diff --git a/go.mod b/go.mod index fb5ca40499..a3baeaae6d 100644 --- a/go.mod +++ b/go.mod @@ -18,6 +18,7 @@ require ( github.com/gorilla/handlers v1.3.0 github.com/gorilla/mux v1.6.1 github.com/grpc-ecosystem/go-grpc-middleware v1.0.0 + github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 github.com/grpc-ecosystem/grpc-gateway v1.5.1 github.com/hpcloud/tail v1.0.0 // indirect github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6 // indirect diff --git a/go.sum b/go.sum index b91fef137b..548f47ace0 100644 --- a/go.sum +++ b/go.sum @@ -11,7 +11,6 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/felixge/httpsnoop v1.0.0 h1:gh8fMGz0rlOv/1WmRZm7OgncIOTsAj21iNJot48omJQ= github.com/felixge/httpsnoop v1.0.0/go.mod h1:3+D9sFq0ahK/JeJPhCBUV1xlf4/eIYrUQaxulT0VzX8= -github.com/fsnotify/fsnotify v1.4.7 h1:IXs+QLmnXW2CcXuY+8Mzv/fWEsPGWxqefPtCP5CnV9I= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/getsentry/raven-go v0.0.0-20170614100719-d175f85701df h1:97mzx5b435RGNOwVZbcfeFke2A70aq0+nUvNvo7HVnw= github.com/getsentry/raven-go v0.0.0-20170614100719-d175f85701df/go.mod h1:KungGk8q33+aIAZUIVWZDr2OfAEBsO49PX4NzFV5kcQ= @@ -21,17 +20,13 @@ github.com/go-sql-driver/mysql v1.3.0 h1:pgwjLi/dvffoP9aabwkT3AKpXQM93QARkjFhDDq github.com/go-sql-driver/mysql v1.3.0/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w= github.com/gogo/googleapis v1.1.0 h1:kFkMAZBNAn4j7K0GiZr8cRYzejq68VbheufiV3YuyFI= github.com/gogo/googleapis v1.1.0/go.mod h1:gf4bu3Q80BeJ6H1S1vYPm8/ELATdvryBaNFGgqEef3s= -github.com/gogo/protobuf v1.1.1 h1:72R+M5VuhED/KujmZVcIquuo8mBgX4oVda//DQb3PXo= -github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= github.com/gogo/protobuf v1.2.0 h1:xU6/SpYbvkNYiptHJYEDRseDLvYE7wSqhYYNy0QSUzI= github.com/gogo/protobuf v1.2.0/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= -github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b h1:VKtxabqXZkF25pY9ekfRL6a582T4P37/31XEstQ5p58= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:tluoj9z5200jBnyusfRPU2LqT6J+DAorxEvtC7LHB+E= github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= github.com/golang/protobuf v1.2.0 h1:P3YflyNX/ehuJFLhxviNdFxQPkGK5cDcApsge1SqnvM= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57 h1:eqyIo2HjKhKe/mJzTG8n4VqvLXIOEG+SLdDqX7xGtkY= github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/gorilla/context v1.1.1 h1:AWwleXJkX/nhcU9bZSnZoi3h/qGYqQAGhq6zZe/aQW8= github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg= @@ -41,11 +36,11 @@ github.com/gorilla/mux v1.6.1 h1:KOwqsTYZdeuMacU7CxjMNYEKeBvLbxW+psodrbcEa3A= github.com/gorilla/mux v1.6.1/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= github.com/grpc-ecosystem/go-grpc-middleware v1.0.0 h1:Iju5GlWwrvL6UBg4zJJt3btmonfrMlCDdsejg4CZE7c= github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= +github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 h1:Ovs26xHkKqVztRpIrF/92BcuyuQ/YW4NSIpoGtfXNho= +github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk= github.com/grpc-ecosystem/grpc-gateway v1.5.1 h1:3scN4iuXkNOyP98jF55Lv8a9j1o/IwvnDIZ0LHJK1nk= github.com/grpc-ecosystem/grpc-gateway v1.5.1/go.mod h1:RSKVYQBd5MCa4OVpNdGskqpgL2+G+NZTnrVHpWWfpdw= -github.com/hpcloud/tail v1.0.0 h1:nfCOvKYfkgYP8hkirhJocXT2+zOD8yUNjXaWfTlyFKI= github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= -github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6 h1:UDMh68UUwekSh5iP2OMhRRZJiiBccgV7axzUG8vi56c= github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/jmoiron/sqlx v0.0.0-20170430194603-d9bd385d68c0 h1:oZ1oQfWp4h9VX9Fmorc9DrmbHBwiw+mXphFDTVNp1vI= github.com/jmoiron/sqlx v0.0.0-20170430194603-d9bd385d68c0/go.mod h1:IiEW3SEiiErVyFdH8NTuWjSifiEQKUoyK3LNqr2kCHU= @@ -58,13 +53,9 @@ github.com/mattn/go-sqlite3 v1.6.0 h1:TDwTWbeII+88Qy55nWlof0DclgAtI4LqGujkYMzmQI github.com/mattn/go-sqlite3 v1.6.0/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc= github.com/matttproud/golang_protobuf_extensions