mirror of
https://github.com/go-micro/go-micro.git
synced 2024-12-24 10:07:04 +02:00
Fix service level auth, add improved error descriptions to aid with debugging (#1403)
Co-authored-by: Ben Toogood <ben@micro.mu>
This commit is contained in:
parent
dff98355be
commit
0e56382107
@ -46,7 +46,7 @@ func newService(opts ...Option) Service {
|
|||||||
options.Server.Init(
|
options.Server.Init(
|
||||||
server.WrapHandler(wrapper.HandlerStats(stats.DefaultStats)),
|
server.WrapHandler(wrapper.HandlerStats(stats.DefaultStats)),
|
||||||
server.WrapHandler(wrapper.TraceHandler(trace.DefaultTracer)),
|
server.WrapHandler(wrapper.TraceHandler(trace.DefaultTracer)),
|
||||||
server.WrapHandler(wrapper.AuthHandler(authFn)),
|
server.WrapHandler(wrapper.AuthHandler(authFn, serviceName)),
|
||||||
)
|
)
|
||||||
|
|
||||||
// set opts
|
// set opts
|
||||||
|
@ -153,7 +153,7 @@ func TraceHandler(t trace.Tracer) server.HandlerWrapper {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// AuthHandler wraps a server handler to perform auth
|
// AuthHandler wraps a server handler to perform auth
|
||||||
func AuthHandler(fn func() auth.Auth) server.HandlerWrapper {
|
func AuthHandler(fn func() auth.Auth, srvName string) server.HandlerWrapper {
|
||||||
return func(h server.HandlerFunc) server.HandlerFunc {
|
return func(h server.HandlerFunc) server.HandlerFunc {
|
||||||
return func(ctx context.Context, req server.Request, rsp interface{}) error {
|
return func(ctx context.Context, req server.Request, rsp interface{}) error {
|
||||||
// get the auth.Auth interface
|
// get the auth.Auth interface
|
||||||
@ -181,10 +181,16 @@ func AuthHandler(fn func() auth.Auth) server.HandlerWrapper {
|
|||||||
token = header[len(BearerScheme):]
|
token = header[len(BearerScheme):]
|
||||||
}
|
}
|
||||||
|
|
||||||
// Verify the token
|
// Inspect the token and get the account
|
||||||
account, err := a.Inspect(token)
|
account, err := a.Inspect(token)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return errors.Unauthorized("go.micro.auth", err.Error())
|
return errors.Unauthorized("go.micro.auth", "Unauthorised call made to %v", req.Endpoint())
|
||||||
|
}
|
||||||
|
|
||||||
|
// Verify the caller has access to the resource
|
||||||
|
resource := &auth.Resource{Type: "service", Name: srvName, Endpoint: req.Endpoint()}
|
||||||
|
if err := a.Verify(account, resource); err != nil {
|
||||||
|
return errors.Forbidden("go.micro.auth", "Forbidden call made to %v %v by %v", srvName, req.Endpoint(), account.ID)
|
||||||
}
|
}
|
||||||
|
|
||||||
// There is an account, set it in the context
|
// There is an account, set it in the context
|
||||||
|
Loading…
Reference in New Issue
Block a user