342 lines
10 KiB
Go
342 lines
10 KiB
Go
// Copyright (c) Mainflux
|
|
// SPDX-License-Identifier: Apache-2.0
|
|
|
|
package main
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"io"
|
|
"io/ioutil"
|
|
"log"
|
|
"net/http"
|
|
"os"
|
|
"os/signal"
|
|
"strconv"
|
|
"syscall"
|
|
"time"
|
|
|
|
"github.com/mainflux/mainflux/internal/email"
|
|
"github.com/mainflux/mainflux/pkg/uuid"
|
|
"github.com/mainflux/mainflux/users"
|
|
"github.com/mainflux/mainflux/users/bcrypt"
|
|
"github.com/mainflux/mainflux/users/emailer"
|
|
"github.com/mainflux/mainflux/users/tracing"
|
|
"google.golang.org/grpc"
|
|
"google.golang.org/grpc/credentials"
|
|
|
|
kitprometheus "github.com/go-kit/kit/metrics/prometheus"
|
|
"github.com/jmoiron/sqlx"
|
|
"github.com/mainflux/mainflux"
|
|
authapi "github.com/mainflux/mainflux/auth/api/grpc"
|
|
"github.com/mainflux/mainflux/logger"
|
|
"github.com/mainflux/mainflux/users/api"
|
|
"github.com/mainflux/mainflux/users/postgres"
|
|
opentracing "github.com/opentracing/opentracing-go"
|
|
stdprometheus "github.com/prometheus/client_golang/prometheus"
|
|
jconfig "github.com/uber/jaeger-client-go/config"
|
|
)
|
|
|
|
const (
|
|
defLogLevel = "error"
|
|
defDBHost = "localhost"
|
|
defDBPort = "5432"
|
|
defDBUser = "mainflux"
|
|
defDBPass = "mainflux"
|
|
defDB = "users"
|
|
defDBSSLMode = "disable"
|
|
defDBSSLCert = ""
|
|
defDBSSLKey = ""
|
|
defDBSSLRootCert = ""
|
|
defHTTPPort = "8180"
|
|
defServerCert = ""
|
|
defServerKey = ""
|
|
defJaegerURL = ""
|
|
|
|
defEmailHost = "localhost"
|
|
defEmailPort = "25"
|
|
defEmailUsername = "root"
|
|
defEmailPassword = ""
|
|
defEmailSecret = ""
|
|
defEmailFromAddress = ""
|
|
defEmailFromName = ""
|
|
defEmailTemplate = "email.tmpl"
|
|
defAdminEmail = ""
|
|
defAdminPassword = ""
|
|
defAdminGroup = "mainflux"
|
|
|
|
defTokenResetEndpoint = "/reset-request" // URL where user lands after click on the reset link from email
|
|
|
|
defAuthTLS = "false"
|
|
defAuthCACerts = ""
|
|
defAuthURL = "localhost:8181"
|
|
defAuthTimeout = "1s"
|
|
|
|
envLogLevel = "MF_USERS_LOG_LEVEL"
|
|
envDBHost = "MF_USERS_DB_HOST"
|
|
envDBPort = "MF_USERS_DB_PORT"
|
|
envDBUser = "MF_USERS_DB_USER"
|
|
envDBPass = "MF_USERS_DB_PASS"
|
|
envDB = "MF_USERS_DB"
|
|
envDBSSLMode = "MF_USERS_DB_SSL_MODE"
|
|
envDBSSLCert = "MF_USERS_DB_SSL_CERT"
|
|
envDBSSLKey = "MF_USERS_DB_SSL_KEY"
|
|
envDBSSLRootCert = "MF_USERS_DB_SSL_ROOT_CERT"
|
|
envHTTPPort = "MF_USERS_HTTP_PORT"
|
|
envServerCert = "MF_USERS_SERVER_CERT"
|
|
envServerKey = "MF_USERS_SERVER_KEY"
|
|
envJaegerURL = "MF_JAEGER_URL"
|
|
|
|
envAdminEmail = "MF_USERS_ADMIN_EMAIL"
|
|
envAdminPassword = "MF_USERS_ADMIN_PASSWORD"
|
|
|
|
envEmailHost = "MF_EMAIL_HOST"
|
|
envEmailPort = "MF_EMAIL_PORT"
|
|