v1.0.1 h1:4hp9jkHxhMHkqkrB3Ix0jegS5sx/RkqARlsWZ6pIwiU= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= -github.com/nbutton23/zxcvbn-go v0.0.0-20160627004424-a22cb81b2ecd h1:hEzcdYzgmGA1zDrSYdh+OE4H43RrglXdZQ5ip/+93GU= -github.com/nbutton23/zxcvbn-go v0.0.0-20160627004424-a22cb81b2ecd/go.mod h1:o96djdrsSGy3AWPyBgZMAGfxZNfgntdJG+11KU4QvbU= github.com/nbutton23/zxcvbn-go v0.0.0-20180912185939-ae427f1e4c1d h1:AREM5mwr4u1ORQBMvzfzBgpsctsbQikCVpvC+tX285E= github.com/nbutton23/zxcvbn-go v0.0.0-20180912185939-ae427f1e4c1d/go.mod h1:o96djdrsSGy3AWPyBgZMAGfxZNfgntdJG+11KU4QvbU= -github.com/onsi/ginkgo v1.6.0 h1:Ix8l273rp3QzYgXSR+c8d1fTG7UPgYkOSELPhiY/YGw= github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= -github.com/onsi/gomega v1.4.1 h1:PZSj/UFNaVp3KxrzHOcS7oyuWA7LoOY/77yCTEFu21U= github.com/onsi/gomega v1.4.1/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/pkg/errors v0.8.0 h1:WdK/asTD0HN+q6hsWO3/vpuAkAr+tw6aNJNDFFf0+qw= github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= @@ -76,13 +67,12 @@ github.com/prometheus/client_model v0.0.0-20170216185247-6f3806018612 h1:13pIdM2 github.com/prometheus/client_model v0.0.0-20170216185247-6f3806018612/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/common v0.0.0-20171104095907-e3fb1a1acd76 h1:g2v6dZgmqj2wYGPgHYX5WVaQ9IwV1ylsSiD+f8RvS1Y= github.com/prometheus/common v0.0.0-20171104095907-e3fb1a1acd76/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= -github.com/prometheus/procfs v0.0.0-20171017214025-a6e9df898b13 h1:leRfx9kcgnSDkqAFhaaUcRqpAZgnFdwZkZcdRcea1h0= +github.com/prometheus/procfs v0.0.0-20171017214025-a6e9df898b13 h1:iAstix1KspoLBRl8NoQH8wCdrkaLCdcHhF98EE5b3dY= github.com/prometheus/procfs v0.0.0-20171017214025-a6e9df898b13/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/sirupsen/logrus v1.0.5 h1:8c8b5uO0zS4X6RPl/sd1ENwSkIc0/H2PaHxE3udaE8I= github.com/sirupsen/logrus v1.0.5/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc= github.com/stretchr/testify v1.2.1 h1:52QO5WkIUcHGIR7EnGagH88x1bUzqGXTC5/1bDTUQ7U= github.com/stretchr/testify v1.2.1/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= -golang.org/x/arch v0.0.0-20181203225421-5a4828bb7045 h1:Pn8fQdvx+z1avAi7fdM2kRYWQNxGlavNDSyzrQg2SsU= golang.org/x/arch v0.0.0-20181203225421-5a4828bb7045/go.mod h1:cYlCBUl1MsqxdiKgmc4uh7TxZfWSFLOGSRR090WDxt8= golang.org/x/crypto v0.0.0-20170619204222-adbae1b6b6fb h1:6QZjMZJzos5C5rW30xO+0C8f9gKkgeb1z/K4gyS8DFA= golang.org/x/crypto v0.0.0-20170619204222-adbae1b6b6fb/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= @@ -91,7 +81,6 @@ golang.org/x/net v0.0.0-20180826012351-8a410e7b638d h1:g9qWBGx4puODJTMVyoPrpoxPF golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be h1:vEDujvNQGv4jgYKudGeI/+DAX4Jffq6hpD55MmoEvKs= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= -golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f h1:wMNYb4v58l5UBM7MYRLPG6ZhfOqbKu7X5eyFl8ZhKvA= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4 h1:YUO/7uOKsKeq9UokNS62b8FYywz3ker1l1vDZRCRefw= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -106,18 +95,12 @@ google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8 h1:Nw54tB0rB7hY/N0 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/grpc v1.16.0 h1:dz5IJGuC2BB7qXR5AyHNwAUBhZscK2xVez7mznh72sY= google.golang.org/grpc v1.16.0/go.mod h1:0JHn/cJsOMiMfNA9+DeHDlAU7KAAB5GDlYFpa9MZMio= -gopkg.in/airbrake/gobrake.v2 v2.0.9 h1:7z2uVWwn7oVeeugY1DtlPAy5H+KYgB1KeKTnqjNatLo= gopkg.in/airbrake/gobrake.v2 v2.0.9/go.mod h1:/h5ZAUhDkGaJfjzjKLSjv6zCL6O0LLBxU4K+aSYdM/U= -gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/fsnotify.v1 v1.4.7 h1:xOHLXZwVvI9hhs+cLKq5+I5onOuwQLhQwiu63xxlHs4= gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= -gopkg.in/gemnasium/logrus-airbrake-hook.v2 v2.1.2 h1:OAj3g0cR6Dx/R07QgQe8wkA9RNjB2u4i700xBkIT4e0= gopkg.in/gemnasium/logrus-airbrake-hook.v2 v2.1.2/go.mod