From bb2fd2b66e20c2e4974d68251fd3fbba49735a17 Mon Sep 17 00:00:00 2001 From: Yan Qing Date: Thu, 17 Sep 2020 16:57:01 +0800 Subject: [PATCH] support open trust --- config/default.yml | 7 ++++++- config/test.yml | 6 +++++- config/test_on_github.yml | 6 +++++- go.mod | 14 ++++++++----- go.sum | 44 +++++++++++++++++++++++++++++++++++++++ main.go | 4 +--- src/conf/config.go | 36 +++++++++++++++++++++----------- src/middleware/auth.go | 43 +++++++++++++++++++++++++++++++++++++- 8 files changed, 136 insertions(+), 24 deletions(-) diff --git a/config/default.yml b/config/default.yml index 1624349..ffba8ce 100644 --- a/config/default.yml +++ b/config/default.yml @@ -31,5 +31,10 @@ clients: - macos cache_label_expire: 5m auth_keys: - # - kqGuLsiKT1J5ANFDKXUHc2lAYfdzWBnriL1iHgBbYQ + - kqGuLsiKT1J5ANFDKXUHc2lAYfdzWBnriL1iHgBbYQ hid_key: q7FltzZWfvGIrdEdHYY # 一旦设定,尽量不要改变,否则派生出去的 HID 无法识别 +open_trust: + otid: "otid:ot.example.com:service:urbs-setting" + private_keys: [] + domain_public_keys: + - '{"kty":"RSA","alg":"PS256","e":"AQAB","kid":"4PblNZYSnOsy8sD6SHZPEl6DCqEerpgfi_sPxthHpWM","n":"0FjUWU9H6P9JTe3ZFOGxoVlYKFlzr98N44vIvjvvLVM1FU3MECJeTpztgnONZKelBO2YSY29v1mTl_PLWxVsn-gwkRczp1F5ogvt64dkPpaSdzpOLS1aKhqJSpVJp-D0lJWJ4ksEvyvM1hMNe9F3gbI6yyLigPhfF6qPdS2PxbFdilX4TmvrmViFnkVT31L4aXVuaEg9juLfxbIs-lnbvE9_L0a-zm-PfN-sLP3_SrPtUBLRH-cVgiMc43eXqU1H5AqJ0XzPHdrwzTRFiZuLsyaI2zj67D2x9Wwn8ze2OeP_B6th97XQfS_6zJ5BDs_VPoQi19F0Ts3dWnlXi2CrhQ"}' diff --git a/config/test.yml b/config/test.yml index 4c456bd..0b92a49 100644 --- a/config/test.yml +++ b/config/test.yml @@ -21,5 +21,9 @@ clients: - windows - macos cache_label_expire: 10s # 用于测试 -auth_keys: +auth_keys: [] hid_key: q7FltzZWfvGIrdEdHYY # 一旦设定,尽量不要改变,否则派生出去的 HID 无法识别 +open_trust: + otid: "" + private_keys: [] + domain_public_keys: [] diff --git a/config/test_on_github.yml b/config/test_on_github.yml index e3c23e6..2d5d777 100644 --- a/config/test_on_github.yml +++ b/config/test_on_github.yml @@ -21,5 +21,9 @@ clients: - windows - macos cache_label_expire: 10s # 用于测试 -auth_keys: +auth_keys: [] hid_key: q7FltzZWfvGIrdEdHYY # 一旦设定,尽量不要改变,否则派生出去的 HID 无法识别 +open_trust: + otid: "" + private_keys: [] + domain_public_keys: [] diff --git a/go.mod b/go.mod index ca74da8..1fc65dd 100644 --- a/go.mod +++ b/go.mod @@ -4,12 +4,16 @@ go 1.14 require ( github.com/DavidCai1993/request v0.0.0-20171115020405-aad722fa9b76 - github.com/doug-martin/goqu/v9 v9.9.0 - github.com/go-sql-driver/mysql v1.4.1 + github.com/doug-martin/goqu/v9 v9.10.0 + github.com/go-sql-driver/mysql v1.5.0 + github.com/open-trust/ot-go-lib v0.3.0 + github.com/opentracing/opentracing-go v1.2.0 // indirect github.com/stretchr/testify v1.5.1 - github.com/teambition/gear v1.21.4 + github.com/teambition/gear v1.21.6 github.com/teambition/gear-auth v1.7.0 github.com/teambition/gear-tracing v1.1.1 - go.uber.org/dig