🎉 Initial Commit

2024-07-14 20:25:30 +08:00
commit 466b240e95
41 changed files with 4312 additions and 0 deletions
--- a/pkg/hyper/auth.go
+++ b/pkg/hyper/auth.go
@ -0,0 +1,65 @@
+package hyper
+
+import (
+	"context"
+	"fmt"
+	"git.solsynth.dev/hydrogen/dealer/pkg/internal/directory"
+	"time"
+
+	"git.solsynth.dev/hydrogen/dealer/pkg/proto"
+	"google.golang.org/grpc"
+)
+
+func (v *HyperConn) DoAuthenticate(atk, rtk string) (acc *proto.UserInfo, accessTk string, refreshTk string, err error) {
+	ctx, cancel := context.WithTimeout(context.Background(), time.Second*10)
+	defer cancel()
+
+	var in *grpc.ClientConn
+	in, err = v.GetServiceGrpcConn(directory.ServiceTypeAuthProvider)
+	if err != nil {
+		return
+	}
+
+	var reply *proto.AuthReply
+	reply, err = proto.NewAuthClient(in).Authenticate(ctx, &proto.AuthRequest{
+		AccessToken:  atk,
+		RefreshToken: &rtk,
+	})
+	if err != nil {
+		return
+	}
+	if reply != nil {
+		acc = reply.GetInfo().GetInfo()
+		accessTk = reply.GetInfo().GetNewAccessToken()
+		refreshTk = reply.GetInfo().GetNewRefreshToken()
+		if !reply.IsValid {
+			err = fmt.Errorf("invalid authorization context")
+			return
+		}
+	}
+
+	return
+}
+
+func (v *HyperConn) CheckPermGranted(atk string, key string, val []byte) error {
+	ctx, cancel := context.WithTimeout(context.Background(), time.Second*10)
+	defer cancel()
+
+	in, err := v.GetServiceGrpcConn(directory.ServiceTypeAuthProvider)
+	if err != nil {
+		return err
+	}
+
+	reply, err := proto.NewAuthClient(in).EnsurePermGranted(ctx, &proto.CheckPermRequest{
+		Token: atk,
+		Key:   key,
+		Value: val,
+	})
+	if err != nil {
+		return err
+	} else if !reply.GetIsValid() {
+		return fmt.Errorf("missing permission: %s", key)
+	}
+
+	return nil
+}
--- a/pkg/hyper/auth_adaptor.go
+++ b/pkg/hyper/auth_adaptor.go
@ -0,0 +1,70 @@
+package hyper
+
+import (
+	"strings"
+	"time"
+
+	"git.solsynth.dev/hydrogen/dealer/pkg/proto"
+	"github.com/gofiber/fiber/v2"
+	jsoniter "github.com/json-iterator/go"
+)
+
+const CookieAtk = "__hydrogen_atk"
+const CookieRtk = "__hydrogen_rtk"
+
+func (v *HyperConn) AuthMiddleware(c *fiber.Ctx) error {
+	var atk string
+	if cookie := c.Cookies(CookieAtk); len(cookie) > 0 {
+		atk = cookie
+	}
+	if header := c.Get(fiber.HeaderAuthorization); len(header) > 0 {
+		tk := strings.Replace(header, "Bearer", "", 1)
+		atk = strings.TrimSpace(tk)
+	}
+	if tk := c.Query("tk"); len(tk) > 0 {
+		atk = strings.TrimSpace(tk)
+	}
+
+	c.Locals("p_token", atk)
+
+	rtk := c.Cookies(CookieRtk)
+	if user, newAtk, newRtk, err := v.DoAuthenticate(atk, rtk); err == nil {
+		if newAtk != atk {
+			c.Cookie(&fiber.Cookie{
+				Name:     CookieAtk,
+				Value:    newAtk,
+				SameSite: "Lax",
+				Expires:  time.Now().Add(60 * time.Minute),
+				Path:     "/",
+			})
+			c.Cookie(&fiber.Cookie{
+				Name:     CookieRtk,
+				Value:    newRtk,
+				SameSite: "Lax",
