Question is about using go-micro wrapper as a separate service - if anyone knows how to use it properly please let me know. my example - authWrapper, so all api services should be able to use it, it should be discovered via standard service discovery, to make any changes to authWrapper only 1 service should be rebuild (I didn't find a way how to properly pass context.Context from api service to authWrapper via rpc call)
go-micro docs
go-micro wrapper examples
api's code where authWrapper gets called:
func main() {
service := micro.NewService(
micro.Name("go.micro.api.account"),
micro.WrapHandler(AuthWrapper),
)
fmt.Println("service created")
service.Init()
account.RegisterAccountHandler(service.Server(),
&handler.Account{
ProfileServiceClient: profile.NewProfileServiceClient("go.micro.srv.profile", service.Client()),
AuthServiceClient: auth.NewAuthServiceClient("go.micro.srv.auth", service.Client()),
})
if err := service.Run(); err != nil {
log.Fatal(err)
}
}
and authWrapper:
var methodsWithoutAuth = map[string]bool{"Account.Auth": true, "Account.Create": true}
func AuthWrapper(fn server.HandlerFunc) server.HandlerFunc {
return func(ctx context.Context, req server.Request, resp interface{}) error {
fmt.Printf("AuthWrapper, req: %+v", req)
method := req.Method()
fmt.Printf("checking if method allowed, method: %+v", method)
if _, ok := methodsWithoutAuth[method]; ok {
return fn(ctx, req, resp)
}
fmt.Printf("validating token")
authClient := auth.NewAuthServiceClient("go.micro.srv.auth", client.DefaultClient)
meta, ok := metadata.FromContext(ctx)
if !ok {
return errors.New("no auth meta-data found in request")
}
token := meta["Token"]
log.Println("Authenticating with token: ", token)
newCtx := context.WithValue(ctx, "Method", req.Method())
_, err := authClient.ValidateToken(newCtx, &auth.Token{Token: token})
if err != nil {
return err
}
prof, err := authClient.Decode(newCtx, &auth.Token{Token: token})
if err != nil {
return err
}
newCtxWithProf := context.WithValue(newCtx, "Profile", prof.Profile)
return fn(newCtxWithProf, req, resp)
}
}
You can write service wrappers by incorporating the go-micro client in the wrapper code. You find on github many examples how to write a go-micro client, I believe there is one in the greeter example in the go-micro repository.
I use a wrapper to disclose a grpc-interface to a rest-service wrapper by using the client boilerplate.
You can write wrappers to a micro-service for almost any purpose in this way.
Don't worry about the ports the client code needs to address, Consul can handle this just fine for you.
Related
I tried using the following code but the client hangs and never receives from the mock server.
I thought this part: Do(rs.EXPECT().Send(&proto.Response{Result: "steve"})would make the mock server response to the client, it never worked out.
For a server-streaming grpc mock, a typical approach like:
mockServer.EXPECT().FetchResponse(&proto.Request{Id: 123}, rs).Times(1).Return(...)
doesn't work, the return value is expected to be an error, not a streaming message.
Could someone with a kind heart please explain how this problem should be handled properly?
Code
func Test_Streaming(t *testing.T) {
// create listiner
lis, err := net.Listen("tcp", ":50005")
if err != nil {
log.Fatalf("failed to listen: %v", err)
}
// create grpc server
s := grpc.NewServer()
c := gomock.NewController(t)
mockServer := mock_proto.NewMockStreamServiceServer(c)
proto.RegisterStreamServiceServer(s, mockServer)
go func() {
log.Println("start server")
// and start...
