: a.Secret,
|
Secret: a.Secret,
|
||||||
Metadata: a.Metadata,
|
Metadata: a.Metadata,
|
||||||
Provider: a.Provider,
|
Provider: a.Provider,
|
||||||
Namespace: a.Namespace,
|
Scopes: a.Scopes,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -13,9 +13,9 @@ import (
|
|||||||
type authClaims struct {
|
type authClaims struct {
|
||||||
Type string `json:"type"`
|
Type string `json:"type"`
|
||||||
Roles []string `json:"roles"`
|
Roles []string `json:"roles"`
|
||||||
|
Scopes []string `json:"scopes"`
|
||||||
Provider string `json:"provider"`
|
Provider string `json:"provider"`
|
||||||
Metadata map[string]string `json:"metadata"`
|
Metadata map[string]string `json:"metadata"`
|
||||||
Namespace string `json:"namespace"`
|
|
||||||
|
|
||||||
jwt.StandardClaims
|
jwt.StandardClaims
|
||||||
}
|
}
|
||||||
@ -52,7 +52,7 @@ func (j *JWT) Generate(acc *auth.Account, opts ...token.GenerateOption) (*token.
|
|||||||
// generate the JWT
|
// generate the JWT
|
||||||
expiry := time.Now().Add(options.Expiry)
|
expiry := time.Now().Add(options.Expiry)
|
||||||
t := jwt.NewWithClaims(jwt.SigningMethodRS256, authClaims{
|
t := jwt.NewWithClaims(jwt.SigningMethodRS256, authClaims{
|
||||||
acc.Type, acc.Roles, acc.Provider, acc.Metadata, acc.Namespace, jwt.StandardClaims{
|
acc.Type, acc.Roles, acc.Scopes, acc.Provider, acc.Metadata, jwt.StandardClaims{
|
||||||
Subject: acc.ID,
|
Subject: acc.ID,
|
||||||
ExpiresAt: expiry.Unix(),
|
ExpiresAt: expiry.Unix(),
|
||||||
},
|
},
|
||||||
@ -100,9 +100,9 @@ func (j *JWT) Inspect(t string) (*auth.Account, error) {
|
|||||||
ID: claims.Subject,
|
ID: claims.Subject,
|
||||||
Type: claims.Type,
|
Type: claims.Type,
|
||||||
Roles: claims.Roles,
|
Roles: claims.Roles,
|
||||||
|
Scopes: claims.Scopes,
|
||||||
Provider: claims.Provider,
|
Provider: claims.Provider,
|
||||||
Metadata: claims.Metadata,
|
Metadata: claims.Metadata,
|
||||||
Namespace: claims.Namespace,
|
|
||||||
}, nil
|
}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -278,6 +278,7 @@ var (
|
|||||||
Name: "auth_namespace",
|
Name: "auth_namespace",
|
||||||
EnvVars: []string{"MICRO_AUTH_NAMESPACE"},
|
EnvVars: []string{"MICRO_AUTH_NAMESPACE"},
|
||||||
Usage: "Namespace for the services auth account",
|
Usage: "Namespace for the services auth account",
|
||||||
|
Value: "go.micro",
|
||||||
},
|
},
|
||||||
&cli.StringFlag{
|
&cli.StringFlag{
|
||||||
Name: "auth_public_key",
|
Name: "auth_public_key",
|
||||||
|
@ -1,350 +1,324 @@
|
|||||||
// Code generated by protoc-gen-go. DO NOT EDIT.
|
// Code generated by protoc-gen-go. DO NOT EDIT.
|
||||||
// versions:
|
// source: server/proto/server.proto
|
||||||
// protoc-gen-go v1.22.0
|
|
||||||
// protoc v3.6.1
|
|
||||||
// source: github.com/micro/go-micro/server/proto/server.proto
|
|
||||||
|
|
||||||
package go_micro_server
|
package go_micro_server
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
context "context"
|
||||||
|
fmt "fmt"
|
||||||
proto "github.com/golang/protobuf/proto"
|
proto "github.com/golang/protobuf/proto"
|
||||||
protoreflect "google.golang.org/protobuf/reflect/protoreflect"
|
grpc "google.golang.org/grpc"
|
||||||
protoimpl "google.golang.org/protobuf/runtime/protoimpl"
|
codes "google.golang.org/grpc/codes"
|
||||||
reflect "reflect"
|
status "google.golang.org/grpc/status"
|
||||||
sync "sync"
|
math "math"
|
||||||
)
|
)
|
||||||
|
|
||||||
const (
|
// Reference imports to suppress errors if they are not otherwise used.
|
||||||
// Verify that this generated code is sufficiently up-to-date.
|
var _ = proto.Marshal
|
||||||
_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
|
var _ = fmt.Errorf
|
||||||
// Verify that runtime/protoimpl is sufficiently up-to-date.
|
var _ = math.Inf
|
||||||
_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
|
|
||||||
)
|
|
||||||
|
|
||||||
// This is a compile-time assertion that a sufficiently up-to-date version
|
// This is a compile-time assertion to ensure that this generated file
|
||||||
// of the legacy proto package is being used.
|
// is compatible with the proto package it is being compiled against.
|
||||||
const _ = proto.ProtoPackageIsVersion4
|
// A compilation error at this line likely means your copy of the
|
||||||
|
// proto package needs to be updated.
