聊聊dubbo-go的ConsumerSignFilter

序

本文主要研究一下dubbo-go的ConsumerSignFilter

ConsumerSignFilter

dubbo-go-v1.4.2/filter/filter_impl/auth/consumer_sign.go

type ConsumerSignFilter struct {
}

func init() {
    extension.SetFilter(constant.CONSUMER_SIGN_FILTER, getConsumerSignFilter)
}

• ConsumerSignFilter的init方法設置了getConsumerSignFilter

getConsumerSignFilter

dubbo-go-v1.4.2/filter/filter_impl/auth/consumer_sign.go

func getConsumerSignFilter() filter.Filter {
    return &ConsumerSignFilter{}
}

• getConsumerSignFilter建立了ConsumerSignFilter

Invoke

dubbo-go-v1.4.2/filter/filter_impl/auth/consumer_sign.go

func (csf *ConsumerSignFilter) Invoke(ctx context.Context, invoker protocol.Invoker, invocation protocol.Invocation) protocol.Result {
    logger.Infof("invoking ConsumerSign filter.")
    url := invoker.GetUrl()

    err := doAuthWork(&url, func(authenticator filter.Authenticator) error {
        return authenticator.Sign(invocation, &url)
    })
    if err != nil {
        panic(fmt.Sprintf("Sign for invocation %s # %s failed", url.ServiceKey(), invocation.MethodName()))

    }
    return invoker.Invoke(ctx, invocation)
}

• Invoke方法會先執行doAuthWork方法，其傳遞的func執行authenticator.Sign(invocation, &url)

OnResponse

dubbo-go-v1.4.2/filter/filter_impl/auth/consumer_sign.go

func (csf *ConsumerSignFilter) OnResponse(ctx context.Context, result protocol.Result, invoker protocol.Invoker, invocation protocol.Invocation) protocol.Result {
    return result
}

• OnResponse方法直接返回result

doAuthWork

filter/filter_impl/auth/default_authenticator.go

func doAuthWork(url *common.URL, do func(filter.Authenticator) error) error {

    shouldAuth := url.GetParamBool(constant.SERVICE_AUTH_KEY, false)
    if shouldAuth {
        authenticator := extension.GetAuthenticator(url.GetParam(constant.AUTHENTICATOR_KEY, constant.DEFAULT_AUTHENTICATOR))
        return do(authenticator)
    }
    return nil
}

• doAuthWork方法先從url讀取constant.SERVICE_AUTH_KEY判斷是否須要auth，須要的話，則獲取authenticator，執行do(authenticator)

Sign

dubbo-go-v1.4.2/filter/filter_impl/auth/default_authenticator.go

func (authenticator *DefaultAuthenticator) Sign(invocation protocol.Invocation, url *common.URL) error {
    currentTimeMillis := strconv.Itoa(int(time.Now().Unix() * 1000))

    consumer := url.GetParam(constant.APPLICATION_KEY, "")
    accessKeyPair, err := getAccessKeyPair(invocation, url)
    if err != nil {
        return errors.New("get accesskey pair failed, cause: " + err.Error())
    }
    inv := invocation.(*invocation_impl.RPCInvocation)
    signature, err := getSignature(url, invocation, accessKeyPair.SecretKey, currentTimeMillis)
    if err != nil {
        return err
    }
    inv.SetAttachments(constant.REQUEST_SIGNATURE_KEY, signature)
    inv.SetAttachments(constant.REQUEST_TIMESTAMP_KEY, currentTimeMillis)
    inv.SetAttachments(constant.AK_KEY, accessKeyPair.AccessKey)
    inv.SetAttachments(constant.CONSUMER, consumer)
    return nil
}

func getAccessKeyPair(invocation protocol.Invocation, url *common.URL) (*filter.AccessKeyPair, error) {
    accesskeyStorage := extension.GetAccesskeyStorages(url.GetParam(constant.ACCESS_KEY_STORAGE_KEY, constant.DEFAULT_ACCESS_KEY_STORAGE))
    accessKeyPair := accesskeyStorage.GetAccessKeyPair(invocation, url)
    if accessKeyPair == nil || IsEmpty(accessKeyPair.AccessKey, false) || IsEmpty(accessKeyPair.SecretKey, true) {
        return nil, errors.New("accessKeyId or secretAccessKey not found")
    } else {
        return accessKeyPair, nil
    }
}

• Sign方法經過getAccessKeyPair從accesskeyStorage.GetAccessKeyPair獲取accessKeyPair，而後經過getSignature計算signature，沒有err則設置到attachment中

小結

ConsumerSignFilter的Invoke方法會先執行doAuthWork方法，其傳遞的func執行authenticator.Sign(invocation, &url)

doc

• consumer_sign