🧑💻 Add the server side Hyper SDK
This commit is contained in:
parent
d9aa478d10
commit
c37a55b88b
2
.idea/dataSources.local.xml
generated
2
.idea/dataSources.local.xml
generated
@ -1,6 +1,6 @@
|
|||||||
<?xml version="1.0" encoding="UTF-8"?>
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
<project version="4">
|
<project version="4">
|
||||||
<component name="dataSourceStorageLocal" created-in="GO-241.17890.21">
|
<component name="dataSourceStorageLocal" created-in="GO-241.18034.61">
|
||||||
<data-source name="hy_passport@localhost" uuid="74bcf3ef-a2b9-435b-b9e5-f32902a33b25">
|
<data-source name="hy_passport@localhost" uuid="74bcf3ef-a2b9-435b-b9e5-f32902a33b25">
|
||||||
<database-info product="PostgreSQL" version="16.2 (Homebrew)" jdbc-version="4.2" driver-name="PostgreSQL JDBC Driver" driver-version="42.6.0" dbms="POSTGRES" exact-version="16.2" exact-driver-version="42.6">
|
<database-info product="PostgreSQL" version="16.2 (Homebrew)" jdbc-version="4.2" driver-name="PostgreSQL JDBC Driver" driver-version="42.6.0" dbms="POSTGRES" exact-version="16.2" exact-driver-version="42.6">
|
||||||
<identifier-quote-string>"</identifier-quote-string>
|
<identifier-quote-string>"</identifier-quote-string>
|
||||||
|
21
.idea/workspace.xml
generated
21
.idea/workspace.xml
generated
@ -4,16 +4,13 @@
|
|||||||
<option name="autoReloadType" value="ALL" />
|
<option name="autoReloadType" value="ALL" />
|
||||||
</component>
|
</component>
|
||||||
<component name="ChangeListManager">
|
<component name="ChangeListManager">
|
||||||
<list default="true" id="3fefb2c4-b6f9-466b-a523-53352e8d6f95" name="更改" comment=":wastebasket: Remove HTTP provision to consul">
|
<list default="true" id="3fefb2c4-b6f9-466b-a523-53352e8d6f95" name="更改" comment=":sparkles: Drop direct connection and uses consul">
|
||||||
|
<change afterPath="$PROJECT_DIR$/pkg/hyper/auth.go" afterDir="false" />
|
||||||
|
<change afterPath="$PROJECT_DIR$/pkg/hyper/auth_adaptor.go" afterDir="false" />
|
||||||
|
<change afterPath="$PROJECT_DIR$/pkg/hyper/conn.go" afterDir="false" />
|
||||||
|
<change beforePath="$PROJECT_DIR$/.idea/dataSources.local.xml" beforeDir="false" afterPath="$PROJECT_DIR$/.idea/dataSources.local.xml" afterDir="false" />
|
||||||
<change beforePath="$PROJECT_DIR$/.idea/workspace.xml" beforeDir="false" afterPath="$PROJECT_DIR$/.idea/workspace.xml" afterDir="false" />
|
<change beforePath="$PROJECT_DIR$/.idea/workspace.xml" beforeDir="false" afterPath="$PROJECT_DIR$/.idea/workspace.xml" afterDir="false" />
|
||||||
<change beforePath="$PROJECT_DIR$/go.mod" beforeDir="false" afterPath="$PROJECT_DIR$/go.mod" afterDir="false" />
|
|
||||||
<change beforePath="$PROJECT_DIR$/go.sum" beforeDir="false" afterPath="$PROJECT_DIR$/go.sum" afterDir="false" />
|
|
||||||
<change beforePath="$PROJECT_DIR$/pkg/internal/gap/server.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/internal/gap/server.go" afterDir="false" />
|
<change beforePath="$PROJECT_DIR$/pkg/internal/gap/server.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/internal/gap/server.go" afterDir="false" />
|
||||||
<change beforePath="$PROJECT_DIR$/pkg/internal/grpc/client.go" beforeDir="false" />
|
|
||||||
<change beforePath="$PROJECT_DIR$/pkg/internal/grpc/server.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/internal/grpc/server.go" afterDir="false" />
|
|
||||||