+				Expires:  time.Now().Add(24 * 30 * time.Hour),
+				Path:     "/",
+			})
+		}
+		c.Locals("p_user", user)
+	}
+
+	return c.Next()
+}
+
+func (v *HyperConn) EnsureAuthenticated(c *fiber.Ctx) error {
+	if _, ok := c.Locals("p_user").(*proto.UserInfo); !ok {
+		return fiber.NewError(fiber.StatusUnauthorized)
+	}
+	return nil
+}
+
+func (v *HyperConn) EnsureGrantedPerm(c *fiber.Ctx, key string, val any) error {
+	if err := v.EnsureAuthenticated(c); err != nil {
+		return err
+	}
+	encodedVal, _ := jsoniter.Marshal(val)
+	if err := v.CheckPermGranted(c.Locals("p_token").(string), key, encodedVal); err != nil {
+		return fiber.NewError(fiber.StatusForbidden, err.Error())
+	}
+	return nil
+}
--- a/pkg/hyper/conn.go
+++ b/pkg/hyper/conn.go
@ -0,0 +1,90 @@
+package hyper
+
+import (
+	"context"
+	"git.solsynth.dev/hydrogen/dealer/pkg/proto"
+	"google.golang.org/grpc"
+	"google.golang.org/grpc/credentials/insecure"
+	health "google.golang.org/grpc/health/grpc_health_v1"
+	"time"
+
+	_ "github.com/mbobakov/grpc-consul-resolver"
+)
+
+type HyperConn struct {
+	Addr string
+	Info *proto.ServiceInfo
+
+	dealerConn    *grpc.ClientConn
+	cacheGrpcConn map[string]*grpc.ClientConn
+}
+
+func NewHyperConn(addr string, info *proto.ServiceInfo) (*HyperConn, error) {
+	conn, err := grpc.NewClient(
+		addr,
+		grpc.WithTransportCredentials(insecure.NewCredentials()),
+	)
+	if err != nil {
+		return nil, err
+	}
+
+	return &HyperConn{
+		Addr: addr,
+		Info: info,
+
+		dealerConn:    conn,
+		cacheGrpcConn: make(map[string]*grpc.ClientConn),
+	}, nil
+}
+
+func (v *HyperConn) RegisterService() error {
+	dir := proto.NewServiceDirectoryClient(v.dealerConn)
+	_, err := dir.AddService(context.Background(), v.Info)
+	return err
+}
+
+func (v *HyperConn) KeepRegisterService() {
+	_ = v.RegisterService()
+
+	for {
+		time.Sleep(5 * time.Second)
+		client := health.NewHealthClient(v.dealerConn)
+		if _, err := client.Check(context.Background(), &health.HealthCheckRequest{}); err != nil {
+			v.KeepRegisterService()
+			return
+		}
+	}
+}
+
+func (v *HyperConn) GetServiceGrpcConn(t string) (*grpc.ClientConn, error) {
+	if val, ok := v.cacheGrpcConn[t]; ok {
+		ctx, cancel := context.WithTimeout(context.Background(), time.Second*10)
+		defer cancel()
+		if _, err := health.NewHealthClient(val).Check(ctx, &health.HealthCheckRequest{
+			Service: t,
+		}); err == nil {
+			return val, nil
+		} else {
+			delete(v.cacheGrpcConn, t)
+		}
+	}
+
+	ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
+	defer cancel()
+
+	out, err := proto.NewServiceDirectoryClient(v.dealerConn).GetService(ctx, &proto.GetServiceRequest{
+		Type: &t,
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	conn, err := grpc.NewClient(
+		out.GetData().GetGrpcAddr(),
+		grpc.WithTransportCredentials(insecure.NewCredentials()),
+	)
+	if err == nil {
+		v.cacheGrpcConn[t] = conn
+	}
+	return conn, err
+}