tk/Ocelot
1
0
Fork 0
mirror of https://github.com/nsnail/Ocelot.git synced 2025-06-19 23:28:15 +08:00
Code Issues Packages Projects Releases Wiki Activity

removed idserver4 (#547)

Browse Source
This commit is contained in:
Tom Pallister
2018-08-14 08:19:00 +01:00
committed by GitHub
parent edbe33415d
commit 0786614e50
13 changed files with 150 additions and 1187 deletions
Download Patch File Download Diff File Expand all files Collapse all files

94
src/Ocelot/Authorisation/ScopesAuthoriser.cs
View File

@ -1,47 +1,47 @@
using IdentityModel;
using Ocelot.Responses;
using System.Collections.Generic;
using System.Security.Claims;
using System.Linq;
namespace Ocelot.Authorisation
{
using Infrastructure.Claims.Parser;
public class ScopesAuthoriser : IScopesAuthoriser
{
private readonly IClaimsParser _claimsParser;
public ScopesAuthoriser(IClaimsParser claimsParser)
{
_claimsParser = claimsParser;
}
public Response<bool> Authorise(ClaimsPrincipal claimsPrincipal, List<string> routeAllowedScopes)
{
if (routeAllowedScopes == null || routeAllowedScopes.Count == 0)
{
return new OkResponse<bool>(true);
}
var values = _claimsParser.GetValuesByClaimType(claimsPrincipal.Claims, JwtClaimTypes.Scope);
if (values.IsError)
{
return new ErrorResponse<bool>(values.Errors);
}
var userScopes = values.Data;
var matchesScopes = routeAllowedScopes.Intersect(userScopes).ToList();
if (matchesScopes.Count == 0)
{
return new ErrorResponse<bool>(
new ScopeNotAuthorisedError($"no one user scope: '{string.Join(",", userScopes)}' match with some allowed scope: '{string.Join(",", routeAllowedScopes)}'"));
}
return new OkResponse<bool>(true);
}
}
}
using Ocelot.Responses;
using System.Collections.Generic;
using System.Security.Claims;
using System.Linq;
namespace Ocelot.Authorisation
{
using Infrastructure.Claims.Parser;
public class ScopesAuthoriser : IScopesAuthoriser
{
private readonly IClaimsParser _claimsParser;
private readonly string _scope = "scope";
public ScopesAuthoriser(IClaimsParser claimsParser)
{
_claimsParser = claimsParser;
}
public Response<bool> Authorise(ClaimsPrincipal claimsPrincipal, List<string> routeAllowedScopes)
{
if (routeAllowedScopes == null || routeAllowedScopes.Count == 0)
{
return new OkResponse<bool>(true);
}
var values = _claimsParser.GetValuesByClaimType(claimsPrincipal.Claims, _scope);
if (values.IsError)
{
return new ErrorResponse<bool>(values.Errors);
}
var userScopes = values.Data;
var matchesScopes = routeAllowedScopes.Intersect(userScopes).ToList();
if (matchesScopes.Count == 0)
{
return new ErrorResponse<bool>(
new ScopeNotAuthorisedError($"no one user scope: '{string.Join(",", userScopes)}' match with some allowed scope: '{string.Join(",", routeAllowedScopes)}'"));
}
return new OkResponse<bool>(true);
}
}
}

5
src/Ocelot/DependencyInjection/IOcelotBuilder.cs
View File

@ -1,6 +1,5 @@
using System;
using System.Net.Http;
using IdentityServer4.AccessTokenValidation;
using Ocelot.Middleware.Multiplexer;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Configuration;
@ -13,10 +12,6 @@ namespace Ocelot.DependencyInjection
IConfiguration Configuration { get; }
IOcelotAdministrationBuilder AddAdministration(string path, string secret);
IOcelotAdministrationBuilder AddAdministration(string path, Action<IdentityServerAuthenticationOptions> configOptions);
IOcelotBuilder AddDelegatingHandler<T>(bool global = false)
where T : DelegatingHandler;