<change beforePath="$PROJECT_DIR$/pkg/internal/server/avatar_api.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/internal/server/avatar_api.go" afterDir="false" />
|
|
||||||
<change beforePath="$PROJECT_DIR$/pkg/main.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/main.go" afterDir="false" />
|
|
||||||
<change beforePath="$PROJECT_DIR$/settings.toml" beforeDir="false" afterPath="$PROJECT_DIR$/settings.toml" afterDir="false" />
|
|
||||||
</list>
|
</list>
|
||||||
<option name="SHOW_DIALOG" value="false" />
|
<option name="SHOW_DIALOG" value="false" />
|
||||||
<option name="HIGHLIGHT_CONFLICTS" value="true" />
|
<option name="HIGHLIGHT_CONFLICTS" value="true" />
|
||||||
@ -117,8 +114,8 @@
|
|||||||
<component name="SharedIndexes">
|
<component name="SharedIndexes">
|
||||||
<attachedChunks>
|
<attachedChunks>
|
||||||
<set>
|
<set>
|
||||||
<option value="bundled-gosdk-33c477a475b1-e0158606a674-org.jetbrains.plugins.go.sharedIndexes.bundled-GO-241.17890.21" />
|
<option value="bundled-gosdk-33c477a475b1-e0158606a674-org.jetbrains.plugins.go.sharedIndexes.bundled-GO-241.18034.61" />
|
||||||
<option value="bundled-js-predefined-1d06a55b98c1-0b3e54e931b4-JavaScript-GO-241.17890.21" />
|
<option value="bundled-js-predefined-1d06a55b98c1-0b3e54e931b4-JavaScript-GO-241.18034.61" />
|
||||||
</set>
|
</set>
|
||||||
</attachedChunks>
|
</attachedChunks>
|
||||||
</component>
|
</component>
|
||||||
@ -150,7 +147,6 @@
|
|||||||
</option>
|
</option>
|
||||||
</component>
|
</component>
|
||||||
<component name="VcsManagerConfiguration">
|
<component name="VcsManagerConfiguration">
|
||||||
<MESSAGE value=":zap: Use map to improve message delivery time" />
|
|
||||||
<MESSAGE value=":recycle: Improved the notification subscriber API" />
|
<MESSAGE value=":recycle: Improved the notification subscriber API" />
|
||||||
<MESSAGE value=":sparkles: E2EE Key Exchange" />
|
<MESSAGE value=":sparkles: E2EE Key Exchange" />
|
||||||
<MESSAGE value=":bug: Bug fixes on E2EE" />
|
<MESSAGE value=":bug: Bug fixes on E2EE" />
|
||||||
@ -175,7 +171,8 @@
|
|||||||
<MESSAGE value=":sparkles: Able to read current user's realm profile" />
|
<MESSAGE value=":sparkles: Able to read current user's realm profile" />
|
||||||
<MESSAGE value=":sparkles: Consul registration" />
|
<MESSAGE value=":sparkles: Consul registration" />
|
||||||
<MESSAGE value=":wastebasket: Remove HTTP provision to consul" />
|
<MESSAGE value=":wastebasket: Remove HTTP provision to consul" />
|
||||||
<option name="LAST_COMMIT_MESSAGE" value=":wastebasket: Remove HTTP provision to consul" />
|
<MESSAGE value=":sparkles: Drop direct connection and uses consul" />
|
||||||
|
<option name="LAST_COMMIT_MESSAGE" value=":sparkles: Drop direct connection and uses consul" />
|
||||||
</component>
|
</component>
|
||||||
<component name="VgoProject">
|
<component name="VgoProject">
|
||||||
<settings-migrated>true</settings-migrated>
|
<settings-migrated>true</settings-migrated>
|
||||||
|
63
pkg/hyper/auth.go
Normal file
63
pkg/hyper/auth.go
Normal file
@ -0,0 +1,63 @@
|
|||||||
|
package hyper
|
||||||
|
|
||||||
|
import (
|
||||||
|
"context"
|
||||||
|
"fmt"
|
||||||
|
"git.solsynth.dev/hydrogen/passport/pkg/proto"
|
||||||
|
"google.golang.org/grpc"
|
||||||
|
"time"
|
||||||
|
)
|
||||||
|
|
||||||
|
func (v *HyperConn) DoAuthenticate(atk, rtk string) (acc *proto.Userinfo, accessTk string, refreshTk string, err error) {