v1.8.0 - gopkg.in/yaml.v2 v2.2.8 + go.uber.org/dig v1.10.0 + golang.org/x/tools v0.0.0-20200917221617-d56e4e40bc9d // indirect + google.golang.org/appengine v1.6.6 // indirect + gopkg.in/yaml.v2 v2.3.0 ) diff --git a/go.sum b/go.sum index 910c7c8..6d57b4d 100644 --- a/go.sum +++ b/go.sum @@ -26,6 +26,8 @@ github.com/doug-martin/goqu v1.0.0 h1:5qQwMzItVsRGYf/3GdAWhb1s0KE5YBaTq9phYI2JUG github.com/doug-martin/goqu v5.0.0+incompatible h1:C7O6xQYoWpSGX32C1faMJWe1s82Ktr2jjWf2joReiSQ= github.com/doug-martin/goqu/v9 v9.9.0 h1:dF0Wcn6O/ccuK0w8U62Wa0HQskWOgex8IjyPBzujzNg= github.com/doug-martin/goqu/v9 v9.9.0/go.mod h1:zx5/YoiHux3wn7477GnI3PXzKyKpLKu32Teo9U4yCFE= +github.com/doug-martin/goqu/v9 v9.10.0 h1:ggTSAwshc5nubbFN7Q8Or1/Xzv+x8YTLCyv6CpBb9DM= +github.com/doug-martin/goqu/v9 v9.10.0/go.mod h1:zx5/YoiHux3wn7477GnI3PXzKyKpLKu32Teo9U4yCFE= github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/erikstmartin/go-testdb v0.0.0-20160219214506-8d10e4a1bae5 h1:Yzb9+7DPaBjB8zlTR87/ElzFsnQfuHnVUVqpZZIcV5Y= @@ -40,6 +42,8 @@ github.com/go-http-utils/negotiator v1.0.0 h1:Qp1zofD6Nw7KXApXa3pAjehP06Js0ILguE github.com/go-http-utils/negotiator v1.0.0/go.mod h1:mTQe1sH0XhdFkeDiWpCY3QSk7Apo5jwOlIwLWJbJe2c= github.com/go-sql-driver/mysql v1.4.1 h1:g24URVg0OFbNUTx9qqY1IRZ9D9z3iPyi5zKhQZpNwpA= github.com/go-sql-driver/mysql v1.4.1/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w= +github.com/go-sql-driver/mysql v1.5.0 h1:ozyZYNQW3x3HtqT1jira07DN2PArx2v7/mN66gGcHOs= +github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg= github.com/gogo/protobuf v1.3.1 h1:DqDEcV5aeaTmdFBePNpYsp3FlcVH/2ISVVM9Qf8PSls= github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe h1:lXe2qZdvpiX5WZkZR4hgp4KJVfY3nMkvmwbVkpv1rVY= @@ -50,6 +54,7 @@ github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5y github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= +github.com/google/subcommands v1.2.0/go.mod h1:ZjhPrFU+Olkh9WazFPsl27BQ4UPiG37m3yTrtFlrHVk= github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= github.com/jinzhu/inflection v1.0.0 h1:K317FqzuhWc8YvSVlFMCCUb36O/S9MCKRDI7QkRKD/E= github.com/jinzhu/inflection v1.0.0/go.mod h1:h+uFLlag+Qp1Va5pdKtLDYj+kHp5pxUVkryuEj+Srlc= @@ -65,6 +70,11 @@ github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORN github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= +github.com/lestrrat-go/iter v0.0.0-20200422075355-fc1769541911 h1:FvnrqecqX4zT0wOIbYK1gNgTm0677INEWiFY8UEYggY= +github.com/lestrrat-go/iter v0.0.0-20200422075355-fc1769541911/go.mod h1:zIdgO1mRKhn8l9vrZJZz9TUMMFbQbLeTsbqPDrJ/OJc= +github.com/lestrrat-go/jwx v1.0.4 h1:IkJICAolgmoutGs5go/loBHWtmiUSDADv3NUuN5dk8A= +github.com/lestrrat-go/jwx v1.0.4/go.mod h1:TPF17WiSFegZo+c20fdpw49QD+/7n4/IsGvEmCSWwT0= +github.com/lestrrat-go/pdebug v0.0.0-20200204225717-4d6bd78da58d/go.mod