|
||||||
|
const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package
|
||||||
|
|
||||||
type HandleRequest struct {
|
type HandleRequest struct {
|
||||||
state protoimpl.MessageState
|
|
||||||
sizeCache protoimpl.SizeCache
|
|
||||||
unknownFields protoimpl.UnknownFields
|
|
||||||
|
|
||||||
Service string `protobuf:"bytes,1,opt,name=service,proto3" json:"service,omitempty"`
|
Service string `protobuf:"bytes,1,opt,name=service,proto3" json:"service,omitempty"`
|
||||||
Endpoint string `protobuf:"bytes,2,opt,name=endpoint,proto3" json:"endpoint,omitempty"`
|
Endpoint string `protobuf:"bytes,2,opt,name=endpoint,proto3" json:"endpoint,omitempty"`
|
||||||
Protocol string `protobuf:"bytes,3,opt,name=protocol,proto3" json:"protocol,omitempty"`
|
Protocol string `protobuf:"bytes,3,opt,name=protocol,proto3" json:"protocol,omitempty"`
|
||||||
|
XXX_NoUnkeyedLiteral struct{} `json:"-"`
|
||||||
|
XXX_unrecognized []byte `json:"-"`
|
||||||
|
XXX_sizecache int32 `json:"-"`
|
||||||
}
|
}
|
||||||
|
|
||||||
func (x *HandleRequest) Reset() {
|
func (m *HandleRequest) Reset() { *m = HandleRequest{} }
|
||||||
*x = HandleRequest{}
|
func (m *HandleRequest) String() string { return proto.CompactTextString(m) }
|
||||||
if protoimpl.UnsafeEnabled {
|
|
||||||
mi := &file_github_com_micro_go_micro_server_proto_server_proto_msgTypes[0]
|
|
||||||
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
|
||||||
ms.StoreMessageInfo(mi)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
func (x *HandleRequest) String() string {
|
|
||||||
return protoimpl.X.MessageStringOf(x)
|
|
||||||
}
|
|
||||||
|
|
||||||
func (*HandleRequest) ProtoMessage() {}
|
func (*HandleRequest) ProtoMessage() {}
|
||||||
|
|
||||||
func (x *HandleRequest) ProtoReflect() protoreflect.Message {
|
|
||||||
mi := &file_github_com_micro_go_micro_server_proto_server_proto_msgTypes[0]
|
|
||||||
if protoimpl.UnsafeEnabled && x != nil {
|
|
||||||
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
|
||||||
if ms.LoadMessageInfo() == nil {
|
|
||||||
ms.StoreMessageInfo(mi)
|
|
||||||
}
|
|
||||||
return ms
|
|
||||||
}
|
|
||||||
return mi.MessageOf(x)
|
|
||||||
}
|
|
||||||
|
|
||||||
// Deprecated: Use HandleRequest.ProtoReflect.Descriptor instead.
|
|
||||||
func (*HandleRequest) Descriptor() ([]byte, []int) {
|
func (*HandleRequest) Descriptor() ([]byte, []int) {
|
||||||
return file_github_com_micro_go_micro_server_proto_server_proto_rawDescGZIP(), []int{0}
|
return fileDescriptor_1959cecd4d1121a1, []int{0}
|
||||||
}
|
}
|
||||||
|
|
||||||
func (x *HandleRequest) GetService() string {
|
func (m *HandleRequest) XXX_Unmarshal(b []byte) error {
|
||||||
if x != nil {
|
return xxx_messageInfo_HandleRequest.Unmarshal(m, b)
|
||||||
return x.Service
|
}
|
||||||
|
func (m *HandleRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
|
||||||
|
return xxx_messageInfo_HandleRequest.Marshal(b, m, deterministic)
|
||||||
|
}
|
||||||
|
func (m *HandleRequest) XXX_Merge(src proto.Message) {
|
||||||
|
xxx_messageInfo_HandleRequest.Merge(m, src)
|
||||||
|
}
|
||||||
|
func (m *HandleRequest) XXX_Size() int {
|
||||||
|
return xxx_messageInfo_HandleRequest.Size(m)
|
||||||
|
}
|
||||||
|
func (m *HandleRequest) XXX_DiscardUnknown() {
|
||||||
|
xxx_messageInfo_HandleRequest.DiscardUnknown(m)
|
||||||
|
}
|
||||||
|
|
||||||
|
var xxx_messageInfo_HandleRequest proto.InternalMessageInfo
|
||||||
|
|
||||||
|
func (m *HandleRequest) GetService() string {
|
||||||
|
if m != nil {
|
||||||
|
return m.Service
|
||||||
}
|
}
|
||||||
return ""
|
return ""
|
||||||
}
|
}
|
||||||
|
|
||||||
func (x *HandleRequest) GetEndpoint() string {
|
func (m *HandleRequest) GetEndpoint() string {
|
||||||
if x != nil {
|
if m != nil {
|
||||||
return x.Endpoint
|
return m.Endpoint
|
||||||
}
|
}
|
||||||
return ""
|
return ""
|
||||||
}
|
}
|
||||||
|
|
||||||
func (x *HandleRequest) GetProtocol() string {
|
func (m *HandleRequest) GetProtocol() string {
|
||||||
if x != nil {
|
if m != nil {
|
||||||
return x.Protocol
|
return m.Protocol
|
||||||
}
|
}
|
||||||
return ""
|
return ""
|
||||||
}
|
}
|
||||||
|
|
||||||
type HandleResponse struct {
|
type HandleResponse struct {
|
||||||
state protoimpl.MessageState
|
XXX_NoUnkeyedLiteral struct{} `json:"-"`
|
||||||
sizeCache protoimpl.SizeCache
|
