-
Notifications
You must be signed in to change notification settings - Fork 44
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'release/0.54.0' into main
- Loading branch information
Showing
193 changed files
with
11,974 additions
and
8,156 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1 @@ | ||
0.53.0 | ||
0.54.0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
70 changes: 70 additions & 0 deletions
70
backend/components/admin/src/main/java/co/airy/core/admin/RegistryProxy.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,70 @@ | ||
package co.airy.core.admin; | ||
|
||
import org.springframework.beans.factory.annotation.Value; | ||
import org.springframework.http.HttpEntity; | ||
import org.springframework.http.HttpHeaders; | ||
import org.springframework.http.HttpMethod; | ||
import org.springframework.http.ResponseEntity; | ||
import org.springframework.retry.annotation.Retryable; | ||
import org.springframework.web.bind.annotation.RequestBody; | ||
import org.springframework.web.bind.annotation.RequestMapping; | ||
import org.springframework.web.bind.annotation.RestController; | ||
import org.springframework.web.client.HttpStatusCodeException; | ||
import org.springframework.web.client.RestTemplate; | ||
import org.springframework.web.util.UriComponentsBuilder; | ||
|
||
import javax.servlet.http.HttpServletRequest; | ||
import java.net.URI; | ||
import java.util.Enumeration; | ||
|
||
@RestController | ||
public class RegistryProxy { | ||
private final String upstreamHost; | ||
private final int upstreamPort; | ||
private final RestTemplate restTemplate; | ||
|
||
public RegistryProxy(@Value("${KAFKA_REST_UPSTREAM_HOST}") String upstreamHost, | ||
@Value("${KAFKA_REST_UPSTREAM_PORT:80}") int upstreamPort, RestTemplate restTemplate) { | ||
this.upstreamHost = upstreamHost; | ||
this.upstreamPort = upstreamPort; | ||
this.restTemplate = restTemplate; | ||
} | ||
|
||
|
||
@RequestMapping("/kafka/**") | ||
public ResponseEntity<?> proxyRequest(@RequestBody(required = false) String body, HttpMethod method, HttpServletRequest request) { | ||
return executeRequest(body, method, request); | ||
} | ||
|
||
@Retryable(exclude = { | ||
HttpStatusCodeException.class}, include = Exception.class, maxAttempts = 3) | ||
public ResponseEntity<?> executeRequest(String body, | ||
HttpMethod method, HttpServletRequest request) { | ||
String requestUrl = request.getRequestURI(); | ||
|
||
URI uri = UriComponentsBuilder.newInstance() | ||
.scheme("http") | ||
.host(upstreamHost) | ||
.port(upstreamPort) | ||
.path(requestUrl.replace("/kafka", "")) | ||
.query(request.getQueryString()) | ||
.build(true).toUri(); | ||
|
||
HttpHeaders headers = new HttpHeaders(); | ||
Enumeration<String> headerNames = request.getHeaderNames(); | ||
|
||
while (headerNames.hasMoreElements()) { | ||
String headerName = headerNames.nextElement(); | ||
headers.set(headerName, request.getHeader(headerName)); | ||
} | ||
|
||
HttpEntity<String> httpEntity = new HttpEntity<>(body, headers); | ||
try { | ||
return restTemplate.exchange(uri, method, httpEntity, String.class); | ||
} catch (HttpStatusCodeException e) { | ||
return ResponseEntity.status(e.getRawStatusCode()) | ||
.headers(e.getResponseHeaders()) | ||
.body(e.getResponseBodyAsString()); | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,54 @@ | ||
load("@com_github_airyhq_bazel_tools//lint:buildifier.bzl", "check_pkg") | ||
|
||
# gazelle:prefix github.com/airyhq/airy/backend/components/streams | ||
load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library") | ||
load("@io_bazel_rules_docker//go:image.bzl", "go_image") | ||
load("//tools/build:container_release.bzl", "container_release") | ||
|
||
go_library( | ||
name = "streams_lib", | ||
srcs = [ | ||
"auth.go", | ||
"cors.go", | ||
"main.go", | ||
"streams_create.go", | ||
"streams_delete.go", | ||
"streams_info.go", | ||
"streams_list.go", | ||
], | ||
importpath = "github.com/airyhq/airy/backend/components/streams", | ||
visibility = ["//visibility:private"], | ||
deps = [ | ||
"//lib/go/httpclient", | ||
"//lib/go/payloads", | ||
"@com_github_golang_jwt_jwt//:jwt", | ||
"@com_github_gorilla_mux//:mux", | ||
"@io_k8s_klog//:klog", | ||
], | ||
) | ||
|
||
go_binary( | ||
name = "streams", | ||
out = "streams", | ||
embed = [":streams_lib"], | ||
visibility = ["//visibility:public"], | ||
) | ||
|
||
genrule( | ||
name = "streams_bin_rule", | ||
srcs = [":streams"], | ||
outs = ["streams_bin"], | ||
cmd = "cp $(SRCS) $@", | ||
) | ||
|
||
go_image( | ||
name = "image", | ||
embed = [":streams_lib"], | ||
) | ||
|
||
container_release( | ||
registry = "ghcr.io/airyhq/api/components", | ||
repository = "streams", | ||
) | ||
|
||
check_pkg(name = "buildifier") |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,108 @@ | ||
package main | ||
|
||
import ( | ||
"context" | ||
"encoding/base64" | ||
