Commit b4aa7a7c by Chavee Issariyapat

add authhook

parent ba6ada4b
.DS_Store
node_nodules
.DS_Store
node_nodules
FROM node:8.10.0-alpine
WORKDIR /usr/src/app
ENV TERM=xterm
RUN apk add --update --no-cache python \
python-dev \
py-pip \
yarn \
openssh-client \
&& rm -rf /var/cache/apk/*
COPY . .
RUN npm install
EXPOSE 40000
CMD npm start
# a helper shell script
define MAKEFUNCTIONCODE
function hasChanges() {
test -n "$$(git status -s .)"
}
function getRelease() {
awk -F= '/^RELEASE=/{print $$2}' release.conf
}
function getBaseTag() {
sed -n -e "s/^tag=\(.*\)$$(getRelease)\$$/\1/p" release.conf
}
function getTag() {
if [ -z "$$1" ] ; then
awk -F= '/^tag/{print $$2}' release.conf
else
echo "$$(getBaseTag)$$1"
fi
}
function setRelease() {
if [ -n "$$1" ] ; then
sed -i.x -e "s/^tag=.*/tag=$$(getTag $$1)/" release.conf
sed -i.x -e "s/^RELEASE=.*/RELEASE=$$1/g" release.conf
rm -f release.conf.x
runPreTagCommand "$$1"
else
echo "ERROR: missing release version parameter " >&2
return 1
fi
}
function runPreTagCommand() {
if [ -n "$$1" ] ; then
COMMAND=$$(sed -n -e "s/@@RELEASE@@/$$1/g" -e 's/^pre_tag_command=\(.*\)/\1/p' release.conf)
if [ -n "$$COMMAND" ] ; then
if ! OUTPUT=$$(bash -c "$$COMMAND" 2>&1) ; then echo $$OUTPUT >&2 && exit 1 ; fi
fi
else
echo "ERROR: missing release version parameter " >&2
return 1
fi
}
function tagExists() {
tag=$${1:-$$(getTag)}
test -n "$$tag" && test -n "$$(git tag | grep "^$$tag\$$")"
}
function differsFromRelease() {
tag=$$(getTag)
! tagExists $$tag || test -n "$$(git diff --shortstat -r $$tag .)"
}
function getVersion() {
result=$$(getRelease)
if differsFromRelease; then
result="$$result-$$(git log -n 1 --format=%h .)"
fi
if hasChanges ; then
result="$$result-dirty"
fi
echo $$result
}
function nextPatchLevel() {
version=$${1:-$$(getRelease)}
major_and_minor=$$(echo $$version | cut -d. -f1,2)
patch=$$(echo $$version | cut -d. -f3)
version=$$(printf "%s.%d" $$major_and_minor $$(($$patch + 1)))
echo $$version
}
function nextMinorLevel() {
version=$${1:-$$(getRelease)}
major=$$(echo $$version | cut -d. -f1);
minor=$$(echo $$version | cut -d. -f2);
version=$$(printf "%d.%d.0" $$major $$(($$minor + 1))) ;
echo $$version
}
function nextMajorLevel() {
version=$${1:-$$(getRelease)}
major=$$(echo $$version | cut -d. -f1);
version=$$(printf "%d.0.0" $$(($$major + 1)))
echo $$version
}
endef
SHELL=/bin/bash
include release.conf
IMAGE=$(REGISTRY_HOST)/$(GROUPNAME)/$(PROJECTNAME)
VERSION=$(shell . $(RELEASE_SUPPORT) ; getVersion)
TAG=$(shell . $(RELEASE_SUPPORT); getTag)
RELEASE_SUPPORT := $(shell dirname $(abspath $(lastword $(MAKEFILE_LIST))))/.make-function
export MAKEFUNCTIONCODE
.PHONY: pre-build docker-build post-build build release patch-release minor-release major-release tag check-status check-release showver \
push do-push post-push
init:
@echo "$$MAKEFUNCTIONCODE" > ./.make-function
build: init pre-build docker-build post-build
pre-build:
post-build:
@rm .make-function
post-push:
@rm .make-function
docker-build:
docker build -t $(IMAGE):$(VERSION) .
