sequence
This paper mainly studies dubo-Go’s ConsumerSignFilter
ConsumerSignFilter
Dubbo – go – v1.4.2 / filter/filter_impl/auth/consumer_sign. Go
type ConsumerSignFilter struct {
}
func init() {
extension.SetFilter(constant.CONSUMER_SIGN_FILTER, getConsumerSignFilter)
}
Copy the code- The init method of ConsumerSignFilter sets getConsumerSignFilter
getConsumerSignFilter
Dubbo – go – v1.4.2 / filter/filter_impl/auth/consumer_sign. Go
func getConsumerSignFilter() filter.Filter {
return &ConsumerSignFilter{}
}
Copy the code- GetConsumerSignFilter creates the ConsumerSignFilter
Invoke
Dubbo – go – v1.4.2 / filter/filter_impl/auth/consumer_sign. Go
func (csf *ConsumerSignFilter) Invoke(ctx context.Context, invoker protocol.Invoker, invocation protocol.Invocation) protocol.Result {
logger.Infof("invoking ConsumerSign filter.")
url := invoker.GetUrl()
err := doAuthWork(&url, func(authenticator filter.Authenticator) error {
return authenticator.Sign(invocation, &url)
})
iferr ! = nil { panic(fmt.Sprintf("Sign for invocation %s # %s failed", url.ServiceKey(), invocation.MethodName()))
}
return invoker.Invoke(ctx, invocation)
}
Copy the code- The Invoke method first executes the doAuthWork method, whose func executes authenticator.sign (Invocation, & URL)
OnResponse
Dubbo – go – v1.4.2 / filter/filter_impl/auth/consumer_sign. Go
func (csf *ConsumerSignFilter) OnResponse(ctx context.Context, result protocol.Result, invoker protocol.Invoker, invocation protocol.Invocation) protocol.Result {
return result
}
Copy the code- The OnResponse method returns result directly
doAuthWork
filter/filter_impl/auth/default_authenticator.go
func doAuthWork(url *common.URL, do func(filter.Authenticator) error) error {
shouldAuth := url.GetParamBool(constant.SERVICE_AUTH_KEY, false)
if shouldAuth {
authenticator := extension.GetAuthenticator(url.GetParam(constant.AUTHENTICATOR_KEY, constant.DEFAULT_AUTHENTICATOR))
return do(authenticator)
}
return nil
}
Copy the code- The doAuthWork method first reads the constant.SERVICE_AUTH_KEY from the URL to determine whether auth is needed. If so, obtain the authenticator and execute do(authenticator).
Sign
Dubbo – go – v1.4.2 / filter/filter_impl/auth/default_authenticator. Go
func (authenticator *DefaultAuthenticator) Sign(invocation protocol.Invocation, url *common.URL) error {
currentTimeMillis := strconv.Itoa(int(time.Now().Unix() * 1000))
consumer := url.GetParam(constant.APPLICATION_KEY, "")
accessKeyPair, err := getAccessKeyPair(invocation, url)
iferr ! = nil {return errors.New("get accesskey pair failed, cause: " + err.Error())
}
inv := invocation.(*invocation_impl.RPCInvocation)
signature, err := getSignature(url, invocation, accessKeyPair.SecretKey, currentTimeMillis)
iferr ! = nil {return err
}
inv.SetAttachments(constant.REQUEST_SIGNATURE_KEY, signature)
inv.SetAttachments(constant.REQUEST_TIMESTAMP_KEY, currentTimeMillis)
inv.SetAttachments(constant.AK_KEY, accessKeyPair.AccessKey)
inv.SetAttachments(constant.CONSUMER, consumer)
return nil
}
func getAccessKeyPair(invocation protocol.Invocation, url *common.URL) (*filter.AccessKeyPair, error) {
accesskeyStorage := extension.GetAccesskeyStorages(url.GetParam(constant.ACCESS_KEY_STORAGE_KEY, constant.DEFAULT_ACCESS_KEY_STORAGE))
accessKeyPair := accesskeyStorage.GetAccessKeyPair(invocation, url)
if accessKeyPair == nil || IsEmpty(accessKeyPair.AccessKey, false) || IsEmpty(accessKeyPair.SecretKey, true) {
return nil, errors.New("accessKeyId or secretAccessKey not found")}else {
return accessKeyPair, nil
}
}
Copy the code- Sign method through getAccessKeyPair accesskeyStorage. GetAccessKeyPair accessKeyPair, then signature by getSignature calculation, If there is no err, it goes to the Attachment
summary
The Invoke method of the ConsumerSignFilter first executes the doAuthWork method, whose func executes authenticator.sign (Invocation, & URL).
doc
- consumer_sign