From a1e18a770aaebaf2b75ff6380eb4f20807507811 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ivan=20Milo=C5=A1evi=C4=87?= Date: Wed, 10 Mar 2021 11:52:33 +0100 Subject: [PATCH] init commmit (#1385) Signed-off-by: Ivan Milosevic --- cmd/things/main.go | 2 +- docker/nginx/entrypoint.sh | 1 + docker/nginx/nginx-key.conf | 6 ++++++ docker/nginx/nginx-x509.conf | 6 ++++++ things/README.md | 2 +- things/api/auth/http/endpoint_test.go | 4 ++-- things/api/auth/http/transport.go | 4 ++-- things/openapi.yml | 4 ++-- 8 files changed, 21 insertions(+), 8 deletions(-) diff --git a/cmd/things/main.go b/cmd/things/main.go index af28e147..25f1ec6b 100644 --- a/cmd/things/main.go +++ b/cmd/things/main.go @@ -61,7 +61,7 @@ const ( defESPass = "" defESDB = "0" defHTTPPort = "8182" - defAuthHTTPPort = "8180" + defAuthHTTPPort = "8989" defAuthGRPCPort = "8181" defServerCert = "" defServerKey = "" diff --git a/docker/nginx/entrypoint.sh b/docker/nginx/entrypoint.sh index 10afed51..bf714462 100755 --- a/docker/nginx/entrypoint.sh +++ b/docker/nginx/entrypoint.sh @@ -12,6 +12,7 @@ fi envsubst ' ${MF_USERS_HTTP_PORT} ${MF_THINGS_HTTP_PORT} + ${MF_THINGS_AUTH_HTTP_PORT} ${MF_HTTP_ADAPTER_PORT} ${MF_NGINX_MQTT_PORT} ${MF_NGINX_MQTTS_PORT} diff --git a/docker/nginx/nginx-key.conf b/docker/nginx/nginx-key.conf index 7b8e4140..5e06d538 100644 --- a/docker/nginx/nginx-key.conf +++ b/docker/nginx/nginx-key.conf @@ -76,6 +76,12 @@ http { proxy_pass http://things:${MF_THINGS_HTTP_PORT}; } + location ~ ^/(identify){ + include snippets/proxy-headers.conf; + add_header Access-Control-Expose-Headers Location; + proxy_pass http://things:${MF_THINGS_AUTH_HTTP_PORT}; + } + location ~ ^/(groups|members|keys) { include snippets/proxy-headers.conf; add_header Access-Control-Expose-Headers Location; diff --git a/docker/nginx/nginx-x509.conf b/docker/nginx/nginx-x509.conf index 18e89903..dd807f97 100644 --- a/docker/nginx/nginx-x509.conf +++ b/docker/nginx/nginx-x509.conf @@ -83,6 +83,12 @@ http { proxy_pass http://things:${MF_THINGS_HTTP_PORT}; } + location ~ ^/(identify){ + include snippets/proxy-headers.conf; + add_header Access-Control-Expose-Headers Location; + proxy_pass http://things:${MF_THINGS_AUTH_HTTP_PORT}; + } + location ~ ^/(groups|members|keys) { include snippets/proxy-headers.conf; add_header Access-Control-Expose-Headers Location; diff --git a/things/README.md b/things/README.md index a5294db4..6114164b 100644 --- a/things/README.md +++ b/things/README.md @@ -37,7 +37,7 @@ default values. | MF_THINGS_ES_PASS | Event store password | | | MF_THINGS_ES_DB | Event store instance name | 0 | | MF_THINGS_HTTP_PORT | Things service HTTP port | 8182 | -| MF_THINGS_AUTH_HTTP_PORT | Things service Auth HTTP port | 8180 | +| MF_THINGS_AUTH_HTTP_PORT | Things service Auth HTTP port | 8989 | | MF_THINGS_AUTH_GRPC_PORT | Things service Auth gRPC port | 8181 | | MF_THINGS_SERVER_CERT | Path to server certificate in pem format | | | MF_THINGS_SERVER_KEY | Path to server key in pem format | | diff --git a/things/api/auth/http/endpoint_test.go b/things/api/auth/http/endpoint_test.go index dd4f2343..dcb326f2 100644 --- a/things/api/auth/http/endpoint_test.go +++ b/things/api/auth/http/endpoint_test.go @@ -210,7 +210,7 @@ func TestCanAccessByKey(t *testing.T) { req := testRequest{ client: ts.Client(), method: http.MethodPost, - url: fmt.Sprintf("%s/channels/%s/access-by-key", ts.URL, tc.chanID), + url: fmt.Sprintf("%s/identify/channels/%s/access-by-key", ts.URL, tc.chanID), contentType: tc.contentType, body: strings.NewReader(tc.req), } @@ -288,7 +288,7 @@ func TestCanAccessByID(t *testing.T) { req := testRequest{ client: ts.Client(), method: http.MethodPost, - url: fmt.Sprintf("%s/channels/%s/access-by-id", ts.URL, tc.chanID), + url: fmt.Sprintf("%s/identify/channels/%s/access-by-id", ts.URL, tc.chanID), contentType: tc.contentType, body: strings.NewReader(tc.req), } diff --git a/things/api/auth/http/transport.go b/things/api/auth/http/transport.go index 0562701f..80de696e 100644 --- a/things/api/auth/http/transport.go +++ b/things/api/auth/http/transport.go @@ -39,14 +39,14 @@ func MakeHandler(tracer opentracing.Tracer, svc things.Service) http.Handler { opts..., )) - r.Post("/channels/:chanId/access-by-key", kithttp.NewServer( + r.Post("/identify/channels/:chanId/access-by-key", kithttp.NewServer( kitot.TraceServer(tracer, "can_access_by_key")(canAccessByKeyEndpoint(svc)), decodeCanAccessByKey, encodeResponse, opts..., )) - r.Post("/channels/:chanId/access-by-id", kithttp.NewServer( + r.Post("/identify/channels/:chanId/access-by-id", kithttp.NewServer( kitot.TraceServer(tracer, "can_access_by_id")(canAccessByIDEndpoint(svc)), decodeCanAccessByID, encodeResponse, diff --git a/things/openapi.yml b/things/openapi.yml index 7b798c63..d4184bb7 100644 --- a/things/openapi.yml +++ b/things/openapi.yml @@ -446,7 +446,7 @@ paths: description: Channel or thing does not exist. '500': $ref: "#/components/responses/ServiceError" - /channels/{chanId}/access-by-key: + /identify/channels/{chanId}/access-by-key: post: summary: Checks if thing has access to a channel. description: | @@ -469,7 +469,7 @@ paths: description: Missing or invalid content type. '500': $ref: "#/components/responses/ServiceError" - /channels/{chanId}/access-by-id: + /identify/channels/{chanId}/access-by-id: post: summary: Checks if thing has access to a channel. description: |