聊聊dubbo-go的ProviderAuthFilter
序
本文主要研究一下dubbo-go的ProviderAuthFilteride
ProviderAuthFilter
dubbo-go-v1.4.2/filter/filter_impl/auth/provider_auth.gourl
type ProviderAuthFilter struct {
}
func init() {
extension.SetFilter(constant.PROVIDER_AUTH_FILTER, getProviderAuthFilter)
}
- ProviderAuthFilter的init方法設置了getProviderAuthFilter
getProviderAuthFilter
dubbo-go-v1.4.2/filter/filter_impl/auth/provider_auth.gocode
func getProviderAuthFilter() filter.Filter {
return &ProviderAuthFilter{}
}
- getProviderAuthFilter實例化了ProviderAuthFilter
Invoke
dubbo-go-v1.4.2/filter/filter_impl/auth/provider_auth.goget
func (paf *ProviderAuthFilter) Invoke(ctx context.Context, invoker protocol.Invoker, invocation protocol.Invocation) protocol.Result {
logger.Infof("invoking providerAuth filter.")
url := invoker.GetUrl()
err := doAuthWork(&url, func(authenticator filter.Authenticator) error {
return authenticator.Authenticate(invocation, &url)
})
if err != nil {
logger.Infof("auth the request: %v occur exception, cause: %s", invocation, err.Error())
return &protocol.RPCResult{
Err: err,
}
}
return invoker.Invoke(ctx, invocation)
}
- Invoke方法經過doAuthWork來進行auth,其傳遞的func執行authenticator.Authenticate(invocation, &url)
OnResponse
dubbo-go-v1.4.2/filter/filter_impl/auth/default_authenticator.goit
func (paf *ProviderAuthFilter) OnResponse(ctx context.Context, result protocol.Result, invoker protocol.Invoker, invocation protocol.Invocation) protocol.Result {
return result
}
- OnResponse方法直接返回result
doAuthWork
dubbo-go-v1.4.2/filter/filter_impl/auth/default_authenticator.goio
func doAuthWork(url *common.URL, do func(filter.Authenticator) error) error {
shouldAuth := url.GetParamBool(constant.SERVICE_AUTH_KEY, false)
if shouldAuth {
authenticator := extension.GetAuthenticator(url.GetParam(constant.AUTHENTICATOR_KEY, constant.DEFAULT_AUTHENTICATOR))
return do(authenticator)
}
return nil
}
- doAuthWork方法先從url讀取constant.SERVICE_AUTH_KEY判斷是否須要auth,須要的話,則獲取authenticator,執行do(authenticator)
Authenticate
dubbo-go-v1.4.2/filter/filter_impl/auth/default_authenticator.godubbo
func (authenticator *DefaultAuthenticator) Authenticate(invocation protocol.Invocation, url *common.URL) error {
accessKeyId := invocation.AttachmentsByKey(constant.AK_KEY, "")
requestTimestamp := invocation.AttachmentsByKey(constant.REQUEST_TIMESTAMP_KEY, "")
originSignature := invocation.AttachmentsByKey(constant.REQUEST_SIGNATURE_KEY, "")
consumer := invocation.AttachmentsByKey(constant.CONSUMER, "")
if IsEmpty(accessKeyId, false) || IsEmpty(consumer, false) ||
IsEmpty(requestTimestamp, false) || IsEmpty(originSignature, false) {
return errors.New("failed to authenticate your ak/sk, maybe the consumer has not enabled the auth")
}
accessKeyPair, err := getAccessKeyPair(invocation, url)
if err != nil {
return errors.New("failed to authenticate , can't load the accessKeyPair")
}
computeSignature, err := getSignature(url, invocation, accessKeyPair.SecretKey, requestTimestamp)
if err != nil {
return err
}
if success := computeSignature == originSignature; !success {
return errors.New("failed to authenticate, signature is not correct")
}
return nil
}
- Authenticate方法從invocation的attachment獲取requestTimestamp及originSignature,而後經過getAccessKeyPair從accesskeyStorage.GetAccessKeyPair獲取accessKeyPair,以後經過getSignature計算signature,而後對比computeSignature與originSignature是否同樣,不同則返回error
小結
ProviderAuthFilter的Invoke方法經過doAuthWork來進行auth,其傳遞的func執行authenticator.Authenticate(invocation, &url)exception
doc
相關文章
- 1. 聊聊kingbus的starRaft
- 2. 聊聊SpinalTap的BinlogEventListener
- 3. 聊聊debezium的eventHandlers
- 4. 聊聊elasticsearch的SeedHostsProvider
- 5. 聊聊debezium的BinlogReader
- 6. 聊聊elasticsearch的MembershipAction
- 7. 聊聊flink的JDBCOutputFormat
- 8. 聊聊flink的BlobWriter
- 9. 聊聊artemis的ExpiryScanner
- 10. 聊聊sentinel的SentinelGatewayFilter
- 更多相關文章...
- • PHP imagecolorclosest - 取得與指定的顏色最接近的顏色的索引值 - PHP參考手冊
- • PHP imagecolorclosesthwb - 取得與指定的顏色最接近的色度的黑白色的索引 - PHP參考手冊
- • 漫談MySQL的鎖機制
- • 互聯網組織的未來:剖析GitHub員工的任性之源
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
歡迎關注本站公眾號,獲取更多信息
相關文章