Unified authorization service for Venus cluster
- Permission Validation
- Log collection (Provide influxdb storage solution)
- RESTful API
Use Venus Issues for reporting issues about this repository.
$ git clone https://github.com/ipfs-force-community/sophon-auth.git
$ export GOPROXY=https://goproxy.io,direct
$ export GO111MODULE=on
$ make
$ sophon-auth
-
method: POST
-
route : http://localhost:8989/verify
-
Body params:
name | type | desc | e.g. |
---|---|---|---|
token | string | jwt token | eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoiUmVubmJvbiIsInBlcm0iOiJhZG1pbiIsImV4dCI6ImV5SkJiR3h2ZHlJNld5SnlaV0ZrSWl3aWQzSnBkR1VpTENKemFXZHVJaXdpWVdSdGFXNGlYWDAifQ.gONkC1v8AuY-ZP2WhU62EonWmyPeOW1pFhnRM-Fl7ko |
- response
# status 200 :
{
"name": "Rennbon",
"perm": "admin",
"ext": "eyJBbGxvdyI6WyJyZWFkIiwid3JpdGUiLCJzaWduIiwiYWRtaW4iXX0"
}
# status 401:
{
"error": "A non-registered token"
}
- method: POST
- route : http://localhost:8989/genToken
- Body params:
name | type | desc | e.g. |
---|---|---|---|
name | string | The name of the description | Rennbon |
perm | string | admin,sign,write,read | admin |
extra | string | custom payload |
- response
# status 200 :
{
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoiUmVubmJvbiIsInBlcm0iOiJhZG1pbiIsImV4dCI6ImV5SkJiR3h2ZHlJNld5SnlaV0ZrSWl3aWQzSnBkR1VpTENKemFXZHVJaXdpWVdSdGFXNGlYWDAifQ.gONkC1v8AuY-ZP2WhU62EonWmyPeOW1pFhnRM-Fl7ko"
}
- method: DELETE
- route : http://localhost:8989/token
- Body params:
name | type | desc | e.g. |
---|---|---|---|
token | string | jwt token | eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoiUmVubmJvbiIsInBlcm0iOiJhZG1pbiIsImV4dCI6ImV5SkJiR3h2ZHlJNld5SnlaV0ZrSWl3aWQzSnBkR1VpTENKemFXZHVJaXdpWVdSdGFXNGlYWDAifQ.gONkC1v8AuY-ZP2WhU62EonWmyPeOW1pFhnRM-Fl7ko |
- response
# status 200
- method: GET
- route : http://localhost:8989/tokens
name | type | desc | e.g. |
---|---|---|---|
skip | int | >= 0 | 1 |
limit | int | > 0 | 20 |
- response
# status 200
[
{
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoiUmVubmJvbiIsInBlcm0iOiJhZG1pbiIsImV4dCI6ImV5SkJiR3h2ZHlJNld5SnlaV0ZrSWl3aWQzSnBkR1VpTENKemFXZHVJaXdpWVdSdGFXNGlYWDAifQ.Ct8Lc-lc1nppIejRz-y0ht7yAnzB0-bpwk4Vkk0k-TM",
"name": "Rennbon",
"createTime": "2021-03-30T17:02:32.347018+08:00"
},
{
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoibG90dXMtbWluZXIiLCJwZXJtIjoiYWRtaW4iLCJleHQiOiJleUpCYkd4dmR5STZXeUp5WldGa0lpd2lkM0pwZEdVaUxDSnphV2R1SWl3aVlXUnRhVzRpWFgwIn0.cwK2GgDydEY8pC8NBW2wlOBaoxDZhIdA1xgV6WSF63g",
"name": "lotus-miner",
"createTime": "2021-04-01T15:57:39.858826+08:00"
}
]
# show help
$ ./sophon-auth token gen -h
USAGE:
sophon-auth token gen [command options] [name]
OPTIONS:
--perm value permission for API auth (read, write, sign, admin) (default: "read")
--extra value custom string in JWT payload
$ ./sophon-auth token gen token1 --perm admin --extra custom_str
generate token success: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoidG9rZW4xIiwicGVybSI6InJlYWQiLCJleHQiOiIifQ.s3jvO-yewsf3PHMF-tsWSbb-3aW7V-tlMsnEAkYdxgA
# show help
$ ./sophon-auth token list -h
USAGE:
sophon-auth token list [command options] [arguments...]
OPTIONS:
--skip value (default: 0)
--limit value (default: 20)
--help, -h show help (default: false)
$ ./sophon-auth token list --skip 0 --limit 10
num name perm createTime token
1 token1 admin 2021-05-31 18:45:02 eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoidG9rZW4xIiwicGVybSI6InJlYWQiLCJleHQiOiIifQ.s3jvO-yewsf3PHMF-tsWSbb-3aW7V-tlMsnEAkYdxgA
2 token2 read 2021-06-18 13:31:47 eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoiZmF0bWFuMTMiLCJwZXJtIjoicmVhZCIsImV4dCI6IiJ9.F0frWmZSsEpyZIY_VOQ9WiAVxAfzqUdhvrU16ltbP9U
3 token3 write 2021-06-19 00:14:02 eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoiZmF0bWFuMTMiLCJwZXJtIjoid3JpdGUiLCJleHQiOiIifQ.Txu3yYCAtbKL9jSzsf3ldDWz7WX5F3w7RnQBDzMtY-0
4 token4 sign 2021-07-06 11:14:06 eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoiaGUiLCJwZXJtIjoicmVhZCIsImV4dCI6IiJ9.Hjmnh4snGYc1lT2PplH4tffIdBNta7QPRiwCeWsty2s
# show help
$ ./sophon-auth token rm -h
USAGE:
sophon-auth token rm [command options] [token]
OPTIONS:
--help, -h show help (default: false)
$ ./sophon-auth token rm eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoidG9rZW4xIiwicGVybSI6InJlYWQiLCJleHQiOiIifQ.s3jvO-yewsf3PHMF-tsWSbb-3aW7V-tlMsnEAkYdxgA
remove token success: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoidG9rZW4xIiwicGVybSI6InJlYWQiLCJleHQiOiIifQ.s3jvO-yewsf3PHMF-tsWSbb-3aW7V-tlMsnEAkYdxgA
the default config path is "~/.auth-auth/config.toml"
Listen = "127.0.0.1:8989"
ReadTimeout = "1m"
WriteTimeout = "1m"
IdleTimeout = "1m"
[db]
# support: badger (default), mysql
# the mysql DDL is in the script package
type = "badger"
# The following parameters apply to MySQL
DSN = "rennbon:111111@(127.0.0.1:3306)/auth_server?parseTime=true&loc=Local&charset=utf8mb4&collation=utf8mb4_unicode_ci&readTimeout=10s&writeTimeout=10s"
# conns 1500 concurrent
maxOpenConns = 64
maxIdleConns = 128
maxLifeTime = "120s"
maxIdleTime = "30s"
[log]
# trace,debug,info,warning,error,fatal,panic
# output level
logLevel = trace
# db type, 1:influxDB
type = 1
# db hook switch
hookSwitch = true
[Trace]
# Enable trace
JaegerTracingEnabled = true
# Frequency of collection
ProbabilitySampler = 1.0
JaegerEndpoint = "127.0.0.1:6831"
ServerName = "sophon-auth"
- influxdb-docker-compose.yml => rename docker-compose.yml and install influxdb in docker
- influxDB_view.md => histogram and graph view config