h1:Xk6kEKp8OKb+X14hQBKWaSkCsqBpgog8nAV2xsGOxlo= gopkg.in/square/go-jose.v2 v2.1.6 h1:oB3Nsrhs3CNwP1t2WZ/eGtjH8BQhmcGx3zD8Lla+NjA= gopkg.in/square/go-jose.v2 v2.1.6/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= -gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= -gopkg.in/yaml.v2 v2.2.1 h1:mUhvW9EsL+naU5Q3cakzfE91YhliOondGd6ZrsDBHQE= gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= diff --git a/grpc/internal/errors/errors.go b/grpc/internal/errors/errors.go index 98ec998caf..ef67759253 100644 --- a/grpc/internal/errors/errors.go +++ b/grpc/internal/errors/errors.go @@ -8,7 +8,7 @@ import ( "strings" "github.com/grpc-ecosystem/grpc-gateway/runtime" - "github.com/keratin/authn-server/services" + "github.com/keratin/authn-server/app/services" "google.golang.org/genproto/googleapis/rpc/errdetails" "google.golang.org/grpc/codes" "google.golang.org/grpc/status" diff --git a/grpc/internal/gateway/gateway.go b/grpc/internal/gateway/gateway.go index a47893251c..0bdf131934 100644 --- a/grpc/internal/gateway/gateway.go +++ b/grpc/internal/gateway/gateway.go @@ -14,9 +14,9 @@ import ( "github.com/golang/protobuf/proto" "github.com/grpc-ecosystem/grpc-gateway/runtime" - "github.com/keratin/authn-server/api" - "github.com/keratin/authn-server/config" + "github.com/keratin/authn-server/app" authnpb "github.com/keratin/authn-server/grpc" + "github.com/keratin/authn-server/server/sessions" ) type GatewayResponseMiddleware func(ctx context.Context, response http.ResponseWriter, m proto.Message) error @@ -34,7 +34,7 @@ func StatusCodeMutator(ctx context.Context, response http.ResponseWriter, m prot // CookieSetter extracts the session cookie from metadata and assigns it to a cookie. If the session // value is an empty string, then the cookie is marked to be removed. -func CookieSetter(cfg *config.Config) GatewayResponseMiddleware { +func CookieSetter(cfg *app.Config) GatewayResponseMiddleware { return func(ctx context.Context, response http.ResponseWriter, m proto.Message) error { switch m.(type) { case *authnpb.LogoutResponse, *authnpb.SignupResponseEnvelope, *authnpb.LoginResponseEnvelope: @@ -46,7 +46,7 @@ func CookieSetter(cfg *config.Config) GatewayResponseMiddleware { if len(ss) != 1 { return fmt.Errorf("Received more than a single session value") } - api.SetSession(cfg, response, ss[0]) + sessions.Set(cfg, response, ss[0]) } return nil } @@ -79,11 +79,3 @@ func FormWrapper(mux http.Handler) http.Handler { mux.ServeHTTP(w, r) }) } - -// HeaderPrinter logs the headers of the request -func HeaderPrinter(mux http.Handler) http.Handler { - return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - log.Println(r.Header) - mux.ServeHTTP(w, r) - }) -} diff --git a/grpc/internal/gateway/router.go b/grpc/internal/gateway/router.go index 1ab25c3170..6c9d3690da 100644 --- a/grpc/internal/gateway/router.go +++ b/grpc/internal/gateway/router.go @@ -5,20 +5,22 @@ import ( "os" gorilla "github.com/gorilla/handlers" - "github.com/keratin/authn-server/api" + "github.com/keratin/authn-server/app" "github.com/keratin/authn-server/ops" + "github.com/keratin/authn-server/server/cors" + "github.com/keratin/authn-server/server/sessions" ) -func WrapRouter(r http.Handler, app *api.App) http.Handler { +func WrapRouter(r http.Handler, app *app.App) http.Handler { stack := gorilla.CombinedLoggingHandler(os.Stdout, r) - stack = api.Session(app)(stack) + stack = sessions.Middleware(app)(stack) stack = gorilla.CORS( gorilla.AllowedMethods([]string{"GET", "POST", "PUT", "PATCH", "DELETE"}), gorilla.AllowCredentials(), gorilla.AllowedOrigins([]string{}), // see: https://github.com/gorilla/handlers/issues/117 - gorilla.AllowedOriginValidator(api.OriginValidator(app.Config.ApplicationDomains)), + gorilla.AllowedOriginValidator(cors.OriginValidator(app.Config.ApplicationDomains)), )(stack) if app.Config.Proxied { diff --git a/grpc/private/gateway.go b/grpc/private/gateway.go index 773c9d4886..edac29b22a 100644 --- a/grpc/private/gateway.go +++ b/grpc/private/gateway.go @@ -9,16 +9,16 @@ import ( log "github.com/sirupsen/logrus" "github.com/grpc-ecosystem/grpc-gateway/runtime" - "github.com/keratin/authn-server/api" - "github.com/keratin/authn-server/api/views" + "github.com/keratin/authn-server/app" authnpb "github.com/keratin/authn-server/grpc" "github.com/keratin/authn-server/grpc/internal/gateway" "github.com/keratin/authn-server/grpc/public" + "github.com/keratin/authn-server/server/views" "golang.org/x/net/context" grpc "google.golang.org/grpc" ) -func RunPrivateGateway(ctx context.Context, app *api.App, r *mux.Router, conn *grpc.ClientConn, l net.Listener) error { +func RunPrivateGateway(ctx context.Context, app *app.App, r *mux.Router, conn *grpc.ClientConn, l net.Listener) error { gmux := runtime.NewServeMux( runtime.WithForwardResponseOption(gateway.StatusCodeMutator), diff --git a/grpc/private/private_server.go b/grpc/private/private_server.go index 7ca6068a8b..8a721d1e99 100644 --- a/grpc/private/private_server.go +++ b/grpc/private/private_server.go @@ -8,12 +8,15 @@ import ( "google.golang.org/grpc/metadata" - "github.com/keratin/authn-server/grpc/public" - grpc_middleware "github.com/grpc-ecosystem/go-grpc-middleware" grpc_auth "github.com/grpc-ecosystem/go-grpc-middleware/auth" - "github.com/keratin/authn-server/api" + grpc_logrus "github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus" + grpc_ctxtags "github.com/grpc-ecosystem/go-grpc-middleware/tags" + grpc_prometheus "github.com/grpc-ecosystem/go-grpc-prometheus" + "github.com/keratin/authn-server/app" authnpb "github.com/keratin/authn-server/grpc" + "github.com/keratin/authn-server/grpc/public" + "github.com/sirupsen/logrus" log "github.com/sirupsen/logrus" "golang.org/x/net/context" grpc "google.golang.org/grpc" @@ -24,10 +27,12 @@ import ( type basicAuthMatcher func(username, password string) bool // RunPrivateGRPC registers the private services and runs the gRPC server on the provided listener -func RunPrivateGRPC(ctx context.Context, app *api.App, l net.Listener) error { +func RunPrivateGRPC(ctx context.Context, app *app.App, l net.Listener) error { srv := grpc.NewServer( grpc_middleware.WithUnaryServerChain( - logInterceptor, + grpc_ctxtags.UnaryServerInterceptor(), + grpc_logrus.UnaryServerInterceptor(logrus.NewEntry(logrus.StandardLogger())), + grpc_prometheus.UnaryServerInterceptor, // the default authentication is none grpc_auth.UnaryServerInterceptor(func(ctx context.Context) (context.Context, error) { return ctx, nil diff --git a/grpc/private/routing.go b/grpc/private/routing.go index 4df4d8ace8..ed67494b51 100644 --- a/grpc/private/routing.go +++ b/grpc/private/routing.go @@ -3,37 +3,18 @@ package private import ( "github.com/gorilla/mux" "github.com/grpc-ecosystem/grpc-gateway/runtime" - "github.com/keratin/authn-server/api" + "github.com/keratin/authn-server/app" "github.com/keratin/authn-server/grpc/public" "github.com/keratin/authn-server/lib/route" "github.com/prometheus/client_golang/prometheus/promhttp" ) /* -func router(app *api.App) http.Handler { - r := mux.NewRouter() - route.Attach(r, app.Config.MountedPath, meta.Routes(app)...) - route.Attach(r, app.Config.MountedPath, accounts.Routes(app)...) - route.Attach(r, app.Config.MountedPath, sessions.Routes(app)...) - route.Attach(r, app.Config.MountedPath, passwords.Routes(app)...) - route.Attach(r, app.Config.MountedPath, oauth.Routes(app)...) - - return wrapRouter(r, app) -} - -func publicRouter(app *api.App) http.Handler { - r := mux.NewRouter() - route.Attach(r, app.Config.MountedPath, meta.PublicRoutes(app)...) - route.Attach(r, app.Config.MountedPath, accounts.PublicRoutes(app)...) - route.Attach(r, app.Config.MountedPath, sessions.PublicRoutes(app)...) - route.Attach(r, app.Config.MountedPath, passwords.PublicRoutes(app)...) - route.Attach(r, app.Config.MountedPath, oauth.PublicRoutes(app)...) - - return