thorin-plugin-cluster-kube 2.0.5 → 2.0.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/clusterClient.js +52 -1
- package/lib/proxy.js +5 -42
- package/package.json +1 -1
package/lib/clusterClient.js
CHANGED
|
@@ -10,7 +10,8 @@ const crypto = require('crypto'),
|
|
|
10
10
|
module.exports = function init(thorin, opt) {
|
|
11
11
|
|
|
12
12
|
const ERROR_SERVICE = thorin.error('CLUSTER.DATA', 'Please provide the service name'),
|
|
13
|
-
ERROR_ACTION = thorin.error('CLUSTER.DATA', 'Please provide the action name')
|
|
13
|
+
ERROR_ACTION = thorin.error('CLUSTER.DATA', 'Please provide the action name'),
|
|
14
|
+
ERROR_PROXY = thorin.error('CLUSTER.AUTH', 'Request not authorized', 401);
|
|
14
15
|
|
|
15
16
|
const logger = thorin.logger(opt.logger),
|
|
16
17
|
fetch = thorin.fetch;
|
|
@@ -189,6 +190,56 @@ module.exports = function init(thorin, opt) {
|
|
|
189
190
|
return DEFAULT_PREFIX + hashValue + '$' + publicStr;
|
|
190
191
|
}
|
|
191
192
|
|
|
193
|
+
/**
|
|
194
|
+
* Proxy authorization middleware function, that checks that the given intent call
|
|
195
|
+
* comes from a cluster service.
|
|
196
|
+
* */
|
|
197
|
+
authorizeIntent(intentObj, opt = {}) {
|
|
198
|
+
let clientData = intentObj.client(),
|
|
199
|
+
tokenType = intentObj.authorizationSource,
|
|
200
|
+
accessToken = intentObj.authorization;
|
|
201
|
+
if (clientData.headers) {
|
|
202
|
+
let headerToken = clientData.headers['x-cluster-token'];
|
|
203
|
+
if (headerToken) {
|
|
204
|
+
tokenType = 'TOKEN';
|
|
205
|
+
accessToken = headerToken;
|
|
206
|
+
}
|
|
207
|
+
}
|
|
208
|
+
// turned off
|
|
209
|
+
if (!this.hasToken()) {
|
|
210
|
+
intentObj.data('proxy_auth', true);
|
|
211
|
+
intentObj._setAuthorization('CLUSTER', accessToken);
|
|
212
|
+
return true;
|
|
213
|
+
}
|
|
214
|
+
if (tokenType !== 'TOKEN') {
|
|
215
|
+
if (opt.required === false) {
|
|
216
|
+
intentObj.data('proxy_auth', false);
|
|
217
|
+
return true;
|
|
218
|
+
}
|
|
219
|
+
throw ERROR_PROXY;
|
|
220
|
+
}
|
|
221
|
+
let serviceData = this.verifyToken(accessToken, intentObj.action);
|
|
222
|
+
if (!serviceData) {
|
|
223
|
+
logger.warn(`Received invalid proxy request for ${intentObj.action} from: ${clientData.ip}`);
|
|
224
|
+
logger.warn(clientData, intentObj.rawInput);
|
|
225
|
+
if (opt.required === false) {
|
|
226
|
+
intentObj.data('proxy_auth', false);
|
|
227
|
+
return true;
|
|
228
|
+
}
|
|
229
|
+
throw ERROR_PROXY;
|
|
230
|
+
}
|
|
231
|
+
if (opt.required === false) {
|
|
232
|
+
intentObj.data('proxy_auth', true);
|
|
233
|
+
intentObj._setAuthorization('CLUSTER', accessToken);
|
|
234
|
+
}
|
|
235
|
+
intentObj.data('proxy_name', serviceData.n);
|
|
236
|
+
if (serviceData.t) {
|
|
237
|
+
intentObj.data('proxy_service', serviceData.t);
|
|
238
|
+
}
|
|
239
|
+
intentObj.resultHeaders('connection', 'keep-alive');
|
|
240
|
+
return true;
|
|
241
|
+
}
|
|
242
|
+
|
|
192
243
|
|
|
193
244
|
}
|
|
194
245
|
|
package/lib/proxy.js
CHANGED
|
@@ -20,48 +20,11 @@ module.exports = function (thorin, opt, pluginObj) {
|
|
|
20
20
|
dispatcher
|
|
21
21
|
.addAuthorization('cluster#proxy')
|
|
22
22
|
.use((intentObj, next, opt) => {
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
if (headerToken) {
|
|
29
|
-
tokenType = 'TOKEN';
|
|
30
|
-
accessToken = headerToken;
|
|
31
|
-
}
|
|
23
|
+
try {
|
|
24
|
+
pluginObj.authorizeIntent(intentObj, opt);
|
|
25
|
+
next();
|
|
26
|
+
} catch (e) {
|
|
27
|
+
next(e);
|
|
32
28
|
}
|
|
33
|
-
// turned off
|
|
34
|
-
if (!pluginObj.hasToken()) {
|
|
35
|
-
intentObj.data('proxy_auth', true);
|
|
36
|
-
intentObj._setAuthorization('CLUSTER', accessToken);
|
|
37
|
-
return next();
|
|
38
|
-
}
|
|
39
|
-
if (tokenType !== 'TOKEN') {
|
|
40
|
-
if (opt.required === false) {
|
|
41
|
-
intentObj.data('proxy_auth', false);
|
|
42
|
-
return next();
|
|
43
|
-
}
|
|
44
|
-
return next(ERROR_PROXY);
|
|
45
|
-
}
|
|
46
|
-
let serviceData = pluginObj.verifyToken(accessToken, intentObj.action);
|
|
47
|
-
if (!serviceData) {
|
|
48
|
-
logger.warn(`Received invalid proxy request for ${intentObj.action} from: ${clientData.ip}`);
|
|
49
|
-
logger.warn(clientData, intentObj.rawInput);
|
|
50
|
-
if (opt.required === false) {
|
|
51
|
-
intentObj.data('proxy_auth', false);
|
|
52
|
-
return next();
|
|
53
|
-
}
|
|
54
|
-
return next(ERROR_PROXY);
|
|
55
|
-
}
|
|
56
|
-
if (opt.required === false) {
|
|
57
|
-
intentObj.data('proxy_auth', true);
|
|
58
|
-
intentObj._setAuthorization('CLUSTER', accessToken);
|
|
59
|
-
}
|
|
60
|
-
intentObj.data('proxy_name', serviceData.n);
|
|
61
|
-
if (serviceData.t) {
|
|
62
|
-
intentObj.data('proxy_service', serviceData.t);
|
|
63
|
-
}
|
|
64
|
-
intentObj.resultHeaders('connection', 'keep-alive');
|
|
65
|
-
next();
|
|
66
29
|
});
|
|
67
30
|
}
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "thorin-plugin-cluster-kube",
|
|
3
3
|
"author": "UNLOQ Systems",
|
|
4
|
-
"version": "2.0.
|
|
4
|
+
"version": "2.0.8",
|
|
5
5
|
"dependencies": {},
|
|
6
6
|
"description": "Thorin.js cluster plugin for microservice communication within a kubernetes environment",
|
|
7
7
|
"main": "index.js",
|