envEmailUsername = "MF_EMAIL_USERNAME"
|
|
envEmailPassword = "MF_EMAIL_PASSWORD"
|
|
envEmailSecret = "MF_EMAIL_SECRET"
|
|
envEmailFromAddress = "MF_EMAIL_FROM_ADDRESS"
|
|
envEmailFromName = "MF_EMAIL_FROM_NAME"
|
|
envEmailLogLevel = "MF_EMAIL_LOG_LEVEL"
|
|
envEmailTemplate = "MF_EMAIL_TEMPLATE"
|
|
|
|
envTokenResetEndpoint = "MF_TOKEN_RESET_ENDPOINT"
|
|
|
|
envAuthTLS = "MF_AUTH_CLIENT_TLS"
|
|
envAuthCACerts = "MF_AUTH_CA_CERTS"
|
|
envAuthURL = "MF_AUTH_GRPC_URL"
|
|
envAuthTimeout = "MF_AUTH_GRPC_TIMEOUT"
|
|
)
|
|
|
|
type config struct {
|
|
logLevel string
|
|
dbConfig postgres.Config
|
|
emailConf email.Config
|
|
httpPort string
|
|
serverCert string
|
|
serverKey string
|
|
jaegerURL string
|
|
resetURL string
|
|
authTLS bool
|
|
authCACerts string
|
|
authURL string
|
|
authTimeout time.Duration
|
|
adminEmail string
|
|
adminPassword string
|
|
}
|
|
|
|
func main() {
|
|
cfg := loadConfig()
|
|
|
|
logger, err := logger.New(os.Stdout, cfg.logLevel)
|
|
if err != nil {
|
|
log.Fatalf(err.Error())
|
|
}
|
|
db := connectToDB(cfg.dbConfig, logger)
|
|
defer db.Close()
|
|
|
|
authTracer, closer := initJaeger("auth", cfg.jaegerURL, logger)
|
|
defer closer.Close()
|
|
|
|
auth, close := connectToAuth(cfg, authTracer, logger)
|
|
if close != nil {
|
|
defer close()
|
|
}
|
|
|
|
tracer, closer := initJaeger("users", cfg.jaegerURL, logger)
|
|
defer closer.Close()
|
|
|
|
dbTracer, dbCloser := initJaeger("users_db", cfg.jaegerURL, logger)
|
|
defer dbCloser.Close()
|
|
|
|
svc := newService(db, dbTracer, auth, cfg, logger)
|
|
errs := make(chan error, 2)
|
|
|
|
go startHTTPServer(tracer, svc, cfg.httpPort, cfg.serverCert, cfg.serverKey, logger, errs)
|
|
|
|
go func() {
|
|
c := make(chan os.Signal)
|
|
signal.Notify(c, syscall.SIGINT)
|
|
errs <- fmt.Errorf("%s", <-c)
|
|
}()
|
|
|
|
err = <-errs
|
|
logger.Error(fmt.Sprintf("Users service terminated: %s", err))
|
|
}
|
|
|
|
func loadConfig() config {
|
|
authTimeout, err := time.ParseDuration(mainflux.Env(envAuthTimeout, defAuthTimeout))
|
|
if err != nil {
|
|
log.Fatalf("Invalid %s value: %s", envAuthTimeout, err.Error())
|
|
}
|
|
|
|
tls, err := strconv.ParseBool(mainflux.Env(envAuthTLS, defAuthTLS))
|
|
if err != nil {
|
|
log.Fatalf("Invalid value passed for %s\n", envAuthTLS)
|
|
}
|
|
|
|
dbConfig := postgres.Config{
|
|
Host: mainflux.Env(envDBHost, defDBHost),
|
|
Port: mainflux.Env(envDBPort, defDBPort),
|
|
User: mainflux.Env(envDBUser, defDBUser),
|
|
Pass: mainflux.Env(envDBPass, defDBPass),
|
|
Name: mainflux.Env(envDB, defDB),
|
|
SSLMode: mainflux.Env(envDBSSLMode, defDBSSLMode),
|
|
SSLCert: mainflux.Env(envDBSSLCert, defDBSSLCert),
|
|
SSLKey: mainflux.Env(envDBSSLKey, defDBSSLKey),
|
|
SSLRootCert: mainflux.Env(envDBSSLRootCert, defDBSSLRootCert),
