diff --git a/config.json b/config.json index fcddc98..08eefe8 100644 --- a/config.json +++ b/config.json @@ -13,7 +13,7 @@ "EnableCompression": false }, "gRPC": { - "addr": "192.168.1.50:50006", + "addr": "127.0.0.1:50006", "tls": false, "pool": { "MaxIdle": 1, diff --git a/server/auth_servlet.go b/server/auth_servlet.go new file mode 100644 index 0000000..ccb9ce7 --- /dev/null +++ b/server/auth_servlet.go @@ -0,0 +1,100 @@ +package server + +import ( + "context" + "encoding/base64" + "encoding/json" + "fmt" + + "git.loafle.net/commons_go/logging" + "git.loafle.net/overflow/overflow_gateway_probe/grpc" + ogw "git.loafle.net/overflow/overflow_gateway_websocket" + "github.com/valyala/fasthttp" +) + +const ( + noAuthHeaderNoAuthID = "overFlow-NoAuth-ID" + noAuthHeaderNoAuthRegist = "overFlow-NoAuth-Regist" + noAuthHeaderSetNoAuthID = "overFlow-Set-NoAuth-ID" +) + +func newAuthServlet() Servlet { + s := &authServlet{} + return s +} + +type authServlet struct { +} + +func (s *authServlet) IsCanConnect(ctx *fasthttp.RequestCtx) bool { + var buf []byte + if buf = ctx.Request.Header.Peek(noAuthHeaderNoAuthID); nil != buf { + return s.noAuthConnect(ctx, string(buf)) + } + if buf = ctx.Request.Header.Peek(noAuthHeaderNoAuthRegist); nil != buf { + return s.noAuthRegist(ctx, string(buf)) + } + + return false +} + +func (s *authServlet) noAuthConnect(ctx *fasthttp.RequestCtx, tempKey string) bool { + var err error + gctx := context.Background() + params := []string{tempKey} + + var result string + if result, err = grpc.Exec(gctx, "NoAuthProbeService.readByTempKey", params); nil != err { + logging.Logger.Warn(fmt.Sprintf("Auth: Invalid connect tempKey[%s] ip[%s]", tempKey, ctx.RemoteAddr().String())) + return false + } + var nap NoAuthProbe + if err = json.Unmarshal([]byte(result), &nap); nil != err { + logging.Logger.Warn(fmt.Sprintf("Auth: Cannot conver json[%s] ip[%s]", result, ctx.RemoteAddr().String())) + return false + } + + return true +} + +func (s *authServlet) noAuthRegist(ctx *fasthttp.RequestCtx, encInfo string) bool { + var buf []byte + var err error + if buf, err = base64.StdEncoding.DecodeString(encInfo); nil != err { + logging.Logger.Warn(fmt.Sprintf("Auth: Invalid noAuth regist base64[%s] ip[%s]", encInfo, ctx.RemoteAddr().String())) + return false + } + noauthJSON := string(buf) + gctx := context.Background() + params := []string{noauthJSON} + var result string + if result, err = grpc.Exec(gctx, "NoAuthProbeService.regist", params); nil != err { + logging.Logger.Warn(fmt.Sprintf("Auth: Invalid noAuth regist info[%s] ip[%s]", noauthJSON, ctx.RemoteAddr().String())) + return false + } + + var nap NoAuthProbe + if err = json.Unmarshal([]byte(result), &nap); nil != err { + logging.Logger.Warn(fmt.Sprintf("Auth: Invalid noAuth regist result[%s] ip[%s]", result, ctx.RemoteAddr().String())) + return false + } + + ctx.Response.Header.Set(noAuthHeaderSetNoAuthID, nap.TempProbeKey) + + return true +} + +func (s *authServlet) SessionUID(soc ogw.Socket) string { + var buf []byte + if buf = soc.Conn().Headers().Peek(noAuthHeaderNoAuthID); nil != buf { + return string(buf) + } + + return "" +} + +type NoAuthProbe struct { + ID uint64 `json:"id"` + Description string `json:"description"` + TempProbeKey string `json:"tempProbeKey"` +} diff --git a/server/probe_servlet.go b/server/probe_servlet.go new file mode 100644 index 0000000..96032dd --- /dev/null +++ b/server/probe_servlet.go @@ -0,0 +1,25 @@ +package