juwan/juwan-backend
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity

feat: add authz-adapter service and Envoy ext_authz integration

Browse Source 
- Implemented authz-adapter deployment and service for Envoy gRPC authorization.
- Created PowerShell script to generate JWK for JWT authentication.
- Documented the integration of ext_authz with user-rpc.ValidateToken in ENVOY_EXT_AUTHZ_ADAPTER.md.
- Added comprehensive Envoy Gateway configuration guide with JWT authentication and access control in ENVOY_GATEWAY_GUIDE.md.
This commit is contained in:
wwweww
2026-02-26 06:08:35 +08:00
parent 60b6f40f9f
commit 659168fe32
30 changed files with 2093 additions and 3527 deletions
Download Patch File Download Diff File Expand all files Collapse all files
deploy/script/gen-envoy-hs256-jwk.ps1
+69
View File
@@ -0,0 +1,69 @@
param(
[string]$SecretBase64,
[string]$SecretYamlPath = "deploy/k8s/secrets/jwt-secret.yaml",
[string]$Kid = "juwan-hs256-1",
[string]$Issuer = "juwan-user-rpc"
)
function Convert-ToBase64Url {
param([byte[]]$Bytes)
$base64 = [Convert]::ToBase64String($Bytes)
return $base64.TrimEnd('=').Replace('+', '-').Replace('/', '_')
}
function Get-SecretBase64FromYaml {
param([string]$Path)
if (-not (Test-Path -Path $Path)) {
throw "Secret yaml not found: $Path"
}
$content = Get-Content -Path $Path -Raw -Encoding UTF8
$match = [regex]::Match($content, '(?m)^\s*secret-key\s*:\s*([A-Za-z0-9+/=]+)\s*$')
if (-not $match.Success) {
throw "Cannot find data.secret-key in: $Path"
}
return $match.Groups[1].Value
}
if ([string]::IsNullOrWhiteSpace($SecretBase64)) {
$SecretBase64 = Get-SecretBase64FromYaml -Path $SecretYamlPath
}
try {
$rawSecret = [Text.Encoding]::UTF8.GetString([Convert]::FromBase64String($SecretBase64))
}
catch {
throw "Invalid base64 secret value. Error: $($_.Exception.Message)"
}
$kBytes = [Text.Encoding]::UTF8.GetBytes($rawSecret)
$kBase64Url = Convert-ToBase64Url -Bytes $kBytes
$jwkObject = @{
keys = @(
@{
kty = "oct"
k = $kBase64Url
alg = "HS256"
use = "sig"
kid = $Kid
}
)
}
$jwkJson = $jwkObject | ConvertTo-Json -Compress
Write-Output "=== INPUT ==="
Write-Output "secret(base64): $SecretBase64"
Write-Output "secret(raw): $rawSecret"
Write-Output ""
Write-Output "=== JWK inline_string ==="
Write-Output $jwkJson
Write-Output ""
Write-Output "=== Envoy jwt_authn snippet ==="
Write-Output ('issuer: "{0}"' -f $Issuer)
Write-Output "local_jwks:"
Write-Output (' inline_string: ''{0}''' -f $jwkJson)