if err := s.Serve(lis); err != nil {
log.Fatalf("failed to serve: %v", err)
}
}()
rs := mock_proto.NewMockStreamService_FetchResponseServer(c)
mockServer.EXPECT().FetchResponse(&proto.Request{Id: 123}, rs).Times(1).Do(rs.EXPECT().Send(&proto.Response{Result: "steve"}))
// client call FetchResponse
ClientConnect()
}
I created this method, which essentially does what I need:
clientId := os.Getenv("CLIENT_ID")
tenantId := "common"
scopes := []string{"calendars.read", "calendars.readwrite"} // todo add offline_access
credential, err := azidentity.NewDeviceCodeCredential(&azidentity.DeviceCodeCredentialOptions{
ClientID: clientId,
TenantID: tenantId,
UserPrompt: func(ctx context.Context, message azidentity.DeviceCodeMessage) error {
fmt.Println(message.Message)
return nil
},
})
if err != nil {
log.Print(err)
return
}
authProvider, err := auth.NewAzureIdentityAuthenticationProviderWithScopes(credential, scopes)
if err != nil {
log.Print(err)
return
}
adapter, err := msgraphsdk.NewGraphRequestAdapter(authProvider)
if err != nil {
log.Print(err)
return
}
result, err := msgraphsdk.NewGraphServiceClient(adapter).Me().Calendar().Events().Get(context.Background(), nil)
if err != nil {
log.Print(err)
}
for _, event := range result.GetValue() {
log.Print(*event.GetICalUId())
log.Print(*event.GetSubject())
}
However, this one will print out https://microsoft.com/devicelogin and the code to authenticate interactively. I have the access token and refresh token from another resource. I would need to inject either access token or refresh token into something, to replace the logic that results in interactivity. I need that for a back-end service that handles calendar synchronization. What do I need to do? Do you have some pointers? I am using Golang and I am breaking my head for the last few days (nothing I tried worked). Please, help.
I went through all tutorials on Microsoft Graph for Go that I could find. I read tons of documentation. I suspect that publicClientApp, err := public.New("client_id", public.WithAuthority("https://login.microsoftonline.com/common")) and publicClientApp.AcquireTokenSilent(context.Background(), []string{"calendars.read", "calendars.readwrite"}, ...) could be the answer, but I cannot make it work. I have a working solution with curl, but I need to use Go SDK.
I'm new when it comes to Google PubSub(and pubsub applications in general). I'm also relatively new when it comes to Go.
I'm working on a pretty heavy backend service application that already has too many responsibilities. The service needs to fire off one message for each incoming request to a Google PubSub topic. It only needs to "fire and forget". If something goes wrong with the publishing, nothing will happen. The messages are not crucial(only used for analytics), but there will be many of them. We estimate between 50 and 100 messages per second for most of the day.
Now to the code:
func(p *publisher) Publish(message Message, log zerolog.Logger) error {
ctx := context.Background()
client, err := pubsub.NewClient(ctx, p.project)
defer client.Close()
if err != nil {
log.Error().Msgf("Error creating client: %v", err)
return err
}
marshalled, _ := json.Marshal(message)
topic := client.Topic(p.topic)
result := topic.Publish(ctx, &pubsub.Message{
Data: marshalled,
})
_, err = result.Get(ctx)
if err != nil {
log.Error().Msgf("Failed to publish message: %v", err)
return err
}
return nil
}
Disclaimer: p *publisher only contains configuration.
I wonder if this is the best way? Will this lead to the service creating and closing a client 100 times per second? If so, then I guess I should create the client once and pass it as an argument to the Publish()-function instead?
This is how the Publish()-function gets called:
defer func(publisher publish.Publisher, message Message, log zerolog.Logger) {
err := publisher.Publish(log, Message)
if err != nil {
log.Error().Msgf("Failed to publish message: %v", err)
}
}(publisher, message, logger,)
Maybe the way to go is to hold pubsubClient & pubsubTopic inside struct?
