modify

lpmoon · Nov 24, 2015 · db3efe3 · db3efe3
1 parent 67814c6
commit db3efe3
Show file tree

Hide file tree

Showing 5 changed files with 37 additions and 30 deletions.
diff --git a/auth_server/main.go b/auth_server/main.go
@@ -27,6 +27,7 @@ import (
 	"time"
 
 	"github.com/cesanta/docker_auth/auth_server/server"
+	"github.com/cesanta/docker_auth/auth_server/server/config"
 	"github.com/facebookgo/httpdown"
 	"github.com/golang/glog"
 	fsnotify "gopkg.in/fsnotify.v1"
@@ -39,9 +40,9 @@ type RestartableServer struct {
 	hs         httpdown.Server
 }
 
-func ServeOnce(c *server.Config, cf string, hd *httpdown.HTTP) (*server.AuthServer, httpdown.Server) {
+func ServeOnce(c *config.Config, cf string, hd *httpdown.HTTP) (*server.AuthServer, httpdown.Server) {
 	glog.Infof("Config from %s (%d users, %d ACL static entries)", cf, len(c.Users), len(c.ACL))
-	as, err := server.NewAuthServer(c)
+	as, ms, err := server.NewAuthServer(c)
 	if err != nil {
 		glog.Exitf("Failed to create auth server: %s", err)
 	}
@@ -87,11 +88,13 @@ func ServeOnce(c *server.Config, cf string, hd *httpdown.HTTP) (*server.AuthServ
 	if err != nil {
 		glog.Exitf("Failed to set up listener: %s", err)
 	}
+
+	ms.RunManagerServer()
 	glog.Infof("Serving")
 	return as, s
 }
 
-func (rs *RestartableServer) Serve(c *server.Config) {
+func (rs *RestartableServer) Serve(c *config.Config) {
 	rs.authServer, rs.hs = ServeOnce(c, rs.configFile, rs.hd)
 	rs.WatchConfig()
 }
@@ -142,7 +145,7 @@ func (rs *RestartableServer) WatchConfig() {
 
 func (rs *RestartableServer) MaybeRestart() {
 	glog.Infof("Restarting server")
-	c, err := server.LoadConfig(rs.configFile)
+	c, err := config.LoadConfig(rs.configFile)
 	if err != nil {
 		glog.Errorf("Failed to reload config (server not restarted): %s", err)
 		return
@@ -162,7 +165,7 @@ func main() {
 	if cf == "" {
 		glog.Exitf("Config file not specified")
 	}
-	c, err := server.LoadConfig(cf)
+	c, err := config.LoadConfig(cf)
 	if err != nil {
 		glog.Exitf("Failed to load config: %s", err)
 	}

diff --git a/auth_server/server/config.go → auth_server/server/config/config.go b/auth_server/server/config.go → auth_server/server/config/config.go
@@ -14,7 +14,7 @@
    limitations under the License.
 */
 
-package server
+package config
 
 import (
 	"crypto/tls"
@@ -45,8 +45,8 @@ type ServerConfig struct {
 	CertFile      string `yaml:"certificate,omitempty"`
 	KeyFile       string `yaml:"key,omitempty"`
 
-	publicKey  libtrust.PublicKey
-	privateKey libtrust.PrivateKey
+	PublicKey  libtrust.PublicKey
+	PrivateKey libtrust.PrivateKey
 }
 
 type TokenConfig struct {
@@ -55,8 +55,8 @@ type TokenConfig struct {
 	KeyFile    string `yaml:"key,omitempty"`
 	Expiration int64  `yaml:"expiration,omitempty"`
 
-	publicKey  libtrust.PublicKey
-	privateKey libtrust.PrivateKey
+	PublicKey  libtrust.PublicKey
+	PrivateKey libtrust.PrivateKey
 }
 
