1
0
mirror of https://github.com/go-micro/go-micro.git synced 2024-11-24 08:02:32 +02:00

Set auth account in context (#1293)

This commit is contained in:
ben-toogood 2020-03-04 09:54:52 +00:00 committed by GitHub
parent 3f0c28a815
commit 6a9001bdb1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 65 additions and 9 deletions

View File

@ -2,7 +2,11 @@
package auth
import (
"context"
"encoding/json"
"time"
"github.com/micro/go-micro/v2/metadata"
)
// Auth providers authentication and authorization
@ -53,3 +57,41 @@ type Account struct {
// Any other associated metadata
Metadata map[string]string `json:"metadata"`
}
const (
// MetadataKey is the key used when storing the account
// in metadata
MetadataKey = "auth-account"
)
// AccountFromContext gets the account from the context, which
// is set by the auth wrapper at the start of a call. If the account
// is not set, a nil account will be returned. The error is only returned
// when there was a problem retrieving an account
func AccountFromContext(ctx context.Context) (*Account, error) {
str, ok := metadata.Get(ctx, MetadataKey)
// there was no account set
if !ok {
return nil, nil
}
var acc *Account
// metadata is stored as a string, so unmarshal to an account
if err := json.Unmarshal([]byte(str), &acc); err != nil {
return nil, err
}
return acc, nil
}
// ContextWithAccount sets the account in the context
func ContextWithAccount(ctx context.Context, account *Account) (context.Context, error) {
// metadata is stored as a string, so marshal to bytes
bytes, err := json.Marshal(account)
if err != nil {
return ctx, err
}
// generate a new context with the MetadataKey set
return metadata.Set(ctx, MetadataKey, string(bytes)), nil
}

View File

@ -164,13 +164,6 @@ func AuthHandler(fn func() auth.Auth) server.HandlerWrapper {
return h(ctx, req, rsp)
}
// Exclude any user excluded endpoints
for _, e := range a.Options().Exclude {
if e == req.Endpoint() {
return h(ctx, req, rsp)
}
}
// Extract the token if present. Note: if noop is being used
// then the token can be blank without erroring
var token string
@ -184,10 +177,31 @@ func AuthHandler(fn func() auth.Auth) server.HandlerWrapper {
}
// Verify the token
if _, err := a.Verify(token); err != nil {
return errors.Unauthorized("go.micro.auth", err.Error())
account, authErr := a.Verify(token)
// If there is an account, set it in the context
if authErr == nil {
var err error
ctx, err = auth.ContextWithAccount(ctx, account)
if err != nil {
return err
}
}
// Return if the user disabled auth on this endpoint
for _, e := range a.Options().Exclude {
if e == req.Endpoint() {
return h(ctx, req, rsp)
}
}
// If the authErr is set, prevent the user from calling the endpoint
if authErr != nil {
return errors.Unauthorized("go.micro.auth", authErr.Error())
}
// The user is authorised, allow the call
return h(ctx, req, rsp)
}
}