micro/util/auth/auth.go
ben-toogood 09ec20fded
runtime: provide credentials to services (#1817)
* runtime: inject credentials into service

* util/auth: self generate accounts (needed for jwt)

* runtime/kubernetes: add logging for creds

* runtime/kubernetes: serialize secret name

* runtime/kubernetes: remove unused code

* runtime/kubernetes: base64 encode secret

* runtime/kubernetes: remove metadata from secret

* util/kubernetes/client: omit empty secret metadata

* util/kubernetes/client: fix secret template

* util/kubernetes/client: fix secrets

* web: update auth util

* util/auth: fix missing arg

* extend token expiry

* extend token expiry
2020-07-10 16:25:46 +01:00

79 lines
1.7 KiB
Go

package auth
import (
"time"
"github.com/google/uuid"
"github.com/micro/go-micro/v2/auth"
"github.com/micro/go-micro/v2/logger"
)
// Verify the auth credentials and refresh the auth token periodicallay
func Verify(a auth.Auth) error {
// extract the account creds from options, these can be set by flags
accID := a.Options().ID
accSecret := a.Options().Secret
// if no credentials were provided, self generate an account
if len(accID) == 0 && len(accSecret) == 0 {
opts := []auth.GenerateOption{
auth.WithType("service"),
auth.WithScopes("service"),
}
acc, err := a.Generate(uuid.New().String(), opts...)
if err != nil {
return err
}
logger.Debugf("Auth [%v] Self-generated an auth account", a.String())
accID = acc.ID
accSecret = acc.Secret
}
// generate the first token
token, err := a.Token(
auth.WithCredentials(accID, accSecret),
auth.WithExpiry(time.Minute*10),
)
if err != nil {
return err
}
// set the credentials and token in auth options
a.Init(
auth.ClientToken(token),
auth.Credentials(accID, accSecret),
)
// periodically check to see if the token needs refreshing
go func() {
timer := time.NewTicker(time.Second * 15)
for {
<-timer.C
// don't refresh the token if it's not close to expiring
tok := a.Options().Token
if tok.Expiry.Unix() > time.Now().Add(time.Minute).Unix() {
continue
}
// generate the first token
tok, err := a.Token(
auth.WithToken(tok.RefreshToken),
auth.WithExpiry(time.Minute*10),
)
if err != nil {
logger.Warnf("[Auth] Error refreshing token: %v", err)
continue
}
// set the token
a.Init(auth.ClientToken(tok))
}
}()
return nil
}