chore: import upstream snapshot with attribution
govulncheck / govulncheck (push) Has been cancelled
Lint / golangci-lint (push) Has been cancelled
Run Tests / Unit Tests (push) Has been cancelled
Run Tests / Etcd Integration Tests (push) Has been cancelled
Harness (E2E) / Harnesses (mock LLM) (push) Has been cancelled
Harness (E2E) / Provider harnesses (live LLM conformance) (push) Has been cancelled
govulncheck / govulncheck (push) Has been cancelled
Lint / golangci-lint (push) Has been cancelled
Run Tests / Unit Tests (push) Has been cancelled
Run Tests / Etcd Integration Tests (push) Has been cancelled
Harness (E2E) / Harnesses (mock LLM) (push) Has been cancelled
Harness (E2E) / Provider harnesses (live LLM conformance) (push) Has been cancelled
This commit is contained in:
@@ -0,0 +1,72 @@
|
||||
package server
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"net/http"
|
||||
"os"
|
||||
"path/filepath"
|
||||
|
||||
"go-micro.dev/v6/gateway/api"
|
||||
"go-micro.dev/v6/registry"
|
||||
"go-micro.dev/v6/store"
|
||||
)
|
||||
|
||||
// GatewayOptions configures the HTTP gateway (legacy compatibility)
|
||||
// Deprecated: Use gateway/api.Options directly
|
||||
type GatewayOptions = api.Options
|
||||
|
||||
// Gateway represents a running HTTP gateway server (legacy compatibility)
|
||||
// Deprecated: Use gateway/api.Gateway directly
|
||||
type Gateway = api.Gateway
|
||||
|
||||
// StartGateway starts the HTTP gateway with the given options.
|
||||
// This is a compatibility wrapper around gateway/api.New().
|
||||
//
|
||||
// Deprecated: Use gateway/api.New() directly for new code.
|
||||
func StartGateway(opts GatewayOptions) (*Gateway, error) {
|
||||
// Initialize auth if enabled (server-specific setup)
|
||||
if opts.AuthEnabled {
|
||||
if err := initAuth(); err != nil {
|
||||
return nil, fmt.Errorf("failed to initialize auth: %w", err)
|
||||
}
|
||||
|
||||
homeDir, _ := os.UserHomeDir()
|
||||
keyDir := filepath.Join(homeDir, "micro", "keys")
|
||||
privPath := filepath.Join(keyDir, "private.pem")
|
||||
pubPath := filepath.Join(keyDir, "public.pem")
|
||||
if err := InitJWTKeys(privPath, pubPath); err != nil {
|
||||
return nil, fmt.Errorf("failed to init JWT keys: %w", err)
|
||||
}
|
||||
}
|
||||
|
||||
// Get store (server-specific default)
|
||||
s := store.DefaultStore
|
||||
|
||||
// Parse templates (server-specific)
|
||||
tmpls := parseTemplates()
|
||||
|
||||
// Create handler registrar that registers server-specific handlers
|
||||
opts.HandlerRegistrar = func(mux *http.ServeMux) error {
|
||||
registerHandlers(mux, tmpls, s, opts.AuthEnabled)
|
||||
return nil
|
||||
}
|
||||
|
||||
// Use default registry if not set
|
||||
if opts.Registry == nil {
|
||||
opts.Registry = registry.DefaultRegistry
|
||||
}
|
||||
|
||||
// Delegate to gateway/api package
|
||||
return api.New(opts)
|
||||
}
|
||||
|
||||
// RunGateway starts the gateway and blocks until it stops.
|
||||
//
|
||||
// Deprecated: Use gateway/api.Run() with a custom handler registrar.
|
||||
func RunGateway(opts GatewayOptions) error {
|
||||
gw, err := StartGateway(opts)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return gw.Wait()
|
||||
}
|
||||
File diff suppressed because it is too large
Load Diff
@@ -0,0 +1,91 @@
|
||||
package server
|
||||
|
||||
import (
|
||||
"crypto/rand"
|
||||
"crypto/rsa"
|
||||
"crypto/x509"
|
||||
"encoding/pem"
|
||||
"errors"
|
||||
"os"
|
||||
"time"
|
||||
|
||||
"github.com/golang-jwt/jwt/v5"
|
||||
)
|
||||
|
||||
var (
|
||||
jwtPrivateKey *rsa.PrivateKey
|
||||
jwtPublicKey *rsa.PublicKey
|
||||
)
|
||||
|
||||
// Load or generate RSA keys for JWT
|
||||
func InitJWTKeys(privPath, pubPath string) error {
|
||||
var err error
|
||||
if _, err = os.Stat(privPath); os.IsNotExist(err) {
|
||||
priv, _ := rsa.GenerateKey(rand.Reader, 2048)
|
||||
privBytes := x509.MarshalPKCS1PrivateKey(priv)
|
||||
privPem := pem.EncodeToMemory(&pem.Block{Type: "RSA PRIVATE KEY", Bytes: privBytes})
|
||||
_ = os.WriteFile(privPath, privPem, 0600)
|
||||
pubBytes, _ := x509.MarshalPKIXPublicKey(&priv.PublicKey)
|
||||
pubPem := pem.EncodeToMemory(&pem.Block{Type: "PUBLIC KEY", Bytes: pubBytes})
|
||||
_ = os.WriteFile(pubPath, pubPem, 0644)
|
||||
}
|
||||
privPem, err := os.ReadFile(privPath)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
block, _ := pem.Decode(privPem)
|
||||
if block == nil {
|
||||
return errors.New("invalid private key PEM")
|
||||
}
|
||||
jwtPrivateKey, err = x509.ParsePKCS1PrivateKey(block.Bytes)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
pubPem, err := os.ReadFile(pubPath)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
block, _ = pem.Decode(pubPem)
|
||||
if block == nil {
|
||||
return errors.New("invalid public key PEM")
|
||||
}
|
||||
pub, err := x509.ParsePKIXPublicKey(block.Bytes)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
var ok bool
|
||||
jwtPublicKey, ok = pub.(*rsa.PublicKey)
|
||||
if !ok {
|
||||
return errors.New("not RSA public key")
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// Generate a JWT for a user
|
||||
func GenerateJWT(userID, userType string, scopes []string, expiry time.Duration) (string, error) {
|
||||
claims := jwt.MapClaims{
|
||||
"sub": userID,
|
||||
"type": userType,
|
||||
"scopes": scopes,
|
||||
"exp": time.Now().Add(expiry).Unix(),
|
||||
}
|
||||
token := jwt.NewWithClaims(jwt.SigningMethodRS256, claims)
|
||||
return token.SignedString(jwtPrivateKey)
|
||||
}
|
||||
|
||||
// Parse and validate a JWT, returns claims if valid
|
||||
func ParseJWT(tokenStr string) (jwt.MapClaims, error) {
|
||||
token, err := jwt.Parse(tokenStr, func(token *jwt.Token) (interface{}, error) {
|
||||
if _, ok := token.Method.(*jwt.SigningMethodRSA); !ok {
|
||||
return nil, errors.New("unexpected signing method")
|
||||
}
|
||||
return jwtPublicKey, nil
|
||||
})
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if claims, ok := token.Claims.(jwt.MapClaims); ok && token.Valid {
|
||||
return claims, nil
|
||||
}
|
||||
return nil, errors.New("invalid token")
|
||||
}
|
||||
Reference in New Issue
Block a user