Google Git
Sign in
apache / dubbo-go / 013f0b2804ce40d33e1190bfdbd671980f3b1e12 / . / filter / token / filter.go
blob: a84e9deddf444f50e9cc727b96dd7aaa8918a0f2 [file] [log] [blame]
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
// Package token provides token filter.
package token
import (
"context"
"strings"
"sync"
)
import (
perrors "github.com/pkg/errors"
)
import (
"dubbo.apache.org/dubbo-go/v3/common/constant"
"dubbo.apache.org/dubbo-go/v3/common/extension"
"dubbo.apache.org/dubbo-go/v3/filter"
"dubbo.apache.org/dubbo-go/v3/protocol"
)
var (
once sync.Once
token *tokenFilter
)
func init() {
extension.SetFilter(constant.TokenFilterKey, newTokenFilter)
}
const (
InValidTokenFormat = "[Token Filter]Invalid token! Forbid invoke remote service %v with method %s"
)
// tokenFilter will verify if the token is valid
type tokenFilter struct{}
func newTokenFilter() filter.Filter {
if token == nil {
once.Do(func() {
token = &tokenFilter{}
})
}
return token
}
// Invoke verifies the incoming token with the service configured token
func (f *tokenFilter) Invoke(ctx context.Context, invoker protocol.Invoker, invocation protocol.Invocation) protocol.Result {
invokerTkn := invoker.GetURL().GetParam(constant.TokenKey, "")
if len(invokerTkn) > 0 {
attas := invocation.Attachments()
var remoteTkn string
remoteTknIface, exist := attas[constant.TokenKey]
if !exist || remoteTknIface == nil {
return &protocol.RPCResult{Err: perrors.Errorf(InValidTokenFormat, invoker, invocation.MethodName())}
}
switch remoteTknIface.(type) {
case string:
// deal with dubbo protocol
remoteTkn = remoteTknIface.(string)
case []string:
// deal with triple protocol
remoteTkns := remoteTknIface.([]string)
if len(remoteTkns) != 1 {
return &protocol.RPCResult{Err: perrors.Errorf(InValidTokenFormat, invoker, invocation.MethodName())}
}
remoteTkn = remoteTkns[0]
default:
return &protocol.RPCResult{Err: perrors.Errorf(InValidTokenFormat, invoker, invocation.MethodName())}
}
if strings.EqualFold(invokerTkn, remoteTkn) {
return invoker.Invoke(ctx, invocation)
}
return &protocol.RPCResult{Err: perrors.Errorf(InValidTokenFormat, invoker, invocation.MethodName())}
}
return invoker.Invoke(ctx, invocation)
}
// OnResponse dummy process, returns the result directly
func (f *tokenFilter) OnResponse(ctx context.Context, result protocol.Result, invoker protocol.Invoker, invocation protocol.Invocation) protocol.Result {
return result
}