thorin-plugin-cluster-kube 2.0.4 → 2.0.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/clusterClient.js +51 -0
- package/lib/proxy.js +5 -42
- package/package.json +1 -1
package/lib/clusterClient.js
CHANGED
|
@@ -108,6 +108,7 @@ module.exports = function init(thorin, opt) {
|
|
|
108
108
|
}
|
|
109
109
|
if (opt.required === false) return null;
|
|
110
110
|
if (e.ns === 'FETCH') e.ns = 'CLUSTER';
|
|
111
|
+
if (e.data && e.data.url) delete e.data.url;
|
|
111
112
|
e.action = action;
|
|
112
113
|
e.service = service;
|
|
113
114
|
throw e;
|
|
@@ -188,6 +189,56 @@ module.exports = function init(thorin, opt) {
|
|
|
188
189
|
return DEFAULT_PREFIX + hashValue + '$' + publicStr;
|
|
189
190
|
}
|
|
190
191
|
|
|
192
|
+
/**
|
|
193
|
+
* Proxy authorization middleware function, that checks that the given intent call
|
|
194
|
+
* comes from a cluster service.
|
|
195
|
+
* */
|
|
196
|
+
authorizeIntent(intentObj, opt = {}) {
|
|
197
|
+
let clientData = intentObj.client(),
|
|
198
|
+
tokenType = intentObj.authorizationSource,
|
|
199
|
+
accessToken = intentObj.authorization;
|
|
200
|
+
if (clientData.headers) {
|
|
201
|
+
let headerToken = clientData.headers['x-cluster-token'];
|
|
202
|
+
if (headerToken) {
|
|
203
|
+
tokenType = 'TOKEN';
|
|
204
|
+
accessToken = headerToken;
|
|
205
|
+
}
|
|
206
|
+
}
|
|
207
|
+
// turned off
|
|
208
|
+
if (!this.hasToken()) {
|
|
209
|
+
intentObj.data('proxy_auth', true);
|
|
210
|
+
intentObj._setAuthorization('CLUSTER', accessToken);
|
|
211
|
+
return true;
|
|
212
|
+
}
|
|
213
|
+
if (tokenType !== 'TOKEN') {
|
|
214
|
+
if (opt.required === false) {
|
|
215
|
+
intentObj.data('proxy_auth', false);
|
|
216
|
+
return true;
|
|
217
|
+
}
|
|
218
|
+
throw ERROR_PROXY;
|
|
219
|
+
}
|
|
220
|
+
let serviceData = this.verifyToken(accessToken, intentObj.action);
|
|
221
|
+
if (!serviceData) {
|
|
222
|
+
logger.warn(`Received invalid proxy request for ${intentObj.action} from: ${clientData.ip}`);
|
|
223
|
+
logger.warn(clientData, intentObj.rawInput);
|
|
224
|
+
if (opt.required === false) {
|
|
225
|
+
intentObj.data('proxy_auth', false);
|
|
226
|
+
return true;
|
|
227
|
+
}
|
|
228
|
+
throw ERROR_PROXY;
|
|
229
|
+
}
|
|
230
|
+
if (opt.required === false) {
|
|
231
|
+
intentObj.data('proxy_auth', true);
|
|
232
|
+
intentObj._setAuthorization('CLUSTER', accessToken);
|
|
233
|
+
}
|
|
234
|
+
intentObj.data('proxy_name', serviceData.n);
|
|
235
|
+
if (serviceData.t) {
|
|
236
|
+
intentObj.data('proxy_service', serviceData.t);
|
|
237
|
+
}
|
|
238
|
+
intentObj.resultHeaders('connection', 'keep-alive');
|
|
239
|
+
return true;
|
|
240
|
+
}
|
|
241
|
+
|
|
191
242
|
|
|
192
243
|
}
|
|
193
244
|
|
package/lib/proxy.js
CHANGED
|
@@ -20,48 +20,11 @@ module.exports = function (thorin, opt, pluginObj) {
|
|
|
20
20
|
dispatcher
|
|
21
21
|
.addAuthorization('cluster#proxy')
|
|
22
22
|
.use((intentObj, next, opt) => {
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
if (headerToken) {
|
|
29
|
-
tokenType = 'TOKEN';
|
|
30
|
-
accessToken = headerToken;
|
|
31
|
-
}
|
|
23
|
+
try {
|
|
24
|
+
pluginObj.authorizeIntent(intentObj, opt);
|
|
25
|
+
next();
|
|
26
|
+
} catch (e) {
|
|
27
|
+
next(e);
|
|
32
28
|
}
|
|
33
|
-
// turned off
|
|
34
|
-
if (!pluginObj.hasToken()) {
|
|
35
|
-
intentObj.data('proxy_auth', true);
|
|
36
|
-
intentObj._setAuthorization('CLUSTER', accessToken);
|
|
37
|
-
return next();
|
|
38
|
-
}
|
|
39
|
-
if (tokenType !== 'TOKEN') {
|
|
40
|
-
if (opt.required === false) {
|
|
41
|
-
intentObj.data('proxy_auth', false);
|
|
42
|
-
return next();
|
|
43
|
-
}
|
|
44
|
-
return next(ERROR_PROXY);
|
|
45
|
-
}
|
|
46
|
-
let serviceData = pluginObj.verifyToken(accessToken, intentObj.action);
|
|
47
|
-
if (!serviceData) {
|
|
48
|
-
logger.warn(`Received invalid proxy request for ${intentObj.action} from: ${clientData.ip}`);
|
|
49
|
-
logger.warn(clientData, intentObj.rawInput);
|
|
50
|
-
if (opt.required === false) {
|
|
51
|
-
intentObj.data('proxy_auth', false);
|
|
52
|
-
return next();
|
|
53
|
-
}
|
|
54
|
-
return next(ERROR_PROXY);
|
|
55
|
-
}
|
|
56
|
-
if (opt.required === false) {
|
|
57
|
-
intentObj.data('proxy_auth', true);
|
|
58
|
-
intentObj._setAuthorization('CLUSTER', accessToken);
|
|
59
|
-
}
|
|
60
|
-
intentObj.data('proxy_name', serviceData.n);
|
|
61
|
-
if (serviceData.t) {
|
|
62
|
-
intentObj.data('proxy_service', serviceData.t);
|
|
63
|
-
}
|
|
64
|
-
intentObj.resultHeaders('connection', 'keep-alive');
|
|
65
|
-
next();
|
|
66
29
|
});
|
|
67
30
|
}
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "thorin-plugin-cluster-kube",
|
|
3
3
|
"author": "UNLOQ Systems",
|
|
4
|
-
"version": "2.0.
|
|
4
|
+
"version": "2.0.7",
|
|
5
5
|
"dependencies": {},
|
|
6
6
|
"description": "Thorin.js cluster plugin for microservice communication within a kubernetes environment",
|
|
7
7
|
"main": "index.js",
|