XXX_unrecognized []byte `json:"-"`
|
||||||
unknownFields protoimpl.UnknownFields
|
XXX_sizecache int32 `json:"-"`
|
||||||
}
|
|
||||||
|
|
||||||
func (x *HandleResponse) Reset() {
|
|
||||||
*x = HandleResponse{}
|
|
||||||
if protoimpl.UnsafeEnabled {
|
|
||||||
mi := &file_github_com_micro_go_micro_server_proto_server_proto_msgTypes[1]
|
|
||||||
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
|
||||||
ms.StoreMessageInfo(mi)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
func (x *HandleResponse) String() string {
|
|
||||||
return protoimpl.X.MessageStringOf(x)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (m *HandleResponse) Reset() { *m = HandleResponse{} }
|
||||||
|
func (m *HandleResponse) String() string { return proto.CompactTextString(m) }
|
||||||
func (*HandleResponse) ProtoMessage() {}
|
func (*HandleResponse) ProtoMessage() {}
|
||||||
|
|
||||||
func (x *HandleResponse) ProtoReflect() protoreflect.Message {
|
|
||||||
mi := &file_github_com_micro_go_micro_server_proto_server_proto_msgTypes[1]
|
|
||||||
if protoimpl.UnsafeEnabled && x != nil {
|
|
||||||
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
|
||||||
if ms.LoadMessageInfo() == nil {
|
|
||||||
ms.StoreMessageInfo(mi)
|
|
||||||
}
|
|
||||||
return ms
|
|
||||||
}
|
|
||||||
return mi.MessageOf(x)
|
|
||||||
}
|
|
||||||
|
|
||||||
// Deprecated: Use HandleResponse.ProtoReflect.Descriptor instead.
|
|
||||||
func (*HandleResponse) Descriptor() ([]byte, []int) {
|
func (*HandleResponse) Descriptor() ([]byte, []int) {
|
||||||
return file_github_com_micro_go_micro_server_proto_server_proto_rawDescGZIP(), []int{1}
|
return fileDescriptor_1959cecd4d1121a1, []int{1}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (m *HandleResponse) XXX_Unmarshal(b []byte) error {
|
||||||
|
return xxx_messageInfo_HandleResponse.Unmarshal(m, b)
|
||||||
|
}
|
||||||
|
func (m *HandleResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
|
||||||
|
return xxx_messageInfo_HandleResponse.Marshal(b, m, deterministic)
|
||||||
|
}
|
||||||
|
func (m *HandleResponse) XXX_Merge(src proto.Message) {
|
||||||
|
xxx_messageInfo_HandleResponse.Merge(m, src)
|
||||||
|
}
|
||||||
|
func (m *HandleResponse) XXX_Size() int {
|
||||||
|
return xxx_messageInfo_HandleResponse.Size(m)
|
||||||
|
}
|
||||||
|
func (m *HandleResponse) XXX_DiscardUnknown() {
|
||||||
|
xxx_messageInfo_HandleResponse.DiscardUnknown(m)
|
||||||
|
}
|
||||||
|
|
||||||
|
var xxx_messageInfo_HandleResponse proto.InternalMessageInfo
|
||||||
|
|
||||||
type SubscribeRequest struct {
|
type SubscribeRequest struct {
|
||||||
state protoimpl.MessageState
|
|
||||||
sizeCache protoimpl.SizeCache
|
|
||||||
unknownFields protoimpl.UnknownFields
|
|
||||||
|
|
||||||
Topic string `protobuf:"bytes,1,opt,name=topic,proto3" json:"topic,omitempty"`
|
Topic string `protobuf:"bytes,1,opt,name=topic,proto3" json:"topic,omitempty"`
|
||||||
|
XXX_NoUnkeyedLiteral struct{} `json:"-"`
|
||||||
|
XXX_unrecognized []byte `json:"-"`
|
||||||
|
XXX_sizecache int32 `json:"-"`
|
||||||
}
|
}
|
||||||
|
|
||||||
func (x *SubscribeRequest) Reset() {
|
func (m *SubscribeRequest) Reset() { *m = SubscribeRequest{} }
|
||||||
*x = SubscribeRequest{}
|
func (m *SubscribeRequest) String() string { return proto.CompactTextString(m) }
|
||||||
if protoimpl.UnsafeEnabled {
|
|
||||||
mi := &file_github_com_micro_go_micro_server_proto_server_proto_msgTypes[2]
|
|
||||||
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
|
||||||
ms.StoreMessageInfo(mi)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
func (x *SubscribeRequest) String() string {
|
|
||||||
return protoimpl.X.MessageStringOf(x)
|
|
||||||
}
|
|
||||||
|
|
||||||
func (*SubscribeRequest) ProtoMessage() {}
|
func (*SubscribeRequest) ProtoMessage() {}
|
||||||
|
|
||||||
func (x *SubscribeRequest) ProtoReflect() protoreflect.Message {
|
|
||||||
mi := &file_github_com_micro_go_micro_server_proto_server_proto_msgTypes[2]
|
|
||||||
if protoimpl.UnsafeEnabled && x != nil {
|
|
||||||
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
|
||||||
if ms.LoadMessageInfo() == nil {
|
|
||||||
ms.StoreMessageInfo(mi)
|
|
||||||
}
|
|
||||||
return ms
|
|
||||||
}
|
|
||||||
return mi.MessageOf(x)
|
|
||||||
}
|
|
||||||
|
|
||||||
// Deprecated: Use SubscribeRequest.ProtoReflect.Descriptor instead.
