给接入用户中心的服务提供的SDK 中间件
import (
permission "gitlab.com/go-course-project/go17/devcloud-mini/mcenter/permisson"
"github.com/infraboard/modules/iam/apps/endpoint"
)
ws.Route(ws.GET("").To(r.QuerySecret).
Metadata(permission.Auth(true)).
Metadata(permission.Permission(true)).
Metadata(endpoint.META_RESOURCE_KEY, "secret").
Metadata(endpoint.META_ACTION_KEY, "list")
)
中间件逻辑
把这2个部分替换为RPC 就可以给其他服务使用了
// http://127.0.0.1:8020/api/mcenter/v1/token/validate
func (c *Checker) ValiateToken(ctx context.Context, in *token.ValiateTokenRequest) (*token.Token, error) {
tk := token.NewToken()
resp, err := resty.New().
SetBaseURL(application.Get().InternalAddress).
SetAuthToken(application.Get().InternalToken).
R().
WithContext(ctx).
SetContentType("application/json").
SetBody(in).
SetResult(tk).
Post("/api/mcenter/v1/token/validate")
if err != nil {
return nil, err
}
if resp.StatusCode()/100 != 2 {
return nil, exception.NewUnauthorized("[%d] token校验异常: %s", resp.StatusCode(), resp.String())
}
return tk, nil
}
// 查询策略列表
// /api/mcenter/v1/permission/check
func (c *Checker) ValidateEndpointPermission(ctx context.Context, in *policy.ValidateEndpointPermissionRequest) (*policy.ValidateEndpointPermissionResponse, error) {
ins := policy.NewValidateEndpointPermissionResponse(*in)
resp, err := resty.New().
SetBaseURL(application.Get().InternalAddress).
SetAuthToken(application.Get().InternalToken).
SetDebug(false).
R().
WithContext(ctx).
SetBody(in).
SetResult(ins).
Post("/api/mcenter/v1/permission/check")
if err != nil {
return nil, err
}
if resp.StatusCode()/100 != 2 {
return nil, exception.NewPermissionDeny("[%d] token鉴权异常: %s", resp.StatusCode(), resp.String())
}
return ins, nil
}