 // 配置校验
@@ -137,7 +137,7 @@ func LoadConfig(fileName string) (*Config, error) {
 		if c.Server.CertFile == "" || c.Server.KeyFile == "" {
 			return nil, fmt.Errorf("failed to load server cert and key: both were not provided")
 		}
-		c.Server.publicKey, c.Server.privateKey, err = loadCertAndKey(c.Server.CertFile, c.Server.KeyFile)
+		c.Server.PublicKey, c.Server.PrivateKey, err = loadCertAndKey(c.Server.CertFile, c.Server.KeyFile)
 		if err != nil {
 			return nil, fmt.Errorf("failed to load server cert and key: %s", err)
 		}
@@ -149,15 +149,15 @@ func LoadConfig(fileName string) (*Config, error) {
 		if c.Token.CertFile == "" || c.Token.KeyFile == "" {
 			return nil, fmt.Errorf("failed to load token cert and key: both were not provided")
 		}
-		c.Token.publicKey, c.Token.privateKey, err = loadCertAndKey(c.Token.CertFile, c.Token.KeyFile)
+		c.Token.PublicKey, c.Token.PrivateKey, err = loadCertAndKey(c.Token.CertFile, c.Token.KeyFile)
 		if err != nil {
 			return nil, fmt.Errorf("failed to load token cert and key: %s", err)
 		}
 		tokenConfigured = true
 	}
 
 	if serverConfigured && !tokenConfigured {
-		c.Token.publicKey, c.Token.privateKey = c.Server.publicKey, c.Server.privateKey
+		c.Token.PublicKey, c.Token.PrivateKey = c.Server.PublicKey, c.Server.PrivateKey
 		tokenConfigured = true
 	}
 

diff --git a/auth_server/server/manager/models/configholder.go b/auth_server/server/manager/models/configholder.go
@@ -3,11 +3,11 @@ package models
 import (
 	"github.com/cesanta/docker_auth/auth_server/authn"
 	"github.com/cesanta/docker_auth/auth_server/authz"
-	"github.com/cesanta/docker_auth/auth_server/server"
+	"github.com/cesanta/docker_auth/auth_server/server/config"
 )
 
 type AuthConfig struct {
-	Config         *server.Config
+	Config         *config.Config
 	Authenticators []authn.Authenticator
 	Authorizers    []authz.Authorizer
 }
@@ -18,7 +18,7 @@ type AuthConfigManager struct {
 
 var ACManager *AuthConfigManager
 
-func InitAuthConfigManager(config *server.Config, authenticators []authn.Authenticator, authorizers []authz.Authorizer) {
+func InitAuthConfigManager(config *config.Config, authenticators []authn.Authenticator, authorizers []authz.Authorizer) {
 	authConfig := &AuthConfig{Config: config, Authenticators: authenticators, Authorizers: authorizers}
 	ACManager = &AuthConfigManager{authConfig: authConfig}
 }

diff --git a/auth_server/server/manager/mserver.go b/auth_server/server/manager/mserver.go
@@ -1,20 +1,19 @@
-package main
+package manager
 
 import (
 	"github.com/astaxie/beego"
 	"github.com/cesanta/docker_auth/auth_server/authn"
 	"github.com/cesanta/docker_auth/auth_server/authz"
-	"github.com/cesanta/docker_auth/auth_server/server"
+	"github.com/cesanta/docker_auth/auth_server/server/config"
 	"github.com/cesanta/docker_auth/auth_server/server/manager/models"
 	_ "github.com/cesanta/docker_auth/auth_server/server/manager/routers"
-	"net/http"
 )
 
 type MServer struct {
 }
 
 // 初始化配置，以及新建服务器
-func NewMServer(config *server.Config, authenticators []authn.Authenticator, authorizers []authz.Authorizer) *MServer {
+func NewMServer(config *config.Config, authenticators []authn.Authenticator, authorizers []authz.Authorizer) *MServer {
 	models.InitAuthConfigManager(config, authenticators, authorizers)
 	return &MServer{}
 }

diff --git a/auth_server/server/server.go b/auth_server/server/server.go
@@ -28,6 +28,8 @@ import (
 