|
|
||||||
func (*SubscribeRequest) Descriptor() ([]byte, []int) {
|
func (*SubscribeRequest) Descriptor() ([]byte, []int) {
|
||||||
return file_github_com_micro_go_micro_server_proto_server_proto_rawDescGZIP(), []int{2}
|
return fileDescriptor_1959cecd4d1121a1, []int{2}
|
||||||
}
|
}
|
||||||
|
|
||||||
func (x *SubscribeRequest) GetTopic() string {
|
func (m *SubscribeRequest) XXX_Unmarshal(b []byte) error {
|
||||||
if x != nil {
|
return xxx_messageInfo_SubscribeRequest.Unmarshal(m, b)
|
||||||
return x.Topic
|
}
|
||||||
|
func (m *SubscribeRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
|
||||||
|
return xxx_messageInfo_SubscribeRequest.Marshal(b, m, deterministic)
|
||||||
|
}
|
||||||
|
func (m *SubscribeRequest) XXX_Merge(src proto.Message) {
|
||||||
|
xxx_messageInfo_SubscribeRequest.Merge(m, src)
|
||||||
|
}
|
||||||
|
func (m *SubscribeRequest) XXX_Size() int {
|
||||||
|
return xxx_messageInfo_SubscribeRequest.Size(m)
|
||||||
|
}
|
||||||
|
func (m *SubscribeRequest) XXX_DiscardUnknown() {
|
||||||
|
xxx_messageInfo_SubscribeRequest.DiscardUnknown(m)
|
||||||
|
}
|
||||||
|
|
||||||
|
var xxx_messageInfo_SubscribeRequest proto.InternalMessageInfo
|
||||||
|
|
||||||
|
func (m *SubscribeRequest) GetTopic() string {
|
||||||
|
if m != nil {
|
||||||
|
return m.Topic
|
||||||
}
|
}
|
||||||
return ""
|
return ""
|
||||||
}
|
}
|
||||||
|
|
||||||
type SubscribeResponse struct {
|
type SubscribeResponse struct {
|
||||||
state protoimpl.MessageState
|
XXX_NoUnkeyedLiteral struct{} `json:"-"`
|
||||||
sizeCache protoimpl.SizeCache
|
XXX_unrecognized []byte `json:"-"`
|
||||||
unknownFields protoimpl.UnknownFields
|
XXX_sizecache int32 `json:"-"`
|
||||||
}
|
|
||||||
|
|
||||||
func (x *SubscribeResponse) Reset() {
|
|
||||||
*x = SubscribeResponse{}
|
|
||||||
if protoimpl.UnsafeEnabled {
|
|
||||||
mi := &file_github_com_micro_go_micro_server_proto_server_proto_msgTypes[3]
|
|
||||||
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
|
||||||
ms.StoreMessageInfo(mi)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
func (x *SubscribeResponse) String() string {
|
|
||||||
return protoimpl.X.MessageStringOf(x)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (m *SubscribeResponse) Reset() { *m = SubscribeResponse{} }
|
||||||
|
func (m *SubscribeResponse) String() string { return proto.CompactTextString(m) }
|
||||||
func (*SubscribeResponse) ProtoMessage() {}
|
func (*SubscribeResponse) ProtoMessage() {}
|
||||||
|
|
||||||
func (x *SubscribeResponse) ProtoReflect() protoreflect.Message {
|
|
||||||
mi := &file_github_com_micro_go_micro_server_proto_server_proto_msgTypes[3]
|
|
||||||
if protoimpl.UnsafeEnabled && x != nil {
|
|
||||||
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
|
||||||
if ms.LoadMessageInfo() == nil {
|
|
||||||
ms.StoreMessageInfo(mi)
|
|
||||||
}
|
|
||||||
return ms
|
|
||||||
}
|
|
||||||
return mi.MessageOf(x)
|
|
||||||
}
|
|
||||||
|
|
||||||
// Deprecated: Use SubscribeResponse.ProtoReflect.Descriptor instead.
