add auth filter

highflip-clients/highflip-sdk/pom.xml

@@ -33,6 +33,12 @@
             <version>1.4.5</version>
             <scope>compile</scope>
         </dependency>
+        <dependency>
+            <groupId>org.slf4j</groupId>
+            <artifactId>slf4j-simple</artifactId>
+            <version>2.0.5</version>
+            <scope>test</scope>
+        </dependency>
         <dependency>
             <groupId>org.junit.jupiter</groupId>
             <artifactId>junit-jupiter</artifactId>

highflip-clients/highflip-sdk/src/main/java/com/baidu/highflip/client/HighFlipClient.java

@@ -1,5 +1,6 @@
 package com.baidu.highflip.client;
 
+import com.baidu.highflip.client.common.BasicToken;
 import com.baidu.highflip.client.common.GrpcURL;
 import com.baidu.highflip.client.stream.DataPullStream;
 import com.baidu.highflip.client.stream.DataPushStream;
@@ -10,13 +11,15 @@
 import highflip.HighflipMeta;
 import highflip.v1.HighFlipGrpc;
 import highflip.v1.Highflip;
+import io.grpc.CallCredentials;
 import io.grpc.ManagedChannel;
 import io.grpc.ManagedChannelBuilder;
 import lombok.extern.slf4j.Slf4j;
 
 import java.io.InputStream;
 import java.util.Iterator;
 import java.util.List;
+import java.util.Optional;
 
 @Slf4j
 public class HighFlipClient implements AutoCloseable {
@@ -52,6 +55,13 @@ public void connect(String target) {
         HighFlipGrpc.HighFlipBlockingStub blockingStub = HighFlipGrpc.newBlockingStub(channel);
         HighFlipGrpc.HighFlipStub stub = HighFlipGrpc.newStub(channel);
 
+        Optional<BasicToken> token = BasicToken.of(
+                url.getUser(), url.getPass());
+        if(token.isPresent()){
+            blockingStub = blockingStub.withCallCredentials(token.get());
+            stub = stub.withCallCredentials(token.get());
+        }
+
         this.channel = channel;
         this.blockingStub = blockingStub;
         this.stub = stub;

highflip-clients/highflip-sdk/src/main/java/com/baidu/highflip/client/common/BasicToken.java

@@ -0,0 +1,70 @@
+package com.baidu.highflip.client.common;
+
+import com.google.common.base.Strings;
+import io.grpc.CallCredentials;
+import io.grpc.Metadata;
+import io.grpc.Status;
+import lombok.Data;
+
+import java.util.Base64;
+import java.util.Optional;
+import java.util.concurrent.Executor;
+
+@Data
+public class BasicToken extends CallCredentials {
+
+    public static final String BASIC_PREFIX = "Basic";
+
+    public static final String AUTHORIZATION_METADATA_KEY = "Authorization"
+            + Metadata.BINARY_HEADER_SUFFIX;
+
+    private String value;
+
+    private String user;
+
+    private String token;
+
+    public static Optional<BasicToken> of(String user, String token){
+        if(!Strings.isNullOrEmpty(user) && !Strings.isNullOrEmpty(token)){
+            return Optional.of(new BasicToken(user, token));
+        } else {
+            return Optional.empty();
+        }
+    }
+
+    public BasicToken(String user, String token) {
+        this.value = toAuthValue(user, token);
+        this.user = user;
+        this.token = token;
+    }
+
+    public static String toAuthValue(String user, String token){
+        String value = Base64.getEncoder()
+                .encodeToString(String.format("%s:%s", user, token).getBytes());
+
+        return String.format("%s %s", BASIC_PREFIX, value);
+    }
+
+    @Override
+    public void applyRequestMetadata(
+            RequestInfo requestInfo,
+            Executor executor,
+            MetadataApplier metadataApplier) {
+
+        executor.execute(() -> {
+            try {
+                Metadata headers = new Metadata();
+                headers.put(Metadata.Key.of(AUTHORIZATION_METADATA_KEY, Metadata.BINARY_BYTE_MARSHALLER),
+                        this.getValue().getBytes());
+                metadataApplier.apply(headers);
+            } catch (Throwable e) {
+                metadataApplier.fail(Status.UNAUTHENTICATED.withCause(e));
+            }
+        });
+    }
+
+    @Override
+    public void thisUsesUnstableApi() {
+        // noop
+    }
+}

highflip-clients/highflip-sdk/src/main/java/com/baidu/highflip/client/common/GrpcURL.java

@@ -4,6 +4,7 @@
 import lombok.Data;
 import lombok.extern.slf4j.Slf4j;
 
+import java.util.Arrays;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
@@ -24,7 +25,9 @@ public class GrpcURL {
 
     int port;
 
-    String token;
+    String user;
+
+    String pass;
 
     public static GrpcURL from(String url) {
 
@@ -33,15 +36,26 @@ public static GrpcURL from(String url) {
 
         match.find();
 
+        String sUser = null;
+        String sPass = null;
+
         String sToken = match.group("token");
+        if(sToken != null){
+            String[] items = sToken.split(":", 2);
+            sUser = items[0];
+
+            if(items.length >= 2){
+                sPass = items[1];
+            }
+        }
+
         String sHost = match.group("host");
         String sPort = match.group("port");
-
         int nPort = URL_DEFAULT_PORT;
         if (sPort != null) {
             nPort = Integer.valueOf(sPort);
         }
 
-        return new GrpcURL("grpc", sHost, nPort, sToken);
+        return new GrpcURL("grpc", sHost, nPort, sUser, sPass);
     }
 }

highflip-clients/highflip-sdk/src/test/java/com/baidu/highflip/client/TestClient.java

