ing

Dockerfile

@@ -0,0 +1,22 @@
+FROM alpine:3.7
+
+# grab su-exec for easy step-down from root
+RUN apk add --no-cache curl
+
+COPY _docker/config/* /etc/overflow/config/
+COPY _docker/bin/* /usr/local/overflow/bin/
+
+RUN mkdir -p /etc/overflow/config; \
+    mkdir -p /usr/local/overflow/bin; \
+    mkdir -p /var/overflow/logs; \
+    chmod +x /usr/local/overflow/bin/docker-entrypoint.sh /usr/local/overflow/bin/member_gateway_rest;
+
+ENV TINI_VERSION='0.17.0'
+
+# Use tini as subreaper in Docker container to adopt zombie processes
+RUN curl -fsSL https://github.com/krallin/tini/releases/download/v${TINI_VERSION}/tini-static-amd64 -o /bin/tini && chmod +x /bin/tini
+
+EXPOSE 80
+
+ENTRYPOINT ["/bin/tini", "--"]
+CMD ["/usr/local/overflow/bin/docker-entrypoint.sh"]

_docker/bin/docker-entrypoint.sh

@@ -0,0 +1,4 @@
+#!/bin/sh
+set -e
+
+exec /usr/local/overflow/bin/member_gateway_rest -config-dir=/etc/overflow/config

_docker/config/config.json

@@ -0,0 +1,30 @@
+{
+  "serverHandler": {
+    "name": "Member Gateway REST",
+    "network": "tcp4",
+    "address": ":80",
+    "concurrency": 262144,
+    "keepAlive": 60,
+    "handshakeTimeout": 60,
+    "maxMessageSize": 8192,
+    "readBufferSize": 1024,
+    "writeBufferSize": 1024,
+    "readTimeout": 0,
+    "writeTimeout": 0,
+    "pongTimeout": 60,
+    "pingTimeout": 10,
+    "pingPeriod": 10,
+    "enableCompression": false
+  },
+  "external": {
+    "grpc": {
+      "network": "tcp4",
+      "address": "192.168.1.50:50006"
+    },
+    "redis": {
+      "network": "tcp4",
+      "address": "192.168.1.50:6379"      
+    }
+  }
+}
+