h1:B06CSso/AWxiPejj+fheUINGeBKeeEZNt8w+EoU7+L8= github.com/lib/pq v1.1.1 h1:sJZmqHoEaY7f+NPP8pgLB/WxulyR3fewgCM2qaSlBb4= github.com/lib/pq v1.1.1/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= @@ -74,11 +84,19 @@ github.com/mattn/go-sqlite3 v2.0.1+incompatible h1:xQ15muvnzGBHpIpdrNi1DA5x0+TcB github.com/mattn/go-sqlite3 v2.0.1+incompatible/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc= github.com/mozillazg/request v0.8.0 h1:TbXeQUdBWr1J1df5Z+lQczDFzX9JD71kTCl7Zu/9rNM= github.com/mozillazg/request v0.8.0/go.mod h1:weoQ/mVFNbWgRBtivCGF1tUT9lwneFesues+CleXMWc= +github.com/open-trust/ot-go-lib v0.2.1 h1:l1eRT+TG+ZSvlOiXzVca82jmv1bLA8TPYJM2byDK2eo= +github.com/open-trust/ot-go-lib v0.2.1/go.mod h1:l+Fjc042MXMVpIpS8S9G+PRjpnYWQ3F1q9WDnjfErDg= +github.com/open-trust/ot-go-lib v0.3.0 h1:7mQ0jKPwpf62YtGOdP54Oi7rnzOpdv7+X9HKO1UMfaQ= +github.com/open-trust/ot-go-lib v0.3.0/go.mod h1:Zm+mvvy90MZLx28GuT3xIvU+mtmCtvmJPxn/R6nmXOQ= github.com/opentracing/basictracer-go v1.1.0 h1:Oa1fTSBvAl8pa3U+IJYqrKm0NALwH9OsgwOqDv4xJW0= github.com/opentracing/basictracer-go v1.1.0/go.mod h1:V2HZueSJEp879yv285Aap1BS69fQMD+MNP1mRs6mBQc= github.com/opentracing/opentracing-go v1.1.0 h1:pWlfV3Bxv7k65HYwkikxat0+s3pV4bsqf19k25Ur8rU= github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= +github.com/opentracing/opentracing-go v1.2.0 h1:uEJPy/1a5RIPAJ0Ov+OIO8OxWu77jEv+1B0VhjKrZUs= +github.com/opentracing/opentracing-go v1.2.0/go.mod h1:GxEUsuufX4nBwe+T+Wl9TAgYrxe9dPLANfrWvHYVTgc= github.com/pelletier/go-toml v1.4.0/go.mod h1:PN7xzY2wHTK0K9p34ErDQMlFxa51Fk0OUruD3k1mMwo= +github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= +github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= @@ -87,6 +105,7 @@ github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+ github.com/stretchr/objx v0.1.1 h1:2vfRuCMp5sSVIDSqO8oNnWJq7mPa6KVP3iPIwFBuy8A= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= +github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.4.0 h1:2E4SXV/wtOkTonXsotYi4li6zVWxYlZuYNCXe9XRJyk= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= github.com/stretchr/testify v1.5.1 h1:nOGnQDM7FYENwehXlg/kFVnos3rEvtKTjRvOWSzb6H4= @@ -97,6 +116,8 @@ github.com/teambition/gear v1.21.2 h1:mwmfe5SOh9a5kQdoyYqdix/FGswtvu4QPkDzHNvkTL github.com/teambition/gear v1.21.2/go.mod h1:berJp67mxgCZ1ZKgv1oCVV9WpWko3zAgIGYtaN4iGW0= github.com/teambition/gear v1.21.4 h1:aLlpMdgAuMmZoc/hAHRUgLkBE9Uz9yu+adH8EA6vzUo= github.com/teambition/gear v1.21.4/go.mod h1:berJp67mxgCZ1ZKgv1oCVV9WpWko3zAgIGYtaN4iGW0= +github.com/teambition/gear v1.21.6 h1:K6E+mDopPxEll5/m7YDih2SMGVqK1FldnjErY0xNsM4= +github.com/teambition/gear v1.21.6/go.mod h1:sK2skNtDaqGu0XDhCSsUOkoXJKDhONkyvb8Owve07Ys= github.com/teambition/gear-auth v1.7.0 h1:8RYk2IwMYpnUCYf3YjGuOOwG9sj+NzQKYf3XJxQ1CRY= github.com/teambition/gear-auth v1.7.0/go.mod