|
||||||
|
ctx, cancel := context.WithTimeout(context.Background(), time.Second*10)
|
||||||
|
defer cancel()
|
||||||
|
|
||||||
|
var in *grpc.ClientConn
|
||||||
|
in, err = v.DiscoverServiceGRPC("Hydrogen.Passport")
|
||||||
|
if err != nil {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
var reply *proto.AuthReply
|
||||||
|
reply, err = proto.NewAuthClient(in).Authenticate(ctx, &proto.AuthRequest{
|
||||||
|
AccessToken: atk,
|
||||||
|
RefreshToken: &rtk,
|
||||||
|
})
|
||||||
|
if err != nil {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
if reply != nil {
|
||||||
|
acc = reply.GetUserinfo()
|
||||||
|
accessTk = reply.GetAccessToken()
|
||||||
|
refreshTk = reply.GetRefreshToken()
|
||||||
|
if !reply.IsValid {
|
||||||
|
err = fmt.Errorf("invalid authorization context")
|
||||||
|
return
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
func (v *HyperConn) DoCheckPerm(atk string, key string, val []byte) error {
|
||||||
|
ctx, cancel := context.WithTimeout(context.Background(), time.Second*10)
|
||||||
|
defer cancel()
|
||||||
|
|
||||||
|
in, err := v.DiscoverServiceGRPC("Hydrogen.Passport")
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
reply, err := proto.NewAuthClient(in).CheckPerm(ctx, &proto.CheckPermRequest{
|
||||||
|
Token: atk,
|
||||||
|
Key: key,
|
||||||
|
Value: val,
|
||||||
|
})
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
} else if !reply.GetIsValid() {
|
||||||
|
return fmt.Errorf("missing permission: %s", key)
|
||||||
|
}
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
68
pkg/hyper/auth_adaptor.go
Normal file
68
pkg/hyper/auth_adaptor.go
Normal file
@ -0,0 +1,68 @@
|
|||||||
|
package hyper
|
||||||
|
|
||||||
|
import (
|
||||||
|
"git.solsynth.dev/hydrogen/passport/pkg/proto"
|
||||||
|
"github.com/gofiber/fiber/v2"
|
||||||
|
jsoniter "github.com/json-iterator/go"
|
||||||
|
"strings"
|
||||||
|
"time"
|
||||||
|
)
|
||||||
|
|
||||||
|
const CookieAtk = "__hydrogen_atk"
|
||||||
|
const CookieRtk = "__hydrogen_rtk"
|
||||||
|
|
||||||
|
func (v *HyperConn) AuthMiddleware(c *fiber.Ctx) error {
|
||||||
|
// Detect token
|
||||||
|
var atk string
|
||||||
|
if cookie := c.Cookies(CookieAtk); len(cookie) > 0 {
|
||||||
|
atk = cookie
|
||||||
|
}
|
||||||
|
if header := c.Get(fiber.HeaderAuthorization); len(header) > 0 {
|
||||||
|
tk := strings.Replace(header, "Bearer", "", 1)
|
||||||
|
atk = strings.TrimSpace(tk)
|
||||||
|
}
|
||||||
|
|
||||||
|
c.Locals("p_token", atk)
|
||||||
|
|
||||||
|
if user, newAtk, newRtk, err := v.DoAuthenticate(atk, c.Cookies(CookieRtk)); err == nil {
|
||||||
|
if newAtk != atk {
|
||||||
|
c.Cookie(&fiber.Cookie{
|
||||||
|
Name: CookieAtk,
|
||||||
|
Value: newAtk,
|
||||||
|
SameSite: "Lax",
|
||||||
|
Expires: time.Now().Add(60 * time.Minute),
|
||||||
|
Path: "/",
|
||||||
|
})
|
||||||
|
c.Cookie(&fiber.Cookie{
|
||||||
|
Name: CookieRtk,
|
||||||
|
Value: newRtk,
|
||||||
|
SameSite: "Lax",
|
||||||
|
Expires: time.Now().Add(24 * 30 * time.Hour),
|
||||||
|
Path: "/",
|
||||||
|
})
|
||||||
|
}
|
||||||
|
c.Locals("p_user", user)
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
return c.Next()
|
||||||
|
}
|
||||||
|
|
||||||
|
func (v *HyperConn) EnsureAuthenticated(c *fiber.Ctx) error {
|
||||||
|
if _, ok := c.Locals("p_user").(*proto.Userinfo); !ok {
|
||||||
|
return fiber.NewError(fiber.StatusUnauthorized)