|
|
||||||
func (*SubscribeResponse) Descriptor() ([]byte, []int) {
|
func (*SubscribeResponse) Descriptor() ([]byte, []int) {
|
||||||
return file_github_com_micro_go_micro_server_proto_server_proto_rawDescGZIP(), []int{3}
|
return fileDescriptor_1959cecd4d1121a1, []int{3}
|
||||||
}
|
}
|
||||||
|
|
||||||
var File_github_com_micro_go_micro_server_proto_server_proto protoreflect.FileDescriptor
|
func (m *SubscribeResponse) XXX_Unmarshal(b []byte) error {
|
||||||
|
return xxx_messageInfo_SubscribeResponse.Unmarshal(m, b)
|
||||||
var file_github_com_micro_go_micro_server_proto_server_proto_rawDesc = []byte{
|
}
|
||||||
0x0a, 0x33, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6d, 0x69, 0x63,
|
func (m *SubscribeResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
|
||||||
0x72, 0x6f, 0x2f, 0x67, 0x6f, 0x2d, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x2f, 0x73, 0x65, 0x72, 0x76,
|
return xxx_messageInfo_SubscribeResponse.Marshal(b, m, deterministic)
|
||||||
0x65, 0x72, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e,
|
}
|
||||||
0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x0f, 0x67, 0x6f, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x2e,
|
func (m *SubscribeResponse) XXX_Merge(src proto.Message) {
|
||||||
0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x22, 0x61, 0x0a, 0x0d, 0x48, 0x61, 0x6e, 0x64, 0x6c, 0x65,
|
xxx_messageInfo_SubscribeResponse.Merge(m, src)
|
||||||
0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x18, 0x0a, 0x07, 0x73, 0x65, 0x72, 0x76, 0x69,
|
}
|
||||||
0x63, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63,
|
func (m *SubscribeResponse) XXX_Size() int {
|
||||||
0x65, 0x12, 0x1a, 0x0a, 0x08, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x18, 0x02, 0x20,
|
return xxx_messageInfo_SubscribeResponse.Size(m)
|
||||||
0x01, 0x28, 0x09, 0x52, 0x08, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x12, 0x1a, 0x0a,
|
}
|
||||||
0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52,
|
func (m *SubscribeResponse) XXX_DiscardUnknown() {
|
||||||
0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x22, 0x10, 0x0a, 0x0e, 0x48, 0x61, 0x6e,
|
xxx_messageInfo_SubscribeResponse.DiscardUnknown(m)
|
||||||
0x64, 0x6c, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x28, 0x0a, 0x10, 0x53,
|
|
||||||
0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12,
|
|
||||||
0x14, 0x0a, 0x05, 0x74, 0x6f, 0x70, 0x69, 0x63, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05,
|
|
||||||
0x74, 0x6f, 0x70, 0x69, 0x63, 0x22, 0x13, 0x0a, 0x11, 0x53, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69,
|
|
||||||
0x62, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x32, 0xab, 0x01, 0x0a, 0x06, 0x53,
|
|
||||||
0x65, 0x72, 0x76, 0x65, 0x72, 0x12, 0x4b, 0x0a, 0x06, 0x48, 0x61, 0x6e, 0x64, 0x6c, 0x65, 0x12,
|
|
||||||
0x1e, 0x2e, 0x67, 0x6f, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65,
|
|
||||||
0x72, 0x2e, 0x48, 0x61, 0x6e, 0x64, 0x6c, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a,
|
|
||||||
0x1f, 0x2e, 0x67, 0x6f, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65,
|
|
||||||
0x72, 0x2e, 0x48, 0x61, 0x6e, 0x64, 0x6c, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65,
|
|
||||||
0x22, 0x00, 0x12, 0x54, 0x0a, 0x09, 0x53, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0x12,
|
|
||||||
0x21, 0x2e, 0x67, 0x6f, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65,
|
|
||||||
0x72, 0x2e, 0x53, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65,
|
|
||||||
0x73, 0x74, 0x1a, 0x22, 0x2e, 0x67, 0x6f, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x2e, 0x73, 0x65,
|
|
||||||
0x72, 0x76, 0x65, 0x72, 0x2e, 0x53, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0x52, 0x65,
|
|
||||||
0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
|
|
||||||
}
|
}
|
||||||
|
|
||||||
var (
|
var xxx_messageInfo_SubscribeResponse proto.InternalMessageInfo
|
||||||
file_github_com_micro_go_micro_server_proto_server_proto_rawDescOnce sync.Once
|
|
||||||
file_github_com_micro_go_micro_server_proto_server_proto_rawDescData = file_github_com_micro_go_micro_server_proto_server_proto_rawDesc
|
|
||||||
)
|
|
||||||
|
|
||||||
func file_github_com_micro_go_micro_server_proto_server_proto_rawDescGZIP() []byte {
|
func init() {
|
||||||
