fix: some api bug
This commit is contained in:
wwweww
@@ -1,31 +0,0 @@
|
||||
# authz-adapter
|
||||
|
||||
Envoy `ext_authz` 适配服务,实现 `envoy.service.auth.v3.Authorization`,并调用 `user-rpc.ValidateToken`。
|
||||
|
||||
## 环境变量
|
||||
|
||||
- `LISTEN_ON`:监听地址,默认 `0.0.0.0:9002`
|
||||
- `USER_RPC_TARGET`:user-rpc 地址,默认 `user-rpc-svc.juwan.svc.cluster.local:9001`
|
||||
|
||||
## 本地运行
|
||||
|
||||
```powershell
|
||||
go run ./app/authz/adapter
|
||||
```
|
||||
|
||||
## Docker 构建
|
||||
|
||||
在仓库根目录执行:
|
||||
|
||||
```powershell
|
||||
docker build -f app/authz/adapter/Dockerfile -t authz-adapter:local .
|
||||
docker run --rm -p 9002:9002 authz-adapter:local
|
||||
```
|
||||
|
||||
## 说明
|
||||
|
||||
- 放行路径:`/healthz`、`/api/users/login`、`/api/users/register`
|
||||
- 受保护路径:其余请求要求
|
||||
- Cookie 中有 `JToken`
|
||||
- Header 中有 `x-auth-user-id`(由 Envoy `jwt_authn` 注入)
|
||||
- 鉴权通过后回传:`x-auth-user-id`、`x-auth-role-type`
|
||||
@@ -15,6 +15,7 @@ import (
|
||||
corev3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3"
|
||||
authv3 "github.com/envoyproxy/go-control-plane/envoy/service/auth/v3"
|
||||
typev3 "github.com/envoyproxy/go-control-plane/envoy/type/v3"
|
||||
"github.com/zeromicro/go-zero/core/logx"
|
||||
codepb "google.golang.org/genproto/googleapis/rpc/code"
|
||||
statuspb "google.golang.org/genproto/googleapis/rpc/status"
|
||||
"google.golang.org/grpc"
|
||||
@@ -68,15 +69,17 @@ func (s *authzServer) Check(ctx context.Context, req *authv3.CheckRequest) (*aut
|
||||
UserId: userID,
|
||||
})
|
||||
if err != nil {
|
||||
logx.Infof("validate token rpc failed, err: %v", err)
|
||||
return deny(codepb.Code_UNAUTHENTICATED, typev3.StatusCode_Unauthorized, "validate token failed"), nil
|
||||
}
|
||||
if !resp.GetValid() {
|
||||
logx.Infof("validate token rpc failed, err: %v", err)
|
||||
return deny(codepb.Code_PERMISSION_DENIED, typev3.StatusCode_Forbidden, "token invalid"), nil
|
||||
}
|
||||
|
||||
outHeaders := []*corev3.HeaderValueOption{
|
||||
{Header: &corev3.HeaderValue{Key: headerAuthUserID, Value: strconv.FormatInt(resp.GetUserId(), 10)}},
|
||||
{Header: &corev3.HeaderValue{Key: headerAuthRoleType, Value: strconv.FormatInt(resp.GetRoleType(), 10)}},
|
||||
{Header: &corev3.HeaderValue{Key: headerAuthRoleType, Value: resp.GetRoleType()}},
|
||||
}
|
||||
|
||||
if getHeader(httpReq.GetHeaders(), headerAuthIsAdmin) != "" {
|
||||
|
||||
Reference in New Issue
Block a user