From a0ed0b2e90f49da7aed81b9e737023e6d29de4e1 Mon Sep 17 00:00:00 2001 From: "A.Unger" Date: Thu, 30 Apr 2020 13:39:17 +0200 Subject: [PATCH] refactor middleware code and provide an example flow to get UUID --- go.mod | 2 ++ go.sum | 11 ++++++++++ pkg/command/server.go | 12 +++++----- pkg/middleware/logger.go | 15 +++++++++++++ pkg/middleware/middleware.go | 6 +++++ pkg/middleware/openidconnect.go | 39 +++++++++++++++++++++++++++++++-- pkg/server/http/option.go | 5 +++-- pkg/server/http/server.go | 22 +++++++++---------- 8 files changed, 91 insertions(+), 21 deletions(-) create mode 100644 pkg/middleware/logger.go create mode 100644 pkg/middleware/middleware.go diff --git a/go.mod b/go.mod index efc67ca28..5c7dfe52c 100644 --- a/go.mod +++ b/go.mod @@ -7,8 +7,10 @@ require ( contrib.go.opencensus.io/exporter/ocagent v0.6.0 contrib.go.opencensus.io/exporter/zipkin v0.1.1 github.com/coreos/go-oidc v2.1.0+incompatible + github.com/docker/docker v1.4.2-0.20191101170500-ac7306503d23 github.com/golang/protobuf v1.3.2 github.com/micro/cli/v2 v2.1.2-0.20200203150404-894195727d9c + github.com/micro/go-micro v1.18.0 github.com/micro/go-micro/v2 v2.0.1-0.20200212105717-d76baf59de2e github.com/oklog/run v1.1.0 github.com/openzipkin/zipkin-go v0.2.2 diff --git a/go.sum b/go.sum index 5bcc11018..0afef6b7e 100644 --- a/go.sum +++ b/go.sum @@ -152,6 +152,7 @@ github.com/cloudflare/cloudflare-go v0.10.6/go.mod h1:dcRl7AXBH5Bf7QFTBVc3TRzwvo github.com/containerd/cgroups v0.0.0-20190919134610-bf292b21730f/go.mod h1:OApqhQ4XNSNC13gXIwDjhOQxjWa/NxkwZXJ1EvqT0ko= github.com/containerd/console v0.0.0-20180822173158-c12b1e7919c1/go.mod h1:Tj/on1eG8kiEhd0+fhSDzsPAFESxzBBvdyEgyryXffw= github.com/containerd/containerd v1.3.0-beta.2.0.20190828155532-0293cbd26c69/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= +github.com/containerd/containerd v1.3.0 h1:xjvXQWABwS2uiv3TWgQt5Uth60Gu86LTGZXMJkjc7rY= github.com/containerd/containerd v1.3.0/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= github.com/containerd/continuity v0.0.0-20181203112020-004b46473808/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y= github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y= @@ -193,10 +194,14 @@ github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8 github.com/dimchansky/utfbom v1.1.0/go.mod h1:rO41eb7gLfo8SF1jd9F8HplJm1Fewwi4mQvIirEdv+8= github.com/dnaeon/go-vcr v0.0.0-20180814043457-aafff18a5cc2/go.mod h1:aBB1+wY4s93YsC3HHjMBMrwTj2R9FHDzUr9KyGc8n1E= github.com/dnsimple/dnsimple-go v0.30.0/go.mod h1:O5TJ0/U6r7AfT8niYNlmohpLbCSG+c71tQlGr9SeGrg= +github.com/docker/distribution v2.7.1+incompatible h1:a5mlkVzth6W5A4fOsS3D2EO5BUmsJpcB+cRlLU7cSug= github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= github.com/docker/docker v1.4.2-0.20190710153559-aa8249ae1b8b/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/docker v1.4.2-0.20191101170500-ac7306503d23 h1:oqgGT9O61YAYvI41EBsLePOr+LE6roB0xY4gpkZuFSE= github.com/docker/docker v1.4.2-0.20191101170500-ac7306503d23/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKohAFqRJQ= github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec= +github.com/docker/go-units v0.4.0 h1:3uh0PgVws3nIA0Q+MwDC8yjEPf9zjRfZZWXZYDct3Tw= github.com/docker/go-units v0.4.