type myStruct struct {
pubsubClient *pubsub.Client
pubsubTopic *pubsub.Topic
logger *yourLogger.Logger
}
func newMyStruct(projectID string) (*myStruct, error) {
ctx := context.Background()
pubsubClient, err := pubusb.NewClient(ctx, projectID)
if err != nil {...}
pubsubTopic := pubsubClient.Topic(topicName)
return &myStruct{
pubsubClient: pubsubClient,
pubsubTopic: pubsubTopic,
logger: Logger,
// and whetever you want :D
}
}
And then for that struct create a method, which will take responsibility of marshalling the msg and sends it to Pub/sub
func (s *myStruct) request(ctx context.Context data yorData) {
marshalled, err := json.Marshal(message)
if err != nil {..}
res := s.pubsubTopic.Publish(ctx, &pubsub.Message{
Data: marshalled,
})
if _, err := res.Get(ctx); err !=nil {..}
return nil
}
Im using next.js auth0 and a custom golang api backend and I'm
having trouble getting the decoded token on the backend side.
On the frontend side I followed this tutorial -
https://auth0.com/docs/quickstart/webapp/nextjs/01-login
and I managed to send the accessToken to my backend API successfully
on the backend side I followed this tutorial -
https://auth0.com/docs/quickstart/backend/golang/01-authorization
The middleware has successfully verified the token
Example middleware from auth0 implementation
func EnsureValidToken(next http.Handler) http.Handler {
// EnsureValidToken is a middleware that will check the validity of our JWT.
err := godotenv.Load()
if err != nil {
log.Fatal("Error loading .env file")
}
issuerURL, err := url.Parse("https://" + os.Getenv("AUTH0_DOMAIN") + "/")
if err != nil {
log.Fatalf("Failed to parse the issuer url: %v", err)
}
provider := jwks.NewCachingProvider(issuerURL, 5*time.Minute)
jwtValidator, err := validator.New(
provider.KeyFunc,
validator.RS256,
issuerURL.String(),
[]string{os.Getenv("AUTH0_AUDIENCE")},
validator.WithCustomClaims(
func() validator.CustomClaims {
return &CustomClaims{}
},
),
validator.WithAllowedClockSkew(time.Minute),
)
if err != nil {
log.Fatalf("Failed to set up the jwt validator")
}
errorHandler := func(w http.ResponseWriter, r *http.Request, err error) {
log.Printf("Encountered error while validating JWT: %v", err)
w.Header().Set("Content-Type", "application/json")
w.WriteHeader(http.StatusUnauthorized)
w.Write([]byte(`{"message":"Failed to validate JWT."}`))
}
middleware := jwtmiddleware.New(
jwtValidator.ValidateToken,
jwtmiddleware.WithErrorHandler(errorHandler),
)
return middleware.CheckJWT(next)
}
Example token
I'm using https://docs.gofiber.io/ to handle the HTTP methods
Main function
func main() {
// This is to translate the net/http -> fiber http
var ensureValidToken = adaptor.HTTPMiddleware(EnsureValidToken)
app := fiber.New()
app.Use(cors.New())
app.Use(logger.New())
// routes
app.Use(ensureValidToken)
app.Get("/api/books", getAll)
app.Listen(":8080")
}
func getAll(c *fiber.Ctx) error {
token := c.Context().Value(jwtmiddleware.ContextKey{}).(*validator.ValidatedClaims)
// The above code will always panic, I'm assuming that it already stored in the context since it passes the validation
}
Panic example
panic: interface conversion: interface {} is nil, not
*validator.ValidatedClaims
I dig deeper into the auth0 golang implementation, it does store in the context, I think the translation between http.Request to fiber HTTP failed
r = r.Clone(context.WithValue(r.Context(), ContextKey{}, validToken))
Seems like more people have faced the same issue when they used the gofiber adaptor. The way others have solved it was to create their own implementation of HTTPMiddleware middleware adaptor with the only change being that they set the context to the fiber.Ctx.