|
|
}
|
|
|
|
emailConf := email.Config{
|
|
FromAddress: mainflux.Env(envEmailFromAddress, defEmailFromAddress),
|
|
FromName: mainflux.Env(envEmailFromName, defEmailFromName),
|
|
Host: mainflux.Env(envEmailHost, defEmailHost),
|
|
Port: mainflux.Env(envEmailPort, defEmailPort),
|
|
Username: mainflux.Env(envEmailUsername, defEmailUsername),
|
|
Password: mainflux.Env(envEmailPassword, defEmailPassword),
|
|
Secret: mainflux.Env(envEmailSecret, defEmailSecret),
|
|
Template: mainflux.Env(envEmailTemplate, defEmailTemplate),
|
|
}
|
|
|
|
return config{
|
|
logLevel: mainflux.Env(envLogLevel, defLogLevel),
|
|
dbConfig: dbConfig,
|
|
emailConf: emailConf,
|
|
httpPort: mainflux.Env(envHTTPPort, defHTTPPort),
|
|
serverCert: mainflux.Env(envServerCert, defServerCert),
|
|
serverKey: mainflux.Env(envServerKey, defServerKey),
|
|
jaegerURL: mainflux.Env(envJaegerURL, defJaegerURL),
|
|
resetURL: mainflux.Env(envTokenResetEndpoint, defTokenResetEndpoint),
|
|
authTLS: tls,
|
|
authCACerts: mainflux.Env(envAuthCACerts, defAuthCACerts),
|
|
authURL: mainflux.Env(envAuthURL, defAuthURL),
|
|
authTimeout: authTimeout,
|
|
adminEmail: mainflux.Env(envAdminEmail, defAdminEmail),
|
|
adminPassword: mainflux.Env(envAdminPassword, defAdminPassword),
|
|
}
|
|
|
|
}
|
|
|
|
func initJaeger(svcName, url string, logger logger.Logger) (opentracing.Tracer, io.Closer) {
|
|
if url == "" {
|
|
return opentracing.NoopTracer{}, ioutil.NopCloser(nil)
|
|
}
|
|
|
|
tracer, closer, err := jconfig.Configuration{
|
|
ServiceName: svcName,
|
|
Sampler: &jconfig.SamplerConfig{
|
|
Type: "const",
|
|
Param: 1,
|
|
},
|
|
Reporter: &jconfig.ReporterConfig{
|
|
LocalAgentHostPort: url,
|
|
LogSpans: true,
|
|
},
|
|
}.NewTracer()
|
|
if err != nil {
|
|
logger.Error(fmt.Sprintf("Failed to init Jaeger: %s", err))
|
|
os.Exit(1)
|
|
}
|
|
|
|
return tracer, closer
|
|
}
|
|
func connectToDB(dbConfig postgres.Config, logger logger.Logger) *sqlx.DB {
|
|
db, err := postgres.Connect(dbConfig)
|
|
if err != nil {
|
|
logger.Error(fmt.Sprintf("Failed to connect to postgres: %s", err))
|
|
os.Exit(1)
|
|
}
|
|
return db
|
|
}
|
|
|
|
func connectToAuth(cfg config, tracer opentracing.Tracer, logger logger.Logger) (mainflux.AuthServiceClient, func() error) {
|
|
var opts []grpc.DialOption
|
|
if cfg.authTLS {
|
|
if cfg.authCACerts != "" {
|
|
tpc, err := credentials.NewClientTLSFromFile(cfg.authCACerts, "")
|
|
if err != nil {
|
|
logger.Error(fmt.Sprintf("Failed to create tls credentials: %s", err))
|
|
os.Exit(1)
|
|
}
|
|
opts = append(opts, grpc.WithTransportCredentials(tpc))
|
|
}
|
|
} else {
|
|
opts = append(opts, grpc.WithInsecure())
|
|
logger.Info("gRPC communication is not encrypted")
|
|
}
|
|
|
|
conn, err := grpc.Dial(cfg.authURL, opts...)