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96/go.mod h1:Qh8CwZgvJUkLughtfhJv5dyTYa91l1fOUCrgjqmcifM= github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE= @@ -549,6 +554,7 @@ github.com/modern-go/reflect2 v0.0.0-20180320133207-05fbef0ca5da/go.mod h1:bx2lN github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/modern-go/reflect2 v1.0.1 h1:9f412s+6RmYXLWZSEzVVgPGK7C2PphHj5RJrvfx9AWI= github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= +github.com/morikuni/aec v0.0.0-20170113033406-39771216ff4c h1:nXxl5PrvVm2L/wCy8dQu6DMTwH4oIuGN8GJDAlqDdVE= github.com/morikuni/aec v0.0.0-20170113033406-39771216ff4c/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc= github.com/mschoch/smat v0.0.0-20160514031455-90eadee771ae/go.mod h1:qAyveg+e4CE+eKJXWVjKXM4ck2QobLqTDytGJbLLhJg= github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= @@ -597,7 +603,9 @@ github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1Cpa github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= github.com/op/go-logging v0.0.0-20160315200505-970db520ece7/go.mod h1:HzydrMdWErDVzsI23lYNej1Htcns9BCg93Dk0bBINWk= github.com/opencontainers/go-digest v0.0.0-20180430190053-c9281466c8b2/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= +github.com/opencontainers/go-digest v1.0.0-rc1 h1:WzifXhOVOEOuFYOJAW6aQqW0TooG2iki3E3Ii+WN7gQ= github.com/opencontainers/go-digest v1.0.0-rc1/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= +github.com/opencontainers/image-spec v1.0.1 h1:JMemWkRwHx4Zj+fVxWoMCFm/8sYGGrUVojFA6h/TRcI= github.com/opencontainers/image-spec v1.0.1/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0= github.com/opencontainers/runc v0.0.0-20190115041553-12f6a991201f/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U= github.com/opencontainers/runc v0.1.1/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U= @@ -614,6 +622,7 @@ github.com/owncloud/flaex v0.2.0 h1:3FLf8oyMgA6HLK7w4+VJ5N1oVA8G7MptLCVjfxxIaww= github.com/owncloud/flaex v0.2.0/go.mod h1:jip86t4OVURJTf8CM/0e2qcji/Y4NG3l2lR8kex4JWw= github.com/owncloud/ocis-accounts v0.1.0 h1:6YjvRWNW26QHOqOFONg0HeogxhxaVGS1S2AoCUgzE3M= github.com/owncloud/ocis-accounts v0.1.0/go.mod h1:eoOPfuFCJ23n2csSMzapfjzVhG2kt8sQ2tu/9J+SwsA= +github.com/owncloud/ocis-accounts v0.1.1 h1:WYQ/KLbNZB7EmCZQJTvrySfWFuS0m9oM0gTkyKrjFOM= github.com/owncloud/ocis-hello v0.0.0-20200114105804-61741477dcec/go.mod h1:hrXqmloO2NHbdkDTPSNneobwzQgki8CUuQD8fqjkPv8= github.com/owncloud/ocis-pkg v1.2.1-0.20191217084055-eab942498596 h1:3aMNmuDCIdKsaa4YdVTQEBJMjGz8KiuIB/+xlJUCT3k= github.com/owncloud/ocis-pkg v1.2.1-0.20191217084055-eab942498596/go.mod h1:Wo0QfOmhadh2vNcUoQIsw2yaOT3zeftk+xaOOwP3y88= @@ -1102,7 +1111,9 @@ gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I= gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.7 h1:VUgggvou5XRW9mHwD/yXxIYSMtY0zoKQf/v226p2nyo= gopkg.in/yaml.v2 v2.2.7/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo= gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw= honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= diff --git a/pkg/command/server.go b/pkg/command/server.go index fe02b26f6..64888a2f7 100644 --- a/pkg/command/server.go +++ b/pkg/command/server.go @@ -2,15 +2,15 @@ package command import ( "context" - "github.com/owncloud/ocis-pkg/v2/log" - "github.com/owncloud/ocis-pkg/v2/oidc" - "github.com/owncloud/ocis-proxy/pkg/middleware" - "net/http" "os" "os/signal" "strings" "time" + "github.com/owncloud/ocis-pkg/v2/log" + "github.com/owncloud/ocis-pkg/v2/oidc" + "github.com/owncloud/ocis-proxy/pkg/middleware" + "contrib.go.opencensus.io/exporter/jaeger" "contrib.go.opencensus.io/exporter/ocagent" "contrib.go.opencensus.io/exporter/zipkin" @@ -234,8 +234,8 @@ func Server(cfg *config.Config) *cli.Command { } } -func loadMiddlewares(cfg *config.Config, l log.Logger) []func(handler http.Handler) http.Handler { - var configuredMiddlewares = make([]func(handler http.Handler) http.Handler, 0) +func loadMiddlewares(cfg *config.Config, l log.Logger) []middleware.M { + var configuredMiddlewares = make([]middleware.M, 0) configuredMiddlewares = append(configuredMiddlewares, middleware.RedirectToHTTPS) diff --git a/pkg/middleware/logger.go b/pkg/middleware/logger.go new file mode 100644 index 000000000..9db319f22 --- /dev/null +++ b/pkg/middleware/logger.go @@ -0,0 +1,15 @@ +package middleware + +import ( + "net/http" +) + +// Logger undocummented +func Logger() M { + return func(next http.Handler) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + // do some logging logic here + next.ServeHTTP(w, r) + }) + } +} diff --git a/pkg/middleware/middleware.go b/pkg/middleware/middleware.go new file mode 100644 index 000000000..a8c591783 --- /dev/null +++ b/pkg/middleware/middleware.go @@ -0,0 +1,6 @@ +package middleware + +import "net/http" + +// M undocummented +type M func(next http.Handler) http.Handler diff --git a/pkg/middleware/openidconnect.go b/pkg/middleware/openidconnect.go index 0e6d0dfbe..3bcfecd9e 100644 --- a/pkg/middleware/openidconnect.go +++ b/pkg/middleware/openidconnect.go @@ -9,6 +9,9 @@ import ( "time" oidc "github.com/coreos/go-oidc" + mclient "github.com/micro/go-micro/v2/client" + "github.com/micro/go-micro/v2/registry" + acc "github.com/owncloud/ocis-accounts/pkg/proto/v0" ocisoidc "github.com/owncloud/ocis-pkg/v2/oidc" "golang.org/x/oauth2" ) @@ -16,6 +19,8 @@ import ( var ( // ErrInvalidToken is returned when the request token is invalid. ErrInvalidToken = errors.New("invalid or missing token") + + accountSvc = "com.owncloud.accounts" ) // newOIDCOptions initializes the available default options. @@ -30,7 +35,7 @@ func newOIDCOptions(opts ...ocisoidc.Option) ocisoidc.Options { } // OpenIDConnect provides a middleware to check access secured by a static token. -func OpenIDConnect(opts ...ocisoidc.Option) func(http.Handler) http.Handler { +func OpenIDConnect(opts ...ocisoidc.Option) M { opt := newOIDCOptions(opts...) // set defaults @@ -96,7 +101,6 @@ func OpenIDConnect(opts ...ocisoidc.Option) func(http.Handler) http.Handler { return } - // parse claims if err := userInfo.Claims(&claims); err != nil { opt.Logger.Error().Err(err).Interface("userinfo", userInfo).Msg("failed to unmarshal userinfo claims") w.WriteHeader(http.StatusInternalServerError) @@ -112,3 +116,34 @@ func OpenIDConnect(opts ...ocisoidc.Option) func(http.Handler) http.Handler { }) } } + +// from the user claims we need to get the uuid from the accounts service +func uuidFromClaims(claims