diff --git a/.gitignore b/.gitignore index a2902800..f5dfbc4d 100644 --- a/.gitignore +++ b/.gitignore @@ -183,6 +183,7 @@ ClientBin/ *.dbmdl *.dbproj.schemaview *.pfx +!idsrv3test.pfx *.publishsettings node_modules/ orleans.codegen.cs diff --git a/src/Ocelot/Authentication/Handler/Creator/AuthenticationHandlerCreator.cs b/src/Ocelot/Authentication/Handler/Creator/AuthenticationHandlerCreator.cs index ea2515f9..910b99e4 100644 --- a/src/Ocelot/Authentication/Handler/Creator/AuthenticationHandlerCreator.cs +++ b/src/Ocelot/Authentication/Handler/Creator/AuthenticationHandlerCreator.cs @@ -1,3 +1,4 @@ +using System; using IdentityServer4.AccessTokenValidation; using Microsoft.AspNetCore.Builder; using Microsoft.AspNetCore.Http; diff --git a/src/Ocelot/Authentication/Middleware/AuthenticationMiddleware.cs b/src/Ocelot/Authentication/Middleware/AuthenticationMiddleware.cs index f29161ce..cfd21b64 100644 --- a/src/Ocelot/Authentication/Middleware/AuthenticationMiddleware.cs +++ b/src/Ocelot/Authentication/Middleware/AuthenticationMiddleware.cs @@ -34,8 +34,6 @@ namespace Ocelot.Authentication.Middleware public async Task Invoke(HttpContext context) { - _logger.TraceMiddlewareEntry(); - if (IsAuthenticatedRoute(DownstreamRoute.ReRoute)) { _logger.LogDebug($"{context.Request.Path} is an authenticated route. {MiddlwareName} checking if client is authenticated"); @@ -46,7 +44,6 @@ namespace Ocelot.Authentication.Middleware { _logger.LogError($"Error getting authentication handler for {context.Request.Path}. {authenticationHandler.Errors.ToErrorString()}"); SetPipelineError(authenticationHandler.Errors); - _logger.TraceMiddlewareCompleted(); return; } @@ -56,11 +53,7 @@ namespace Ocelot.Authentication.Middleware if (context.User.Identity.IsAuthenticated) { _logger.LogDebug($"Client has been authenticated for {context.Request.Path}"); - - _logger.TraceInvokeNext(); - await _next.Invoke(context); - _logger.TraceInvokeNextCompleted(); - _logger.TraceMiddlewareCompleted(); + await _next.Invoke(context); } else { @@ -72,8 +65,6 @@ namespace Ocelot.Authentication.Middleware _logger.LogError($"Client has NOT been authenticated for {context.Request.Path} and pipeline error set. {error.ToErrorString()}"); SetPipelineError(error); - - _logger.TraceMiddlewareCompleted(); return; } } @@ -81,10 +72,7 @@ namespace Ocelot.Authentication.Middleware { _logger.LogTrace($"No authentication needed for {context.Request.Path}"); - _logger.TraceInvokeNext(); - await _next.Invoke(context); - _logger.TraceInvokeNextCompleted(); - _logger.TraceMiddlewareCompleted(); + await _next.Invoke(context); } } diff --git a/src/Ocelot/Authorisation/Middleware/AuthorisationMiddleware.cs b/src/Ocelot/Authorisation/Middleware/AuthorisationMiddleware.cs index bfcd5f8d..4a707fdc 100644 --- a/src/Ocelot/Authorisation/Middleware/AuthorisationMiddleware.cs +++ b/src/Ocelot/Authorisation/Middleware/AuthorisationMiddleware.cs @@ -33,8 +33,6 @@ namespace Ocelot.Authorisation.Middleware public async Task Invoke(HttpContext context) { - _logger.LogDebug("started authorisation"); - if (IsAuthenticatedRoute(DownstreamRoute.ReRoute)) { _logger.LogDebug("route is authenticated scopes must be checked"); @@ -73,7 +71,7 @@ namespace Ocelot.Authorisation.Middleware if (authorised.IsError) { - _logger.LogDebug("error authorising user"); + _logger.LogDebug($"Error whilst authorising {context.User.Identity.Name} for {context.User.Identity.Name}. Setting pipeline error"); SetPipelineError(authorised.Errors); return; @@ -81,30 +79,23 @@ namespace Ocelot.Authorisation.Middleware if (IsAuthorised(authorised)) { - _logger.LogDebug("user is authorised calling next middleware"); - + _logger.LogDebug($"{context.User.Identity.Name} has succesfully been authorised for {DownstreamRoute.ReRoute.UpstreamPathTemplate.Value}. Calling next middleware"); await _next.Invoke(context); - - _logger.LogDebug("succesfully called next middleware"); } else { - _logger.LogDebug("user is not authorised setting pipeline error"); + _logger.LogDebug($"{context.User.Identity.Name} is not authorised to access {DownstreamRoute.ReRoute.UpstreamPathTemplate.Value}. Setting pipeline error"); SetPipelineError(new List { - new UnauthorisedError( - $"{context.User.Identity.Name} unable to access {DownstreamRoute.ReRoute.UpstreamPathTemplate.Value}") + new UnauthorisedError($"{context.User.Identity.Name} is not authorised to access {DownstreamRoute.ReRoute.UpstreamPathTemplate.Value}") }); } } else { - _logger.LogDebug("AuthorisationMiddleware.Invoke route is not authorised calling next