@@ -0,0 +1,28 @@
+package com.baidu.highflip.client;
+
+import lombok.extern.slf4j.Slf4j;
+import org.junit.jupiter.api.Disabled;
+import org.junit.jupiter.api.Test;
+
+@Slf4j
+@Disabled
+public class TestClient {
+
+    @Test
+    public void testAuth(){
+        HighFlipClient client = new HighFlipClient();
+        client.connect("grpc://user:pass@127.0.0.1:8751");
+
+        var response = client.getPlatform();
+        log.info("platform get = {}", response);
+    }
+
+    @Test
+    public void testGuestAuth(){
+        HighFlipClient client = new HighFlipClient();
+        client.connect("grpc://127.0.0.1:8751");
+
+        var response = client.getPlatform();
+        log.info("platform get = {}", response);
+    }
+}

highflip-clients/highflip-sdk/src/test/java/com/baidu/highflip/client/TestUrl.java

@@ -1,13 +1,31 @@
 package com.baidu.highflip.client;
 
+import com.baidu.highflip.client.common.GrpcURL;
 import lombok.extern.slf4j.Slf4j;
+import org.junit.jupiter.api.Assertions;
 import org.junit.jupiter.api.Test;
 
 @Slf4j
 public class TestUrl {
 
     @Test
     public void testUrl() {
+        String url = "grpc://user:pass@127.0.0.1:8751";
 
+        GrpcURL grpc = GrpcURL.from(url);
+        log.info("url = {}", grpc);
+
+        Assertions.assertEquals("user", grpc.getUser());
+        Assertions.assertEquals("pass", grpc.getPass());
+    }
+
+    @Test
+    public void testSimpleUrl() {
+        String url = "grpc://127.0.0.1:8751";
+
+        GrpcURL grpc = GrpcURL.from(url);
+        log.info("url = {}", grpc);
+
+        Assertions.assertEquals("127.0.0.1", grpc.getHost());
     }
 }

highflip-core/src/main/java/com/baidu/highflip/core/entity/codec/BindingJson.java

@@ -47,7 +47,7 @@ public void serialize(Binding binding, JsonGenerator gen, SerializerProvider pro
                 } else {
                     byte[] bytes = mapper.writeValueAsBytes(value);
                     String base64 = Base64.getEncoder().encodeToString(bytes);
-                    gen.writeString(OBJECT_PREFIX + bytes);
+                    gen.writeString(OBJECT_PREFIX + base64);
                 }
             }
             gen.writeEndObject();

highflip-server/pom.xml

@@ -45,6 +45,10 @@
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-data-jpa</artifactId>
         </dependency>
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-config</artifactId>
+        </dependency>
         <dependency>
             <groupId>org.postgresql</groupId>
             <artifactId>postgresql</artifactId>

highflip-server/src/main/java/com/baidu/highflip/server/config/SecurityConfig.java

@@ -0,0 +1,58 @@
+package com.baidu.highflip.server.config;
+
+import com.baidu.highflip.server.engine.HighFlipEngine;
+import com.baidu.highflip.server.exception.AuthenticationException;
+import lombok.extern.slf4j.Slf4j;
+
+import org.lognet.springboot.grpc.security.GrpcSecurity;
+import org.lognet.springboot.grpc.security.GrpcSecurityConfigurerAdapter;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.authentication.AuthenticationProvider;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+
+import java.util.Objects;
+
+
+@Slf4j
+@ConditionalOnProperty(
+    value="grpc.security.auth.enabled",
+    havingValue = "true",
+    matchIfMissing = false)
+@Configuration
+public class SecurityConfig extends GrpcSecurityConfigurerAdapter {
+
+    @Autowired
+    HighFlipEngine engine;
+
+    @Override
+    public void configure(GrpcSecurity builder) throws Exception {
+        builder.authorizeRequests()
+            .anyMethod().authenticated()
+            .and()
+            .authenticationProvider(new AuthenticationProvider() {
+                @Override
+                public Authentication authenticate(Authentication authentication) throws AuthenticationException {
+                    UsernamePasswordAuthenticationToken auth = (UsernamePasswordAuthenticationToken)authentication;
+
+                    boolean result = engine.validateUser(
+                            Objects.toString(auth.getPrincipal()),
+                            Objects.toString(auth.getCredentials()));
+
+                    if (!result) {
+                        throw new AuthenticationException(String.format("failed to authenticate user: %s",
+                                auth.getPrincipal().toString()));
+                    }
+                    return auth;
+                }
+
+                @Override
+                public boolean supports(Class<?> authentication) {
+                    return UsernamePasswordAuthenticationToken.class.equals(authentication);
+                }
+            });
+    }
+
+}

highflip-server/src/main/java/com/baidu/highflip/server/engine/HighFlipEngine.java

@@ -741,6 +741,11 @@ public User getUser(String userId){
                 .orElseThrow();
     }
 
+    public boolean validateUser(String user, String pass){
+        log.info("validate user={}", user);
+        return true;
+    }
+
     public Iterable<String> listUser(){
         return () -> getContext()
                 .getUserRepository()

highflip-server/src/main/java/com/baidu/highflip/server/exception/AuthenticationException.java

@@ -0,0 +1,8 @@
+package com.baidu.highflip.server.exception;
+
+public class AuthenticationException extends org.springframework.security.core.AuthenticationException {
+
+    public AuthenticationException(String msg) {
+        super(msg);
+    }
+}

highflip-server/src/main/resources/application.properties

@@ -8,6 +8,7 @@ highflip.server.adaptor.path=
 grpc.enabled=true
 grpc.enable-reflection=false
 grpc.port=8751
+grpc.security.auth.enabled=false
 #########################################################
 # spring boot
 #########################################################