/
remote_auth.go
67 lines (53 loc) · 1.82 KB
/
remote_auth.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
package jwtauth
import (
"context"
"github.com/filecoin-project/go-jsonrpc/auth"
va "github.com/filecoin-project/venus-auth/auth"
vjc "github.com/filecoin-project/venus-auth/cmd/jwtclient"
"github.com/filecoin-project/venus-auth/core"
"github.com/ipfs-force-community/metrics/ratelimit"
)
var _ vjc.IJwtAuthClient = (*RemoteAuth)(nil)
var _ ratelimit.ILimitFinder = (*RemoteAuth)(nil)
type ValueFromCtx struct{}
func (vfc *ValueFromCtx) AccFromCtx(ctx context.Context) (string, bool) {
return vjc.CtxGetName(ctx)
}
func (vfc *ValueFromCtx) HostFromCtx(ctx context.Context) (string, bool) {
return vjc.CtxGetTokenLocation(ctx)
}
// RemoteAuth in remote verification mode, venus connects venus-auth service, and verifies whether token is legal through rpc
type RemoteAuth struct {
remote *vjc.AuthClient
}
// NewRemoteAuth new remote auth client from venus-auth url
func NewRemoteAuth(url string) *RemoteAuth {
// vjc.NewAuthClient always return nil error
cli, _ := vjc.NewAuthClient(url)
return &RemoteAuth{remote: cli}
}
// Verify check token through venus-auth rpc api
func (r *RemoteAuth) Verify(ctx context.Context, token string) ([]auth.Permission, error) {
var perms []auth.Permission
var err error
var res *va.VerifyResponse
if res, err = r.remote.Verify(ctx, token); err != nil {
return nil, err
}
jwtPerms := core.AdaptOldStrategy(res.Perm)
perms = make([]auth.Permission, len(jwtPerms))
copy(perms, jwtPerms)
return perms, nil
}
func (r *RemoteAuth) GetUserLimit(name, service, api string) (*ratelimit.Limit, error) {
res, err := r.remote.GetUserRateLimit(name, "")
if err != nil {
return nil, err
}
var limit = &ratelimit.Limit{Account: name, Cap: 0, Duration: 0}
if l := res.MatchedLimit(service, api); l != nil {
limit.Cap = l.ReqLimit.Cap
limit.Duration = l.ReqLimit.ResetDur
}
return limit, nil
}