Skip to content

Commit

Permalink
support authenticate via OIDC (#888)
Browse files Browse the repository at this point in the history
  • Loading branch information
zhenghaoz authored Nov 16, 2024
1 parent f224de5 commit a323b17
Show file tree
Hide file tree
Showing 10 changed files with 221 additions and 197 deletions.
39 changes: 26 additions & 13 deletions config/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,7 @@ type Config struct {
Recommend RecommendConfig `mapstructure:"recommend"`
Tracing TracingConfig `mapstructure:"tracing"`
Experimental ExperimentalConfig `mapstructure:"experimental"`
OIDC OIDCConfig `mapstructure:"oidc"`
}

// DatabaseConfig is the configuration for the database.
Expand All @@ -73,19 +74,18 @@ type DatabaseConfig struct {

// MasterConfig is the configuration for the master.
type MasterConfig struct {
Port int `mapstructure:"port" validate:"gte=0"` // master port
Host string `mapstructure:"host"` // master host
HttpPort int `mapstructure:"http_port" validate:"gte=0"` // HTTP port
HttpHost string `mapstructure:"http_host"` // HTTP host
HttpCorsDomains []string `mapstructure:"http_cors_domains"` // add allowed cors domains
HttpCorsMethods []string `mapstructure:"http_cors_methods"` // add allowed cors methods
NumJobs int `mapstructure:"n_jobs" validate:"gt=0"` // number of working jobs
MetaTimeout time.Duration `mapstructure:"meta_timeout" validate:"gt=0"` // cluster meta timeout (second)
DashboardUserName string `mapstructure:"dashboard_user_name"` // dashboard user name
DashboardPassword string `mapstructure:"dashboard_password"` // dashboard password
DashboardAuthServer string `mapstructure:"dashboard_auth_server"` // dashboard auth server
DashboardRedacted bool `mapstructure:"dashboard_redacted"`
AdminAPIKey string `mapstructure:"admin_api_key"`
Port int `mapstructure:"port" validate:"gte=0"` // master port
Host string `mapstructure:"host"` // master host
HttpPort int `mapstructure:"http_port" validate:"gte=0"` // HTTP port
HttpHost string `mapstructure:"http_host"` // HTTP host
HttpCorsDomains []string `mapstructure:"http_cors_domains"` // add allowed cors domains
HttpCorsMethods []string `mapstructure:"http_cors_methods"` // add allowed cors methods
NumJobs int `mapstructure:"n_jobs" validate:"gt=0"` // number of working jobs
MetaTimeout time.Duration `mapstructure:"meta_timeout" validate:"gt=0"` // cluster meta timeout (second)
DashboardUserName string `mapstructure:"dashboard_user_name"` // dashboard user name
DashboardPassword string `mapstructure:"dashboard_password"` // dashboard password
DashboardRedacted bool `mapstructure:"dashboard_redacted"`
AdminAPIKey string `mapstructure:"admin_api_key"`
}

// ServerConfig is the configuration for the server.
Expand Down Expand Up @@ -179,6 +179,14 @@ type ExperimentalConfig struct {
DeepLearningBatchSize int `mapstructure:"deep_learning_batch_size"`
}

type OIDCConfig struct {
Enable bool `mapstructure:"enable"`
Issuer string `mapstructure:"issuer"`
ClientID string `mapstructure:"client_id"`
ClientSecret string `mapstructure:"client_secret"`
RedirectURL string `mapstructure:"redirect_url" validate:"omitempty,endswith=/callback/oauth2"`
}

func GetDefaultConfig() *Config {
return &Config{
Master: MasterConfig{
Expand Down Expand Up @@ -558,6 +566,11 @@ func LoadConfig(path string, oneModel bool) (*Config, error) {
{"master.dashboard_redacted", "GORSE_DASHBOARD_REDACTED"},
{"master.admin_api_key", "GORSE_ADMIN_API_KEY"},
{"server.api_key", "GORSE_SERVER_API_KEY"},
{"oidc.enable", "GORSE_OIDC_ENABLE"},
{"oidc.issuer", "GORSE_OIDC_ISSUER"},
{"oidc.client_id", "GORSE_OIDC_CLIENT_ID"},
{"oidc.client_secret", "GORSE_OIDC_CLIENT_SECRET"},
{"oidc.redirect_url", "GORSE_OIDC_REDIRECT_URL"},
}
for _, binding := range bindings {
err := viper.BindEnv(binding.key, binding.env)
Expand Down
20 changes: 20 additions & 0 deletions config/config.toml
Original file line number Diff line number Diff line change
Expand Up @@ -260,3 +260,23 @@ enable_deep_learning = false