ocisoidc.StandardClaims) (string, error) { + var node string + // get accounts node from micro registry + // TODO this assumes we use mdns as registry. This should be configurable for any ocis extension. + svc, err := registry.GetService(accountSvc) + if err != nil { + return "", err + } + + if len(svc) > 0 { + node = svc[0].Nodes[0].Address + } + + c := acc.NewSettingsService("accounts", mclient.DefaultClient) + _, err = c.Get(context.Background(), &acc.Query{ + // TODO accounts query message needs to be updated to query for multiple fields + // queries by key makes little sense as it is unknown. + Key: "73912d13-32f7-4fb6-aeb2-ea2088a3a264", + }) + if err != nil { + return "", err + } + + // by this point, rec.Payload contains the Account info. To include UUID, see: + // https://github.com/owncloud/ocis-accounts/pull/22/files#diff-b425175389864c4f9218ecd9cae80223R23 + + // return rec.GetPayload().Account.UUID, nil // depends on the aforementioned PR + return node, nil +} diff --git a/pkg/server/http/option.go b/pkg/server/http/option.go index 46edc1aef..fb5464e9d 100644 --- a/pkg/server/http/option.go +++ b/pkg/server/http/option.go @@ -8,6 +8,7 @@ import ( "github.com/owncloud/ocis-pkg/v2/log" "github.com/owncloud/ocis-proxy/pkg/config" "github.com/owncloud/ocis-proxy/pkg/metrics" + "github.com/owncloud/ocis-proxy/pkg/middleware" ) // Option defines a single option function. @@ -22,7 +23,7 @@ type Options struct { Metrics *metrics.Metrics Flags []cli.Flag Namespace string - Middlewares []func(handler http.Handler) http.Handler + Middlewares []middleware.M } // newOptions initializes the available default options. @@ -86,7 +87,7 @@ func Handler(h http.Handler) Option { } // Middlewares provides a function to register middlewares -func Middlewares(val ...func(handler http.Handler) http.Handler) Option { +func Middlewares(val ...middleware.M) Option { return func(o *Options) { o.Middlewares = val } diff --git a/pkg/server/http/server.go b/pkg/server/http/server.go index 3fd022e50..b8f03377b 100644 --- a/pkg/server/http/server.go +++ b/pkg/server/http/server.go @@ -2,11 +2,13 @@ package http import ( "crypto/tls" - svc "github.com/owncloud/ocis-pkg/v2/service/http" - "github.com/owncloud/ocis-proxy/pkg/crypto" - "github.com/owncloud/ocis-proxy/pkg/version" "net/http" "os" + + svc "github.com/owncloud/ocis-pkg/v2/service/http" + "github.com/owncloud/ocis-proxy/pkg/crypto" + "github.com/owncloud/ocis-proxy/pkg/middleware" + "github.com/owncloud/ocis-proxy/pkg/version" ) // Server initializes the http service and server. @@ -48,10 +50,8 @@ func Server(opts ...Option) (svc.Service, error) { svc.Address(options.Config.HTTP.Addr), svc.Context(options.Context), svc.Flags(options.Flags...), - svc.Handler(applyMiddlewares( - options.Handler, - options.Middlewares..., - ), + svc.Handler( + applyMiddlewares(options.Handler, options.Middlewares...) ), ) @@ -62,11 +62,11 @@ func Server(opts ...Option) (svc.Service, error) { return service, nil } -func applyMiddlewares(h http.Handler, mws ...func(handler http.Handler) http.Handler) http.Handler { - var han = h +func applyMiddlewares(next http.Handler, mws ...middleware.M) http.Handler { + var h = next for _, mw := range mws { - han = mw(han) + h = mw(h) } - return han + return h }