|
||||||
|
}
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (v *HyperConn) EnsureGrantedPerm(c *fiber.Ctx, key string, val any) error {
|
||||||
|
if err := v.EnsureAuthenticated(c); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
encodedVal, _ := jsoniter.Marshal(val)
|
||||||
|
if err := v.DoCheckPerm(c.Locals("p_token").(string), key, encodedVal); err != nil {
|
||||||
|
return fiber.NewError(fiber.StatusForbidden, err.Error())
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
24
pkg/hyper/conn.go
Normal file
24
pkg/hyper/conn.go
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
package hyper
|
||||||
|
|
||||||
|
import (
|
||||||
|
"fmt"
|
||||||
|
"google.golang.org/grpc"
|
||||||
|
"google.golang.org/grpc/credentials/insecure"
|
||||||
|
)
|
||||||
|
|
||||||
|
type HyperConn struct {
|
||||||
|
Addr string
|
||||||
|
}
|
||||||
|
|
||||||
|
func NewHyperConn(addr string) *HyperConn {
|
||||||
|
return &HyperConn{Addr: addr}
|
||||||
|
}
|
||||||
|
|
||||||
|
func (v *HyperConn) DiscoverServiceGRPC(name string) (*grpc.ClientConn, error) {
|
||||||
|
target := fmt.Sprintf("consul://%s/%s", v.Addr, name)
|
||||||
|
return grpc.NewClient(
|
||||||
|
target,
|
||||||
|
grpc.WithTransportCredentials(insecure.NewCredentials()),
|
||||||
|
grpc.WithDefaultServiceConfig(`{"loadBalancingPolicy": "round_robin"}`),
|
||||||
|
)
|
||||||
|
}
|
@ -2,18 +2,17 @@ package gap
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"fmt"
|
"fmt"
|
||||||
|
"strconv"
|
||||||
|
"strings"
|
||||||
|
|
||||||
"github.com/hashicorp/consul/api"
|
"github.com/hashicorp/consul/api"
|
||||||
"github.com/spf13/viper"
|
"github.com/spf13/viper"
|
||||||
"google.golang.org/grpc"
|
"google.golang.org/grpc"
|
||||||
"google.golang.org/grpc/credentials/insecure"
|
"google.golang.org/grpc/credentials/insecure"
|
||||||
"strconv"
|
|
||||||
"strings"
|
|
||||||
|
|
||||||
_ "github.com/mbobakov/grpc-consul-resolver"
|
_ "github.com/mbobakov/grpc-consul-resolver"
|
||||||
)
|
)
|
||||||
|
|
||||||
var C *api.Client
|
|
||||||
|
|
||||||
func Register() error {
|
func Register() error {
|
||||||
cfg := api.DefaultConfig()
|
cfg := api.DefaultConfig()
|
||||||
cfg.Address = viper.GetString("consul.addr")
|
cfg.Address = viper.GetString("consul.addr")
|
||||||
@ -41,17 +40,13 @@ func Register() error {
|
|||||||
DeregisterCriticalServiceAfter: "3m",
|
DeregisterCriticalServiceAfter: "3m",
|
||||||
}
|
}
|
||||||
|
|
||||||
if err := client.Agent().ServiceRegister(registration); err != nil {
|
return client.Agent().ServiceRegister(registration)
|
||||||
return err
|
|
||||||
} else {
|
|
||||||
C = client
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func DiscoverPaperclip() (*grpc.ClientConn, error) {
|
func DiscoverPaperclip() (*grpc.ClientConn, error) {
|
||||||
|
target := fmt.Sprintf("consul://%s/Hydrogen.Paperclip", viper.GetString("consul.addr"))
|
||||||
return grpc.NewClient(
|
return grpc.NewClient(
|
||||||
"consul://127.0.0.1:8500/Hydrogen.Paperclip",
|
target,
|
||||||
grpc.WithTransportCredentials(insecure.NewCredentials()),
|
grpc.WithTransportCredentials(insecure.NewCredentials()),
|
||||||
grpc.WithDefaultServiceConfig(`{"loadBalancingPolicy": "round_robin"}`),
|
grpc.WithDefaultServiceConfig(`{"loadBalancingPolicy": "round_robin"}`),
|
||||||
)
|
)
|
||||||
|
Loading…
Reference in New Issue
Block a user