|
|
if err != nil {
|
|
logger.Error(fmt.Sprintf("Failed to connect to auth service: %s", err))
|
|
os.Exit(1)
|
|
}
|
|
|
|
return authapi.NewClient(tracer, conn, cfg.authTimeout), conn.Close
|
|
}
|
|
|
|
func newService(db *sqlx.DB, tracer opentracing.Tracer, auth mainflux.AuthServiceClient, c config, logger logger.Logger) users.Service {
|
|
database := postgres.NewDatabase(db)
|
|
hasher := bcrypt.New()
|
|
userRepo := tracing.UserRepositoryMiddleware(postgres.NewUserRepo(database), tracer)
|
|
groupRepo := tracing.GroupRepositoryMiddleware(postgres.NewGroupRepo(database), tracer)
|
|
|
|
emailer, err := emailer.New(c.resetURL, &c.emailConf)
|
|
if err != nil {
|
|
logger.Error(fmt.Sprintf("Failed to configure e-mailing util: %s", err.Error()))
|
|
}
|
|
|
|
idProvider := uuid.New()
|
|
|
|
svc := users.New(userRepo, groupRepo, hasher, auth, emailer, idProvider)
|
|
svc = api.LoggingMiddleware(svc, logger)
|
|
svc = api.MetricsMiddleware(
|
|
svc,
|
|
kitprometheus.NewCounterFrom(stdprometheus.CounterOpts{
|
|
Namespace: "users",
|
|
Subsystem: "api",
|
|
Name: "request_count",
|
|
Help: "Number of requests received.",
|
|
}, []string{"method"}),
|
|
kitprometheus.NewSummaryFrom(stdprometheus.SummaryOpts{
|
|
Namespace: "users",
|
|
Subsystem: "api",
|
|
Name: "request_latency_microseconds",
|
|
Help: "Total duration of requests in microseconds.",
|
|
}, []string{"method"}),
|
|
)
|
|
if err := createAdmin(svc, userRepo, groupRepo, c); err != nil {
|
|
logger.Error("failed to create admin user: " + err.Error())
|
|
os.Exit(1)
|
|
}
|
|
return svc
|
|
}
|
|
|
|
func createAdmin(svc users.Service, userRepo users.UserRepository, groupRepo users.GroupRepository, c config) error {
|
|
user := users.User{
|
|
Email: c.adminEmail,
|
|
Password: c.adminPassword,
|
|
}
|
|
|
|
if _, err := userRepo.RetrieveByEmail(context.Background(), user.Email); err == nil {
|
|
// Exiting if user already exists
|
|
return nil
|
|
}
|
|
|
|
if _, err := svc.Register(context.Background(), user); err != nil {
|
|
return err
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func startHTTPServer(tracer opentracing.Tracer, svc users.Service, port string, certFile string, keyFile string, logger logger.Logger, errs chan error) {
|
|
p := fmt.Sprintf(":%s", port)
|
|
if certFile != "" || keyFile != "" {
|
|
logger.Info(fmt.Sprintf("Users service started using https, cert %s key %s, exposed port %s", certFile, keyFile, port))
|
|
errs <- http.ListenAndServeTLS(p, certFile, keyFile, api.MakeHandler(svc, tracer))
|
|
} else {
|
|
logger.Info(fmt.Sprintf("Users service started using http, exposed port %s", port))
|
|
errs <- http.ListenAndServe(p, api.MakeHandler(svc, tracer))
|
|
}
|
|
}
|