forked from micro/go-micro
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* auth provider mock interface * Auth Provider Options * Implement API Server Auth Package * Add weh utils * Add Login URL * Auth Provider Options * Add auth provider scope and setting token in cookie * Remove auth_login_url flag Co-authored-by: Asim Aslam <asim@aslam.me> Co-authored-by: Ben Toogood <ben@micro.mu>
- Loading branch information
1 parent
8ee5607
commit 9a7a65f
Showing
10 changed files
with
350 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,70 @@ | ||
package auth | ||
|
||
import ( | ||
"net/http" | ||
"strings" | ||
|
||
"github.com/micro/go-micro/v2/auth" | ||
"github.com/micro/go-micro/v2/metadata" | ||
) | ||
|
||
// CombinedAuthHandler wraps a server and authenticates requests | ||
func CombinedAuthHandler(h http.Handler) http.Handler { | ||
return authHandler{ | ||
handler: h, | ||
auth: auth.DefaultAuth, | ||
} | ||
} | ||
|
||
type authHandler struct { | ||
handler http.Handler | ||
auth auth.Auth | ||
} | ||
|
||
const ( | ||
// BearerScheme is the prefix in the auth header | ||
BearerScheme = "Bearer " | ||
) | ||
|
||
func (h authHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) { | ||
loginURL := h.auth.Options().LoginURL | ||
|
||
// Return if the user disabled auth on this endpoint | ||
excludes := h.auth.Options().Exclude | ||
if len(loginURL) > 0 { | ||
excludes = append(excludes, loginURL) | ||
} | ||
for _, e := range excludes { | ||
if e == req.URL.Path { | ||
h.handler.ServeHTTP(w, req) | ||
return | ||
} | ||
} | ||
|
||
var token string | ||
if header, ok := metadata.Get(req.Context(), "Authorization"); ok { | ||
// Extract the auth token from the request | ||
if strings.HasPrefix(header, BearerScheme) { | ||
token = header[len(BearerScheme):] | ||
} | ||
} else { | ||
// Get the token out the cookies if not provided in headers | ||
if c, err := req.Cookie(auth.CookieName); err != nil && c != nil { | ||
token = c.Value | ||
} | ||
} | ||
|
||
// If the token is valid, allow the request | ||
if _, err := h.auth.Verify(token); err == nil { | ||
h.handler.ServeHTTP(w, req) | ||
return | ||
} | ||
|
||
// If there is no auth login url set, 401 | ||
if loginURL == "" { | ||
w.WriteHeader(401) | ||
} | ||
|
||
// Redirect to the login path | ||
http.Redirect(w, req, loginURL, http.StatusTemporaryRedirect) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
package basic | ||
|
||
import ( | ||
"github.com/micro/go-micro/v2/auth/provider" | ||
) | ||
|
||
// NewProvider returns an initialised basic provider | ||
func NewProvider(opts ...provider.Option) provider.Provider { | ||
var options provider.Options | ||
for _, o := range opts { | ||
o(&options) | ||
} | ||
return &basic{options} | ||
} | ||
|
||
type basic struct { | ||
opts provider.Options | ||
} | ||
|
||
func (b *basic) String() string { | ||
return "basic" | ||
} | ||
|
||
func (b *basic) Options() provider.Options { | ||
return b.opts | ||
} | ||
|
||
func (b *basic) Endpoint() string { | ||
return "" | ||
} | ||
|
||
func (b *basic) Redirect() string { | ||
return "" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
package oauth | ||
|
||
import ( | ||
"fmt" | ||
|
||
"github.com/micro/go-micro/v2/auth/provider" | ||
) | ||
|
||
// NewProvider returns an initialised oauth provider | ||
func NewProvider(opts ...provider.Option) provider.Provider { | ||
var options provider.Options | ||
for _, o := range opts { | ||
o(&options) | ||
} | ||
return &oauth{options} | ||
} | ||
|
||
type oauth struct { | ||
opts provider.Options | ||
} | ||
|
||
func (o *oauth) String() string { | ||
return "oauth" | ||
} | ||
|
||
func (o *oauth) Options() provider.Options { | ||
return o.opts | ||
} | ||
|
||
func (o *oauth) Endpoint() string { | ||
s := fmt.Sprintf("%v?client_id=%v", o.opts.Endpoint, o.opts.ClientID) | ||
|
||
if scope := o.opts.Scope; len(scope) > 0 { | ||
s = fmt.Sprintf("%v&scope=%v", s, scope) | ||
} | ||
|
||
return s | ||
} | ||
|
||
func (o *oauth) Redirect() string { | ||
return o.opts.Redirect | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,47 @@ | ||
package provider | ||
|
||
// Option returns a function which sets an option | ||
type Option func(*Options) | ||
|
||
// Options a provider can have | ||
type Options struct { | ||
// ClientID is the application's ID. | ||
ClientID string | ||
// ClientSecret is the application's secret. | ||
ClientSecret string | ||
// Endpoint for the provider | ||
Endpoint string | ||
// Redirect url incase of UI | ||
Redirect string | ||
// Scope of the oauth request | ||
Scope string | ||
} | ||
|
||
// Credentials is an option which sets the client id and secret | ||
func Credentials(id, secret string) Option { | ||
return func(o *Options) { | ||
o.ClientID = id | ||
o.ClientSecret = secret | ||
} | ||
} | ||
|
||
// Endpoint sets the endpoint option | ||
func Endpoint(e string) Option { | ||
return func(o *Options) { | ||
o.Endpoint = e | ||
} | ||
} | ||
|
||
// Redirect sets the Redirect option | ||
func Redirect(r string) Option { | ||
return func(o *Options) { | ||
o.Redirect = r | ||
} | ||
} | ||
|
||
// Scope sets the oauth scope | ||
func Scope(s string) Option { | ||
return func(o *Options) { | ||
o.Scope = s | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
// Package provider is an external auth provider e.g oauth | ||
package provider | ||
|
||
import ( | ||
"time" | ||
) | ||
|
||
// Provider is an auth provider | ||
type Provider interface { | ||
// String returns the name of the provider | ||
String() string | ||
// Options returns the options of a provider | ||
Options() Options | ||
// Endpoint for the provider | ||
Endpoint() string | ||
// Redirect url incase of UI | ||
Redirect() string | ||
} | ||
|
||
// Grant is a granted authorisation | ||
type Grant struct { | ||
// token for reuse | ||
Token string | ||
// Expiry of the token | ||
Expiry time.Time | ||
// Scopes associated with grant | ||
Scopes []string | ||
} |
Oops, something went wrong.