h1:U194Q5AX9BEHakk+tcabPVy2qDjv53i+hlbjdSIjR/0= github.com/teambition/gear-tracing v1.1.1 h1:LDAqXdXI5A7Xa2woMnr+0rgw29e5XbQRxHuUN8FxxAU= @@ -104,8 +125,12 @@ github.com/teambition/gear-tracing v1.1.1/go.mod h1:I9Vlhrv2wR1rXAod/1nFB9cQLodx github.com/teambition/trie-mux v1.4.2 h1:HgbwXfQDsingRLzyYdxEyut3i2Z9To/GOlVZD2gKRiM= github.com/teambition/trie-mux v1.4.2/go.mod h1:ZWBopELDBGsgw9l8lFD4WCkpZTmmEKhu/8w3FbsxBgo= github.com/vulcand/oxy v0.0.0-20181019102601-ac21a760928b/go.mod h1:giFb8dicROVdV5W0HXlA5siMBLWKnVXZlkA4Y5ZIzrY= +github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= go.uber.org/dig v1.8.0 h1:1rR6hnL/bu1EVcjnRDN5kx1vbIjEJDTGhSQ2B3ddpcI= go.uber.org/dig v1.8.0/go.mod h1:X34SnWGr8Fyla9zQNO2GSO2D+TIuqB14OS8JhYocIyw= +go.uber.org/dig v1.10.0 h1:yLmDDj9/zuDjv3gz8GQGviXMs9TfysIUMUilCpgzUJY= +go.uber.org/dig v1.10.0/go.mod h1:X34SnWGr8Fyla9zQNO2GSO2D+TIuqB14OS8JhYocIyw= golang.org/x/crypto v0.0.0-20181127143415-eb0de9b17e85/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190325154230-a5d413f7728c/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= @@ -113,6 +138,7 @@ golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20191205180655-e7c4368fe9dd h1:GGJVjV8waZKRHrgwvtH66z9ZGVurTD1MT0n1Bb+q4aM= golang.org/x/crypto v0.0.0-20191205180655-e7c4368fe9dd/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= @@ -122,6 +148,8 @@ golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHl golang.org/x/lint v0.0.0-20200302205851-738671d3881b h1:Wh+f8QHJXR411sJR8/vRBTZ7YapZaRvUcLFFJhusH0k= golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= +golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181201002055-351d144fa1fc/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -131,12 +159,18 @@ golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= golang.org/x/net v0.0.0-20190620200207-3b0461eec859 h1:R/3boaszxrf1GEUWTVDzSKVwLmSJpwZ1yqXm8j0v2QI= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200421231249-e086a090c8fd h1:QPwSajcTUrFriMF1nJ3XzgoqakqQEsnZf9LdXdi2nkI= golang.org/x/net v0.0.0-20200421231249-e086a090c8fd/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e h1:vcxGaoTs7kV8m5Np9uUNQin4BrLOthgV7252N8V+FwY= +golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208 h1:qwRHBd0NqMbJxfbotnDhm2ByMI1Shq4Y6oRJo21SGJA= +golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -156,14 +190,22 @@ golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBn golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= golang.org/x/tools v0.0.0-20191030062658-86caa796c7ab h1:tpc/nJ4vD66vAk/2KN0sw/DvQIz2sKmCpWvyKtPmfMQ= golang.org/x/tools v0.0.0-20191030062658-86caa796c7ab/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7 h1:EBZoQjiKKPaLbPrbpssUfuHtwM6KV/vb4U85g/cigFY= golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200417140056-c07e33ef3290 h1:NXNmtp0ToD36cui5IqWy95LC4Y6vT/4y3RnPxlQPinU= +golang.org/x/tools