server + +import ( + ogw "git.loafle.net/overflow/overflow_gateway_websocket" + "github.com/valyala/fasthttp" +) + +func newProbeServlet() Servlet { + s := &probeServlet{} + return s +} + +type probeServlet struct { +} + +func (s *probeServlet) IsCanConnect(ctx *fasthttp.RequestCtx) bool { + + return false +} + +func (s *probeServlet) SessionUID(soc ogw.Socket) string { + + return "" + +} diff --git a/server/server.go b/server/server.go index 80bd382..53fc267 100644 --- a/server/server.go +++ b/server/server.go @@ -3,6 +3,8 @@ package server import ( "context" + "github.com/valyala/fasthttp" + "git.loafle.net/overflow/overflow_gateway_probe/conf" ogw "git.loafle.net/overflow/overflow_gateway_websocket" ) @@ -17,3 +19,8 @@ func NewServer(ctx context.Context) ogw.Server { return _s } + +type Servlet interface { + IsCanConnect(ctx *fasthttp.RequestCtx) bool + SessionUID(soc ogw.Socket) string +} diff --git a/server/server_handlers.go b/server/server_handlers.go index 214b22c..8b5ee95 100644 --- a/server/server_handlers.go +++ b/server/server_handlers.go @@ -2,12 +2,10 @@ package server import ( "context" - "fmt" "time" "git.loafle.net/commons_go/config" "git.loafle.net/overflow/overflow_gateway_probe/conf" - jwt "github.com/dgrijalva/jwt-go" "github.com/valyala/fasthttp" ogw "git.loafle.net/overflow/overflow_gateway_websocket" @@ -17,50 +15,42 @@ var ofSigningKey []byte func newServerHandler(ctx context.Context) ogw.ServerHandler { h := &serverHandlers{ - ctx: ctx, + ctx: ctx, + servlets: make(map[string]Servlet, 2), } h.HandshakeTimeout = conf.Config.Websocket.HandshakeTimeout * time.Second h.ReadBufferSize = conf.Config.Websocket.ReadBufferSize h.WriteBufferSize = conf.Config.Websocket.WriteBufferSize h.EnableCompression = conf.Config.Websocket.EnableCompression + h.servlets["/auth"] = newAuthServlet() + h.servlets["/probe"] = newProbeServlet() + return h } type serverHandlers struct { ogw.ServerHandlers - ctx context.Context - cfg config.Configurator + ctx context.Context + cfg config.Configurator + servlets map[string]Servlet } func (h *serverHandlers) OnConnect(ctx *fasthttp.RequestCtx) bool { + if s, ok := h.servlets[string(ctx.Path())]; ok { + return s.IsCanConnect(ctx) + } - return true + return false } func (h *serverHandlers) OnConnected(soc ogw.Socket) { - // tokenString := string(soc.Conn().Headers().Cookie("AuthToken")) - tokenString := "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJpc3MiOiJvdmVyRmxvdyIsImlhdCI6MTUwNDU5NTExOSwiZXhwIjoxNTM2MTMxMTE5LCJhdWQiOiJ3d3cub3ZlcmZsb3cuY2xvdWQiLCJzdWIiOiJvdmVyZmxvd0Bsb2FmbGUuY29tIn0.-WQi3OykPlJ9x8RcZGhWXEtGw4GhU6wmyJ_AWh2rMeUatQylfPzvmum2Xfp6pwKLMmcP76XoDPNyq06i7RKWNQ" - token, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) { - // Don't forget to validate the alg is what you expect: - if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok { - return nil, fmt.Errorf("Unexpected signing method: %v", token.Header["alg"]) + if s, ok := h.servlets[soc.Path()]; ok { + if uid := s.SessionUID(soc); "" != uid { + path := soc.Path() + AddSocket(path, uid, soc) } - - // hmacSampleSecret is a []byte containing your secret, e.g. []byte("my_secret_key") - return ofSigningKey, nil - }) - path := soc.Path() - var uid string - if claims, ok := token.Claims.(jwt.MapClaims); ok && token.Valid { - uid = claims["sub"].(string) - } else { - fmt.Println(err) - return } - - AddSocket(path, uid, soc) - } func (h *serverHandlers) OnDisconnected(soc ogw.Socket) {