file_github_com_micro_go_micro_server_proto_server_proto_rawDescOnce.Do(func() {
|
proto.RegisterType((*HandleRequest)(nil), "go.micro.server.HandleRequest")
|
||||||
file_github_com_micro_go_micro_server_proto_server_proto_rawDescData = protoimpl.X.CompressGZIP(file_github_com_micro_go_micro_server_proto_server_proto_rawDescData)
|
proto.RegisterType((*HandleResponse)(nil), "go.micro.server.HandleResponse")
|
||||||
})
|
proto.RegisterType((*SubscribeRequest)(nil), "go.micro.server.SubscribeRequest")
|
||||||
return file_github_com_micro_go_micro_server_proto_server_proto_rawDescData
|
proto.RegisterType((*SubscribeResponse)(nil), "go.micro.server.SubscribeResponse")
|
||||||
}
|
}
|
||||||
|
|
||||||
var file_github_com_micro_go_micro_server_proto_server_proto_msgTypes = make([]protoimpl.MessageInfo, 4)
|
func init() { proto.RegisterFile("server/proto/server.proto", fileDescriptor_1959cecd4d1121a1) }
|
||||||
var file_github_com_micro_go_micro_server_proto_server_proto_goTypes = []interface{}{
|
|
||||||
(*HandleRequest)(nil), // 0: go.micro.server.HandleRequest
|
var fileDescriptor_1959cecd4d1121a1 = []byte{
|
||||||
(*HandleResponse)(nil), // 1: go.micro.server.HandleResponse
|
// 223 bytes of a gzipped FileDescriptorProto
|
||||||
(*SubscribeRequest)(nil), // 2: go.micro.server.SubscribeRequest
|
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0x92, 0x2c, 0x4e, 0x2d, 0x2a,
|
||||||
(*SubscribeResponse)(nil), // 3: go.micro.server.SubscribeResponse
|
0x4b, 0x2d, 0xd2, 0x2f, 0x28, 0xca, 0x2f, 0xc9, 0xd7, 0x87, 0x70, 0xf4, 0xc0, 0x1c, 0x21, 0xfe,
|
||||||
}
|
0xf4, 0x7c, 0xbd, 0xdc, 0xcc, 0xe4, 0xa2, 0x7c, 0x3d, 0x88, 0xb0, 0x52, 0x22, 0x17, 0xaf, 0x47,
|
||||||
var file_github_com_micro_go_micro_server_proto_server_proto_depIdxs = []int32{
|
0x62, 0x5e, 0x4a, 0x4e, 0x6a, 0x50, 0x6a, 0x61, 0x69, 0x6a, 0x71, 0x89, 0x90, 0x04, 0x17, 0x3b,
|
||||||
0, // 0: go.micro.server.Server.Handle:input_type -> go.micro.server.HandleRequest
|
0x48, 0x2a, 0x33, 0x39, 0x55, 0x82, 0x51, 0x81, 0x51, 0x83, 0x33, 0x08, 0xc6, 0x15, 0x92, 0xe2,
|
||||||
2, // 1: go.micro.server.Server.Subscribe:input_type -> go.micro.server.SubscribeRequest
|
0xe2, 0x48, 0xcd, 0x4b, 0x29, 0xc8, 0xcf, 0xcc, 0x2b, 0x91, 0x60, 0x02, 0x4b, 0xc1, 0xf9, 0x20,
|
||||||
1, // 2: go.micro.server.Server.Handle:output_type -> go.micro.server.HandleResponse
|
0x39, 0xb0, 0x05, 0xc9, 0xf9, 0x39, 0x12, 0xcc, 0x10, 0x39, 0x18, 0x5f, 0x49, 0x80, 0x8b, 0x0f,
|
||||||
3, // 3: go.micro.server.Server.Subscribe:output_type -> go.micro.server.SubscribeResponse
|
0x66, 0x45, 0x71, 0x41, 0x7e, 0x5e, 0x71, 0xaa, 0x92, 0x06, 0x97, 0x40, 0x70, 0x69, 0x52, 0x71,
|
||||||
2, // [2:4] is the sub-list for method output_type
|
0x72, 0x51, 0x66, 0x12, 0xdc, 0x5e, 0x11, 0x2e, 0xd6, 0x92, 0xfc, 0x82, 0xcc, 0x64, 0xa8, 0xad,
|
||||||
0, // [0:2] is the sub-list for method input_type
|
0x10, 0x8e, 0x92, 0x30, 0x97, 0x20, 0x92, 0x4a, 0x88, 0x76, 0xa3, 0xd5, 0x8c, 0x5c, 0x6c, 0xc1,
|
||||||
0, // [0:0] is the sub-list for extension type_name
|
0x60, 0xe7, 0x0b, 0x79, 0x73, 0xb1, 0x41, 0xcc, 0x16, 0x92, 0xd3, 0x43, 0xf3, 0x9a, 0x1e, 0x8a,
|
||||||
0, // [0:0] is the sub-list for extension extendee
|
0xbf, 0xa4, 0xe4, 0x71, 0xca, 0x43, 0x1d, 0xc5, 0x20, 0x14, 0xc2, 0xc5, 0x09, 0xb7, 0x4c, 0x48,
|
||||||
0, // [0:0] is the sub-list for field type_name
|
0x11, 0x43, 0x3d, 0xba, 0x93, 0xa5, 0x94, 0xf0, 0x29, 0x81, 0x99, 0x9a, 0xc4, 0x06, 0x0e, 0x08,
|
||||||
|
0x63, 0x40, 0x00, 0x00, 0x00, 0xff, 0xff, 0xa4, 0x3f, 0x79, 0x80, 0x96, 0x01, 0x00, 0x00,
|
||||||
}
|
}
|
||||||
|
|
||||||
func init() { file_github_com_micro_go_micro_server_proto_server_proto_init() }
|
// Reference imports to suppress errors if they are not otherwise used.
|
||||||
func file_github_com_micro_go_micro_server_proto_server_proto_init() {
|
var _ context.Context
|
||||||
if File_github_com_micro_go_micro_server_proto_server_proto != nil {
|
var _ grpc.ClientConn
|
||||||
return
|
|
||||||
|
// This is a compile-time assertion to ensure that this generated file
|
||||||
|
// is compatible with the grpc package it is being compiled against.
|
||||||
|
const _ = grpc.SupportPackageIsVersion4
|
||||||
|
|
||||||
|
// ServerClient is the client API for Server service.
|
||||||
|
//
|
||||||
|
// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.