# Batch size for deep learning recommenders. The default value is 128.
deep_learning_batch_size = 128

[oidc]

# Enable OpenID Connect (OIDC) authentication. The default value is false.
enable = false

# The issuer of the OAuth provider.
issuer = ""

# Public identifier of the OAuth application.
client_id = ""

# Token access to the OAuth application.
client_secret = ""

# URL used by the OAuth provider to redirect users after they are successfully authenticated
# (also referred to as the callback URL). You should set this to the concatenation of the
# Gorse dashboard URL and "/callback/oauth2". For example, if the Gorse dashboard URL is
# http://localhost:8088, the redirect URL should be: http://localhost:8088/callback/oauth2
redirect_url = ""
20 changes: 19 additions & 1 deletion config/config_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,10 @@ func TestUnmarshal(t *testing.T) {
text = strings.Replace(text, "data_table_prefix = \"gorse_\"", "data_table_prefix = \"gorse_data_\"", -1)
text = strings.Replace(text, "http_cors_domains = []", "http_cors_domains = [\".*\"]", -1)
text = strings.Replace(text, "http_cors_methods = []", "http_cors_methods = [\"GET\",\"PATCH\",\"POST\"]", -1)
text = strings.Replace(text, "issuer = \"\"", "issuer = \"https://accounts.google.com\"", -1)
text = strings.Replace(text, "client_id = \"\"", "client_id = \"client_id\"", -1)
text = strings.Replace(text, "client_secret = \"\"", "client_secret = \"client_secret\"", -1)
text = strings.Replace(text, "redirect_url = \"\"", "redirect_url = \"http://localhost:8088/callback/oauth2\"", -1)
r, err := convert.TOML{}.Decode(bytes.NewBufferString(text))
assert.NoError(t, err)

Expand Down Expand Up @@ -142,6 +146,11 @@ func TestUnmarshal(t *testing.T) {
assert.Equal(t, 1.0, config.Tracing.Ratio)
// [experimental]
assert.Equal(t, 128, config.Experimental.DeepLearningBatchSize)
// [oauth2]
assert.Equal(t, "https://accounts.google.com", config.OIDC.Issuer)
assert.Equal(t, "client_id", config.OIDC.ClientID)
assert.Equal(t, "client_secret", config.OIDC.ClientSecret)
assert.Equal(t, "http://localhost:8088/callback/oauth2", config.OIDC.RedirectURL)
})
}
}
Expand Down Expand Up @@ -180,6 +189,11 @@ func TestBindEnv(t *testing.T) {
{"GORSE_DASHBOARD_REDACTED", "true"},
{"GORSE_ADMIN_API_KEY", "<admin_api_key>"},
{"GORSE_SERVER_API_KEY", "<server_api_key>"},
{"GORSE_OIDC_ENABLE", "true"},
{"GORSE_OIDC_ISSUER", "https://accounts.google.com"},
{"GORSE_OIDC_CLIENT_ID", "client_id"},
{"GORSE_OIDC_CLIENT_SECRET", "client_secret"},
{"GORSE_OIDC_REDIRECT_URL", "http://localhost:8088/callback/oauth2"},
}
for _, variable := range variables {
t.Setenv(variable.key, variable.value)
Expand All @@ -199,10 +213,14 @@ func TestBindEnv(t *testing.T) {
assert.Equal(t, 789, config.Master.NumJobs)
assert.Equal(t, "user_name", config.Master.DashboardUserName)
assert.Equal(t, "password", config.Master.DashboardPassword)
assert.Equal(t, "http://127.0.0.1:8888", config.Master.DashboardAuthServer)
assert.Equal(t, true, config.Master.DashboardRedacted)
assert.Equal(t, "<admin_api_key>", config.Master.AdminAPIKey)
assert.Equal(t, "<server_api_key>", config.Server.APIKey)
assert.Equal(t, true, config.OIDC.Enable)
assert.Equal(t, "https://accounts.google.com", config.OIDC.Issuer)
assert.Equal(t, "client_id", config.OIDC.ClientID)
assert.Equal(t, "client_secret", config.OIDC.ClientSecret)
assert.Equal(t, "http://localhost:8088/callback/oauth2", config.OIDC.RedirectURL)