@DOCKER_MAJOR=$(shell docker -v | sed -e 's/.*version //' -e 's/,.*//' | cut -d\. -f1) ; \
DOCKER_MINOR=$(shell docker -v | sed -e 's/.*version //' -e 's/,.*//' | cut -d\. -f2) ; \
if [ $$DOCKER_MAJOR -eq 1 ] && [ $$DOCKER_MINOR -lt 10 ] ; then \
echo docker tag -f $(IMAGE):$(VERSION) $(IMAGE):latest ;\
docker tag -f $(IMAGE):$(VERSION) $(IMAGE):latest ;\
else \
echo docker tag $(IMAGE):$(VERSION) $(IMAGE):latest ;\
docker tag $(IMAGE):$(VERSION) $(IMAGE):latest ; \
fi
release: check-status check-release build push
push: init do-push post-push
do-push:
docker push $(IMAGE):$(VERSION)
docker push $(IMAGE):latest
snapshot: build push
showver: init release.conf
@. $(RELEASE_SUPPORT); getVersion
tag-patch-release: init
VERSION := $(shell . $(RELEASE_SUPPORT); nextPatchLevel)
tag-patch-release: release.conf tag
tag-minor-release: init
VERSION := $(shell . $(RELEASE_SUPPORT); nextMinorLevel)
tag-minor-release: release.conf tag
tag-major-release: init
VERSION := $(shell . $(RELEASE_SUPPORT); nextMajorLevel)
tag-major-release: release.conf tag
patch-release: tag-patch-release release
@echo $(VERSION)
minor-release: tag-minor-release release
@echo $(VERSION)
major-release: tag-major-release release
@echo $(VERSION)
tag: TAG=$(shell . $(RELEASE_SUPPORT); getTag $(VERSION))
tag: check-status
@. $(RELEASE_SUPPORT) ; ! tagExists $(TAG) || (echo "ERROR: tag $(TAG) for version $(VERSION) already tagged in git" >&2 && exit 1) ;
@. $(RELEASE_SUPPORT) ; setRelease $(VERSION)
git add .
git commit -m "bumped to version $(VERSION)" ;
git tag $(TAG) ;
@ if [ -n "$(shell git remote -v)" ] ; then git push --tags ; else echo 'no remote to push tags to' ; fi
check-status: init
@. $(RELEASE_SUPPORT) ; ! hasChanges || (echo "ERROR: there are still outstanding changes" >&2 && exit 1) ;
check-release: init release.conf
@. $(RELEASE_SUPPORT) ; tagExists $(TAG) || (echo "ERROR: version not yet tagged in git. make [minor,major,patch]-release." >&2 && exit 1) ;
@. $(RELEASE_SUPPORT) ; ! differsFromRelease $(TAG) || (echo "ERROR: current directory differs from tagged $(TAG). make [minor,major,patch]-release." ; exit 1)
// https://github.com/isaacs/node-lru-cache
var LRU = require("lru-cache") ,
cache = LRU({
max: 500,
maxAge: 1000 * 60 * 5
});
// for testing
function authPublish(client_id, username, topic) {
if (!client_id || !username || !topic) return false;
else return true;
}
module.exports = function(options={}) {
return function(req, res, next) {
if (req.header('vernemq-hook') == 'auth_on_publish') {
if (options.debug) {
console.log(req.body);
}
var out, authstatus;
var cachekey = req.body.client_id +':'+ req.body.username +':'+ req.body.password;
var topic = req.body.topic;
var cachekey = req.body.client_id +':'+ req.body.username+':'+topic;
if (typeof(authstatus)=='undefined') {
// cache missed
if (authPublish(req.body.client_id, req.body.username, topic)) {
authstatus = true;
cache.set(cachekey, authstatus);
}
else {
authstatus = false;
cache.set(cachekey, authstatus);
}
}
else {
// cache hit
}
if (authstatus) {
out = {
"result": "ok"
}
}
else {
out = {
"result": "no"
}
}
res.send(out);
next();
}
else {
next();
}
}
}
// https://github.com/isaacs/node-lru-cache
var LRU = require("lru-cache") ,
cache = LRU({
max: 500,
maxAge: 1000 * 60 * 5
});
// for testing
function authByUserPasswd(client_id, username, password) {
if (!client_id || !username || !password) return false;
else return true;
}
module.exports = function(options={}) {