wrapRouter(r, app) -} + Reference: github.com/keratin/authn-server/server/private_routes.go */ -func RegisterRoutes(router *mux.Router, app *api.App, gmux *runtime.ServeMux) { +// RegisterRoutes registers gmux as the handler for the private routes on router +func RegisterRoutes(router *mux.Router, app *app.App, gmux *runtime.ServeMux) { public.RegisterRoutes(router, app, gmux) route.Attach(router, app.Config.MountedPath, metaRoutes(app, gmux)...) @@ -41,7 +22,7 @@ func RegisterRoutes(router *mux.Router, app *api.App, gmux *runtime.ServeMux) { } -func metaRoutes(app *api.App, gmux *runtime.ServeMux) []*route.HandledRoute { +func metaRoutes(app *app.App, gmux *runtime.ServeMux) []*route.HandledRoute { authentication := route.BasicAuthSecurity(app.Config.AuthUsername, app.Config.AuthPassword, "Private AuthN Realm") routes := []*route.HandledRoute{} @@ -69,7 +50,7 @@ func metaRoutes(app *api.App, gmux *runtime.ServeMux) []*route.HandledRoute { return routes } -func accountRoutes(app *api.App, gmux *runtime.ServeMux) []*route.HandledRoute { +func accountRoutes(app *app.App, gmux *runtime.ServeMux) []*route.HandledRoute { authentication := route.BasicAuthSecurity(app.Config.AuthUsername, app.Config.AuthPassword, "Private AuthN Realm") routes := []*route.HandledRoute{} diff --git a/grpc/private/secured.go b/grpc/private/secured.go index d8dda9b266..2e3da4a50b 100644 --- a/grpc/private/secured.go +++ b/grpc/private/secured.go @@ -4,14 +4,14 @@ import ( "github.com/keratin/authn-server/grpc/internal/errors" "google.golang.org/grpc/codes" - "github.com/keratin/authn-server/api" + "github.com/keratin/authn-server/app" + "github.com/keratin/authn-server/app/services" authnpb "github.com/keratin/authn-server/grpc" - "github.com/keratin/authn-server/services" "golang.org/x/net/context" ) type securedServer struct { - app *api.App + app *app.App // SECURITY: ensure that both ConstantTimeCompare operations are run, so that a // timing attack may not verify a correct username without a correct password. diff --git a/grpc/private/stats.go b/grpc/private/stats.go index 92ee0f1d9b..a468df90e5 100644 --- a/grpc/private/stats.go +++ b/grpc/private/stats.go @@ -1,13 +1,13 @@ package private import ( - "github.com/keratin/authn-server/api" + "github.com/keratin/authn-server/app" authnpb "github.com/keratin/authn-server/grpc" "golang.org/x/net/context" ) type statsServer struct { - app *api.App + app *app.App // SECURITY: ensure that both ConstantTimeCompare operations are run, so that a // timing attack may not verify a correct username without a correct password. diff --git a/grpc/private/unsecured.go b/grpc/private/unsecured.go index 57d0acc8c3..b4e33af209 100644 --- a/grpc/private/unsecured.go +++ b/grpc/private/unsecured.go @@ -3,7 +3,7 @@ package private import ( "encoding/json" - "github.com/keratin/authn-server/api" + "github.com/keratin/authn-server/app" authnpb "github.com/keratin/authn-server/grpc" "github.com/keratin/authn-server/lib/compat" "golang.org/x/net/context" @@ -11,7 +11,7 @@ import ( ) type unsecuredServer struct { - app *api.App + app *app.App } func (ss unsecuredServer) ServiceConfiguration(context.Context, *authnpb.ServiceConfigurationRequest) (*authnpb.Configuration, error) { @@ -32,7 +32,7 @@ func (ss unsecuredServer) JWKS(ctx context.Context, _ *authnpb.JWKSRequest) (*au if err != nil { ss.app.Reporter.ReportError(err) } else { - // There are not proto definitions for jose.JSONWebKey and the marshalled version + // There are no proto definitions for jose.JSONWebKey and the marshalled version // looks different than the struct, so the workaround is to build jose.JSONWebKey, // marshal it , then unmarshal it into our message. k, err := jose.JSONWebKey{ diff --git a/grpc/public/gateway.go b/grpc/public/gateway.go index 8b8d7ad819..91a6580d92 100644 --- a/grpc/public/gateway.go +++ b/grpc/public/gateway.go @@ -7,14 +7,14 @@ import ( "github.com/gorilla/mux" "github.com/grpc-ecosystem/grpc-gateway/runtime" - "github.com/keratin/authn-server/api" + "github.com/keratin/authn-server/app" authnpb "github.com/keratin/authn-server/grpc" "github.com/keratin/authn-server/grpc/internal/gateway" log "github.com/sirupsen/logrus" "google.golang.org/grpc" ) -func RegisterPublicGatewayHandlers(ctx context.Context, app *api.App, r *mux.Router, mux *runtime.ServeMux, conn *grpc.ClientConn) { +func RegisterPublicGatewayHandlers(ctx context.Context, app *app.App, r *mux.Router, mux *runtime.ServeMux, conn *grpc.ClientConn) { authnpb.RegisterPublicAuthNHandler(ctx, mux, conn) if app.Config.EnableSignup { authnpb.RegisterSignupServiceHandler(ctx, mux, conn) @@ -29,7 +29,7 @@ func RegisterPublicGatewayHandlers(ctx context.Context, app *api.App, r *mux.Rou } } -func RunPublicGateway(ctx context.Context, app *api.App, r *mux.Router, conn *grpc.ClientConn, l net.Listener) error { +func RunPublicGateway(ctx context.Context, app *app.App, r *mux.Router, conn *grpc.ClientConn, l net.Listener) error { gmux := runtime.NewServeMux( runtime.WithForwardResponseOption(gateway.CookieSetter(app.Config)), // Cookies always have to go first diff --git a/grpc/public/password_reset.go b/grpc/public/password_reset.go index b2bfbb943f..75008790b7 100644 --- a/grpc/public/password_reset.go +++ b/grpc/public/password_reset.go @@ -1,16 +1,16 @@ package public import ( - "github.com/keratin/authn-server/api" + "github.com/keratin/authn-server/app" + "github.com/keratin/authn-server/app/services" authnpb "github.com/keratin/authn-server/grpc" - "github.com/keratin/authn-server/services" context "golang.org/x/net/context" ) var _ authnpb.PasswordResetServiceServer = passwordResetServer{} type passwordResetServer struct { - app *api.App + app *app.App } func (s passwordResetServer) RequestPasswordReset(ctx context.Context, req *authnpb.PasswordResetRequest) (*authnpb.PasswordResetResponse, error) { diff --git a/grpc/public/passwordless.go b/grpc/public/passwordless.go index 7d6368a84b..ac7bcdb1c0 100644 --- a/grpc/public/passwordless.go +++ b/grpc/public/passwordless.go @@ -1,16 +1,16 @@ package public import ( - "github.com/keratin/authn-server/api" + "github.com/keratin/authn-server/app" + "github.com/keratin/authn-server/app/services" authnpb "github.com/keratin/authn-server/grpc" "github.com/keratin/authn-server/grpc/internal/errors" - "github.com/keratin/authn-server/services" context "golang.org/x/net/context" "google.golang.org/grpc/codes" ) type passwordlessServer struct { - app *api.App + app *app.App } var _ authnpb.PasswordlessServiceServer = passwordlessServer{} diff --git a/grpc/public/public_server.go b/grpc/public/public_server.go index 0fd783fdfc..71ad3f24fc 100644 --- a/grpc/public/public_server.go +++ b/grpc/public/public_server.go @@ -7,6 +7,10 @@ import ( grpc_middleware "github.com/grpc-ecosystem/go-grpc-middleware" + grpc_logrus "github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus" + grpc_ctxtags "github.com/grpc-ecosystem/go-grpc-middleware/tags" + grpc_prometheus "github.com/grpc-ecosystem/go-grpc-prometheus" + "github.com/sirupsen/logrus" log "github.com/sirupsen/logrus" "golang.org/x/net/context" "google.golang.org/genproto/googleapis/rpc/errdetails" @@ -17,12 +21,12 @@ import ( pkgerrors "github.com/pkg/errors" - "github.com/keratin/authn-server/api" + "github.com/keratin/authn-server/app" + "github.com/keratin/authn-server/app/models" + "github.com/keratin/authn-server/app/services" + "github.com/keratin/authn-server/app/tokens/sessions" authnpb "github.com/keratin/authn-server/grpc" "github.com/keratin/authn-server/grpc/internal/errors" - "github.com/keratin/authn-server/models" - "github.com/keratin/authn-server/services" - "github.com/keratin/authn-server/tokens/sessions" ) // Compile-time check @@ -32,13 +36,15 @@ type sessionKey int type accountIDKey int type publicServer struct { - app *api.App + app *app.App } -func RunPublicGRPC(ctx context.Context, app *api.App, l net.Listener) error { +func RunPublicGRPC(ctx context.Context, app *app.App, l net.Listener) error { srv := grpc.NewServer( grpc_middleware.WithUnaryServerChain( - logInterceptor, + grpc_ctxtags.UnaryServerInterceptor(), + grpc_logrus.UnaryServerInterceptor(logrus.NewEntry(logrus.StandardLogger())), + grpc_prometheus.UnaryServerInterceptor, sessionInterceptor(app), ), ) @@ -57,7 +63,7 @@ func RunPublicGRPC(ctx context.Context, app *api.App, l net.Listener) error { return nil } -func RegisterPublicGRPCMethods(srv *grpc.Server, app *api.App) { +func RegisterPublicGRPCMethods(srv *grpc.Server, app *app.App) { authnpb.RegisterPublicAuthNServer(srv, publicServer{ app: app, }) @@ -81,7 +87,7 @@ func RegisterPublicGRPCMethods(srv *grpc.Server, app *api.App) { } } -func sessionInterceptor(app *api.App) grpc.UnaryServerInterceptor { +func sessionInterceptor(app *app.App) grpc.UnaryServerInterceptor { return func(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (interface{}, error) { var session *sessions.Claims var parseOnce sync.Once @@ -128,17 +134,6 @@ func sessionInterceptor(app *api.App) grpc.UnaryServerInterceptor { } } -func logInterceptor(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (interface{}, error) { - log.Infof("calling method: %s", info.FullMethod) - - res, err := handler(ctx, req) - if err != nil { - log.Errorf("error from method: %s", err) - log.Errorf("error type: %T", err) - } - return res, err -} - func (s publicServer) Login(ctx context.Context, req *authnpb.LoginRequest) (*authnpb.LoginResponseEnvelope, error) { account, err := services.CredentialsVerifier( s.app.AccountStore, diff --git a/grpc/public/routing.go b/grpc/public/routing.go index 53cf91bccb..5303679e25 100644 --- a/grpc/public/routing.go +++ b/grpc/public/routing.go @@ -3,44 +3,25 @@ package public import ( "github.com/gorilla/mux" "github.com/grpc-ecosystem/grpc-gateway/runtime" - "github.com/keratin/authn-server/api" - "github.com/keratin/authn-server/api/oauth" + "github.com/keratin/authn-server/app" "github.com/keratin/authn-server/lib/route" + "github.com/keratin/authn-server/server/handlers" ) /* -func router(app *api.App) http.Handler { - r := mux.NewRouter() - route.Attach(r, app.Config.MountedPath, meta.Routes(app)...) - route.Attach(r, app.Config.MountedPath, accounts.Routes(app)...) - route.Attach(r, app.Config.MountedPath, sessions.Routes(app)...) - route.Attach(r, app.Config.MountedPath, passwords.Routes(app)...) - route.Attach(r, app.Config.MountedPath, oauth.Routes(app)...) - - return wrapRouter(r, app) -} - -func publicRouter(app *api.App) http.Handler { - r := mux.NewRouter() - route.Attach(r, app.Config.MountedPath, meta.PublicRoutes(app)...) - route.Attach(r, app.Config.MountedPath, accounts.PublicRoutes(app)...) - route.Attach(r, app.Config.MountedPath, sessions.PublicRoutes(app)...) - route.Attach(r, app.Config.MountedPath, passwords.PublicRoutes(app)...) - route.Attach(r, app.Config.MountedPath, oauth.PublicRoutes(app)...) - - return wrapRouter(r, app) -} + Reference: github.com/keratin/authn-server/server/public_routes.go */ -func RegisterRoutes(router *mux.Router, app *api.App, gmux *runtime.ServeMux) { +// RegisterRoutes registers gmux as the handler for the public routes on router +func RegisterRoutes(router *mux.Router, app *app.App, gmux *runtime.ServeMux) { route.Attach(router, app.Config.MountedPath, accountRoutes(app, gmux)...) route.Attach(router, app.Config.MountedPath, metaRoutes(app, gmux)...) route.Attach(router, app.Config.MountedPath, sessionsRoutes(app, gmux)...) route.Attach(router, app.Config.MountedPath, passwordsRoutes(app, gmux)...) - route.Attach(router, app.Config.MountedPath, oauth.PublicRoutes(app)...) + route.Attach(router, app.Config.MountedPath, oauthRoutes(app)...) } -func metaRoutes(app *api.App, gmux *runtime.ServeMux) []*route.HandledRoute { +func