// check default values
assert.Equal(t, 100, config.Recommend.CacheSize)
Expand Down
13 changes: 7 additions & 6 deletions go.mod
Original file line number Diff line number Diff line change
@@ -1,16 +1,14 @@
module github.com/zhenghaoz/gorse

go 1.23.2

toolchain go1.23.3
go 1.23.3

require (
github.com/ReneKroon/ttlcache/v2 v2.11.0
github.com/XSAM/otelsql v0.35.0
github.com/araddon/dateparse v0.0.0-20210429162001-6b43995a97de
github.com/benhoyt/goawk v1.20.0
github.com/bits-and-blooms/bitset v1.2.1
github.com/chewxy/math32 v1.10.1
github.com/coreos/go-oidc/v3 v3.11.0
github.com/deckarep/golang-set/v2 v2.3.1
github.com/emicklei/go-restful-openapi/v2 v2.9.0
github.com/emicklei/go-restful/v3 v3.9.0
Expand All @@ -20,12 +18,12 @@ require (
github.com/go-playground/validator/v10 v10.11.0
github.com/go-resty/resty/v2 v2.7.0
github.com/go-sql-driver/mysql v1.6.0
github.com/golang/protobuf v1.5.2
github.com/google/uuid v1.6.0
github.com/gorilla/securecookie v1.1.1
github.com/gorse-io/dashboard v0.0.0-20241112140226-19a1b322242c
github.com/gorse-io/dashboard v0.0.0-20241115145254-4def1c814899
github.com/haxii/go-swagger-ui v0.0.0-20210203093335-a63a6bbde946
github.com/jaswdr/faker v1.16.0
github.com/jellydator/ttlcache/v3 v3.3.0
github.com/json-iterator/go v1.1.12
github.com/juju/errors v1.0.0
github.com/klauspost/asmfmt v1.3.2
Expand Down Expand Up @@ -63,6 +61,7 @@ require (
go.uber.org/atomic v1.10.0
go.uber.org/zap v1.24.0
golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e
golang.org/x/oauth2 v0.22.0
google.golang.org/grpc v1.67.1
google.golang.org/protobuf v1.35.1
gopkg.in/natefinch/lumberjack.v2 v2.2.1
Expand Down Expand Up @@ -93,13 +92,15 @@ require (
github.com/dustin/go-humanize v1.0.0 // indirect
github.com/felixge/httpsnoop v1.0.4 // indirect
github.com/fsnotify/fsnotify v1.5.4 // indirect
github.com/go-jose/go-jose/v4 v4.0.2 // indirect
github.com/go-logr/logr v1.4.2 // indirect
github.com/go-logr/stdr v1.2.2 // indirect
github.com/go-openapi/jsonpointer v0.19.5 // indirect
github.com/go-openapi/jsonreference v0.20.0 // indirect
github.com/go-openapi/spec v0.20.7 // indirect
github.com/go-openapi/swag v0.22.3 // indirect
github.com/gogo/protobuf v1.3.2 // indirect
github.com/golang/protobuf v1.5.2 // indirect
github.com/golang/snappy v0.0.4 // indirect
github.com/google/flatbuffers v2.0.6+incompatible // indirect
github.com/grpc-ecosystem/grpc-gateway/v2 v2.22.0 // indirect
Expand Down
17 changes: 10 additions & 7 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -44,8 +44,6 @@ github.com/Masterminds/semver/v3 v3.1.1 h1:hLg3sBzpNErnxhQtUy/mmLR2I9foDujNK030I
github.com/Masterminds/semver/v3 v3.1.1/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs=
github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
github.com/ReneKroon/ttlcache/v2 v2.11.0 h1:OvlcYFYi941SBN3v9dsDcC2N8vRxyHcCmJb3Vl4QMoM=
github.com/ReneKroon/ttlcache/v2 v2.11.0/go.mod h1:mBxvsNY+BT8qLLd6CuAJubbKo6r0jh3nb5et22bbfGY=
github.com/XSAM/otelsql v0.35.0 h1:nMdbU/XLmBIB6qZF61uDqy46E0LVA4ZgF/FCNw8Had4=
github.com/XSAM/otelsql v0.35.0/go.mod h1:wO028mnLzmBpstK8XPsoeRLl/kgt417yjAwOGDIptTc=
github.com/ajstarks/deck v0.0.0-20200831202436-30c9fc6549a9/go.mod h1:JynElWSGnm/4RlzPXRlREEwqTHAN3T56Bv2ITsFT3gY=
Expand Down Expand Up @@ -109,6 +107,8 @@ github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnht
github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
github.com/cockroachdb/apd v1.1.0 h1:3LFP3629v+1aKXU5Q37mxmRxX/pIu1nijXydLShEq5I=
github.com/cockroachdb/apd v1.1.0/go.mod h1:8Sl8LxpKi29FqWXR16WEFZRNSz3SoPzUzeMeY4+DwBQ=
github.com/coreos/go-oidc/v3 v3.11.0 h1:Ia3MxdwpSw702YW0xgfmP1GVCMA9aEFWu12XUZ3/OtI=
github.com/coreos/go-oidc/v3 v3.11.0/go.mod h1:gE3LgjOgFoHi9a4ce4/tJczr0Ai2/BoDhf0r5lltWI0=
github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
github.com/coreos/go-systemd v0.0.0-20190719114852-fd7a80b32e1f/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
Expand Down Expand Up @@ -162,6 +162,8 @@ github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9
github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
github.com/go-gota/gota v0.12.0/go.mod h1:UT+NsWpZC/FhaOyWb9Hui0jXg0Iq8e/YugZHTbyW/34=
