本文主要研究一下dubbo-go的ConsumerSignFilter
dubbo-go-v1.4.2/filter/filter_impl/auth/consumer_sign.go
type ConsumerSignFilter struct { } func init() { extension.SetFilter(constant.CONSUMER_SIGN_FILTER, getConsumerSignFilter) }
dubbo-go-v1.4.2/filter/filter_impl/auth/consumer_sign.go
func getConsumerSignFilter() filter.Filter { return &ConsumerSignFilter{} }
dubbo-go-v1.4.2/filter/filter_impl/auth/consumer_sign.go
func (csf *ConsumerSignFilter) Invoke(ctx context.Context, invoker protocol.Invoker, invocation protocol.Invocation) protocol.Result { logger.Infof("invoking ConsumerSign filter.") url := invoker.GetUrl() err := doAuthWork(&url, func(authenticator filter.Authenticator) error { return authenticator.Sign(invocation, &url) }) if err != nil { panic(fmt.Sprintf("Sign for invocation %s # %s failed", url.ServiceKey(), invocation.MethodName())) } return invoker.Invoke(ctx, invocation) }
dubbo-go-v1.4.2/filter/filter_impl/auth/consumer_sign.go
func (csf *ConsumerSignFilter) OnResponse(ctx context.Context, result protocol.Result, invoker protocol.Invoker, invocation protocol.Invocation) protocol.Result { return result }
filter/filter_impl/auth/default_authenticator.go
func doAuthWork(url *common.URL, do func(filter.Authenticator) error) error { shouldAuth := url.GetParamBool(constant.SERVICE_AUTH_KEY, false) if shouldAuth { authenticator := extension.GetAuthenticator(url.GetParam(constant.AUTHENTICATOR_KEY, constant.DEFAULT_AUTHENTICATOR)) return do(authenticator) } return nil }
dubbo-go-v1.4.2/filter/filter_impl/auth/default_authenticator.go
func (authenticator *DefaultAuthenticator) Sign(invocation protocol.Invocation, url *common.URL) error { currentTimeMillis := strconv.Itoa(int(time.Now().Unix() * 1000)) consumer := url.GetParam(constant.APPLICATION_KEY, "") accessKeyPair, err := getAccessKeyPair(invocation, url) if err != nil { return errors.New("get accesskey pair failed, cause: " + err.Error()) } inv := invocation.(*invocation_impl.RPCInvocation) signature, err := getSignature(url, invocation, accessKeyPair.SecretKey, currentTimeMillis) if err != nil { return err } inv.SetAttachments(constant.REQUEST_SIGNATURE_KEY, signature) inv.SetAttachments(constant.REQUEST_TIMESTAMP_KEY, currentTimeMillis) inv.SetAttachments(constant.AK_KEY, accessKeyPair.AccessKey) inv.SetAttachments(constant.CONSUMER, consumer) return nil } func getAccessKeyPair(invocation protocol.Invocation, url *common.URL) (*filter.AccessKeyPair, error) { accesskeyStorage := extension.GetAccesskeyStorages(url.GetParam(constant.ACCESS_KEY_STORAGE_KEY, constant.DEFAULT_ACCESS_KEY_STORAGE)) accessKeyPair := accesskeyStorage.GetAccessKeyPair(invocation, url) if accessKeyPair == nil || IsEmpty(accessKeyPair.AccessKey, false) || IsEmpty(accessKeyPair.SecretKey, true) { return nil, errors.New("accessKeyId or secretAccessKey not found") } else { return accessKeyPair, nil } }
ConsumerSignFilter的Invoke方法会先执行doAuthWork方法,其传递的func执行authenticator.Sign(invocation, &url)
很遗憾的说,推酷将在这个月底关闭。人生海海,几度秋凉,感谢那些有你的时光。
原文 https://segmentfault.com/a/1190000023355932