middleware"); - + _logger.LogDebug($"{DownstreamRoute.ReRoute.DownstreamPathTemplate.Value} route does not require user to be authorised"); await _next.Invoke(context); - - _logger.LogDebug("succesfully called next middleware"); } } diff --git a/src/Ocelot/Cache/Middleware/OutputCacheMiddleware.cs b/src/Ocelot/Cache/Middleware/OutputCacheMiddleware.cs index 85a73e70..c2cb019e 100644 --- a/src/Ocelot/Cache/Middleware/OutputCacheMiddleware.cs +++ b/src/Ocelot/Cache/Middleware/OutputCacheMiddleware.cs @@ -54,8 +54,6 @@ namespace Ocelot.Cache.Middleware await _next.Invoke(context); - _logger.LogDebug("succesfully called next middleware"); - if (PipelineError) { _logger.LogDebug("there was a pipeline error for {downstreamUrlKey}", downstreamUrlKey); diff --git a/src/Ocelot/Claims/Middleware/ClaimsBuilderMiddleware.cs b/src/Ocelot/Claims/Middleware/ClaimsBuilderMiddleware.cs index 1b1745e2..9a2e4239 100644 --- a/src/Ocelot/Claims/Middleware/ClaimsBuilderMiddleware.cs +++ b/src/Ocelot/Claims/Middleware/ClaimsBuilderMiddleware.cs @@ -26,8 +26,6 @@ namespace Ocelot.Claims.Middleware public async Task Invoke(HttpContext context) { - _logger.LogDebug("started claims middleware"); - if (DownstreamRoute.ReRoute.ClaimsToClaims.Any()) { _logger.LogDebug("this route has instructions to convert claims to other claims"); @@ -42,12 +40,7 @@ namespace Ocelot.Claims.Middleware return; } } - - _logger.LogDebug("calling next middleware"); - await _next.Invoke(context); - - _logger.LogDebug("succesfully called next middleware"); } } } diff --git a/src/Ocelot/Configuration/Creator/IdentityServerConfigurationCreator.cs b/src/Ocelot/Configuration/Creator/IdentityServerConfigurationCreator.cs index 48819608..6ed3b6c0 100644 --- a/src/Ocelot/Configuration/Creator/IdentityServerConfigurationCreator.cs +++ b/src/Ocelot/Configuration/Creator/IdentityServerConfigurationCreator.cs @@ -13,6 +13,8 @@ namespace Ocelot.Configuration.Creator var username = Environment.GetEnvironmentVariable("OCELOT_USERNAME"); var hash = Environment.GetEnvironmentVariable("OCELOT_HASH"); var salt = Environment.GetEnvironmentVariable("OCELOT_SALT"); + var credentialsSigningCertificateLocation = Environment.GetEnvironmentVariable("OCELOT_CERTIFICATE"); + var credentialsSigningCertificatePassword = Environment.GetEnvironmentVariable("OCELOT_CERTIFICATE_PASSWORD"); return new IdentityServerConfiguration( "admin", @@ -28,7 +30,9 @@ namespace Ocelot.Configuration.Creator new List { new User("admin", username, hash, salt) - } + }, + credentialsSigningCertificateLocation, + credentialsSigningCertificatePassword ); } } diff --git a/src/Ocelot/Configuration/Provider/IIdentityServerConfiguration.cs b/src/Ocelot/Configuration/Provider/IIdentityServerConfiguration.cs index bb66265f..0a388abb 100644 --- a/src/Ocelot/Configuration/Provider/IIdentityServerConfiguration.cs +++ b/src/Ocelot/Configuration/Provider/IIdentityServerConfiguration.cs @@ -17,5 +17,7 @@ namespace Ocelot.Configuration.Provider AccessTokenType AccessTokenType {get;} bool RequireClientSecret {get;} List Users {get;} + string CredentialsSigningCertificateLocation { get; } + string CredentialsSigningCertificatePassword { get; } } } \ No newline at end of file diff --git a/src/Ocelot/Configuration/Provider/IdentityServerConfiguration.cs b/src/Ocelot/Configuration/Provider/IdentityServerConfiguration.cs index f0f6897d..881d6f5a 100644 --- a/src/Ocelot/Configuration/Provider/IdentityServerConfiguration.cs +++ b/src/Ocelot/Configuration/Provider/IdentityServerConfiguration.cs @@ -17,7 +17,7 @@ namespace Ocelot.Configuration.Provider IEnumerable grantType, AccessTokenType accessTokenType, bool requireClientSecret, - List users) + List users, string credentialsSigningCertificateLocation, string credentialsSigningCertificatePassword) { ApiName = apiName; RequireHttps = requireHttps; @@ -30,6 +30,8 @@ namespace Ocelot.Configuration.Provider AccessTokenType = accessTokenType; RequireClientSecret = requireClientSecret; Users = users; + CredentialsSigningCertificateLocation = credentialsSigningCertificateLocation; + CredentialsSigningCertificatePassword = credentialsSigningCertificatePassword; } public string ApiName { get; private set; } @@ -43,5 +45,7 @@ namespace Ocelot.Configuration.Provider public AccessTokenType AccessTokenType {get;private set;} public bool RequireClientSecret {get;private set;} public List Users {get;private set;} + public string CredentialsSigningCertificateLocation { get; private set; } + public string CredentialsSigningCertificatePassword { get; private set; } } } \ No newline at end of file diff --git a/src/Ocelot/DependencyInjection/ServiceCollectionExtensions.cs b/src/Ocelot/DependencyInjection/ServiceCollectionExtensions.cs index d52341fe..14410379 100644 --- a/src/Ocelot/DependencyInjection/ServiceCollectionExtensions.cs +++ b/src/Ocelot/DependencyInjection/ServiceCollectionExtensions.cs @@ -41,6 +41,8 @@ using System.Collections.Generic; using System.Linq; using System.Net.Http; using System.Reflection; +using System.Security.Cryptography.X509Certificates; +using Microsoft.IdentityModel.Tokens; using Ocelot.Configuration; using FileConfigurationProvider = Ocelot.Configuration.Provider.FileConfigurationProvider; @@ -87,8 +89,10 @@ namespace Ocelot.DependencyInjection { services.TryAddSingleton(identityServerConfiguration); services.TryAddSingleton(); - services.AddIdentityServer() - .AddTemporarySigningCredential() + var identityServerBuilder = services + .AddIdentityServer(options => { + options.IssuerUri = "Ocelot"; + }) .AddInMemoryApiResources(new List { new ApiResource @@ -120,6 +124,16 @@ namespace Ocelot.DependencyInjection RequireClientSecret = identityServerConfiguration.RequireClientSecret } }).AddResourceOwnerValidator(); + + if (string.IsNullOrEmpty(identityServerConfiguration.CredentialsSigningCertificateLocation) || string.IsNullOrEmpty(identityServerConfiguration.CredentialsSigningCertificatePassword)) + { + identityServerBuilder.AddTemporarySigningCredential(); + } + else + { + var cert = new X509Certificate2(identityServerConfiguration.CredentialsSigningCertificateLocation, identityServerConfiguration.CredentialsSigningCertificatePassword); + identityServerBuilder.AddSigningCredential(cert); + } } var assembly = typeof(FileConfigurationController).GetTypeInfo().Assembly; @@ -169,6 +183,11 @@ namespace Ocelot.DependencyInjection services.TryAddSingleton(); services.TryAddScoped(); services.AddMemoryCache(); + + //Used to log the the start and ending of middleware + services.TryAddSingleton(); + services.AddMiddlewareAnalysis(); + return services; } } diff --git a/src/Ocelot/DownstreamRouteFinder/Middleware/DownstreamRouteFinderMiddleware.cs b/src/Ocelot/DownstreamRouteFinder/Middleware/DownstreamRouteFinderMiddleware.cs index c107a2f5..8fdd2a54 100644 --- a/src/Ocelot/DownstreamRouteFinder/Middleware/DownstreamRouteFinderMiddleware.cs +++ b/src/Ocelot/DownstreamRouteFinder/Middleware/DownstreamRouteFinderMiddleware.cs @@ -30,8 +30,6 @@ namespace Ocelot.DownstreamRouteFinder.Middleware public async Task Invoke(HttpContext context) { - _logger.TraceMiddlewareEntry(); - var upstreamUrlPath = context.Request.Path.ToString().SetLastCharacterAs('/'); _logger.LogDebug("upstream url path is {upstreamUrlPath}", upstreamUrlPath); @@ -43,8 +41,6 @@ namespace Ocelot.DownstreamRouteFinder.Middleware _logger.LogError($"{MiddlwareName} setting pipeline errors. IDownstreamRouteFinder returned {downstreamRoute.Errors.ToErrorString()}"); SetPipelineError(downstreamRoute.Errors); - - _logger.TraceMiddlewareCompleted(); return; } @@ -52,12 +48,7 @@ namespace Ocelot.DownstreamRouteFinder.Middleware SetDownstreamRouteForThisRequest(downstreamRoute.Data); - _logger.TraceInvokeNext(); - await _next.Invoke(context); - - _logger.TraceInvokeNextCompleted(); - _logger.TraceMiddlewareCompleted(); } } } \ No newline at end of file diff --git a/src/Ocelot/DownstreamUrlCreator/Middleware/DownstreamUrlCreatorMiddleware.cs b/src/Ocelot/DownstreamUrlCreator/Middleware/DownstreamUrlCreatorMiddleware.cs index c91e06da..bf08ba27 100644 --- a/src/Ocelot/DownstreamUrlCreator/Middleware/DownstreamUrlCreatorMiddleware.cs +++ b/src/Ocelot/DownstreamUrlCreator/Middleware/DownstreamUrlCreatorMiddleware.cs @@ -30,8 +30,6 @@ namespace Ocelot.DownstreamUrlCreator.Middleware public async Task Invoke(HttpContext context) { - _logger.LogDebug("started calling downstream url creator middleware"); - var dsPath = _replacer .Replace(DownstreamRoute.ReRoute.DownstreamPathTemplate, DownstreamRoute.TemplatePlaceholderNameAndValues); @@ -53,11 +51,7 @@ namespace Ocelot.DownstreamUrlCreator.Middleware _logger.LogDebug("downstream url is {downstreamUrl.Data.Value}", DownstreamRequest.RequestUri); - _logger.LogDebug("calling next middleware"); - await _next.Invoke(context); - - _logger.LogDebug("succesfully called next middleware"); } } } \ No newline at end of file diff --git a/src/Ocelot/Headers/Middleware/HttpRequestHeadersBuilderMiddleware.cs b/src/Ocelot/Headers/Middleware/HttpRequestHeadersBuilderMiddleware.cs index cb0fdc98..d53cd76d 100644 --- a/src/Ocelot/Headers/Middleware/HttpRequestHeadersBuilderMiddleware.cs +++ b/src/Ocelot/Headers/Middleware/HttpRequestHeadersBuilderMiddleware.cs @@ -26,17 +26,15 @@ namespace Ocelot.Headers.Middleware public async Task Invoke(HttpContext context) { - _logger.LogDebug("started calling headers builder middleware"); - if (DownstreamRoute.ReRoute.ClaimsToHeaders.Any()) { - _logger.LogDebug("this route has instructions to convert claims to headers"); + _logger.LogDebug($"{ DownstreamRoute.ReRoute.DownstreamPathTemplate.Value} has instructions to convert claims to headers"); var response = _addHeadersToRequest.SetHeadersOnDownstreamRequest(DownstreamRoute.ReRoute.ClaimsToHeaders, context.User.Claims, DownstreamRequest); if (response.IsError) { - _logger.LogDebug("there was an error setting headers on context, setting pipeline error"); + _logger.LogDebug("Error setting headers on context, setting pipeline error"); SetPipelineError(response.Errors); return; @@ -45,11 +43,7 @@ namespace Ocelot.Headers.Middleware _logger.LogDebug("headers have been set on context"); } - _logger.LogDebug("calling next middleware"); - await _next.Invoke(context); - - _logger.LogDebug("succesfully called next middleware"); } } } diff --git a/src/Ocelot/LoadBalancer/Middleware/LoadBalancingMiddleware.cs b/src/Ocelot/LoadBalancer/Middleware/LoadBalancingMiddleware.cs index be5a34d1..909ef755 100644 --- a/src/Ocelot/LoadBalancer/Middleware/LoadBalancingMiddleware.cs +++ b/src/Ocelot/LoadBalancer/Middleware/LoadBalancingMiddleware.cs @@ -28,18 +28,18 @@ namespace Ocelot.LoadBalancer.Middleware public async Task Invoke(HttpContext context) { - _logger.LogDebug("started calling load balancing middleware"); - var loadBalancer = _loadBalancerHouse.Get(DownstreamRoute.ReRoute.ReRouteKey); if(loadBalancer.IsError) { + _logger.LogDebug("there was an error retriving the loadbalancer, setting pipeline error"); SetPipelineError(loadBalancer.Errors); return; } var hostAndPort = await loadBalancer.Data.Lease(); if(hostAndPort.IsError) - { + { + _logger.LogDebug("there was an error leasing the loadbalancer, setting pipeline error"); SetPipelineError(hostAndPort.Errors); return; } @@ -52,23 +52,19 @@ namespace Ocelot.LoadBalancer.Middleware } DownstreamRequest.RequestUri = uriBuilder.Uri; - _logger.LogDebug("calling next middleware"); - try { await _next.Invoke(context); - - loadBalancer.Data.Release(hostAndPort.Data); } catch (Exception) { - loadBalancer.Data.Release(hostAndPort.Data); - - _logger.LogDebug("error calling next middleware, exception will be thrown to global handler"); + _logger.LogDebug("Exception calling next middleware, exception will be thrown to global handler"); throw; } - - _logger.LogDebug("succesfully called next middleware"); + finally + { + loadBalancer.Data.Release(hostAndPort.Data); + } } } } diff --git a/src/Ocelot/Logging/AspDotNetLogger.cs b/src/Ocelot/Logging/AspDotNetLogger.cs index 9ebaf7fd..82115382 100644 --- a/src/Ocelot/Logging/AspDotNetLogger.cs +++ b/src/Ocelot/Logging/AspDotNetLogger.cs @@ -4,39 +4,39 @@ using Ocelot.Infrastructure.RequestData; namespace Ocelot.Logging { - public class AspDotNetLogger : IOcelotLogger - { - private readonly ILogger _logger; - private readonly IRequestScopedDataRepository _scopedDataRepository; - - public string Name { get; } - + public class AspDotNetLogger : IOcelotLogger + { + private readonly ILogger _logger; + private readonly IRequestScopedDataRepository _scopedDataRepository; + + public string Name { get; } + public AspDotNetLogger(ILogger logger, IRequestScopedDataRepository scopedDataRepository, string typeName) { - Name = typeName; - _logger = logger; - _scopedDataRepository = scopedDataRepository; - } - - public void LogTrace(string message, params object[] args) - { - _logger.LogTrace(GetMessageWithOcelotRequestId(message), args); - } - - public void LogDebug(string message, params object[] args) - { - _logger.LogDebug(GetMessageWithOcelotRequestId(message), args); - } - public void LogError(string message, Exception exception) - { - _logger.LogError(GetMessageWithOcelotRequestId(message), exception); - } - - public void LogError(string message, params object[] args) - { - _logger.LogError(GetMessageWithOcelotRequestId(message), args); - } - + Name = typeName; + _logger = logger; + _scopedDataRepository = scopedDataRepository; + } + + public void LogTrace(string message, params object[] args) + { + _logger.LogTrace(GetMessageWithOcelotRequestId(message), args); + } + + public void LogDebug(string message, params object[] args) + { + _logger.LogDebug(GetMessageWithOcelotRequestId(message), args); + } + public void LogError(string message, Exception exception) + { + _logger.LogError(GetMessageWithOcelotRequestId(message), exception); + } + + public void LogError(string message, params object[] args) + { + _logger.LogError(GetMessageWithOcelotRequestId(message), args); + } + private string GetMessageWithOcelotRequestId(string message) { var requestId = _scopedDataRepository.Get("RequestId"); diff --git a/src/Ocelot/Logging/OcelotDiagnosticListener.cs b/src/Ocelot/Logging/OcelotDiagnosticListener.cs new file mode 100644 index 00000000..53d6e14c --- /dev/null +++ b/src/Ocelot/Logging/OcelotDiagnosticListener.cs @@ -0,0 +1,34 @@ +using System; +using Microsoft.AspNetCore.Http; +using Microsoft.Extensions.DiagnosticAdapter; + +namespace Ocelot.Logging +{ + public class OcelotDiagnosticListener + { + private IOcelotLogger _logger; + + public OcelotDiagnosticListener(IOcelotLoggerFactory factory) + { + _logger = factory.CreateLogger(); + } + + [DiagnosticName("Microsoft.AspNetCore.MiddlewareAnalysis.MiddlewareStarting")] + public virtual void OnMiddlewareStarting(HttpContext httpContext, string name) + { + _logger.LogTrace($"MiddlewareStarting: {name}; {httpContext.Request.Path}"); + } + + [DiagnosticName("Microsoft.AspNetCore.MiddlewareAnalysis.MiddlewareException")] + public virtual void OnMiddlewareException(Exception exception, string name) + { + _logger.LogTrace($"MiddlewareException: {name}; {exception.Message}"); + } + + [DiagnosticName("Microsoft.AspNetCore.MiddlewareAnalysis.MiddlewareFinished")] + public virtual void OnMiddlewareFinished(HttpContext httpContext, string name) + { + _logger.LogTrace($"MiddlewareFinished: {name}; {httpContext.Response.StatusCode}"); + } + } +} diff --git a/src/Ocelot/Logging/OcelotLoggerExtensions.cs b/src/Ocelot/Logging/OcelotLoggerExtensions.cs deleted file mode 100644 index 05bd4565..00000000 --- a/src/Ocelot/Logging/OcelotLoggerExtensions.cs +++ /dev/null @@ -1,29 +0,0 @@ -using System; -using System.Collections.Generic; -using System.Text; - -namespace Ocelot.Logging -{ - public static class OcelotLoggerExtensions - { - public static void TraceMiddlewareEntry(this IOcelotLogger logger) - { - logger.LogTrace($"entered {logger.Name}"); - } - - public static void TraceInvokeNext(this IOcelotLogger logger) - { - logger.LogTrace($"invoking next middleware from {logger.Name}"); - } - - public static void TraceInvokeNextCompleted(this IOcelotLogger logger) - { - logger.LogTrace($"returned to {logger.Name} after next middleware completed"); - } - - public static void TraceMiddlewareCompleted(this IOcelotLogger logger) - { - logger.LogTrace($"completed {logger.Name}"); - } - } -} diff --git a/src/Ocelot/Middleware/OcelotMiddlewareExtensions.cs b/src/Ocelot/Middleware/OcelotMiddlewareExtensions.cs index 3f98f959..c9b5f536 100644 --- a/src/Ocelot/Middleware/OcelotMiddlewareExtensions.cs +++ b/src/Ocelot/Middleware/OcelotMiddlewareExtensions.cs @@ -1,4 +1,5 @@ using System.Collections.Generic; +using System.Diagnostics; using IdentityServer4.AccessTokenValidation; using Microsoft.AspNetCore.Builder; using Ocelot.Authentication.Middleware; @@ -8,6 +9,7 @@ using Ocelot.DownstreamRouteFinder.Middleware; using Ocelot.DownstreamUrlCreator.Middleware; using Ocelot.Errors.Middleware; using Ocelot.Headers.Middleware; +using Ocelot.Logging; using Ocelot.QueryStrings.Middleware; using Ocelot.Request.Middleware; using Ocelot.Requester.Middleware; @@ -53,6 +55,8 @@ namespace Ocelot.Middleware { await CreateAdministrationArea(builder); + ConfigureDiagnosticListener(builder); + // This is registered to catch any global exceptions that are not handled builder.UseExceptionHandlerMiddleware(); @@ -181,7 +185,6 @@ namespace Ocelot.Middleware builder.Map(configuration.AdministrationPath, app => { var identityServerUrl = $"{baseSchemeUrlAndPort}/{configuration.AdministrationPath.Remove(0,1)}"; - app.UseIdentityServerAuthentication(new IdentityServerAuthenticationOptions { Authority = identityServerUrl, @@ -206,5 +209,22 @@ namespace Ocelot.Middleware builder.Use(middleware); } } + + /// + /// Configure a DiagnosticListener to listen for diagnostic events when the middleware starts and ends + /// + /// + private static void ConfigureDiagnosticListener(IApplicationBuilder builder) + { + var env = (IHostingEnvironment)builder.ApplicationServices.GetService(typeof(IHostingEnvironment)); + + //https://github.com/TomPallister/Ocelot/pull/87 not sure why only for dev envs and marc disapeered so just merging and maybe change one day? + if (!env.IsProduction()) + { + var listener = (OcelotDiagnosticListener)builder.ApplicationServices.GetService(typeof(OcelotDiagnosticListener)); + var diagnosticListener = (DiagnosticListener)builder.ApplicationServices.GetService(typeof(DiagnosticListener)); + diagnosticListener.SubscribeWithAdapter(listener); + } + } } } diff --git a/src/Ocelot/Ocelot.csproj b/src/Ocelot/Ocelot.csproj index 32cca96e..c7626bc7 100644 --- a/src/Ocelot/Ocelot.csproj +++ b/src/Ocelot/Ocelot.csproj @@ -26,10 +26,12 @@ + + diff --git a/src/Ocelot/QueryStrings/Middleware/QueryStringBuilderMiddleware.cs b/src/Ocelot/QueryStrings/Middleware/QueryStringBuilderMiddleware.cs index f3001e87..b359eadb 100644 --- a/src/Ocelot/QueryStrings/Middleware/QueryStringBuilderMiddleware.cs +++ b/src/Ocelot/QueryStrings/Middleware/QueryStringBuilderMiddleware.cs @@ -26,11 +26,9 @@ namespace Ocelot.QueryStrings.Middleware public async Task Invoke(HttpContext context) { - _logger.LogDebug("started calling query string builder middleware"); - if (DownstreamRoute.ReRoute.ClaimsToQueries.Any()) { - _logger.LogDebug("this route has instructions to convert claims to queries"); + _logger.LogDebug($"{DownstreamRoute.ReRoute.DownstreamPathTemplate.Value} has instructions to convert claims to queries"); var response = _addQueriesToRequest.SetQueriesOnDownstreamRequest(DownstreamRoute.ReRoute.ClaimsToQueries, context.User.Claims, DownstreamRequest); @@ -43,11 +41,7 @@ namespace Ocelot.QueryStrings.Middleware } } - _logger.LogDebug("calling next middleware"); - await _next.Invoke(context); - - _logger.LogDebug("succesfully called next middleware"); } } } diff --git a/src/Ocelot/RateLimit/Middleware/ClientRateLimitMiddleware.cs b/src/Ocelot/RateLimit/Middleware/ClientRateLimitMiddleware.cs index a9a5564e..e8dbaeef 100644 --- a/src/Ocelot/RateLimit/Middleware/ClientRateLimitMiddleware.cs +++ b/src/Ocelot/RateLimit/Middleware/ClientRateLimitMiddleware.cs @@ -31,18 +31,12 @@ namespace Ocelot.RateLimit.Middleware public async Task Invoke(HttpContext context) { - _logger.TraceMiddlewareEntry(); - var options = DownstreamRoute.ReRoute.RateLimitOptions; // check if rate limiting is enabled if (!DownstreamRoute.ReRoute.EnableEndpointEndpointRateLimiting) { _logger.LogDebug($"EndpointRateLimiting is not enabled for {DownstreamRoute.ReRoute.DownstreamPathTemplate}"); - - _logger.TraceInvokeNext(); await _next.Invoke(context); - _logger.TraceInvokeNextCompleted(); - _logger.TraceMiddlewareCompleted(); return; } // compute identity from request @@ -52,11 +46,7 @@ namespace Ocelot.RateLimit.Middleware if (IsWhitelisted(identity, options)) { _logger.LogDebug($"{DownstreamRoute.ReRoute.DownstreamPathTemplate} is white listed from rate limiting"); - - _logger.TraceInvokeNext(); await _next.Invoke(context); - _logger.TraceInvokeNextCompleted(); - _logger.TraceMiddlewareCompleted(); return; } @@ -78,7 +68,6 @@ namespace Ocelot.RateLimit.Middleware var retrystring = retryAfter.ToString(System.Globalization.CultureInfo.InvariantCulture); // break execution await ReturnQuotaExceededResponse(context, options, retrystring); - _logger.TraceMiddlewareCompleted(); return; } @@ -91,10 +80,7 @@ namespace Ocelot.RateLimit.Middleware context.Response.OnStarting(SetRateLimitHeaders, state: headers); } - _logger.TraceInvokeNext(); await _next.Invoke(context); - _logger.TraceInvokeNextCompleted(); - _logger.TraceMiddlewareCompleted(); } public virtual ClientRequestIdentity SetIdentity(HttpContext httpContext, RateLimitOptions option) diff --git a/src/Ocelot/RequestId/Middleware/RequestIdMiddleware.cs b/src/Ocelot/RequestId/Middleware/RequestIdMiddleware.cs index 08222d9d..403e550d 100644 --- a/src/Ocelot/RequestId/Middleware/RequestIdMiddleware.cs +++ b/src/Ocelot/RequestId/Middleware/RequestIdMiddleware.cs @@ -20,7 +20,7 @@ namespace Ocelot.RequestId.Middleware public RequestIdMiddleware(RequestDelegate next, IOcelotLoggerFactory loggerFactory, IRequestScopedDataRepository requestScopedDataRepository) - :base(requestScopedDataRepository) + : base(requestScopedDataRepository) { _next = next; _logger = loggerFactory.CreateLogger(); @@ -28,15 +28,9 @@ namespace Ocelot.RequestId.Middleware } public async Task Invoke(HttpContext context) - { - _logger.TraceMiddlewareEntry(); - + { SetOcelotRequestId(context); - - _logger.TraceInvokeNext(); - await _next.Invoke(context); - _logger.TraceInvokeNextCompleted(); - _logger.TraceMiddlewareCompleted(); + await _next.Invoke(context); } private void SetOcelotRequestId(HttpContext context) diff --git a/src/Ocelot/Responder/Middleware/ResponderMiddleware.cs b/src/Ocelot/Responder/Middleware/ResponderMiddleware.cs index 7e843486..2b6f52f1 100644 --- a/src/Ocelot/Responder/Middleware/ResponderMiddleware.cs +++ b/src/Ocelot/Responder/Middleware/ResponderMiddleware.cs @@ -34,10 +34,7 @@ namespace Ocelot.Responder.Middleware public async Task Invoke(HttpContext context) { - _logger.TraceMiddlewareEntry(); - _logger.TraceInvokeNext(); - await _next.Invoke(context); - _logger.TraceInvokeNextCompleted(); + await _next.Invoke(context); if (PipelineError) { @@ -51,7 +48,6 @@ namespace Ocelot.Responder.Middleware _logger.LogDebug("no pipeline errors, setting and returning completed response"); await _responder.SetResponseOnHttpContext(context, HttpResponseMessage); } - _logger.TraceMiddlewareCompleted(); } private void SetErrorResponse(HttpContext context, List errors) diff --git a/test/Ocelot.AcceptanceTests/Ocelot.AcceptanceTests.csproj b/test/Ocelot.AcceptanceTests/Ocelot.AcceptanceTests.csproj index 0faafe84..08bbf527 100644 --- a/test/Ocelot.AcceptanceTests/Ocelot.AcceptanceTests.csproj +++ b/test/Ocelot.AcceptanceTests/Ocelot.AcceptanceTests.csproj @@ -15,7 +15,7 @@ - + PreserveNewest diff --git a/test/Ocelot.AcceptanceTests/appsettings.json b/test/Ocelot.AcceptanceTests/appsettings.json new file mode 100644 index 00000000..df0788de --- /dev/null +++ b/test/Ocelot.AcceptanceTests/appsettings.json @@ -0,0 +1,10 @@ +{ + "Logging": { + "IncludeScopes": true, + "LogLevel": { + "Default": "Error", + "System": "Error", + "Microsoft": "Error" + } + } +} diff --git a/test/Ocelot.IntegrationTests/AdministrationTests.cs b/test/Ocelot.IntegrationTests/AdministrationTests.cs index 2fa2c05c..b03d587e 100644 --- a/test/Ocelot.IntegrationTests/AdministrationTests.cs +++ b/test/Ocelot.IntegrationTests/AdministrationTests.cs @@ -19,15 +19,19 @@ namespace Ocelot.IntegrationTests public class AdministrationTests : IDisposable { private readonly HttpClient _httpClient; + private readonly HttpClient _httpClientTwo; private HttpResponseMessage _response; private IWebHost _builder; private IWebHostBuilder _webHostBuilder; private readonly string _ocelotBaseUrl; private BearerToken _token; + private IWebHostBuilder _webHostBuilderTwo; + private IWebHost _builderTwo; public AdministrationTests() { _httpClient = new HttpClient(); + _httpClientTwo = new HttpClient(); _ocelotBaseUrl = "http://localhost:5000"; _httpClient.BaseAddress = new Uri(_ocelotBaseUrl); } @@ -70,6 +74,27 @@ namespace Ocelot.IntegrationTests .BDDfy(); } + [Fact] + public void should_be_able_to_use_token_from_ocelot_a_on_ocelot_b() + { + var configuration = new FileConfiguration + { + GlobalConfiguration = new FileGlobalConfiguration + { + AdministrationPath = "/administration" + } + }; + + this.Given(x => GivenThereIsAConfiguration(configuration)) + .And(x => GivenIdentityServerSigningEnvironmentalVariablesAreSet()) + .And(x => GivenOcelotIsRunning()) + .And(x => GivenIHaveAnOcelotToken("/administration")) + .And(x => GivenAnotherOcelotIsRunning("http://localhost:5007")) + .When(x => WhenIGetUrlOnTheSecondOcelot("/administration/configuration")) + .Then(x => ThenTheStatusCodeShouldBe(HttpStatusCode.OK)) + .BDDfy(); + } + [Fact] public void should_return_file_configuration() { @@ -193,6 +218,36 @@ namespace Ocelot.IntegrationTests .BDDfy(); } + private void GivenAnotherOcelotIsRunning(string baseUrl) + { + _httpClientTwo.BaseAddress = new Uri(baseUrl); + + _webHostBuilderTwo = new WebHostBuilder() + .UseUrls(baseUrl) + .UseKestrel() + .UseContentRoot(Directory.GetCurrentDirectory()) + .ConfigureServices(x => { + x.AddSingleton(_webHostBuilderTwo); + }) + .UseStartup(); + + _builderTwo = _webHostBuilderTwo.Build(); + + _builderTwo.Start(); + } + + private void GivenIdentityServerSigningEnvironmentalVariablesAreSet() + { + Environment.SetEnvironmentVariable("OCELOT_CERTIFICATE", "idsrv3test.pfx"); + Environment.SetEnvironmentVariable("OCELOT_CERTIFICATE_PASSWORD", "idsrv3test"); + } + + private void WhenIGetUrlOnTheSecondOcelot(string url) + { + _httpClientTwo.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", _token.AccessToken); + _response = _httpClientTwo.GetAsync(url).Result; + } + private void WhenIPostOnTheApiGateway(string url, FileConfiguration updatedConfiguration) { var json = JsonConvert.SerializeObject(updatedConfiguration); @@ -305,6 +360,8 @@ namespace Ocelot.IntegrationTests public void Dispose() { + Environment.SetEnvironmentVariable("OCELOT_CERTIFICATE", ""); + Environment.SetEnvironmentVariable("OCELOT_CERTIFICATE_PASSWORD", ""); _builder?.Dispose(); _httpClient?.Dispose(); } diff --git a/test/Ocelot.IntegrationTests/Ocelot.IntegrationTests.csproj b/test/Ocelot.IntegrationTests/Ocelot.IntegrationTests.csproj index db4b23d2..59513b38 100644 --- a/test/Ocelot.IntegrationTests/Ocelot.IntegrationTests.csproj +++ b/test/Ocelot.IntegrationTests/Ocelot.IntegrationTests.csproj @@ -15,7 +15,7 @@ - + PreserveNewest diff --git a/test/Ocelot.IntegrationTests/appsettings.json b/test/Ocelot.IntegrationTests/appsettings.json index 503cc778..df0788de 100644 --- a/test/Ocelot.IntegrationTests/appsettings.json +++ b/test/Ocelot.IntegrationTests/appsettings.json @@ -3,8 +3,8 @@ "IncludeScopes": true, "LogLevel": { "Default": "Error", - "System": "Information", - "Microsoft": "Information" + "System": "Error", + "Microsoft": "Error" } } } diff --git a/test/Ocelot.IntegrationTests/idsrv3test.pfx b/test/Ocelot.IntegrationTests/idsrv3test.pfx new file mode 100644 index 00000000..0247dea0 Binary files /dev/null and b/test/Ocelot.IntegrationTests/idsrv3test.pfx differ diff --git a/test/Ocelot.UnitTests/Configuration/IdentityServerConfigurationCreatorTests.cs b/test/Ocelot.UnitTests/Configuration/IdentityServerConfigurationCreatorTests.cs new file mode 100644 index 00000000..8d100e10 --- /dev/null +++ b/test/Ocelot.UnitTests/Configuration/IdentityServerConfigurationCreatorTests.cs @@ -0,0 +1,16 @@ +using Ocelot.Configuration.Creator; +using Shouldly; +using Xunit; + +namespace Ocelot.UnitTests.Configuration +{ + public class IdentityServerConfigurationCreatorTests + { + [Fact] + public void happy_path_only_exists_for_test_coverage_even_uncle_bob_probably_wouldnt_test_this() + { + var result = IdentityServerConfigurationCreator.GetIdentityServerConfiguration(); + result.ApiName.ShouldBe("admin"); + } + } +} \ No newline at end of file diff --git a/test/Ocelot.UnitTests/Errors/ExceptionHandlerMiddlewareTests.cs b/test/Ocelot.UnitTests/Errors/ExceptionHandlerMiddlewareTests.cs new file mode 100644 index 00000000..41beffdc --- /dev/null +++ b/test/Ocelot.UnitTests/Errors/ExceptionHandlerMiddlewareTests.cs @@ -0,0 +1,125 @@ +using System; +using System.IO; +using System.Net; +using System.Net.Http; +using Microsoft.AspNetCore.Builder; +using Microsoft.AspNetCore.Hosting; +using Microsoft.AspNetCore.TestHost; +using Microsoft.Extensions.DependencyInjection; +using Moq; +using Ocelot.DownstreamRouteFinder; +using Ocelot.DownstreamUrlCreator; +using Ocelot.DownstreamUrlCreator.UrlTemplateReplacer; +using Ocelot.Errors.Middleware; +using Ocelot.Infrastructure.RequestData; +using Ocelot.Logging; +using Ocelot.Responses; +using Ocelot.Values; +using Shouldly; +using TestStack.BDDfy; +using Xunit; + +namespace Ocelot.UnitTests.Errors +{ + public class ExceptionHandlerMiddlewareTests + { + private readonly Mock _scopedRepository; + private readonly string _url; + private TestServer _server; + private HttpClient _client; + private HttpResponseMessage _result; + + public ExceptionHandlerMiddlewareTests() + { + _url = "http://localhost:52879"; + _scopedRepository = new Mock(); + } + + [Fact] + public void should_call_next_middleware() + { + this.Given(_ => GivenASuccessfulRequest()) + .When(_ => WhenIMakeTheRequest()) + .Then(_ => ThenTheResponseIsOk()) + .BDDfy(); + } + + [Fact] + public void should_call_return_error() + { + this.Given(_ => GivenAnError()) + .When(_ => WhenIMakeTheRequest()) + .Then(_ => ThenTheResponseIsError()) + .BDDfy(); + } + + private void ThenTheResponseIsOk() + { + _result.StatusCode.ShouldBe(HttpStatusCode.OK); + } + + private void ThenTheResponseIsError() + { + _result.StatusCode.ShouldBe(HttpStatusCode.InternalServerError); + } + + private void WhenIMakeTheRequest() + { + _result = _client.GetAsync("/").Result; + } + + private void GivenASuccessfulRequest() + { + var builder = new WebHostBuilder() + .ConfigureServices(x => + { + x.AddSingleton(); + x.AddLogging(); + x.AddSingleton(_scopedRepository.Object); + }) + .UseUrls(_url) + .UseKestrel() + .UseContentRoot(Directory.GetCurrentDirectory()) + .UseIISIntegration() + .UseUrls(_url) + .Configure(app => + { + app.UseExceptionHandlerMiddleware(); + app.Run(async context => + { + context.Response.StatusCode = 200; + }); + }); + + _server = new TestServer(builder); + _client = _server.CreateClient(); + } + + private void GivenAnError() + { + var builder = new WebHostBuilder() + .ConfigureServices(x => + { + x.AddSingleton(); + x.AddLogging(); + x.AddSingleton(_scopedRepository.Object); + }) + .UseUrls(_url) + .UseKestrel() + .UseContentRoot(Directory.GetCurrentDirectory()) + .UseIISIntegration() + .UseUrls(_url) + .Configure(app => + { + app.UseExceptionHandlerMiddleware(); + app.Use(async (context, next) => + { + throw new Exception("BOOM"); + }); + }); + + _server = new TestServer(builder); + _client = _server.CreateClient(); + } + } +} \ No newline at end of file