共计 3234 个字符,预计需要花费 9 分钟才能阅读完成。
序
本文次要钻研一下 dubbo-go 的 ConsumerSignFilter
ConsumerSignFilter
dubbo-go-v1.4.2/filter/filter_impl/auth/consumer_sign.go
type ConsumerSignFilter struct {
}
func init() {extension.SetFilter(constant.CONSUMER_SIGN_FILTER, getConsumerSignFilter)
}
- ConsumerSignFilter 的 init 办法设置了 getConsumerSignFilter
getConsumerSignFilter
dubbo-go-v1.4.2/filter/filter_impl/auth/consumer_sign.go
func getConsumerSignFilter() filter.Filter {return &ConsumerSignFilter{}
}
- getConsumerSignFilter 创立了 ConsumerSignFilter
Invoke
dubbo-go-v1.4.2/filter/filter_impl/auth/consumer_sign.go
func (csf *ConsumerSignFilter) Invoke(ctx context.Context, invoker protocol.Invoker, invocation protocol.Invocation) protocol.Result {logger.Infof("invoking ConsumerSign filter.")
url := invoker.GetUrl()
err := doAuthWork(&url, func(authenticator filter.Authenticator) error {return authenticator.Sign(invocation, &url)
})
if err != nil {panic(fmt.Sprintf("Sign for invocation %s # %s failed", url.ServiceKey(), invocation.MethodName()))
}
return invoker.Invoke(ctx, invocation)
}
- Invoke 办法会先执行 doAuthWork 办法,其传递的 func 执行 authenticator.Sign(invocation, &url)
OnResponse
dubbo-go-v1.4.2/filter/filter_impl/auth/consumer_sign.go
func (csf *ConsumerSignFilter) OnResponse(ctx context.Context, result protocol.Result, invoker protocol.Invoker, invocation protocol.Invocation) protocol.Result {return result}
- OnResponse 办法间接返回 result
doAuthWork
filter/filter_impl/auth/default_authenticator.go
func doAuthWork(url *common.URL, do func(filter.Authenticator) error) error {shouldAuth := url.GetParamBool(constant.SERVICE_AUTH_KEY, false)
if shouldAuth {authenticator := extension.GetAuthenticator(url.GetParam(constant.AUTHENTICATOR_KEY, constant.DEFAULT_AUTHENTICATOR))
return do(authenticator)
}
return nil
}
- doAuthWork 办法先从 url 读取 constant.SERVICE_AUTH_KEY 判断是否须要 auth,需要的话,则获取 authenticator,执行 do(authenticator)
Sign
dubbo-go-v1.4.2/filter/filter_impl/auth/default_authenticator.go
func (authenticator *DefaultAuthenticator) Sign(invocation protocol.Invocation, url *common.URL) error {currentTimeMillis := strconv.Itoa(int(time.Now().Unix() * 1000))
consumer := url.GetParam(constant.APPLICATION_KEY, "")
accessKeyPair, err := getAccessKeyPair(invocation, url)
if err != nil {return errors.New("get accesskey pair failed, cause:" + err.Error())
}
inv := invocation.(*invocation_impl.RPCInvocation)
signature, err := getSignature(url, invocation, accessKeyPair.SecretKey, currentTimeMillis)
if err != nil {return err}
inv.SetAttachments(constant.REQUEST_SIGNATURE_KEY, signature)
inv.SetAttachments(constant.REQUEST_TIMESTAMP_KEY, currentTimeMillis)
inv.SetAttachments(constant.AK_KEY, accessKeyPair.AccessKey)
inv.SetAttachments(constant.CONSUMER, consumer)
return nil
}
func getAccessKeyPair(invocation protocol.Invocation, url *common.URL) (*filter.AccessKeyPair, error) {accesskeyStorage := extension.GetAccesskeyStorages(url.GetParam(constant.ACCESS_KEY_STORAGE_KEY, constant.DEFAULT_ACCESS_KEY_STORAGE))
accessKeyPair := accesskeyStorage.GetAccessKeyPair(invocation, url)
if accessKeyPair == nil || IsEmpty(accessKeyPair.AccessKey, false) || IsEmpty(accessKeyPair.SecretKey, true) {return nil, errors.New("accessKeyId or secretAccessKey not found")
} else {return accessKeyPair, nil}
}
- Sign 办法通过 getAccessKeyPair 从 accesskeyStorage.GetAccessKeyPair 获取 accessKeyPair,而后通过 getSignature 计算 signature,没有 err 则设置到 attachment 中
小结
ConsumerSignFilter 的 Invoke 办法会先执行 doAuthWork 办法,其传递的 func 执行 authenticator.Sign(invocation, &url)
doc
- consumer_sign
正文完