_docker/config/overFlow-private.key

@@ -0,0 +1,51 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIJKgIBAAKCAgEAsmcQLI5ZQQThoePzL4dTwuAxqGPIfNCqTirQxZesyXTOEX3o
+QFLkd3s6dNHmFQIj1jVsFXDML5wRvv7YeI4a9wOrH+QR62KEzB6aT/yxSsVhNrLx
+kQ35Xd9keGmfyMRNr72iiP8Hrm+7O0x2vlGUQp8+jMCzDVNlFvE5V9iqjSv4Q/AH
+rURg5fH8JBIMZnhcz/kmNgWg2NByTFDiQXRjwBY5ts4Ylk8mZdAuumyiseXjE4l2
+JxdJJyRGqbx70wrC76MgTUvXEyw3MPSDGvN67PFYIJJwq5VpRNHeBMkNoPRWX6eE
+9M1VNY+/rXuUGdg2ZxBzykAUjhjR9Iq/hawPZR78TaJ/w5wCVb7L6xIDqXb2Jqhl
+FA4LHZmiDcR/m9Y2wI1DJkBeZpdxF1m19d5sxs3vNNKzNVquKEz1QBfKnLvPxBXK
+pUT+zliCdzu1D/VU+veqDtKI8dmmGflc5lXeDUYfPc7Kt4XLEZDSTBQlMgtkgE94
+ZcCJu6zdM3DrjPTh9OP5sG+/B5/KRYqZb4YpPGQ0TkXCaJjBtBEOM1FTk9/uhU/9
+b6lFbgc/quCkmz8Vxe5sJ98tXMi/F5q5n8ba90AKaLUUwhTAxWV69NXweYtIMtKI
+j7AuI7IuK64iIyW+CE6BAl0QOlMtgF2/EqKWltvmbYpb+YgWOYJwa8F8pj0CAwEA
+AQKCAgEApv52U17ECWqqUkHwB1Njgo0droQIzVz9rcHCPtNleAYQRqtW1a9CEN2W
+sHcyKgQgy4iiLceyOfabXe9rbh2G/CXA708rvuwvZmpXA/yDcHwmLW9/U8qC2+4a
+O+STHvkxxwl5tUcUR6Jq3m0K0cfHQj2R7WsLr7OacslGZgZ4T0ETWXS7muLg2R2U
+aadDWD/ekQalT/ggwhMMiodD4wUxwkKLr6Rnu3tHdBJVS0gZWvDXiBgqMxlG7o60
+XnoCZmAybOKDgBc3sci3uOmIN5gmPtkDJyossVBgg3z3l/8i9MECgPNsL0JtOn/e
+amO9FBwhgIQT/wPQudpd3cxqzpNqrCsCI6twWxWnvkmjGQ/ia2eSHwPnt5gzu+du
+FEt4ZNHJCYvPsd5Q18dr433M4aQxTB7ba7YCELy4Q3wBXXpwGDvf6+fo9GY0rJ41
+O7sCE2g2O9kGct12dD2saUZagXnHYJB3A9uSIMZ09o/mN2MZsIVx/umfbWWWcjug
+iLqHWTAXeR27LTGjcPiNCVDM95+G71e76k+mLRyKYzQrmREeU6tXKUhXi2IDMAZm
+tFKB2toLyoFrJLbTeVU8pv+PQK2iv5r7kQg14h2aaid3OyGubcvBGfORTuDR+rFF
+2wn6kBUooP0J3xKhzCnaIB8qtQGpOKd+WJtKW/WgtvT2TOjdoAECggEBANub/8+v
+mH/+OPPzA+9DgInynukt3knF+KVtZ9yEJYvrBP8eFYOIecPG000SRvfAoDJuqYc0
+yhfTWdDs1Yiw39SmP3ACgObBBRiEXXmWh1x9alytc0UTX1fh9mf5PocuxvWLtHCH
+SZ89lzs6Znu8di3aUWwMF7oU+ZF1TgAC9YUpS+SqRG6rV2RJ+TiJWJdS3BaQzhLe
+S7Ul4No7DByPnsTAJG82YARGi6EyBQA04kYB49dO+kAXNyQ6qNR89tchV9IAA6qz
+kR2ExgoA9c6kZUsexkS2ir1iuwjYUmHxhadJFUTGVzbgOcAbSBmUNEINM0CPgddi
+ttPaKMo80kUlKj0CggEBAM/3CkWa99j+T+oyoyLNiIWqfdktZaguDv+yxGV4rWx/
+rntRs6Dj0isTQYe3wgaeD7A6N618gS7etjI7q/wiw/0rknxyxLvQOTFLs/OWYcLs
+smsnbHBvMnWcjKaH50DUrBAQDP39vOcBIkeEwP4AcUnJXJW6T8HI9nqBqMCJ1MHv
+n16Fd6bnKM8AdiB6O8mLcPWVAN9aVy8CbL0G3EWV289+yDz9ftuxkOApfvIHfaHx
+EbuvE2xTIaANXcF6h1CK0izejXQLu/J7tE0j+G5oIe3bblIQvQmxVEzTKgv+S9qC
+6WqVBNFN0/Dll+HWrCYSP0XyRk5QzlN3lDSUCg+5LAECggEBALAkJoEZEVMPv/SC
+pVRCKxX6ANV8Ub+QR0fAQb7QSyE3htFs+sp+K1QI5C/8CenrmVH6CoWEpNeJUI/P
+ddHmNBFmqpkXmPX8OS8Z87NzNezMNwRQppTv3dgqSC3K7wkUTsZhoH9lM3rCtsrt
+o4d5eLx8UDQ+WsWIz0eI89/0f6KnpdSpcKvnR/gLkRZ0qxbsgdSjnnXp0IVh9UB0
+fdlmpGygxFhjH44uWw4WhYZN5HNMTsfB89x2AmdPmVydQor4lmy8UDSZRDqN5R3e
++Ukd+JTRASvZ0dvnFacZgrJGOvIbHzEDeK5uGEPqXeEOSv/zgHk24Wi1J3kykObs
+86Y8Ee0CggEAZNrywVTpU/Ppf7O1CADTb7eCNtvcTBaiMYFZ27gNquu1C5tQ2PsD
+ht5czlvgneLzysxBCkKyR6+8floQC0Q09ke2T+I85LSTuAN1rvFEUgsGcA77eP+E
+YiNc1rpb/UXmeBfApUDz5rfXDwYjrks6pcUgwIBNg7ZZSoos88skQjVafbWOlIPQ
+d6tKnm+JJTIZww/TD365f1PWtkloc9q8ckGTDHkHl7Xig8O8C9Z0KCBIMFQ0wDkE
+uqEg0d8BVp8sVJRN13SFXpB9nVePeMPJiJf9RZFWjCfSsTtLTeuyj7MjTgwc/QCY
+g2BlKyI39HKu+tYHIJ3xoesBFgqhYoS0AQKCAQEA0E3oLbrGvq5U3SlDXmVzRNV6
+7vDhl9H7KJvNA4+C9XPDAyPNtzS1hYYlELSV4EW/G1GY9Mm0VSxLQrVMyhSCN/Ih
+Tj7t4xfAevjYoI2XtXwjmjxKYznaL2t99g8NAzeK27Pa/z0J9tm9Uxm2akweGqsI
+gJ6u7daFksV9JXQtbQ9nRmBQ1E7mYxjsTEDdPSEl+S4M4UjTE38OLpRZRv49vSNZ
+wFjOnrpEETJY/eMhyyUgR2LNM2hrvd95QvykLpzVFguNQlsqCxWL8D81RSdSmDF9
+xdYsAuVTkhDWXwJ8hV95QxlurTu4rJgLBQA5gfxi20m8dWlO5KsMGyYqak3oWg==
+-----END RSA PRIVATE KEY-----

