1
0
mirror of https://github.com/go-micro/go-micro.git synced 2024-12-24 10:07:04 +02:00

Pass resolver to api auth handler

This commit is contained in:
Ben Toogood 2020-04-02 17:44:48 +01:00
parent 0241197c6a
commit 8b35c264eb
3 changed files with 47 additions and 12 deletions

View File

@ -6,20 +6,25 @@ import (
"net/url"
"strings"
"github.com/micro/go-micro/v2/api/resolver"
"github.com/micro/go-micro/v2/auth"
)
// CombinedAuthHandler wraps a server and authenticates requests
func CombinedAuthHandler(h http.Handler) http.Handler {
func CombinedAuthHandler(namespace string, r resolver.Resolver, h http.Handler) http.Handler {
return authHandler{
handler: h,
auth: auth.DefaultAuth,
handler: h,
resolver: r,
auth: auth.DefaultAuth,
namespace: namespace,
}
}
type authHandler struct {
handler http.Handler
auth auth.Auth
handler http.Handler
auth auth.Auth
resolver resolver.Resolver
namespace string
}
func (h authHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) {
@ -45,10 +50,21 @@ func (h authHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) {
if err != nil {
acc = &auth.Account{}
}
// Determine the name of the service being requested
endpoint, err := h.resolver.Resolve(req)
if err != nil {
w.WriteHeader(http.StatusInternalServerError)
return
}
resName := h.namespace + "." + endpoint.Name
// Perform the verification check to see if the account has access to
// the resource they're requesting
err = h.auth.Verify(acc, &auth.Resource{
Type: "service",
Name: "go.micro.web",
Endpoint: req.URL.Path,
Name: resName,
Endpoint: endpoint.Path,
})
// The account has the necessary permissions to access the

View File

@ -8,10 +8,9 @@ import (
"os"
"sync"
"github.com/micro/go-micro/v2/api/server/auth"
"github.com/gorilla/handlers"
"github.com/micro/go-micro/v2/api/server"
"github.com/micro/go-micro/v2/api/server/auth"
"github.com/micro/go-micro/v2/api/server/cors"
"github.com/micro/go-micro/v2/logger"
)
@ -25,9 +24,14 @@ type httpServer struct {
exit chan chan error
}
func NewServer(address string) server.Server {
func NewServer(address string, opts ...server.Option) server.Server {
var options server.Options
for _, o := range opts {
o(&options)
}
return &httpServer{
opts: server.Options{},
opts: options,
mux: http.NewServeMux(),
address: address,
exit: make(chan chan error),
@ -49,7 +53,7 @@ func (s *httpServer) Init(opts ...server.Option) error {
func (s *httpServer) Handle(path string, handler http.Handler) {
h := handlers.CombinedLoggingHandler(os.Stdout, handler)
h = auth.CombinedAuthHandler(handler)
h = auth.CombinedAuthHandler(s.opts.Namespace, s.opts.Resolver, handler)
if s.opts.EnableCORS {
h = cors.CombinedCORSHandler(h)

View File

@ -3,6 +3,7 @@ package server
import (
"crypto/tls"
"github.com/micro/go-micro/v2/api/resolver"
"github.com/micro/go-micro/v2/api/server/acme"
)
@ -15,6 +16,8 @@ type Options struct {
EnableTLS bool
ACMEHosts []string
TLSConfig *tls.Config
Namespace string
Resolver resolver.Resolver
}
func EnableCORS(b bool) Option {
@ -52,3 +55,15 @@ func TLSConfig(t *tls.Config) Option {
o.TLSConfig = t
}
}
func Namespace(n string) Option {
return func(o *Options) {
o.Namespace = n
}
}
func Resolver(r resolver.Resolver) Option {
return func(o *Options) {
o.Resolver = r
}
}