Merge pull request #93 from filecoin-project/feat/tanlang/add-local-a…

…uth-client feat: 增加本地的授权管理的包 / add local auth client
ipfs-force-community · Aug 9, 2022 · bd046cb · bd046cb
2 parents 9044c4f + 6b7078a
commit bd046cb
Show file tree

Hide file tree

Showing 13 changed files with 77 additions and 5 deletions.
diff --git a/cli/api.go b/cli/api.go
@@ -3,8 +3,8 @@ package cli
 import (
 	"path"
 
-	"github.com/filecoin-project/venus-auth/cmd/jwtclient"
 	"github.com/filecoin-project/venus-auth/config"
+	"github.com/filecoin-project/venus-auth/jwtclient"
 	"github.com/mitchellh/go-homedir"
 	"github.com/urfave/cli/v2"
 	"golang.org/x/xerrors"

diff --git a/integrate_test/miner_test.go b/integrate_test/miner_test.go
@@ -4,7 +4,7 @@ import (
 	"testing"
 
 	"github.com/filecoin-project/venus-auth/auth"
-	"github.com/filecoin-project/venus-auth/cmd/jwtclient"
+	"github.com/filecoin-project/venus-auth/jwtclient"
 	"github.com/stretchr/testify/assert"
 )
 

diff --git a/integrate_test/ratelimit_test.go b/integrate_test/ratelimit_test.go
@@ -4,7 +4,7 @@ import (
 	"testing"
 
 	"github.com/filecoin-project/venus-auth/auth"
-	"github.com/filecoin-project/venus-auth/cmd/jwtclient"
+	"github.com/filecoin-project/venus-auth/jwtclient"
 	"github.com/filecoin-project/venus-auth/storage"
 	"github.com/stretchr/testify/assert"
 )

diff --git a/integrate_test/token_test.go b/integrate_test/token_test.go
@@ -4,7 +4,7 @@ import (
 	"context"
 	"testing"
 
-	"github.com/filecoin-project/venus-auth/cmd/jwtclient"
+	"github.com/filecoin-project/venus-auth/jwtclient"
 	"github.com/stretchr/testify/assert"
 )
 

diff --git a/integrate_test/user_test.go b/integrate_test/user_test.go
@@ -4,8 +4,8 @@ import (
 	"testing"
 
 	"github.com/filecoin-project/venus-auth/auth"
-	"github.com/filecoin-project/venus-auth/cmd/jwtclient"
 	"github.com/filecoin-project/venus-auth/core"
+	"github.com/filecoin-project/venus-auth/jwtclient"
 	"github.com/stretchr/testify/assert"
 )
 

diff --git a/cmd/jwtclient/auth_client.go → jwtclient/auth_client.go b/cmd/jwtclient/auth_client.go → jwtclient/auth_client.go
diff --git a/cmd/jwtclient/auth_client_test.go → jwtclient/auth_client_test.go b/cmd/jwtclient/auth_client_test.go → jwtclient/auth_client_test.go
diff --git a/cmd/jwtclient/auth_mux.go → jwtclient/auth_mux.go b/cmd/jwtclient/auth_mux.go → jwtclient/auth_mux.go
diff --git a/cmd/jwtclient/auth_mux_test.go → jwtclient/auth_mux_test.go b/cmd/jwtclient/auth_mux_test.go → jwtclient/auth_mux_test.go
diff --git a/cmd/jwtclient/inteface.go → jwtclient/inteface.go b/cmd/jwtclient/inteface.go → jwtclient/inteface.go
diff --git a/cmd/jwtclient/limiter_warper.go → jwtclient/limiter_warper.go b/cmd/jwtclient/limiter_warper.go → jwtclient/limiter_warper.go
diff --git a/jwtclient/local_auth_client.go b/jwtclient/local_auth_client.go
@@ -0,0 +1,36 @@
+package jwtclient
+
+import (
+	"context"
+
+	"github.com/filecoin-project/go-jsonrpc/auth"
+	venusauth "github.com/filecoin-project/venus-auth/auth"
+	"github.com/filecoin-project/venus-auth/core"
+	jwt3 "github.com/gbrlsnchs/jwt/v3"
+)
+
+type LocalAuthClient struct {
+	alg *jwt3.HMACSHA
+}
+
+func NewLocalAuthClient(secret []byte, payload venusauth.JWTPayload) (*LocalAuthClient, []byte, error) {
+	client := &LocalAuthClient{
+		alg: jwt3.NewHS256(secret),
+	}
+
+	token, err := jwt3.Sign(payload, client.alg)
+	return client, token, err
+}
+
+func (c *LocalAuthClient) Verify(ctx context.Context, token string) ([]auth.Permission, error) {
+	var payload venusauth.JWTPayload
+	_, err := jwt3.Verify([]byte(token), c.alg, &payload)
+	if err != nil {
+		return nil, err
+	}
+
+	jwtPerms := core.AdaptOldStrategy(payload.Perm)
+	perms := make([]auth.Permission, len(jwtPerms))
+	copy(perms, jwtPerms)
+	return perms, nil
+}
diff --git a/jwtclient/local_auth_client_test.go b/jwtclient/local_auth_client_test.go
@@ -0,0 +1,36 @@
+package jwtclient
+
+import (
+	"context"
+	"testing"
+
+	venusauth "github.com/filecoin-project/venus-auth/auth"
+	"github.com/filecoin-project/venus-auth/config"
+	"github.com/filecoin-project/venus-auth/core"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestLocalAuthClient(t *testing.T) {
+	secret, err := config.RandSecret()
+	assert.NoError(t, err)
+
+	payload := venusauth.JWTPayload{
+		Perm: core.PermAdmin,
+		Name: "MarketLocalToken",
+	}
+
+	client, token, err := NewLocalAuthClient(secret, payload)
+	if err != nil {
+		t.Fatal(err)
+	}
+	ctx := context.Background()
+	permissions, err := client.Verify(ctx, string(token))
+	if err != nil {
+		t.Fatal(err)
+	}
+	assert.Equal(t, 4, len(permissions))
+	assert.Contains(t, permissions, core.PermAdmin)
+	assert.Contains(t, permissions, core.PermRead)
+	assert.Contains(t, permissions, core.PermWrite)
+	assert.Contains(t, permissions, core.PermSign)
+}