feat: add authz-adapter service and Envoy ext_authz integration
- Implemented authz-adapter deployment and service for Envoy gRPC authorization. - Created PowerShell script to generate JWK for JWT authentication. - Documented the integration of ext_authz with user-rpc.ValidateToken in ENVOY_EXT_AUTHZ_ADAPTER.md. - Added comprehensive Envoy Gateway configuration guide with JWT authentication and access control in ENVOY_GATEWAY_GUIDE.md.
This commit is contained in:
wwweww
@@ -23,25 +23,25 @@ func LoginHandler(svcCtx *svc.ServiceContext) http.HandlerFunc {
|
||||
|
||||
l := user.NewLoginLogic(r.Context(), svcCtx)
|
||||
resp, err := l.Login(&req)
|
||||
token := resp.Token
|
||||
resp.Token = ""
|
||||
http.SetCookie(w, &http.Cookie{
|
||||
Name: "JToken",
|
||||
Value: token,
|
||||
Quoted: false,
|
||||
Path: "/",
|
||||
Domain: "",
|
||||
RawExpires: "",
|
||||
MaxAge: 691200,
|
||||
Secure: false,
|
||||
HttpOnly: true,
|
||||
SameSite: http.SameSiteStrictMode,
|
||||
Partitioned: false,
|
||||
})
|
||||
|
||||
if err != nil {
|
||||
httpx.ErrorCtx(r.Context(), w, err)
|
||||
} else {
|
||||
token := resp.Token
|
||||
resp.Token = ""
|
||||
http.SetCookie(w, &http.Cookie{
|
||||
Name: "JToken",
|
||||
Value: token,
|
||||
Quoted: false,
|
||||
Path: "/",
|
||||
Domain: "",
|
||||
RawExpires: "",
|
||||
MaxAge: 691200,
|
||||
Secure: false,
|
||||
HttpOnly: true,
|
||||
SameSite: http.SameSiteStrictMode,
|
||||
Partitioned: false,
|
||||
})
|
||||
httpx.OkJsonCtx(r.Context(), w, resp)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -46,9 +46,9 @@ func RegisterHandler(svcCtx *svc.ServiceContext) http.HandlerFunc {
|
||||
resp, err := l.Register(&req)
|
||||
|
||||
if err != nil {
|
||||
httpx.ErrorCtx(r.Context(), w, err)
|
||||
httpx.ErrorCtx(r.Context(), w, utils.NewErrorResp(400, err))
|
||||
} else {
|
||||
httpx.OkJsonCtx(r.Context(), w, utils.NewErrorResp(400, err))
|
||||
httpx.OkJsonCtx(r.Context(), w, resp)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -38,11 +38,17 @@ func (l *LoginLogic) Login(req *types.LoginReq) (resp *types.LoginResp, err erro
|
||||
Username: req.Username,
|
||||
Passwd: req.Password,
|
||||
})
|
||||
logx.Infof("res:%v", res)
|
||||
if err != nil {
|
||||
logx.Errorf("rpc login err: %v", err)
|
||||
return nil, errors.New("login fail")
|
||||
}
|
||||
|
||||
if res == nil || res.Id <= 0 || res.Username == "" || res.Token == "" {
|
||||
logx.Errorf("rpc login returned empty payload, username=%s, resp=%+v", req.Username, res)
|
||||
return nil, errors.New("login fail")
|
||||
}
|
||||
|
||||
return &types.LoginResp{
|
||||
UserId: res.Id,
|
||||
Username: res.Username,
|
||||
|
||||
@@ -59,7 +59,7 @@ func (l *RegisterLogic) Register(req *types.RegisterReq) (resp *types.RegisterRe
|
||||
|
||||
requestId, err := contextx.RequestIdFrom(l.ctx)
|
||||
if err != nil {
|
||||
logx.Errorf("contextx.RequestIdFrom failed: %v", errjA)
|
||||
logx.Errorf("contextx.RequestIdFrom failed: %v", err)
|
||||
return nil, errors.New("contextx.RequestIdFrom failed")
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user