123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220 |
- package rest
- import (
- "errors"
- "fmt"
- "net/http"
- "time"
- "git.i2edu.net/i2/go-zero/core/codec"
- "git.i2edu.net/i2/go-zero/core/load"
- "git.i2edu.net/i2/go-zero/core/stat"
- "git.i2edu.net/i2/go-zero/rest/handler"
- "git.i2edu.net/i2/go-zero/rest/httpx"
- "git.i2edu.net/i2/go-zero/rest/internal"
- "git.i2edu.net/i2/go-zero/rest/router"
- "github.com/justinas/alice"
- )
- // use 1000m to represent 100%
- const topCpuUsage = 1000
- // ErrSignatureConfig is an error that indicates bad config for signature.
- var ErrSignatureConfig = errors.New("bad config for Signature")
- type engine struct {
- conf RestConf
- routes []featuredRoutes
- unauthorizedCallback handler.UnauthorizedCallback
- unsignedCallback handler.UnsignedCallback
- middlewares []Middleware
- shedder load.Shedder
- priorityShedder load.Shedder
- }
- func newEngine(c RestConf) *engine {
- srv := &engine{
- conf: c,
- }
- if c.CpuThreshold > 0 {
- srv.shedder = load.NewAdaptiveShedder(load.WithCpuThreshold(c.CpuThreshold))
- srv.priorityShedder = load.NewAdaptiveShedder(load.WithCpuThreshold(
- (c.CpuThreshold + topCpuUsage) >> 1))
- }
- return srv
- }
- func (s *engine) AddRoutes(r featuredRoutes) {
- s.routes = append(s.routes, r)
- }
- func (s *engine) SetUnauthorizedCallback(callback handler.UnauthorizedCallback) {
- s.unauthorizedCallback = callback
- }
- func (s *engine) SetUnsignedCallback(callback handler.UnsignedCallback) {
- s.unsignedCallback = callback
- }
- func (s *engine) Start() error {
- return s.StartWithRouter(router.NewRouter())
- }
- func (s *engine) StartWithRouter(router httpx.Router) error {
- if err := s.bindRoutes(router); err != nil {
- return err
- }
- if len(s.conf.CertFile) == 0 && len(s.conf.KeyFile) == 0 {
- return internal.StartHttp(s.conf.Host, s.conf.Port, router)
- }
- return internal.StartHttps(s.conf.Host, s.conf.Port, s.conf.CertFile, s.conf.KeyFile, router)
- }
- func (s *engine) appendAuthHandler(fr featuredRoutes, chain alice.Chain,
- verifier func(alice.Chain) alice.Chain) alice.Chain {
- if fr.jwt.enabled {
- if len(fr.jwt.prevSecret) == 0 {
- chain = chain.Append(handler.Authorize(fr.jwt.secret,
- handler.WithUnauthorizedCallback(s.unauthorizedCallback)))
- } else {
- chain = chain.Append(handler.Authorize(fr.jwt.secret,
- handler.WithPrevSecret(fr.jwt.prevSecret),
- handler.WithUnauthorizedCallback(s.unauthorizedCallback)))
- }
- }
- return verifier(chain)
- }
- func (s *engine) bindFeaturedRoutes(router httpx.Router, fr featuredRoutes, metrics *stat.Metrics) error {
- verifier, err := s.signatureVerifier(fr.signature)
- if err != nil {
- return err
- }
- for _, route := range fr.routes {
- if err := s.bindRoute(fr, router, metrics, route, verifier); err != nil {
- return err
- }
- }
- return nil
- }
- func (s *engine) bindRoute(fr featuredRoutes, router httpx.Router, metrics *stat.Metrics,
- route Route, verifier func(chain alice.Chain) alice.Chain) error {
- chain := alice.New(
- handler.TracingHandler,
- s.getLogHandler(),
- handler.PrometheusHandler(route.Path),
- handler.MaxConns(s.conf.MaxConns),
- handler.BreakerHandler(route.Method, route.Path, metrics),
- handler.SheddingHandler(s.getShedder(fr.priority), metrics),
- handler.TimeoutHandler(time.Duration(s.conf.Timeout)*time.Millisecond),
- handler.RecoverHandler,
- handler.MetricHandler(metrics),
- handler.MaxBytesHandler(s.conf.MaxBytes),
- handler.GunzipHandler,
- )
- chain = s.appendAuthHandler(fr, chain, verifier)
- for _, middleware := range s.middlewares {
- chain = chain.Append(convertMiddleware(middleware))
- }
- handle := chain.ThenFunc(route.Handler)
- return router.Handle(route.Method, route.Path, handle)
- }
- func (s *engine) bindRoutes(router httpx.Router) error {
- metrics := s.createMetrics()
- for _, fr := range s.routes {
- if err := s.bindFeaturedRoutes(router, fr, metrics); err != nil {
- return err
- }
- }
- return nil
- }
- func (s *engine) createMetrics() *stat.Metrics {
- var metrics *stat.Metrics
- if len(s.conf.Name) > 0 {
- metrics = stat.NewMetrics(s.conf.Name)
- } else {
- metrics = stat.NewMetrics(fmt.Sprintf("%s:%d", s.conf.Host, s.conf.Port))
- }
- return metrics
- }
- func (s *engine) getLogHandler() func(http.Handler) http.Handler {
- if s.conf.Verbose {
- return handler.DetailedLogHandler
- }
- return handler.LogHandler
- }
- func (s *engine) getShedder(priority bool) load.Shedder {
- if priority && s.priorityShedder != nil {
- return s.priorityShedder
- }
- return s.shedder
- }
- func (s *engine) signatureVerifier(signature signatureSetting) (func(chain alice.Chain) alice.Chain, error) {
- if !signature.enabled {
- return func(chain alice.Chain) alice.Chain {
- return chain
- }, nil
- }
- if len(signature.PrivateKeys) == 0 {
- if signature.Strict {
- return nil, ErrSignatureConfig
- }
- return func(chain alice.Chain) alice.Chain {
- return chain
- }, nil
- }
- decrypters := make(map[string]codec.RsaDecrypter)
- for _, key := range signature.PrivateKeys {
- fingerprint := key.Fingerprint
- file := key.KeyFile
- decrypter, err := codec.NewRsaDecrypter(file)
- if err != nil {
- return nil, err
- }
- decrypters[fingerprint] = decrypter
- }
- return func(chain alice.Chain) alice.Chain {
- if s.unsignedCallback != nil {
- return chain.Append(handler.ContentSecurityHandler(
- decrypters, signature.Expiry, signature.Strict, s.unsignedCallback))
- }
- return chain.Append(handler.ContentSecurityHandler(
- decrypters, signature.Expiry, signature.Strict))
- }, nil
- }
- func (s *engine) use(middleware Middleware) {
- s.middlewares = append(s.middlewares, middleware)
- }
- func convertMiddleware(ware Middleware) func(http.Handler) http.Handler {
- return func(next http.Handler) http.Handler {
- return ware(next.ServeHTTP)
- }
- }
|