"log" | ||
"net/http" | ||
"regexp" | ||
"strings" | ||
|
||
"github.com/golang-jwt/jwt" | ||
"k8s.io/klog" | ||
) | ||
|
||
type EnableAuthMiddleware struct { | ||
pattern *regexp.Regexp | ||
} | ||
|
||
// MustNewAuthMiddleware Only paths that match the regexp pattern will be authenticated | ||
func MustNewAuthMiddleware(pattern string) EnableAuthMiddleware { | ||
r, err := regexp.Compile(pattern) | ||
if err != nil { | ||
log.Fatal(err) | ||
} | ||
return EnableAuthMiddleware{pattern: r} | ||
} | ||
|
||
func (a EnableAuthMiddleware) Middleware(next http.Handler) http.Handler { | ||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { | ||
ctx := r.Context() | ||
if !a.pattern.MatchString(r.URL.Path) { | ||
next.ServeHTTP(w, r) | ||
return | ||
} | ||
|
||
// Auth middlewares attach a flag to the context indicating that authentication was successful | ||
if val, ok := ctx.Value("auth").(bool); ok && val { | ||
next.ServeHTTP(w, r) | ||
} else { | ||
http.Error(w, "Forbidden", http.StatusForbidden) | ||
} | ||
}) | ||
} | ||
|
||
type SystemTokenMiddleware struct { | ||
systemToken string | ||
} | ||
|
||
func NewSystemTokenMiddleware(systemToken string) SystemTokenMiddleware { | ||
return SystemTokenMiddleware{systemToken: systemToken} | ||
} | ||
|
||
func (s SystemTokenMiddleware) Middleware(next http.Handler) http.Handler { | ||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { | ||
authPayload := r.Header.Get("Authorization") | ||
authPayload = strings.TrimPrefix(authPayload, "Bearer ") | ||
|
||
if authPayload == s.systemToken { | ||
ctx := context.WithValue(r.Context(), "auth", true) | ||
next.ServeHTTP(w, r.WithContext(ctx)) | ||
return | ||
} | ||
next.ServeHTTP(w, r) | ||
}) | ||
} | ||
|
||
type JwtMiddleware struct { | ||
jwtSecret []byte | ||
} | ||
|
||
func NewJwtMiddleware(jwtSecret string) JwtMiddleware { | ||
data, err := base64.StdEncoding.DecodeString(jwtSecret) | ||
if err != nil { | ||
klog.Fatal("failed to base64 decode jwt secret: ", err) | ||
} | ||
|
||
return JwtMiddleware{jwtSecret: data} | ||
} | ||
|
||
func (j JwtMiddleware) Middleware(next http.Handler) http.Handler { | ||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { | ||
authPayload := r.Header.Get("Authorization") | ||
authPayload = strings.TrimPrefix(authPayload, "Bearer ") | ||
if authPayload == "" { | ||
authPayload = getAuthCookie(r) | ||
} | ||
|
||
token, err := jwt.Parse(authPayload, func(token *jwt.Token) (interface{}, error) { | ||
return j.jwtSecret, nil | ||
}) | ||
|
||
if err != nil || !token.Valid { | ||
next.ServeHTTP(w, r) | ||
return | ||
} | ||
|
||
ctx := context.WithValue(r.Context(), "auth", true) | ||
next.ServeHTTP(w, r.WithContext(ctx)) | ||
}) | ||
} | ||
|
||
func getAuthCookie(r *http.Request) string { | ||
cookie, err := r.Cookie("airy_auth_token") | ||
if err != nil { | ||
return "" | ||
} | ||
return cookie.Value | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,49 @@ | ||
package main | ||
|
||
import ( | ||
"net/http" | ||
"strings" | ||
) | ||
|
||
type CORS struct { | ||
allowedOrigins map[string]struct{} | ||
} | ||
|
||
func NewCORSMiddleware(allowedOrigins string) CORS { | ||
cors := CORS{allowedOrigins: make(map[string]struct{})} | ||
|
||
for _, origin := range strings.Split(allowedOrigins, ",") { | ||
cors.allowedOrigins[origin] = struct{}{} | ||
} | ||
|
||
return cors | ||
} | ||
|
||
func (c *CORS) Middleware(next http.Handler) http.Handler { | ||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { | ||
|
||
origin := r.Header.Get("Origin") | ||
_, allowed := c.allowedOrigins[origin] | ||
|
||
if !allowed && r.Method == "OPTIONS" { | ||
w.WriteHeader(http.StatusForbidden) | ||
return | ||
} | ||
|
||
if allowed { | ||
w.Header().Set("Access-Control-Allow-Credentials", "true") | ||
w.Header().Set("Access-Control-Allow-Origin", origin) | ||
w.Header().Set("Access-Control-Allow-Methods", "POST, GET") | ||
w.Header().Set( | ||
"Access-Control-Allow-Headers", | ||
"Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Requested-With, X-XSRF-Token", | ||
) | ||
} | ||
|
||
if r.Method == "OPTIONS" { | ||
return | ||
} | ||
|
||
next.ServeHTTP(w, r) | ||
}) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
load("//tools/build:helm.bzl", "helm_ruleset_core_version") | ||
|
||
helm_ruleset_core_version() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
apiVersion: v2 | ||
appVersion: "1.0" | ||
description: A Helm chart for the streams backend | ||
name: api-streams | ||
version: 0.1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
apiVersion: v1 | ||
kind: ConfigMap | ||
metadata: | ||
name: "{{ .Values.name }}" | ||
labels: | ||
core.airy.co/managed: "true" | ||
core.airy.co/mandatory: "{{ .Values.mandatory }}" | ||
core.airy.co/component: "{{ .Values.name }}" | ||
annotations: | ||
core.airy.co/enabled: "{{ .Values.enabled }}" |
Oops, something went wrong.