# README
Sophon Auth
Unified authorization service for Venus cluster
- Permission Validation
- Log collection (Provide influxdb storage solution)
- RESTful API
Use Venus Issues for reporting issues about this repository.
Get Started
$ git clone https://github.com/ipfs-force-community/sophon-auth.git
$ export GOPROXY=https://goproxy.io,direct
$ export GO111MODULE=on
$ make
$ sophon-auth
RESTFul API
1. verify token
-
method: POST
-
route : http://localhost:8989/verify
-
Body params:
| name | type | desc | e.g. |
|---|---|---|---|
| token | string | jwt token | eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoiUmVubmJvbiIsInBlcm0iOiJhZG1pbiIsImV4dCI6ImV5SkJiR3h2ZHlJNld5SnlaV0ZrSWl3aWQzSnBkR1VpTENKemFXZHVJaXdpWVdSdGFXNGlYWDAifQ.gONkC1v8AuY-ZP2WhU62EonWmyPeOW1pFhnRM-Fl7ko |
- response
# status 200 :
{
"name": "Rennbon",
"perm": "admin",
"ext": "eyJBbGxvdyI6WyJyZWFkIiwid3JpdGUiLCJzaWduIiwiYWRtaW4iXX0"
}
# status 401:
{
"error": "A non-registered token"
}
2. generate token
- method: POST
- route : http://localhost:8989/genToken
- Body params:
| name | type | desc | e.g. |
|---|---|---|---|
| name | string | The name of the description | Rennbon |
| perm | string | admin,sign,write,read | admin |
| extra | string | custom payload |
- response
# status 200 :
{
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoiUmVubmJvbiIsInBlcm0iOiJhZG1pbiIsImV4dCI6ImV5SkJiR3h2ZHlJNld5SnlaV0ZrSWl3aWQzSnBkR1VpTENKemFXZHVJaXdpWVdSdGFXNGlYWDAifQ.gONkC1v8AuY-ZP2WhU62EonWmyPeOW1pFhnRM-Fl7ko"
}
3. remove token
- method: DELETE
- route : http://localhost:8989/token
- Body params:
| name | type | desc | e.g. |
|---|---|---|---|
| token | string | jwt token | eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoiUmVubmJvbiIsInBlcm0iOiJhZG1pbiIsImV4dCI6ImV5SkJiR3h2ZHlJNld5SnlaV0ZrSWl3aWQzSnBkR1VpTENKemFXZHVJaXdpWVdSdGFXNGlYWDAifQ.gONkC1v8AuY-ZP2WhU62EonWmyPeOW1pFhnRM-Fl7ko |
- response
# status 200
4. list token info
- method: GET
- route : http://localhost:8989/tokens
| name | type | desc | e.g. |
|---|---|---|---|
| skip | int | >= 0 | 1 |
| limit | int | > 0 | 20 |
- response
# status 200
[
{
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoiUmVubmJvbiIsInBlcm0iOiJhZG1pbiIsImV4dCI6ImV5SkJiR3h2ZHlJNld5SnlaV0ZrSWl3aWQzSnBkR1VpTENKemFXZHVJaXdpWVdSdGFXNGlYWDAifQ.Ct8Lc-lc1nppIejRz-y0ht7yAnzB0-bpwk4Vkk0k-TM",
"name": "Rennbon",
"createTime": "2021-03-30T17:02:32.347018+08:00"
},
{
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoibG90dXMtbWluZXIiLCJwZXJtIjoiYWRtaW4iLCJleHQiOiJleUpCYkd4dmR5STZXeUp5WldGa0lpd2lkM0pwZEdVaUxDSnphV2R1SWl3aVlXUnRhVzRpWFgwIn0.cwK2GgDydEY8pC8NBW2wlOBaoxDZhIdA1xgV6WSF63g",
"name": "lotus-miner",
"createTime": "2021-04-01T15:57:39.858826+08:00"
}
]
CLI
1. generate token
# show help
$ ./sophon-auth token gen -h
USAGE:
sophon-auth token gen [command options] [name]
OPTIONS:
--perm value permission for API auth (read, write, sign, admin) (default: "read")
--extra value custom string in JWT payload
$ ./sophon-auth token gen token1 --perm admin --extra custom_str
generate token success: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoidG9rZW4xIiwicGVybSI6InJlYWQiLCJleHQiOiIifQ.s3jvO-yewsf3PHMF-tsWSbb-3aW7V-tlMsnEAkYdxgA
2. list token info
# show help
$ ./sophon-auth token list -h
USAGE:
sophon-auth token list [command options] [arguments...]