_docker/config/overFlow-public.pem

@@ -0,0 +1,14 @@
+-----BEGIN PUBLIC KEY-----
+MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAsmcQLI5ZQQThoePzL4dT
+wuAxqGPIfNCqTirQxZesyXTOEX3oQFLkd3s6dNHmFQIj1jVsFXDML5wRvv7YeI4a
+9wOrH+QR62KEzB6aT/yxSsVhNrLxkQ35Xd9keGmfyMRNr72iiP8Hrm+7O0x2vlGU
+Qp8+jMCzDVNlFvE5V9iqjSv4Q/AHrURg5fH8JBIMZnhcz/kmNgWg2NByTFDiQXRj
+wBY5ts4Ylk8mZdAuumyiseXjE4l2JxdJJyRGqbx70wrC76MgTUvXEyw3MPSDGvN6
+7PFYIJJwq5VpRNHeBMkNoPRWX6eE9M1VNY+/rXuUGdg2ZxBzykAUjhjR9Iq/hawP
+ZR78TaJ/w5wCVb7L6xIDqXb2JqhlFA4LHZmiDcR/m9Y2wI1DJkBeZpdxF1m19d5s
+xs3vNNKzNVquKEz1QBfKnLvPxBXKpUT+zliCdzu1D/VU+veqDtKI8dmmGflc5lXe
+DUYfPc7Kt4XLEZDSTBQlMgtkgE94ZcCJu6zdM3DrjPTh9OP5sG+/B5/KRYqZb4Yp
+PGQ0TkXCaJjBtBEOM1FTk9/uhU/9b6lFbgc/quCkmz8Vxe5sJ98tXMi/F5q5n8ba
+90AKaLUUwhTAxWV69NXweYtIMtKIj7AuI7IuK64iIyW+CE6BAl0QOlMtgF2/EqKW
+ltvmbYpb+YgWOYJwa8F8pj0CAwEAAQ==
+-----END PUBLIC KEY-----

