聊聊dubbo-go的ConsumerSignFilter

此生再无相见时 提交于 2020-08-12 00:46:09

本文主要研究一下dubbo-go的ConsumerSignFilter

ConsumerSignFilter

dubbo-go-v1.4.2/filter/filter_impl/auth/consumer_sign.go

type ConsumerSignFilter struct {
}

func init() {
	extension.SetFilter(constant.CONSUMER_SIGN_FILTER, getConsumerSignFilter)
}
  • ConsumerSignFilter的init方法设置了getConsumerSignFilter

getConsumerSignFilter

dubbo-go-v1.4.2/filter/filter_impl/auth/consumer_sign.go

func getConsumerSignFilter() filter.Filter {
	return &ConsumerSignFilter{}
}
  • getConsumerSignFilter创建了ConsumerSignFilter

Invoke

dubbo-go-v1.4.2/filter/filter_impl/auth/consumer_sign.go

func (csf *ConsumerSignFilter) Invoke(ctx context.Context, invoker protocol.Invoker, invocation protocol.Invocation) protocol.Result {
	logger.Infof("invoking ConsumerSign filter.")
	url := invoker.GetUrl()

	err := doAuthWork(&url, func(authenticator filter.Authenticator) error {
		return authenticator.Sign(invocation, &url)
	})
	if err != nil {
		panic(fmt.Sprintf("Sign for invocation %s # %s failed", url.ServiceKey(), invocation.MethodName()))

	}
	return invoker.Invoke(ctx, invocation)
}
  • Invoke方法会先执行doAuthWork方法,其传递的func执行authenticator.Sign(invocation, &url)

OnResponse

dubbo-go-v1.4.2/filter/filter_impl/auth/consumer_sign.go

func (csf *ConsumerSignFilter) OnResponse(ctx context.Context, result protocol.Result, invoker protocol.Invoker, invocation protocol.Invocation) protocol.Result {
	return result
}
  • OnResponse方法直接返回result

doAuthWork

filter/filter_impl/auth/default_authenticator.go

func doAuthWork(url *common.URL, do func(filter.Authenticator) error) error {

	shouldAuth := url.GetParamBool(constant.SERVICE_AUTH_KEY, false)
	if shouldAuth {
		authenticator := extension.GetAuthenticator(url.GetParam(constant.AUTHENTICATOR_KEY, constant.DEFAULT_AUTHENTICATOR))
		return do(authenticator)
	}
	return nil
}
  • doAuthWork方法先从url读取constant.SERVICE_AUTH_KEY判断是否需要auth,需要的话,则获取authenticator,执行do(authenticator)

Sign

dubbo-go-v1.4.2/filter/filter_impl/auth/default_authenticator.go

func (authenticator *DefaultAuthenticator) Sign(invocation protocol.Invocation, url *common.URL) error {
	currentTimeMillis := strconv.Itoa(int(time.Now().Unix() * 1000))

	consumer := url.GetParam(constant.APPLICATION_KEY, "")
	accessKeyPair, err := getAccessKeyPair(invocation, url)
	if err != nil {
		return errors.New("get accesskey pair failed, cause: " + err.Error())
	}
	inv := invocation.(*invocation_impl.RPCInvocation)
	signature, err := getSignature(url, invocation, accessKeyPair.SecretKey, currentTimeMillis)
	if err != nil {
		return err
	}
	inv.SetAttachments(constant.REQUEST_SIGNATURE_KEY, signature)
	inv.SetAttachments(constant.REQUEST_TIMESTAMP_KEY, currentTimeMillis)
	inv.SetAttachments(constant.AK_KEY, accessKeyPair.AccessKey)
	inv.SetAttachments(constant.CONSUMER, consumer)
	return nil
}

func getAccessKeyPair(invocation protocol.Invocation, url *common.URL) (*filter.AccessKeyPair, error) {
	accesskeyStorage := extension.GetAccesskeyStorages(url.GetParam(constant.ACCESS_KEY_STORAGE_KEY, constant.DEFAULT_ACCESS_KEY_STORAGE))
	accessKeyPair := accesskeyStorage.GetAccessKeyPair(invocation, url)
	if accessKeyPair == nil || IsEmpty(accessKeyPair.AccessKey, false) || IsEmpty(accessKeyPair.SecretKey, true) {
		return nil, errors.New("accessKeyId or secretAccessKey not found")
	} else {
		return accessKeyPair, nil
	}
}
  • Sign方法通过getAccessKeyPair从accesskeyStorage.GetAccessKeyPair获取accessKeyPair,然后通过getSignature计算signature,没有err则设置到attachment中

小结

ConsumerSignFilter的Invoke方法会先执行doAuthWork方法,其传递的func执行authenticator.Sign(invocation, &url)

doc

标签
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!