thorin-plugin-cluster-kube 2.0.5 → 2.0.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/clusterClient.js +50 -0
- package/lib/proxy.js +5 -42
- package/package.json +1 -1
package/lib/clusterClient.js
CHANGED
|
@@ -189,6 +189,56 @@ module.exports = function init(thorin, opt) {
|
|
|
189
189
|
return DEFAULT_PREFIX + hashValue + '$' + publicStr;
|
|
190
190
|
}
|
|
191
191
|
|
|
192
|
+
/**
|
|
193
|
+
* Proxy authorization middleware function, that checks that the given intent call
|
|
194
|
+
* comes from a cluster service.
|
|
195
|
+
* */
|
|
196
|
+
authorizeIntent(intentObj, opt = {}) {
|
|
197
|
+
let clientData = intentObj.client(),
|
|
198
|
+
tokenType = intentObj.authorizationSource,
|
|
199
|
+
accessToken = intentObj.authorization;
|
|
200
|
+
if (clientData.headers) {
|
|
201
|
+
let headerToken = clientData.headers['x-cluster-token'];
|
|
202
|
+
if (headerToken) {
|
|
203
|
+
tokenType = 'TOKEN';
|
|
204
|
+
accessToken = headerToken;
|
|
205
|
+
}
|
|
206
|
+
}
|
|
207
|
+
// turned off
|
|
208
|
+
if (!pluginObj.hasToken()) {
|
|
209
|
+
intentObj.data('proxy_auth', true);
|
|
210
|
+
intentObj._setAuthorization('CLUSTER', accessToken);
|
|
211
|
+
return true;
|
|
212
|
+
}
|
|
213
|
+
if (tokenType !== 'TOKEN') {
|
|
214
|
+
if (opt.required === false) {
|
|
215
|
+
intentObj.data('proxy_auth', false);
|
|
216
|
+
return true;
|
|
217
|
+
}
|
|
218
|
+
throw ERROR_PROXY;
|
|
219
|
+
}
|
|
220
|
+
let serviceData = this.verifyToken(accessToken, intentObj.action);
|
|
221
|
+
if (!serviceData) {
|
|
222
|
+
logger.warn(`Received invalid proxy request for ${intentObj.action} from: ${clientData.ip}`);
|
|
223
|
+
logger.warn(clientData, intentObj.rawInput);
|
|
224
|
+
if (opt.required === false) {
|
|
225
|
+
intentObj.data('proxy_auth', false);
|
|
226
|
+
return true;
|
|
227
|
+
}
|
|
228
|
+
throw ERROR_PROXY;
|
|
229
|
+
}
|
|
230
|
+
if (opt.required === false) {
|
|
231
|
+
intentObj.data('proxy_auth', true);
|
|
232
|
+
intentObj._setAuthorization('CLUSTER', accessToken);
|
|
233
|
+
}
|
|
234
|
+
intentObj.data('proxy_name', serviceData.n);
|
|
235
|
+
if (serviceData.t) {
|
|
236
|
+
intentObj.data('proxy_service', serviceData.t);
|
|
237
|
+
}
|
|
238
|
+
intentObj.resultHeaders('connection', 'keep-alive');
|
|
239
|
+
return true;
|
|
240
|
+
}
|
|
241
|
+
|
|
192
242
|
|
|
193
243
|
}
|
|
194
244
|
|
package/lib/proxy.js
CHANGED
|
@@ -20,48 +20,11 @@ module.exports = function (thorin, opt, pluginObj) {
|
|
|
20
20
|
dispatcher
|
|
21
21
|
.addAuthorization('cluster#proxy')
|
|
22
22
|
.use((intentObj, next, opt) => {
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
if (headerToken) {
|
|
29
|
-
tokenType = 'TOKEN';
|
|
30
|
-
accessToken = headerToken;
|
|
31
|
-
}
|
|
23
|
+
try {
|
|
24
|
+
pluginObj.authorizeIntent(intentObj, opt);
|
|
25
|
+
next();
|
|
26
|
+
} catch (e) {
|
|
27
|
+
next(e);
|
|
32
28
|
}
|
|
33
|
-
// turned off
|
|
34
|
-
if (!pluginObj.hasToken()) {
|
|
35
|
-
intentObj.data('proxy_auth', true);
|
|
36
|
-
intentObj._setAuthorization('CLUSTER', accessToken);
|
|
37
|
-
return next();
|
|
38
|
-
}
|
|
39
|
-
if (tokenType !== 'TOKEN') {
|
|
40
|
-
if (opt.required === false) {
|
|
41
|
-
intentObj.data('proxy_auth', false);
|
|
42
|
-
return next();
|
|
43
|
-
}
|
|
44
|
-
return next(ERROR_PROXY);
|
|
45
|
-
}
|
|
46
|
-
let serviceData = pluginObj.verifyToken(accessToken, intentObj.action);
|
|
47
|
-
if (!serviceData) {
|
|
48
|
-
logger.warn(`Received invalid proxy request for ${intentObj.action} from: ${clientData.ip}`);
|
|
49
|
-
logger.warn(clientData, intentObj.rawInput);
|
|
50
|
-
if (opt.required === false) {
|
|
51
|
-
intentObj.data('proxy_auth', false);
|
|
52
|
-
return next();
|
|
53
|
-
}
|
|
54
|
-
return next(ERROR_PROXY);
|
|
55
|
-
}
|
|
56
|
-
if (opt.required === false) {
|
|
57
|
-
intentObj.data('proxy_auth', true);
|
|
58
|
-
intentObj._setAuthorization('CLUSTER', accessToken);
|
|
59
|
-
}
|
|
60
|
-
intentObj.data('proxy_name', serviceData.n);
|
|
61
|
-
if (serviceData.t) {
|
|
62
|
-
intentObj.data('proxy_service', serviceData.t);
|
|
63
|
-
}
|
|
64
|
-
intentObj.resultHeaders('connection', 'keep-alive');
|
|
65
|
-
next();
|
|
66
29
|
});
|
|
67
30
|
}
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "thorin-plugin-cluster-kube",
|
|
3
3
|
"author": "UNLOQ Systems",
|
|
4
|
-
"version": "2.0.
|
|
4
|
+
"version": "2.0.6",
|
|
5
5
|
"dependencies": {},
|
|
6
6
|
"description": "Thorin.js cluster plugin for microservice communication within a kubernetes environment",
|
|
7
7
|
"main": "index.js",
|