 	"github.com/cesanta/docker_auth/auth_server/authn"
 	"github.com/cesanta/docker_auth/auth_server/authz"
+	"github.com/cesanta/docker_auth/auth_server/server/config"
+	"github.com/cesanta/docker_auth/auth_server/server/manager"
 	"github.com/docker/distribution/registry/auth/token"
 	"github.com/golang/glog"
 )
@@ -44,28 +46,28 @@ func (ar AuthRequest) String() string {
 }
 
 type AuthServer struct {
-	config         *Config
+	config         *config.Config
 	authenticators []authn.Authenticator
 	authorizers    []authz.Authorizer
 	ga             *authn.GoogleAuth
 }
 
-func NewAuthServer(c *Config) (*AuthServer, error) {
+func NewAuthServer(c *config.Config) (*AuthServer, *manager.MServer, error) {
 	as := &AuthServer{
 		config:      c,
 		authorizers: []authz.Authorizer{},
 	}
 	if c.ACL != nil {
 		staticAuthorizer, err := authz.NewACLAuthorizer(c.ACL)
 		if err != nil {
-			return nil, err
+			return nil, nil, err
 		}
 		as.authorizers = append(as.authorizers, staticAuthorizer)
 	}
 	if c.ACLMongoConf != nil {
 		mongoAuthorizer, err := authz.NewACLMongoAuthorizer(*c.ACLMongoConf)
 		if err != nil {
-			return nil, err
+			return nil, nil, err
 		}
 		as.authorizers = append(as.authorizers, mongoAuthorizer)
 	}
@@ -75,19 +77,22 @@ func NewAuthServer(c *Config) (*AuthServer, error) {
 	if c.GoogleAuth != nil {
 		ga, err := authn.NewGoogleAuth(c.GoogleAuth)
 		if err != nil {
-			return nil, err
+			return nil, nil, err
 		}
 		as.authenticators = append(as.authenticators, ga)
 		as.ga = ga
 	}
 	if c.LDAPAuth != nil {
 		la, err := authn.NewLDAPAuth(c.LDAPAuth)
 		if err != nil {
-			return nil, err
+			return nil, nil, err
 		}
 		as.authenticators = append(as.authenticators, la)
 	}
-	return as, nil
+
+	ms := manager.NewMServer(as.config, as.authenticators, as.authorizers)
+
+	return as, ms, nil
 }
 
 func (as *AuthServer) ParseRequest(req *http.Request) (*AuthRequest, error) {
@@ -162,14 +167,14 @@ func (as *AuthServer) CreateToken(ar *AuthRequest, actions []string) (string, er
 	tc := &as.config.Token
 
 	// Sign something dummy to find out which algorithm is used.
-	_, sigAlg, err := tc.privateKey.Sign(strings.NewReader("dummy"), 0)
+	_, sigAlg, err := tc.PrivateKey.Sign(strings.NewReader("dummy"), 0)
 	if err != nil {
 		return "", fmt.Errorf("failed to sign: %s", err)
 	}
 	header := token.Header{
 		Type:       "JWT",
 		SigningAlg: sigAlg,
-		KeyID:      tc.publicKey.KeyID(),
+		KeyID:      tc.PublicKey.KeyID(),
 	}
 	headerJSON, err := json.Marshal(header)
 	if err != nil {
@@ -198,7 +203,7 @@ func (as *AuthServer) CreateToken(ar *AuthRequest, actions []string) (string, er
 
 	payload := fmt.Sprintf("%s%s%s", joseBase64UrlEncode(headerJSON), token.TokenSeparator, joseBase64UrlEncode(claimsJSON))
 
-	sig, sigAlg2, err := tc.privateKey.Sign(strings.NewReader(payload), 0)
+	sig, sigAlg2, err := tc.PrivateKey.Sign(strings.NewReader(payload), 0)
 	if err != nil || sigAlg2 != sigAlg {
 		return "", fmt.Errorf("failed to sign token: %s", err)
 	}