115
src/Ocelot/DependencyInjection/OcelotBuilder.cs
View File

@ -1,6 +1,5 @@
namespace Ocelot.DependencyInjection
{
using IdentityServer4.Models;
using Microsoft.AspNetCore.Http;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
@ -31,10 +30,8 @@ namespace Ocelot.DependencyInjection
using Ocelot.ServiceDiscovery;
using System;
using System.Collections.Generic;
using System.IdentityModel.Tokens.Jwt;
using System.Reflection;
using System.Security.Cryptography.X509Certificates;
using IdentityServer4.AccessTokenValidation;
using Microsoft.AspNetCore.Builder;
using Ocelot.Configuration;
using Microsoft.Extensions.DependencyInjection.Extensions;
@ -141,35 +138,6 @@ namespace Ocelot.DependencyInjection
Services.TryAddSingleton<IFrameworkDescription, FrameworkDescription>();
}
public IOcelotAdministrationBuilder AddAdministration(string path, string secret)
{
var administrationPath = new AdministrationPath(path);
//add identity server for admin area
var identityServerConfiguration = IdentityServerConfigurationCreator.GetIdentityServerConfiguration(secret);
if (identityServerConfiguration != null)
{
AddIdentityServer(identityServerConfiguration, administrationPath);
}
Services.AddSingleton<IAdministrationPath>(administrationPath);
return new OcelotAdministrationBuilder(Services, Configuration);
}
public IOcelotAdministrationBuilder AddAdministration(string path, Action<IdentityServerAuthenticationOptions> configureOptions)
{
var administrationPath = new AdministrationPath(path);
if (configureOptions != null)
{
AddIdentityServer(configureOptions);
}
Services.AddSingleton<IAdministrationPath>(administrationPath);
return new OcelotAdministrationBuilder(Services, Configuration);
}
public IOcelotBuilder AddSingletonDefinedAggregator<T>()
where T : class, IDefinedAggregator
{
@ -202,88 +170,5 @@ namespace Ocelot.DependencyInjection
return this;
}
private void AddIdentityServer(Action<IdentityServerAuthenticationOptions> configOptions)
{
Services
.AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme)
.AddIdentityServerAuthentication(configOptions);
}
private void AddIdentityServer(IIdentityServerConfiguration identityServerConfiguration, IAdministrationPath adminPath)
{
Services.TryAddSingleton<IIdentityServerConfiguration>(identityServerConfiguration);
var identityServerBuilder = Services
.AddIdentityServer(o => {
o.IssuerUri = "Ocelot";
})
.AddInMemoryApiResources(Resources(identityServerConfiguration))
.AddInMemoryClients(Client(identityServerConfiguration));
var urlFinder = new BaseUrlFinder(Configuration);
var baseSchemeUrlAndPort = urlFinder.Find();
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
Services.AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme)
.AddIdentityServerAuthentication(o =>
{
o.Authority = baseSchemeUrlAndPort + adminPath.Path;
o.ApiName = identityServerConfiguration.ApiName;
o.RequireHttpsMetadata = identityServerConfiguration.RequireHttps;
o.SupportedTokens = SupportedTokens.Both;
o.ApiSecret = identityServerConfiguration.ApiSecret;
});
//todo - refactor naming..
if (string.IsNullOrEmpty(identityServerConfiguration.CredentialsSigningCertificateLocation) || string.IsNullOrEmpty(identityServerConfiguration.CredentialsSigningCertificatePassword))
{
identityServerBuilder.AddDeveloperSigningCredential();
}
else
{
//todo - refactor so calls method?
var cert = new X509Certificate2(identityServerConfiguration.CredentialsSigningCertificateLocation, identityServerConfiguration.CredentialsSigningCertificatePassword);
identityServerBuilder.AddSigningCredential(cert);
}
}
private List<ApiResource> Resources(IIdentityServerConfiguration identityServerConfiguration)
{
return new List<ApiResource>
{
new ApiResource(identityServerConfiguration.ApiName, identityServerConfiguration.ApiName)
{
ApiSecrets = new List<Secret>
{
new Secret
{
Value = identityServerConfiguration.ApiSecret.Sha256()
}
}
},
};
}
private List<Client> Client(IIdentityServerConfiguration identityServerConfiguration)
{
return new List<Client>
{
new Client
{
ClientId = identityServerConfiguration.ApiName,
AllowedGrantTypes = GrantTypes.ClientCredentials,
ClientSecrets = new List<Secret> {new Secret(identityServerConfiguration.ApiSecret.Sha256())},
AllowedScopes = { identityServerConfiguration.ApiName }
}
};
}
private static bool UsingEurekaServiceDiscoveryProvider(IConfiguration configurationRoot)
{
var type = configurationRoot.GetValue<string>("GlobalConfiguration:ServiceDiscoveryProvider:Type",
string.Empty);
return type.ToLower() == "eureka";
}
}
}

21
src/Ocelot/Middleware/OcelotMiddlewareExtensions.cs
View File

@ -37,8 +37,6 @@
{
var configuration = await CreateConfiguration(builder);
CreateAdministrationArea(builder, configuration);
ConfigureDiagnosticListener(builder);
return CreateOcelotPipeline(builder, pipelineConfiguration);
@ -153,25 +151,6 @@
throw new Exception($"Unable to start Ocelot, errors are: {string.Join(",", config.Errors.Select(x => x.ToString()))}");
}
private static void CreateAdministrationArea(IApplicationBuilder builder, IInternalConfiguration configuration)
{
if (!string.IsNullOrEmpty(configuration.AdministrationPath))
{
builder.Map(configuration.AdministrationPath, app =>
{
//todo - hack so we know that we are using internal identity server
var identityServerConfiguration = builder.ApplicationServices.GetService<IIdentityServerConfiguration>();
if (identityServerConfiguration != null)
{
app.UseIdentityServer();
}
app.UseAuthentication();
app.UseMvc();
});
}
}
private static void ConfigureDiagnosticListener(IApplicationBuilder builder)
{
var env = builder.ApplicationServices.GetService<IHostingEnvironment>();

2
src/Ocelot/Ocelot.csproj
View File

@ -27,7 +27,6 @@
</PropertyGroup>
<ItemGroup>
<PackageReference Include="FluentValidation" Version="7.6.104" />
<PackageReference Include="IdentityServer4.AccessTokenValidation" Version="2.6.0" />
<PackageReference Include="Microsoft.AspNetCore" Version="2.1.1" />
<PackageReference Include="Microsoft.AspNetCore.Mvc" Version="2.1.1" />
<PackageReference Include="Microsoft.AspNetCore.MiddlewareAnalysis" Version="2.1.1" />
@ -47,6 +46,5 @@
</PackageReference>
<PackageReference Include="System.Text.RegularExpressions" Version="4.3.0" />
<PackageReference Include="Polly" Version="6.0.1" />
<PackageReference Include="IdentityServer4" Version="2.2.0" />
</ItemGroup>
</Project>