return function(req, res, next) {
if (req.header('vernemq-hook') == 'auth_on_register') {
if (options.debug) {
console.log(req.body);
}
var out, authstatus;
var cachekey = req.body.client_id +':'+ req.body.username +':'+ req.body.password;
authstatus = cache.get(cachekey);
if (typeof(authstatus)=='undefined') {
// cache missed
if (authByUserPasswd(req.body.client_id, req.body.username, req.body.password)) {
authstatus = true;
cache.set(cachekey, authstatus);
}
else {
authstatus = false;
cache.set(cachekey, authstatus);
}
}
else {
// cache hit
}
if (authstatus) {
out = {
"result": "ok"
}
}
else {
out = {
"result": "no"
}
}
res.send(out);
next();
}
else {
next();
}
}
}
// https://github.com/isaacs/node-lru-cache
var LRU = require("lru-cache") ,
cache = LRU({
max: 500,
maxAge: 1000 * 60 * 5
});
// for testing
function authSubscribe(client_id, username, topic) {
if (!client_id || !username || !topic) return false;
else return true;
}
module.exports = function(options={}) {
return function(req, res, next) {
if (req.header('vernemq-hook') == 'auth_on_publish') {
if (options.debug) {
console.log(req.body);
}
var out, authstatus;
var cachekey = req.body.client_id +':'+ req.body.username +':'+ req.body.password;
var topic = req.body.topic;
var cachekey = req.body.client_id +':'+ req.body.username+':'+topic;
if (typeof(authstatus)=='undefined') {
// cache missed
if (authSubscribe(req.body.client_id, req.body.username, topic)) {
authstatus = true;
cache.set(cachekey, authstatus);
}
else {
authstatus = false;
cache.set(cachekey, authstatus);
}
}
else {
// cache hit
}
if (authstatus) {
out = {
"result": "ok"
}
}
else {
out = {
"result": "no"
}
}
res.send(out);
next();
}
else {
next();
}
}
}
var restify = require('restify');
var auth_on_register = require('./auth_on_register')({debug:true});
var auth_on_publish = require('./auth_on_publish')({debug:true});
var auth_on_subscribe = require('./auth_on_subscribe')({debug:true});
const server = restify.createServer({
name: 'authplugin',
version: '1.0.0',
});
const port = 40000;
server.use(restify.plugins.bodyParser());
// for testing
function authByUserPasswd(client_id, username, password) {
if (!client_id || !username || !password) return false;
else return true;
}
server.get('/about', function (req, res, next) {
res.send(server.name);
});
server.post('/authreg', auth_on_register);
server.post('/authpub', auth_on_publish);
server.post('/authsub', auth_on_subscribe);
server.listen(port, function () {
console.log('%s listening at %s', server.name, server.url);
});
{
"name": "authhook",
"version": "1.0.0",
"description": "",
"main": "index.js",
"scripts": {
"start": "node index.js"
},
"author": "",
"license": "ISC",
"dependencies": {
"lru-cache": "^4.1.3",
"restify": "^7.1.1"
}
}
REGISTRY_HOST=dock.nexpie.com
GROUPNAME=stack
PROJECTNAME=vernemq/authhook
RELEASE=1.0.0
......@@ -23,8 +23,13 @@ spec:
tier: backend
spec:
containers:
- name: vernemq-authhook
image: dock.nexpie.com/stack/broker/authhook
ports:
- containerPort: 40000
name: authhook
- name: vernemq
image: georgepoenaru/vernemqube
image: dock.nexpie.com/stack/broker
env:
- name: KUBE_VERNEMQ_DISCOVERY_URL
#Considering namespace = default. Change according your namespace Eg: kubernetes-pod-ip-finder.dev.svc.cluster.local/?app=broker
......
REGISTRY_HOST=dock.nexpie.com
GROUPNAME=backend
PROJECTNAME=stack
GROUPNAME=stack
PROJECTNAME=vernemq
RELEASE=1.0.0
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment