mirror of
https://github.com/nsnail/Ocelot.git
synced 2025-11-04 15:10:50 +08:00
unit and int tests are passing with auth changes...but acceptance tests are in a state and there are loads of todos...
This commit is contained in:
Tom Gardham-Pallister
@@ -1,3 +1,4 @@
|
||||
using System.Collections.Generic;
|
||||
using Ocelot.Configuration.Builder;
|
||||
using Ocelot.Configuration.File;
|
||||
using Ocelot.Creator.Configuration;
|
||||
@@ -13,15 +14,25 @@ namespace Ocelot.Configuration.Creator
|
||||
_creator = creator;
|
||||
}
|
||||
|
||||
public AuthenticationOptions Create(FileReRoute fileReRoute)
|
||||
public AuthenticationOptions Create(FileReRoute reRoute, List<FileAuthenticationOptions> authOptions)
|
||||
{
|
||||
var authenticationConfig = _creator.Create(fileReRoute.AuthenticationOptions);
|
||||
//todo - loop is crap..
|
||||
foreach(var authOption in authOptions)
|
||||
{
|
||||
if(reRoute.AuthenticationProviderKey == authOption.AuthenticationProviderKey)
|
||||
{
|
||||
var authenticationConfig = _creator.Create(authOption);
|
||||
|
||||
return new AuthenticationOptionsBuilder()
|
||||
.WithProvider(fileReRoute.AuthenticationOptions?.Provider)
|
||||
.WithAllowedScopes(fileReRoute.AuthenticationOptions?.AllowedScopes)
|
||||
.WithConfig(authenticationConfig)
|
||||
.Build();
|
||||
return new AuthenticationOptionsBuilder()
|
||||
.WithProvider(authOption.Provider)
|
||||
.WithAllowedScopes(authOption.AllowedScopes)
|
||||
.WithConfig(authenticationConfig)
|
||||
.Build();
|
||||
}
|
||||
}
|
||||
|
||||
//todo - should not return null?
|
||||
return null;
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -110,14 +110,14 @@ namespace Ocelot.Configuration.Creator
|
||||
|
||||
foreach (var reRoute in fileConfiguration.ReRoutes)
|
||||
{
|
||||
var ocelotReRoute = await SetUpReRoute(reRoute, fileConfiguration.GlobalConfiguration);
|
||||
var ocelotReRoute = await SetUpReRoute(reRoute, fileConfiguration.GlobalConfiguration, fileConfiguration.AuthenticationOptions);
|
||||
reRoutes.Add(ocelotReRoute);
|
||||
}
|
||||
|
||||
return new OcelotConfiguration(reRoutes, fileConfiguration.GlobalConfiguration.AdministrationPath);
|
||||
}
|
||||
|
||||
private async Task<ReRoute> SetUpReRoute(FileReRoute fileReRoute, FileGlobalConfiguration globalConfiguration)
|
||||
private async Task<ReRoute> SetUpReRoute(FileReRoute fileReRoute, FileGlobalConfiguration globalConfiguration, List<FileAuthenticationOptions> authOptions)
|
||||
{
|
||||
var fileReRouteOptions = _fileReRouteOptionsCreator.Create(fileReRoute);
|
||||
|
||||
@@ -129,7 +129,7 @@ namespace Ocelot.Configuration.Creator
|
||||
|
||||
var serviceProviderConfiguration = _serviceProviderConfigCreator.Create(fileReRoute, globalConfiguration);
|
||||
|
||||
var authOptionsForRoute = _authOptionsCreator.Create(fileReRoute);
|
||||
var authOptionsForRoute = _authOptionsCreator.Create(fileReRoute, authOptions);
|
||||
|
||||
var claimsToHeaders = _claimsToThingCreator.Create(fileReRoute.AddHeadersToRequest);
|
||||
|
||||
|
||||
@@ -1,9 +1,10 @@
|
||||
using System.Collections.Generic;
|
||||
using Ocelot.Configuration.File;
|
||||
|
||||
namespace Ocelot.Configuration.Creator
|
||||
{
|
||||
public interface IAuthenticationOptionsCreator
|
||||
{
|
||||
AuthenticationOptions Create(FileReRoute fileReRoute);
|
||||
AuthenticationOptions Create(FileReRoute reRoute, List<FileAuthenticationOptions> authOptions);
|
||||
}
|
||||
}
|
||||
@@ -36,7 +36,7 @@ namespace Ocelot.Configuration.Creator
|
||||
|
||||
private bool IsAuthenticated(FileReRoute fileReRoute)
|
||||
{
|
||||
return !string.IsNullOrEmpty(fileReRoute.AuthenticationOptions?.Provider);
|
||||
return !string.IsNullOrEmpty(fileReRoute.AuthenticationProviderKey);
|
||||
}
|
||||
|
||||
private bool IsAuthorised(FileReRoute fileReRoute)
|
||||
|
||||
@@ -11,6 +11,7 @@ namespace Ocelot.Configuration.File
|
||||
JwtConfig = new FileJwtConfig();
|
||||
}
|
||||
|
||||
public string AuthenticationProviderKey {get; set;}
|
||||
public string Provider { get; set; }
|
||||
public List<string> AllowedScopes { get; set; }
|
||||
public FileIdentityServerConfig IdentityServerConfig { get; set; }
|
||||
|
||||
@@ -8,9 +8,11 @@ namespace Ocelot.Configuration.File
|
||||
{
|
||||
ReRoutes = new List<FileReRoute>();
|
||||
GlobalConfiguration = new FileGlobalConfiguration();
|
||||
AuthenticationOptions = new List<FileAuthenticationOptions>();
|
||||
}
|
||||
|
||||
public List<FileReRoute> ReRoutes { get; set; }
|
||||
public FileGlobalConfiguration GlobalConfiguration { get; set; }
|
||||
public List<FileAuthenticationOptions> AuthenticationOptions { get; set; }
|
||||
}
|
||||
}
|
||||
|
||||
@@ -11,7 +11,6 @@ namespace Ocelot.Configuration.File
|
||||
AddClaimsToRequest = new Dictionary<string, string>();
|
||||
RouteClaimsRequirement = new Dictionary<string, string>();
|
||||
AddQueriesToRequest = new Dictionary<string, string>();
|
||||
AuthenticationOptions = new FileAuthenticationOptions();
|
||||
FileCacheOptions = new FileCacheOptions();
|
||||
QoSOptions = new FileQoSOptions();
|
||||
RateLimitOptions = new FileRateLimitRule();
|
||||
@@ -20,7 +19,6 @@ namespace Ocelot.Configuration.File
|
||||
public string DownstreamPathTemplate { get; set; }
|
||||
public string UpstreamPathTemplate { get; set; }
|
||||
public List<string> UpstreamHttpMethod { get; set; }
|
||||
public FileAuthenticationOptions AuthenticationOptions { get; set; }
|
||||
public Dictionary<string, string> AddHeadersToRequest { get; set; }
|
||||
public Dictionary<string, string> AddClaimsToRequest { get; set; }
|
||||
public Dictionary<string, string> RouteClaimsRequirement { get; set; }
|
||||
@@ -35,5 +33,6 @@ namespace Ocelot.Configuration.File
|
||||
public FileQoSOptions QoSOptions { get; set; }
|
||||
public string LoadBalancer {get;set;}
|
||||
public FileRateLimitRule RateLimitOptions { get; set; }
|
||||
public string AuthenticationProviderKey {get; set;}
|
||||
}
|
||||
}
|
||||
@@ -46,21 +46,34 @@ namespace Ocelot.Configuration.Validator
|
||||
{
|
||||
var errors = new List<Error>();
|
||||
|
||||
//todo - these loops break seperation of concerns...unit tests should fail also..
|
||||
foreach(var authProvider in configuration.AuthenticationOptions)
|
||||
{
|
||||
if (IsSupportedAuthenticationProvider(authProvider.Provider))
|
||||
{
|
||||
continue;
|
||||
}
|
||||
|
||||
var error = new UnsupportedAuthenticationProviderError($"{authProvider.Provider} is unsupported authentication provider");
|
||||
errors.Add(error);
|
||||
}
|
||||
|
||||
foreach (var reRoute in configuration.ReRoutes)
|
||||
{
|
||||
var isAuthenticated = !string.IsNullOrEmpty(reRoute.AuthenticationOptions?.Provider);
|
||||
var isAuthenticated = !string.IsNullOrEmpty(reRoute.AuthenticationProviderKey);
|
||||
|
||||
if (!isAuthenticated)
|
||||
{
|
||||
continue;
|
||||
}
|
||||
|
||||
if (IsSupportedAuthenticationProvider(reRoute.AuthenticationOptions?.Provider))
|
||||
//todo is this correct?
|
||||
if(configuration.AuthenticationOptions.Exists(x => x.AuthenticationProviderKey == reRoute.AuthenticationProviderKey))
|
||||
{
|
||||
continue;
|
||||
}
|
||||
|
||||
var error = new UnsupportedAuthenticationProviderError($"{reRoute.AuthenticationOptions?.Provider} is unsupported authentication provider, upstream template is {reRoute.UpstreamPathTemplate}, upstream method is {reRoute.UpstreamHttpMethod}");
|
||||
var error = new UnsupportedAuthenticationProviderError($"{reRoute.AuthenticationProviderKey} is unsupported authentication provider, upstream template is {reRoute.UpstreamPathTemplate}, upstream method is {reRoute.UpstreamHttpMethod}");
|
||||
errors.Add(error);
|
||||
}
|
||||
|
||||
|
||||
@@ -157,21 +157,26 @@ namespace Ocelot.DependencyInjection
|
||||
//then join onto them from reroutes based on a key
|
||||
var data = File.ReadAllText("configuration.json");
|
||||
var config = JsonConvert.DeserializeObject<FileConfiguration>(data);
|
||||
foreach(var reRoute in config.ReRoutes)
|
||||
|
||||
foreach(var authOptions in config.AuthenticationOptions)
|
||||
{
|
||||
if(reRoute.AuthenticationOptions != null && !string.IsNullOrEmpty(reRoute.AuthenticationOptions.Provider))
|
||||
if(authOptions.Provider.ToLower() == "identityserver")
|
||||
{
|
||||
Action<IdentityServerAuthenticationOptions> options = o =>
|
||||
{
|
||||
o.Authority = reRoute.AuthenticationOptions.IdentityServerConfig.ProviderRootUrl;
|
||||
o.ApiName = reRoute.AuthenticationOptions.IdentityServerConfig.ApiName;
|
||||
o.RequireHttpsMetadata = reRoute.AuthenticationOptions.IdentityServerConfig.RequireHttps;
|
||||
o.Authority = authOptions.IdentityServerConfig.ProviderRootUrl;
|
||||
o.ApiName = authOptions.IdentityServerConfig.ApiName;
|
||||
o.RequireHttpsMetadata = authOptions.IdentityServerConfig.RequireHttps;
|
||||
o.SupportedTokens = SupportedTokens.Both;
|
||||
o.ApiSecret = reRoute.AuthenticationOptions.IdentityServerConfig.ApiSecret;
|
||||
o.ApiSecret = authOptions.IdentityServerConfig.ApiSecret;
|
||||
};
|
||||
|
||||
services.AddAuthentication()
|
||||
.AddIdentityServerAuthentication(reRoute.AuthenticationOptions.Provider, options);
|
||||
.AddIdentityServerAuthentication(authOptions.AuthenticationProviderKey, options);
|
||||
}
|
||||
else if (authOptions.Provider.ToLower() == "jwt")
|
||||
{
|
||||
//todo - make this work for nick..
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user