metaRoutes(app *app.App, gmux *runtime.ServeMux) []*route.HandledRoute { return []*route.HandledRoute{ route.Get("/health"). SecuredWith(route.Unsecured()). @@ -48,7 +29,7 @@ func metaRoutes(app *api.App, gmux *runtime.ServeMux) []*route.HandledRoute { } } -func accountRoutes(app *api.App, gmux *runtime.ServeMux) []*route.HandledRoute { +func accountRoutes(app *app.App, gmux *runtime.ServeMux) []*route.HandledRoute { originSecurity := route.OriginSecurity(app.Config.ApplicationDomains) routes := []*route.HandledRoute{} @@ -67,7 +48,7 @@ func accountRoutes(app *api.App, gmux *runtime.ServeMux) []*route.HandledRoute { return routes } -func sessionsRoutes(app *api.App, gmux *runtime.ServeMux) []*route.HandledRoute { +func sessionsRoutes(app *app.App, gmux *runtime.ServeMux) []*route.HandledRoute { originSecurity := route.OriginSecurity(app.Config.ApplicationDomains) routes := []*route.HandledRoute{ @@ -99,7 +80,7 @@ func sessionsRoutes(app *api.App, gmux *runtime.ServeMux) []*route.HandledRoute return routes } -func passwordsRoutes(app *api.App, gmux *runtime.ServeMux) []*route.HandledRoute { +func passwordsRoutes(app *app.App, gmux *runtime.ServeMux) []*route.HandledRoute { originSecurity := route.OriginSecurity(app.Config.ApplicationDomains) routes := []*route.HandledRoute{ @@ -118,3 +99,18 @@ func passwordsRoutes(app *api.App, gmux *runtime.ServeMux) []*route.HandledRoute return routes } + +func oauthRoutes(app *app.App) []*route.HandledRoute { + routes := []*route.HandledRoute{} + for providerName := range app.OauthProviders { + routes = append(routes, + route.Get("/oauth/"+providerName). + SecuredWith(route.Unsecured()). + Handle(handlers.GetOauth(app, providerName)), + route.Get("/oauth/"+providerName+"/return"). + SecuredWith(route.Unsecured()). + Handle(handlers.GetOauthReturn(app, providerName)), + ) + } + return routes +} diff --git a/grpc/public/signup.go b/grpc/public/signup.go index de023cb0f1..4e5751ee51 100644 --- a/grpc/public/signup.go +++ b/grpc/public/signup.go @@ -3,10 +3,10 @@ package public import ( "fmt" - "github.com/keratin/authn-server/api" + "github.com/keratin/authn-server/app" + "github.com/keratin/authn-server/app/services" authnpb "github.com/keratin/authn-server/grpc" "github.com/keratin/authn-server/grpc/internal/errors" - "github.com/keratin/authn-server/services" context "golang.org/x/net/context" "google.golang.org/genproto/googleapis/rpc/errdetails" grpc "google.golang.org/grpc" @@ -16,7 +16,7 @@ import ( ) type signupServiceServer struct { - app *api.App + app *app.App } var _ authnpb.SignupServiceServer = signupServiceServer{} diff --git a/grpc/server/server.go b/grpc/server/server.go index 5917572026..6fa613c42b 100644 --- a/grpc/server/server.go +++ b/grpc/server/server.go @@ -9,7 +9,7 @@ import ( "net" "github.com/gorilla/mux" - "github.com/keratin/authn-server/api" + "github.com/keratin/authn-server/app" "github.com/keratin/authn-server/grpc/internal/errors" "github.com/keratin/authn-server/grpc/private" "github.com/keratin/authn-server/grpc/public" @@ -22,7 +22,7 @@ func init() { } // RunPrivateService starts a gRPC server for the private API and accompanying gRPC-Gateway server -func RunPrivateService(ctx context.Context, app *api.App, grpcListener net.Listener, httpListener net.Listener) error { +func RunPrivateService(ctx context.Context, app *app.App, grpcListener net.Listener, httpListener net.Listener) error { privateRouter := mux.NewRouter() @@ -45,7 +45,7 @@ func RunPrivateService(ctx context.Context, app *api.App, grpcListener net.Liste } // RunPublicService starts a gRPC server for the public API and accompanying gRPC-Gateway server -func RunPublicService(ctx context.Context, app *api.App, grpcListener net.Listener, httpListener net.Listener) error { +func RunPublicService(ctx context.Context, app *app.App, grpcListener net.Listener, httpListener net.Listener) error { publicRouter := mux.NewRouter()