build.sh

@@ -0,0 +1,8 @@
+#!/bin/bash
+
+rm ./_docker/bin/member_gateway_rest
+CGO_ENABLED=0 go build -a --installsuffix cgo --ldflags="-s" -o ./_docker/bin/member_gateway_rest
+
+docker build -t docker.loafle.net/overflow/member_gateway_rest:1.0.0 .
+
+#docker push docker.loafle.net/overflow/member_gateway_rest:1.0.0

config/config.go

@@ -3,9 +3,13 @@ package config
 import (
 	occe "git.loafle.net/overflow/commons-go/config/external"
 	ogrs "git.loafle.net/overflow/gateway_rest/server"
+	"crypto/rsa"
 )
 
 type Config struct {
 	ServerHandler *ogrs.ServerHandlers `json:"serverHandler"`
 	External      *occe.External       `json:"external"`
+
+	VerifyKey *rsa.PublicKey
+	SignKey   *rsa.PrivateKey
 }

docker-compose.yml

@@ -0,0 +1,11 @@
+version: "3"
+
+services:
+  member_gateway_rest:
+    image: docker.loafle.net/overflow/member_gateway_rest:1.0.0
+    container_name: member_gateway_rest
+    # volumes:
+      # - /service/redis/data/var/redis:/data
+      # - /service/redis/data/usr/local/etc/redis/redis.conf:/usr/local/etc/redis/redis.conf
+    ports:
+      - "19080:80"

glide.yaml

@@ -11,3 +11,4 @@ import:
 - package: git.loafle.net/overflow/commons-go
 - package: github.com/dgrijalva/jwt-go
   version: ^3.2.0
+- package: git.loafle.net/commons/cors-go

main.go

@@ -14,6 +14,9 @@ import (
 	"git.loafle.net/overflow/member_gateway_rest/config"
 	"git.loafle.net/overflow/member_gateway_rest/server"
 	"git.loafle.net/overflow/member_gateway_rest/service"
+	"io/ioutil"
+	"path"
+	"github.com/dgrijalva/jwt-go"
 )
 
 var (
@@ -35,6 +38,8 @@ func main() {
 		logging.Logger().Panic(err)
 	}
 
+	loadKey(*configDir, _config)
+
 	service.InitPackage()
 	defer func() {
 		service.DestroyPackage()
@@ -65,3 +70,27 @@ func main() {
 		logging.Logger().Errorf("error: %v", err)
 	}
 }
+
+func loadKey(configDir string, _config *config.Config)  {
+
+	signBytes, err := ioutil.ReadFile(path.Join(configDir, "overFlow-private.key"))
+	if nil != err {
+		logging.Logger().Panic(err)
+	}
+
+	_config.SignKey, err = jwt.ParseRSAPrivateKeyFromPEM(signBytes)
+	if nil != err {
+		logging.Logger().Panic(err)
+	}
+
+	verifyBytes, err := ioutil.ReadFile(path.Join(configDir, "overFlow-public.pem"))
+	if nil != err {
+		logging.Logger().Panic(err)
+	}
+
+	_config.VerifyKey, err = jwt.ParseRSAPublicKeyFromPEM(verifyBytes)
+	if nil != err {
+		logging.Logger().Panic(err)
+	}
+}
+

server/server-handler.go

@@ -5,6 +5,8 @@ import (
 	oge "git.loafle.net/overflow/gateway/external"
 	ogrs "git.loafle.net/overflow/gateway_rest/server"
 	"git.loafle.net/overflow/member_gateway_rest/config"
+	"github.com/valyala/fasthttp"
+	ccf "git.loafle.net/commons/cors-go/fasthttp"
 )
 
 type ServerHandler interface {
@@ -15,6 +17,7 @@ type ServerHandlers struct {
 	ogrs.ServerHandlers
 
 	Config *config.Config
+	corsHandler ccf.Cors
 }
 
 func (sh *ServerHandlers) Init(serverCtx cs.ServerCtx) error {
@@ -23,6 +26,8 @@ func (sh *ServerHandlers) Init(serverCtx cs.ServerCtx) error {
 	}
 	oge.InitPackage(sh.Config.External)
 
+	sh.corsHandler = ccf.AllowAll()
+
 	return nil
 }
 
@@ -47,3 +52,7 @@ func (sh *ServerHandlers) Destroy(serverCtx cs.ServerCtx) {
 
 	sh.ServerHandlers.Destroy(serverCtx)
 }
+
+func (sh *ServerHandlers) CheckOrigin(ctx *fasthttp.RequestCtx) bool {
+	return sh.corsHandler.Handle(ctx)
+}

server/server.go

@@ -11,6 +11,10 @@ import (
 
 func NewServer(_config *config.Config) *cswf.Server {
 
+	cdr.RegisterResource("VerifyKey", _config.VerifyKey)
+	cdr.RegisterResource("SignKey", _config.SignKey)
+
+
 	services, err := cdr.GetInstancesByAnnotationType(oca.RESTServiceAnnotationType)
 	if nil != err {
 		logging.Logger().Panic(err)

service/member-service.go

@@ -5,56 +5,34 @@ import (
 	"crypto/rsa"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
 	"reflect"
 	"time"
 
 	cda "git.loafle.net/commons/di-go/annotation"
 	cdr "git.loafle.net/commons/di-go/registry"
-	logging "git.loafle.net/commons/logging-go"
+	"git.loafle.net/commons/logging-go"
 	"git.loafle.net/commons/server-go"
 	_ "git.loafle.net/overflow/commons-go/annotation"
 	"git.loafle.net/overflow/gateway/external/grpc"
 	"github.com/valyala/fasthttp"
 
-	jwt "github.com/dgrijalva/jwt-go"
+	"github.com/dgrijalva/jwt-go"
 	"net/url"
 )
 
-var (
-	verifyKey *rsa.PublicKey
-	signKey   *rsa.PrivateKey
-)
 
 var MemberServiceType = reflect.TypeOf((*MemberService)(nil))
 
-func init() {
+func init()  {
 	cdr.RegisterType(MemberServiceType)
-
-	signBytes, err := ioutil.ReadFile("overFlow-private.key")
-	if nil != err {
-		panic(err)
-	}
-
-	signKey, err = jwt.ParseRSAPrivateKeyFromPEM(signBytes)
-	if nil != err {
-		panic(err)
-	}
-
-	verifyBytes, err := ioutil.ReadFile("overFlow-public.pem")
-	if nil != err {
-		panic(err)
-	}
-
-	verifyKey, err = jwt.ParseRSAPublicKeyFromPEM(verifyBytes)
-	if nil != err {
-		panic(err)
-	}
 }
 
 type MemberService struct {
 	cda.TypeAnnotation `annotation:"@overflow:RESTService()"`
 
+	VerifyKey *rsa.PublicKey `annotation:"@Resource(name='VerifyKey')"`
+	SignKey   *rsa.PrivateKey  `annotation:"@Resource(name='SignKey')"`
+
 	_Signin          cda.MethodAnnotation `annotation:"@overflow:RequestMapping(method='POST', entry='/account/signin', params='[signinID, signinPW]')"`
 	_SigninByCookie  cda.MethodAnnotation `annotation:"@overflow:RequestMapping(method='POST', entry='/account/signin_cookie', params='[authToken]')"`
 	_Signup          cda.MethodAnnotation `annotation:"@overflow:RequestMapping(method='POST', entry='/account/signup', params='[member, pw]')"`
@@ -102,7 +80,7 @@ func (ms *MemberService) Signin(servletCtx server.ServletCtx, ctx *fasthttp.Requ
 	claims["sub"] = signinID
 
 	/* Sign the token with our secret */
-	tokenString, err := token.SignedString(signKey)
+	tokenString, err := token.SignedString(ms.SignKey)
 	if nil != err {
 		return err
 	}
@@ -137,7 +115,7 @@ func (ms *MemberService) SigninByCookie(servletCtx server.ServletCtx, ctx *fasth
 		}
 
 		// hmacSampleSecret is a []byte containing your secret, e.g. []byte("my_secret_key")
-		return verifyKey, nil
+		return ms.VerifyKey, nil
 	})
 	if nil != err {
 		return err