|
||||||
|
type ServerClient interface {
|
||||||
|
Handle(ctx context.Context, in *HandleRequest, opts ...grpc.CallOption) (*HandleResponse, error)
|
||||||
|
Subscribe(ctx context.Context, in *SubscribeRequest, opts ...grpc.CallOption) (*SubscribeResponse, error)
|
||||||
}
|
}
|
||||||
if !protoimpl.UnsafeEnabled {
|
|
||||||
file_github_com_micro_go_micro_server_proto_server_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
|
type serverClient struct {
|
||||||
switch v := v.(*HandleRequest); i {
|
cc *grpc.ClientConn
|
||||||
case 0:
|
|
||||||
return &v.state
|
|
||||||
case 1:
|
|
||||||
return &v.sizeCache
|
|
||||||
case 2:
|
|
||||||
return &v.unknownFields
|
|
||||||
default:
|
|
||||||
return nil
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func NewServerClient(cc *grpc.ClientConn) ServerClient {
|
||||||
|
return &serverClient{cc}
|
||||||
}
|
}
|
||||||
file_github_com_micro_go_micro_server_proto_server_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
|
|
||||||
switch v := v.(*HandleResponse); i {
|
func (c *serverClient) Handle(ctx context.Context, in *HandleRequest, opts ...grpc.CallOption) (*HandleResponse, error) {
|
||||||
case 0:
|
out := new(HandleResponse)
|
||||||
return &v.state
|
err := c.cc.Invoke(ctx, "/go.micro.server.Server/Handle", in, out, opts...)
|
||||||
case 1:
|
if err != nil {
|
||||||
return &v.sizeCache
|
return nil, err
|
||||||
case 2:
|
|
||||||
return &v.unknownFields
|
|
||||||
default:
|
|
||||||
return nil
|
|
||||||
}
|
}
|
||||||
|
return out, nil
|
||||||
}
|
}
|
||||||
file_github_com_micro_go_micro_server_proto_server_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
|
|
||||||
switch v := v.(*SubscribeRequest); i {
|
func (c *serverClient) Subscribe(ctx context.Context, in *SubscribeRequest, opts ...grpc.CallOption) (*SubscribeResponse, error) {
|
||||||
case 0:
|
out := new(SubscribeResponse)
|
||||||
return &v.state
|
err := c.cc.Invoke(ctx, "/go.micro.server.Server/Subscribe", in, out, opts...)
|
||||||
case 1:
|
if err != nil {
|
||||||
return &v.sizeCache
|
return nil, err
|
||||||
case 2:
|
|
||||||
return &v.unknownFields
|
|
||||||
default:
|
|
||||||
return nil
|
|
||||||
}
|
}
|
||||||
|
return out, nil
|
||||||
}
|
}
|
||||||
file_github_com_micro_go_micro_server_proto_server_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} {
|
|
||||||
switch v := v.(*SubscribeResponse); i {
|
// ServerServer is the server API for Server service.
|
||||||
case 0:
|
type ServerServer interface {
|
||||||
return &v.state
|
Handle(context.Context, *HandleRequest) (*HandleResponse, error)
|
||||||
case 1:
|
Subscribe(context.Context, *SubscribeRequest) (*SubscribeResponse, error)
|
||||||
return &v.sizeCache
|
|
||||||
case 2:
|
|
||||||
return &v.unknownFields
|
|
||||||
default:
|
|
||||||
return nil
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// UnimplementedServerServer can be embedded to have forward compatible implementations.
|
||||||
|
type UnimplementedServerServer struct {
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (*UnimplementedServerServer) Handle(ctx context.Context, req *HandleRequest) (*HandleResponse, error) {
|
||||||
|
return nil, status.Errorf(codes.Unimplemented, "method Handle not implemented")
|
||||||
}
|
}
|
||||||
type x struct{}
|
func (*UnimplementedServerServer) Subscribe(ctx context.Context, req *SubscribeRequest) (*SubscribeResponse, error) {
|
||||||
out := protoimpl.TypeBuilder{
|
return nil, status.Errorf(codes.Unimplemented, "method Subscribe not implemented")
|
||||||
File: protoimpl.DescBuilder{
|
}
|
||||||
GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
|
|
||||||
RawDescriptor: file_github_com_micro_go_micro_server_proto_server_proto_rawDesc,
|
func RegisterServerServer(s *grpc.Server, srv ServerServer) {
|
||||||
NumEnums: 0,
|
s.RegisterService(&_Server_serviceDesc, srv)
|
||||||
NumMessages: 4,
|
}
|
||||||
NumExtensions: 0,
|
|
||||||
NumServices: 1,
|
func _Server_Handle_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
|
||||||
|
in := new(HandleRequest)
|
||||||
|
if err := dec(in); err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
if interceptor == nil {
|
||||||
|
return srv.(ServerServer).Handle(ctx, in)
|
||||||
|
}
|
||||||
|
info := &grpc.UnaryServerInfo{
|
||||||
|
Server: srv,
|
||||||
|
FullMethod: "/go.micro.server.Server/Handle",
|
||||||
|
}
|
||||||
|
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
|
||||||
|
return srv.(ServerServer).Handle(ctx, req.(*HandleRequest))
|
||||||
|
}
|
||||||
|
return interceptor(ctx, in, info, handler)
|
||||||
|
}
|
||||||
|
|
||||||
|
func _Server_Subscribe_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
|
||||||
|
in := new(SubscribeRequest)
|
||||||
|
if err := dec(in); err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
