You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@servicecomb.apache.org by GitBox <gi...@apache.org> on 2020/06/29 11:50:45 UTC
[GitHub] [servicecomb-service-center] tianxiaoliang commented on a change in pull request #655: follow right design pattern of service center
tianxiaoliang commented on a change in pull request #655:
URL: https://github.com/apache/servicecomb-service-center/pull/655#discussion_r446910064
##########
File path: server/plugin/auth/buildin/buildin.go
##########
@@ -17,26 +17,65 @@
package buildin
import (
+ "context"
+ "errors"
+ "github.com/apache/servicecomb-service-center/pkg/log"
mgr "github.com/apache/servicecomb-service-center/server/plugin"
+ "github.com/apache/servicecomb-service-center/server/service/rbac"
+ "github.com/go-chassis/go-chassis/security/authr"
+ "github.com/go-chassis/go-chassis/server/restful"
"net/http"
+ "strings"
)
func init() {
mgr.RegisterPlugin(mgr.Plugin{mgr.AUTH, "buildin", New})
}
func New() mgr.PluginInstance {
- return &BuildInAuth{}
+ return &TokenAuthenticator{}
}
-type BuildInAuth struct {
+type TokenAuthenticator struct {
}
-func (ba *BuildInAuth) Identify(r *http.Request) error {
- df, ok := mgr.DynamicPluginFunc(mgr.AUTH, "Identify").(func(r *http.Request) error)
- if ok {
- return df(r)
+func (ba *TokenAuthenticator) Identify(req *http.Request) error {
+ if !rbac.Enabled() {
+ return nil
+ }
+ if !mustAuth(req) {
+ return nil
}
+ v := req.Header.Get(restful.HeaderAuth)
+ if v == "" {
+ return errors.New("should provide token in header")
+ }
+ s := strings.Split(v, " ")
+ if len(s) != 2 {
+ return errors.New("invalid auth header")
+ }
+ to := s[1]
+ //TODO rbac
+ claims, err := authr.Authenticate(req.Context(), to)
+ if err != nil {
+ log.Errorf(err, "authenticate request failed, %s %s", req.Method, req.RequestURI)
+ return err
+ }
+ log.Info("user access")
+ req2 := req.WithContext(context.WithValue(req.Context(), "accountInfo", claims))
+ *req = *req2
return nil
}
+func mustAuth(req *http.Request) bool {
+ if strings.Contains(req.URL.Path, "/v4/token") {
Review comment:
可以
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org