v0.0.0-20200417140056-c07e33ef3290/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= +golang.org/x/tools v0.0.0-20200917221617-d56e4e40bc9d/go.mod h1:z6u4i615ZeAfBE4XtMziQW1fSVJXACjjbWkB/mvPzlU= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0 h1:/wp5JvzpHIxhs/dumFmF7BXTf3Z+dd4uXta4kVyO508= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= +google.golang.org/appengine v1.6.2 h1:j8RI1yW0SkI+paT6uGwMlrMI/6zwYA6/CFil8rxOzGI= google.golang.org/appengine v1.6.2/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0= +google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= @@ -176,5 +218,7 @@ gopkg.in/mgo.v2 v2.0.0-20180705113604-9856a29383ce/go.mod h1:yeKp02qBN3iKW1OzL3M gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.3.0 h1:clyUAQHOM3G0M3f5vQj7LuJrETvjVot3Z5el9nffUtU= +gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= diff --git a/main.go b/main.go index 876aad4..e2814a5 100644 --- a/main.go +++ b/main.go @@ -1,13 +1,11 @@ package main import ( - "context" "encoding/json" "flag" "fmt" "os" - "github.com/teambition/gear" "github.com/teambition/urbs-setting/src/api" "github.com/teambition/urbs-setting/src/conf" "github.com/teambition/urbs-setting/src/logging" @@ -29,7 +27,7 @@ func main() { } app := api.NewApp() - ctx := gear.ContextWithSignal(context.Background()) + ctx := conf.Config.GlobalCtx host := "http://" + conf.Config.SrvAddr if conf.Config.CertFile != "" && conf.Config.KeyFile != "" { host = "https://" + conf.Config.SrvAddr diff --git a/src/conf/config.go b/src/conf/config.go index 0fc0dfb..e471325 100644 --- a/src/conf/config.go +++ b/src/conf/config.go @@ -1,8 +1,10 @@ package conf import ( + "context" "time" + "github.com/teambition/gear" "github.com/teambition/urbs-setting/src/util" ) @@ -12,6 +14,7 @@ func init() { if err := p.Validate(); err != nil { panic(err) } + p.GlobalCtx = gear.ContextWithSignal(context.Background()) } // Logger logger config @@ -30,20 +33,29 @@ type SQL struct { MaxOpenConns int `json:"max_open_conns" yaml:"max_open_conns"` } +// OpenTrust ... +type OpenTrust struct { + OTID string `json:"otid" yaml:"otid"` + PrivateKeys []string `json:"private_keys" yaml:"private_keys"` + DomainPublicKeys []string `json:"domain_public_keys" yaml:"domain_public_keys"` +} + // ConfigTpl ... type ConfigTpl struct { - SrvAddr string `json:"addr" yaml:"addr"` - CertFile string `json:"cert_file" yaml:"cert_file"` - KeyFile string `json:"key_file" yaml:"key_file"` - Logger Logger `json:"logger" yaml:"logger"` - MySQL SQL `json:"mysql" yaml:"mysql"` - MySQLRd SQL `json:"mysql_read" yaml:"mysql_read"` - CacheLabelExpire string `json:"cache_label_expire" yaml:"cache_label_expire"` - Channels []string `json:"channels" yaml:"channels"` - Clients []string `json:"clients" yaml:"clients"` - HIDKey string `json:"hid_key" yaml:"hid_key"` - AuthKeys []string `json:"auth_keys" yaml:"auth_keys"` - cacheLabelExpire int64 // seconds, default to 60 seconds + GlobalCtx context.Context + SrvAddr string `json:"addr" yaml:"addr"` + CertFile string `json:"cert_file" yaml:"cert_file"` + KeyFile string `json:"key_file" yaml:"key_file"` + Logger Logger `json:"logger" yaml:"logger"` + MySQL SQL `json:"mysql" yaml:"mysql"` + MySQLRd SQL `json:"mysql_read" yaml:"mysql_read"` + CacheLabelExpire string `json:"cache_label_expire" yaml:"cache_label_expire"` + Channels []string `json:"channels" yaml:"channels"` + Clients []string `json:"clients" yaml:"clients"` + HIDKey string `json:"hid_key" yaml:"hid_key"` + AuthKeys []string `json:"auth_keys" yaml:"auth_keys"` + OpenTrust OpenTrust `json:"open_trust" yaml:"open_trust"` + cacheLabelExpire int64 // seconds, default to 60 seconds } // Validate 用于完成基本的配置验证和初始化工作。业务相关的配置验证建议放到相关代码中实现,如 mysql 的配置。 diff --git a/src/middleware/auth.go b/src/middleware/auth.go index 2e095b9..5f46b40 100644 --- a/src/middleware/auth.go +++ b/src/middleware/auth.go @@ -3,6 +3,7 @@ package middleware import ( "time" + otgo "github.com/open-trust/ot-go-lib" "github.com/teambition/gear" auth "github.com/teambition/gear-auth" authjwt "github.com/teambition/gear-auth/jwt" @@ -11,20 +12,60 @@ import ( ) func init() { + // otgo.Debugging = logging.Logger // 开启 otgo debug 日志 + + otConf := conf.Config.OpenTrust keys := conf.Config.AuthKeys if len(keys) > 0 { Auther = auth.New(authjwt.StrToKeys(keys...)...) Auther.JWT().SetExpiresIn(time.Minute * 10) - } else { + } + if otConf.OTID != "" { + var err error + otid, err := otgo.ParseOTID(otConf.OTID) + if err != nil { + logging.Panicf("Parse Open Trust config failed: %s", err) + } + + otVerifier, err = otgo.NewVerifier(conf.Config.GlobalCtx, otid, false, otConf.DomainPublicKeys...) + if err != nil { + logging.Panicf("Parse Open Trust config failed: %s", err) + } + } + + if otVerifier == nil && Auther == nil { logging.Warningf("`auth_keys` is empty, Auth middleware will not be executed.") } } +var otVerifier *otgo.Verifier + // Auther 是基于 JWT 的身份验证,当 config.auth_keys 配置了才会启用 var Auther *auth.Auth // Auth 验证请求者身份,如果验证失败,则返回 401 的 gear.HTTPError func Auth(ctx *gear.Context) error { + if otVerifier != nil { + token := otgo.ExtractTokenFromHeader(ctx.Req.Header) + if token == "" { + return gear.ErrUnauthorized.WithMsg("invalid authorization token") + } + + vid, err := otVerifier.ParseOTVID(token) + if err != nil { + if Auther != nil { // 兼容老的 jwt 验证 + return oldAuth(ctx) + } + return gear.ErrUnauthorized.WithMsg("authorization token verification failed") + } + + logging.AccessLogger.SetTo(ctx, "otSub", vid.ID.String()) + return nil + } + return oldAuth(ctx) +} + +func oldAuth(ctx *gear.Context) error { if Auther != nil { claims, err := Auther.FromCtx(ctx) if err != nil {