github.com/go-jose/go-jose/v4 v4.0.2 h1:R3l3kkBds16bO7ZFAEEcofK0MkrAJt3jlJznWZG0nvk=
github.com/go-jose/go-jose/v4 v4.0.2/go.mod h1:WVf9LFMHh/QVrmqrOfqun0C45tMe3RoiKJMPvgWwLfY=
github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY=
Expand Down Expand Up @@ -301,8 +303,8 @@ github.com/gorilla/securecookie v1.1.1 h1:miw7JPhV+b/lAHSXz4qd/nN9jRiAFV5FwjeKyC
github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4=
github.com/gorse-io/clickhouse v0.3.3-0.20220715124633-688011a495bb h1:z/oOWE+Vy0PLcwIulZmIug4FtmvE3dJ1YOGprLeHwwY=
github.com/gorse-io/clickhouse v0.3.3-0.20220715124633-688011a495bb/go.mod h1:iILWzbul8U+gsf4kqbheF2QzBmdvVp63mloGGK8emDI=
github.com/gorse-io/dashboard v0.0.0-20241112140226-19a1b322242c h1:OtOi5F+9Kou/ji0WwiJqVB82sB83279CpzfZcBdnJrU=
github.com/gorse-io/dashboard v0.0.0-20241112140226-19a1b322242c/go.mod h1:iWSDK04UCelym9Uy4YY/tDa6cMGTLpN49Najyhuv35A=
github.com/gorse-io/dashboard v0.0.0-20241115145254-4def1c814899 h1:1BQ8+NLDKMYp7BcBhjJgEska+Gt8t2JTj6Rj0afYwG8=
github.com/gorse-io/dashboard v0.0.0-20241115145254-4def1c814899/go.mod h1:LBLzsMv3XVLmpaM/1q8/sGvv2Avj1YxmHBZfXcdqRjU=
github.com/gorse-io/gorgonia v0.0.0-20230817132253-6dd1dbf95849 h1:Hwywr6NxzYeZYn35KwOsw7j8ZiMT60TBzpbn1MbEido=
github.com/gorse-io/gorgonia v0.0.0-20230817132253-6dd1dbf95849/go.mod h1:TtVGAt7ENNmgBnC0JA68CAjIDCEtcqaRHvnkAWJ/Fu0=
github.com/gorse-io/sqlite v1.3.3-0.20220713123255-c322aec4e59e h1:uPQtYQzG1QcC3Qbv+tuEe8Q2l++V4KEcqYSSwB9qobg=
Expand Down Expand Up @@ -377,6 +379,8 @@ github.com/jackc/puddle v1.1.3/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dv
github.com/jackc/puddle v1.2.1/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk=
github.com/jaswdr/faker v1.16.0 h1:5ZjusQbqIZwJnUymPirNKJI1yFCuozdSR9oeYPgD5Uk=
github.com/jaswdr/faker v1.16.0/go.mod h1:x7ZlyB1AZqwqKZgyQlnqEG8FDptmHlncA5u2zY/yi6w=
github.com/jellydator/ttlcache/v3 v3.3.0 h1:BdoC9cE81qXfrxeb9eoJi9dWrdhSuwXMAnHTbnBm4Wc=
github.com/jellydator/ttlcache/v3 v3.3.0/go.mod h1:bj2/e0l4jRnQdrnSTaGTsh4GSXvMjQcy41i7th0GVGw=
github.com/jinzhu/inflection v1.0.0 h1:K317FqzuhWc8YvSVlFMCCUb36O/S9MCKRDI7QkRKD/E=
github.com/jinzhu/inflection v1.0.0/go.mod h1:h+uFLlag+Qp1Va5pdKtLDYj+kHp5pxUVkryuEj+Srlc=
github.com/jinzhu/now v1.1.4/go.mod h1:d3SSVoowX0Lcu0IBviAWJpolVfI5UJVZZ7cO71lE/z8=
Expand Down Expand Up @@ -678,7 +682,6 @@ go.uber.org/atomic v1.6.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ=
go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
go.uber.org/atomic v1.10.0 h1:9qC72Qh0+3MqyJbAn8YU5xVq1frD8bn3JtD2oXtafVQ=
go.uber.org/atomic v1.10.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0=
go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A=
go.uber.org/goleak v1.1.11/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ=
go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
Expand Down Expand Up @@ -837,6 +840,8 @@ golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ
golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc=
golang.org/x/oauth2 v0.22.0 h1:BzDx2FehcG7jJwgWLELCdmLuxk2i+x9UDpSiss2u0ZA=
golang.org/x/oauth2 v0.22.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
Expand Down Expand Up @@ -965,7 +970,6 @@ golang.org/x/tools v0.0.0-20190927191325-030b2cf1153e/go.mod h1:b+2E5dAYhXwXZwtn
golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20191029041327-9cc4af7d6b2c/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20191029190741-b9c20aec41a5/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20191108193012-7d206e10da11/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
Expand Down Expand Up @@ -1001,7 +1005,6 @@ golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4f
golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
golang.org/x/tools v0.0.0-20210108195828-e2f9c7f1fc8e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
golang.org/x/tools v0.0.0-20210112230658-8b4aab62c064/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0=
golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
Expand Down
39 changes: 31 additions & 8 deletions master/master.go
Original file line number Diff line number Diff line change
Expand Up @@ -24,8 +24,9 @@ import (
"sync"
"time"