You can find an the thread on the gofiber/adaptor github page here: https://github.com/gofiber/adaptor/issues/27#issuecomment-1120428400
I got the same panic in the gin framework, I resolved the panic error by changing the code snippet to c.Request.Context().Value() but this is not available in fiber framework. If you want the decoded jwt token either you can get it from the header of the fiber context and decode it appropriately inside the controller, and pass the token you get from the header to the below function and decode.
import (
extract "github.com/golang-jwt/jwt"
"fmt"
)
func Extractor(tokenString string) {
token, _, err := new(extract.Parser).ParseUnverified(tokenString, extract.MapClaims{})
if err != nil {
fmt.Printf("Error %s", err)
}
if claims, ok := token.Claims.(extract.MapClaims); ok {
// obtains claims
subId := fmt.Sprint(claims["sub"])
fmt.Println(subId)
}
}
Implement your logic after this and pass the values you needed to the next handler.
We have an oauth2 endpoint that seems to require a client_credentials token to use as a Bearer for the initial code to token exchange process. I have successfully obtained the token for that.
However, in go's current implementation of oauth2 client lib, the Exchange() function (see: Exchange which eventually calls RetrieveToken)
It doesn't add an "Authentication: Bearer " header with a token I can slip in during the Exchange. It can however add a Basic auth header. Our implementation does not currently support basic auth though.
If possible, I'd like to make it add the header without modifying the source code to to oauth2 package.
It would appear if I call oauth2.RegisterBrokenAuthHeaderProvider it might skip the attempt to add a basic auth header which is needed in my case since that'll not work.
Then finally the call to do the http request which is setup as a POST.
Code:
func RetrieveToken(ctx context.Context, clientID, clientSecret, tokenURL string, v url.Values) (*Token, error) {
hc, err := ContextClient(ctx)
if err != nil {
return nil, err
}
bustedAuth := !providerAuthHeaderWorks(tokenURL)
if bustedAuth {
if clientID != "" {
v.Set("client_id", clientID)
}
if clientSecret != "" {
v.Set("client_secret", clientSecret)
}
}
req, err := http.NewRequest("POST", tokenURL, strings.NewReader(v.Encode()))
if err != nil {
return nil, err
}
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
if !bustedAuth {
req.SetBasicAuth(url.QueryEscape(clientID), url.QueryEscape(clientSecret))
}
r, err := ctxhttp.Do(ctx, hc, req)
if err != nil {
return nil, err
}
// rest of code ...
}
the ctxhttp.Do can take a context. I've been reading about these but I don't understand how they work. Can I use them to add my header or any other headers I might require?
I'm not sure if this is the most optimal way of doing it, but it seems to work. This is the redirect callback handler that is called as a result of visiting the an auth endpoint.
// Create a custom tokenSource type
type tokenSource struct{ token *oauth2.Token }
func (t *tokenSource) Token() (*oauth2.Token, error) {
fmt.Println("TokenSource!", t.token)
return t.token, nil
}
func handleCallback(w http.ResponseWriter, r *http.Request) {
state := r.FormValue("state")
if state != oauthStateString {
fmt.Printf("invalid oauth state, expected '%s', got '%s'\n", oauthStateString, state)
http.Redirect(w, r, "/", http.StatusTemporaryRedirect)
return
}
code := r.FormValue("code")
// Create a tokenSource and fill in our application Bearer token
ts := &tokenSource{
token: &oauth2.Token{
AccessToken: appToken.AccessToken,
TokenType: appToken.TokenType,
},
}
tr := &oauth2.Transport{
Source: ts,
}
ctx := context.WithValue(context.Background(), oauth2.HTTPClient, &http.Client{
Transport: tr,
})
// myConfig defined previously and in the usual way. Look at the examples.
token, err := myConfig.Exchange(ctx, code)
if err != nil {
fmt.Printf("Code exchange failed with '%s'\n", err)
http.Redirect(w, r, "/", http.StatusTemporaryRedirect)
return
}
fmt.Printf("token: %+v", token)
// token can now be used.
}