if interceptor == nil {
|
||||||
|
return srv.(ServerServer).Subscribe(ctx, in)
|
||||||
|
}
|
||||||
|
info := &grpc.UnaryServerInfo{
|
||||||
|
Server: srv,
|
||||||
|
FullMethod: "/go.micro.server.Server/Subscribe",
|
||||||
|
}
|
||||||
|
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
|
||||||
|
return srv.(ServerServer).Subscribe(ctx, req.(*SubscribeRequest))
|
||||||
|
}
|
||||||
|
return interceptor(ctx, in, info, handler)
|
||||||
|
}
|
||||||
|
|
||||||
|
var _Server_serviceDesc = grpc.ServiceDesc{
|
||||||
|
ServiceName: "go.micro.server.Server",
|
||||||
|
HandlerType: (*ServerServer)(nil),
|
||||||
|
Methods: []grpc.MethodDesc{
|
||||||
|
{
|
||||||
|
MethodName: "Handle",
|
||||||
|
Handler: _Server_Handle_Handler,
|
||||||
},
|
},
|
||||||
GoTypes: file_github_com_micro_go_micro_server_proto_server_proto_goTypes,
|
{
|
||||||
DependencyIndexes: file_github_com_micro_go_micro_server_proto_server_proto_depIdxs,
|
MethodName: "Subscribe",
|
||||||
MessageInfos: file_github_com_micro_go_micro_server_proto_server_proto_msgTypes,
|
Handler: _Server_Subscribe_Handler,
|
||||||
}.Build()
|
},
|
||||||
File_github_com_micro_go_micro_server_proto_server_proto = out.File
|
},
|
||||||
file_github_com_micro_go_micro_server_proto_server_proto_rawDesc = nil
|
Streams: []grpc.StreamDesc{},
|
||||||
file_github_com_micro_go_micro_server_proto_server_proto_goTypes = nil
|
Metadata: "server/proto/server.proto",
|
||||||
file_github_com_micro_go_micro_server_proto_server_proto_depIdxs = nil
|
|
||||||
}
|
}
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
// Code generated by protoc-gen-micro. DO NOT EDIT.
|
// Code generated by protoc-gen-micro. DO NOT EDIT.
|
||||||
// source: github.com/micro/go-micro/server/proto/server.proto
|
// source: server/proto/server.proto
|
||||||
|
|
||||||
package go_micro_server
|
package go_micro_server
|
||||||
|
|
||||||
|
@ -18,17 +18,19 @@ func Generate(id string, name string, a auth.Auth) error {
|
|||||||
// if no credentials were provided, generate an account
|
// if no credentials were provided, generate an account
|
||||||
if len(accID) == 0 || len(accSecret) == 0 {
|
if len(accID) == 0 || len(accSecret) == 0 {
|
||||||
name := fmt.Sprintf("%v-%v", name, id)
|
name := fmt.Sprintf("%v-%v", name, id)
|
||||||
|
scope := "namespace." + a.Options().Namespace
|
||||||
|
|
||||||
opts := []auth.GenerateOption{
|
opts := []auth.GenerateOption{
|
||||||
auth.WithType("service"),
|
auth.WithType("service"),
|
||||||
auth.WithRoles("service"),
|
auth.WithRoles("service"),
|
||||||
auth.WithNamespace(a.Options().Namespace),
|
auth.WithScopes(scope),
|
||||||
}
|
}
|
||||||
|
|
||||||
acc, err := a.Generate(name, opts...)
|
acc, err := a.Generate(name, opts...)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
logger.Infof("Auth [%v] Authenticated as %v in the %v namespace", a, name, acc.Namespace)
|
logger.Infof("Auth [%v] Authenticated as %v in the %v scope", a, name, scope)
|
||||||
|
|
||||||
accID = acc.ID
|
accID = acc.ID
|
||||||
accSecret = acc.Secret
|
accSecret = acc.Secret
|
||||||
|
File diff suppressed because it is too large
Load Diff
@ -1,5 +1,5 @@
|
|||||||
// Code generated by protoc-gen-micro. DO NOT EDIT.
|
// Code generated by protoc-gen-micro. DO NOT EDIT.
|
||||||
// source: micro/go-micro/util/file/proto/file.proto
|
// source: util/file/proto/file.proto
|
||||||
|
|
||||||
package go_micro_server
|
package go_micro_server
|
||||||
|
|
||||||
|
@ -197,10 +197,7 @@ func AuthHandler(fn func() auth.Auth) server.HandlerWrapper {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Inspect the token and get the account
|
// Inspect the token and get the account
|
||||||
account, err := a.Inspect(token)
|
account, _ := a.Inspect(token)
|
||||||
if err != nil {
|
|
||||||
account = &auth.Account{Namespace: a.Options().Namespace}
|
|
||||||
}
|
|
||||||
|
|
||||||
// construct the resource
|
// construct the resource
|
||||||
res := &auth.Resource{
|
res := &auth.Resource{
|
||||||
@ -210,7 +207,7 @@ func AuthHandler(fn func() auth.Auth) server.HandlerWrapper {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Verify the caller has access to the resource
|
// Verify the caller has access to the resource
|
||||||
err = a.Verify(account, res)
|
err := a.Verify(account, res)
|
||||||
if err != nil && len(account.ID) > 0 {
|
if err != nil && len(account.ID) > 0 {
|
||||||
return errors.Forbidden(req.Service(), "Forbidden call made to %v:%v by %v", req.Service(), req.Endpoint(), account.ID)
|
return errors.Forbidden(req.Service(), "Forbidden call made to %v:%v by %v", req.Service(), req.Endpoint(), account.ID)
|
||||||
} else if err != nil {
|
} else if err != nil {
|
||||||
|
Loading…
Reference in New Issue
Block a user