"github.com/ReneKroon/ttlcache/v2"
"github.com/coreos/go-oidc/v3/oidc"
"github.com/emicklei/go-restful/v3"
"github.com/jellydator/ttlcache/v3"
"github.com/juju/errors"
"github.com/zhenghaoz/gorse/base"
"github.com/zhenghaoz/gorse/base/encoding"
Expand All @@ -45,6 +46,7 @@ import (
"go.opentelemetry.io/otel"
"go.opentelemetry.io/otel/propagation"
"go.uber.org/zap"
"golang.org/x/oauth2"
"google.golang.org/grpc"
)

Expand All @@ -67,7 +69,7 @@ type Master struct {
managedMode bool

// cluster meta cache
ttlCache *ttlcache.Cache
ttlCache *ttlcache.Cache[string, *Node]
nodesInfo map[string]*Node
nodesInfoMutex sync.RWMutex

Expand All @@ -92,6 +94,11 @@ type Master struct {
clickModelMutex sync.RWMutex
clickModelSearcher *click.ModelSearcher

// oauth2
oauth2Config oauth2.Config
verifier *oidc.IDTokenVerifier
tokenCache *ttlcache.Cache[string, UserInfo]

localCache *LocalCache

// events
Expand Down Expand Up @@ -210,12 +217,10 @@ func (m *Master) Serve() {
}

// create cluster meta cache
m.ttlCache = ttlcache.NewCache()
m.ttlCache.SetExpirationCallback(m.nodeDown)
m.ttlCache.SetNewItemCallback(m.nodeUp)
if err = m.ttlCache.SetTTL(m.Config.Master.MetaTimeout + 10*time.Second); err != nil {
log.Logger().Fatal("failed to set TTL", zap.Error(err))
}
m.ttlCache = ttlcache.New[string, *Node](
ttlcache.WithTTL[string, *Node](m.Config.Master.MetaTimeout + 10*time.Second))
m.ttlCache.OnEviction(m.nodeDown)
go m.ttlCache.Start()

// connect data database
m.DataClient, err = data.Open(m.Config.Database.DataStore, m.Config.Database.DataTablePrefix)
Expand Down Expand Up @@ -262,6 +267,24 @@ func (m *Master) Serve() {
}
}()

if m.Config.OIDC.Enable {
provider, err := oidc.NewProvider(context.Background(), m.Config.OIDC.Issuer)
if err != nil {
log.Logger().Error("failed to create oidc provider", zap.Error(err))
} else {
m.verifier = provider.Verifier(&oidc.Config{ClientID: m.Config.OIDC.ClientID})
m.oauth2Config = oauth2.Config{
ClientID: m.Config.OIDC.ClientID,
ClientSecret: m.Config.OIDC.ClientSecret,
RedirectURL: m.Config.OIDC.RedirectURL,
Endpoint: provider.Endpoint(),
Scopes: []string{oidc.ScopeOpenID, "profile", "email"},
}
m.tokenCache = ttlcache.New(ttlcache.WithTTL[string, UserInfo](time.Hour))
go m.tokenCache.Start()
}
}

// start http server
m.StartHttpServer()
}
Expand Down
Loading

0 comments on commit a323b17

Please sign in to comment.