OPTIONS:
--skip value (default: 0)
--limit value (default: 20)
--help, -h show help (default: false)
$ ./sophon-auth token list --skip 0 --limit 10
num name perm createTime token
1 token1 admin 2021-05-31 18:45:02 eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoidG9rZW4xIiwicGVybSI6InJlYWQiLCJleHQiOiIifQ.s3jvO-yewsf3PHMF-tsWSbb-3aW7V-tlMsnEAkYdxgA
2 token2 read 2021-06-18 13:31:47 eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoiZmF0bWFuMTMiLCJwZXJtIjoicmVhZCIsImV4dCI6IiJ9.F0frWmZSsEpyZIY_VOQ9WiAVxAfzqUdhvrU16ltbP9U
3 token3 write 2021-06-19 00:14:02 eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoiZmF0bWFuMTMiLCJwZXJtIjoid3JpdGUiLCJleHQiOiIifQ.Txu3yYCAtbKL9jSzsf3ldDWz7WX5F3w7RnQBDzMtY-0
4 token4 sign 2021-07-06 11:14:06 eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoiaGUiLCJwZXJtIjoicmVhZCIsImV4dCI6IiJ9.Hjmnh4snGYc1lT2PplH4tffIdBNta7QPRiwCeWsty2s
3. remove token
# show help
$ ./sophon-auth token rm -h
USAGE:
sophon-auth token rm [command options] [token]
OPTIONS:
--help, -h show help (default: false)
$ ./sophon-auth token rm eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoidG9rZW4xIiwicGVybSI6InJlYWQiLCJleHQiOiIifQ.s3jvO-yewsf3PHMF-tsWSbb-3aW7V-tlMsnEAkYdxgA
remove token success: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoidG9rZW4xIiwicGVybSI6InJlYWQiLCJleHQiOiIifQ.s3jvO-yewsf3PHMF-tsWSbb-3aW7V-tlMsnEAkYdxgA
Config
the default config path is "~/.auth-auth/config.toml"
Listen = "127.0.0.1:8989"
ReadTimeout = "1m"
WriteTimeout = "1m"
IdleTimeout = "1m"
[db]
# support: badger (default), mysql
# the mysql DDL is in the script package
type = "badger"
# The following parameters apply to MySQL
DSN = "rennbon:111111@(127.0.0.1:3306)/auth_server?parseTime=true&loc=Local&charset=utf8mb4&collation=utf8mb4_unicode_ci&readTimeout=10s&writeTimeout=10s"
# conns 1500 concurrent
maxOpenConns = 64
maxIdleConns = 128
maxLifeTime = "120s"
maxIdleTime = "30s"
[log]
# trace,debug,info,warning,error,fatal,panic
# output level
logLevel = trace
# db type, 1:influxDB
type = 1
# db hook switch
hookSwitch = true
[Trace]
# Enable trace
JaegerTracingEnabled = true
# Frequency of collection
ProbabilitySampler = 1.0
JaegerEndpoint = "127.0.0.1:6831"
ServerName = "sophon-auth"
Script
- influxdb-docker-compose.yml => rename docker-compose.yml and install influxdb in docker
- influxDB_view.md => histogram and graph view config
# Packages
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author