2024-08-07 16:09:40 +02:00
|
|
|
// Copyright (C) NHR@FAU, University Erlangen-Nuremberg.
|
|
|
|
// All rights reserved.
|
|
|
|
// Use of this source code is governed by a MIT-style
|
|
|
|
// license that can be found in the LICENSE file.
|
|
|
|
package natsMessenger
|
|
|
|
|
|
|
|
import (
|
2024-08-12 15:55:26 +02:00
|
|
|
"crypto/ed25519"
|
2024-08-12 09:03:53 +02:00
|
|
|
"database/sql"
|
2024-08-12 15:55:26 +02:00
|
|
|
"encoding/base64"
|
2024-08-07 16:09:40 +02:00
|
|
|
"encoding/json"
|
2024-08-12 09:03:53 +02:00
|
|
|
"errors"
|
2024-08-07 16:09:40 +02:00
|
|
|
"fmt"
|
2024-08-12 15:55:26 +02:00
|
|
|
"os"
|
2024-08-13 10:33:41 +02:00
|
|
|
"sync"
|
2024-08-07 16:09:40 +02:00
|
|
|
"time"
|
|
|
|
|
2024-08-12 09:03:53 +02:00
|
|
|
"github.com/ClusterCockpit/cc-backend/internal/importer"
|
|
|
|
"github.com/ClusterCockpit/cc-backend/internal/repository"
|
2024-08-07 16:09:40 +02:00
|
|
|
"github.com/ClusterCockpit/cc-backend/pkg/log"
|
|
|
|
"github.com/ClusterCockpit/cc-backend/pkg/schema"
|
2024-08-12 15:55:26 +02:00
|
|
|
"github.com/golang-jwt/jwt/v5"
|
2024-08-07 16:09:40 +02:00
|
|
|
"github.com/nats-io/nats-server/v2/server"
|
|
|
|
"github.com/nats-io/nats.go"
|
|
|
|
)
|
|
|
|
|
|
|
|
type NatsMessenger struct {
|
|
|
|
Server *server.Server
|
|
|
|
Connection *nats.Conn
|
|
|
|
Subscriptions []*nats.Subscription
|
2024-08-12 09:03:53 +02:00
|
|
|
JobRepository *repository.JobRepository
|
2024-08-12 15:55:26 +02:00
|
|
|
jwtPubKey ed25519.PublicKey
|
2024-08-07 16:09:40 +02:00
|
|
|
}
|
|
|
|
|
2024-08-13 10:33:41 +02:00
|
|
|
var natsMessengerInstance *NatsMessenger
|
|
|
|
var once sync.Once
|
2024-08-07 16:09:40 +02:00
|
|
|
|
|
|
|
type DevNatsMessage struct {
|
|
|
|
Content string `json:"content"`
|
|
|
|
}
|
|
|
|
|
2024-08-12 09:03:53 +02:00
|
|
|
// StartJobNatsResponse model
|
|
|
|
type StartJobNatsResponse struct {
|
|
|
|
// Database ID of new job
|
|
|
|
DBID int64 `json:"id"`
|
2024-08-07 16:09:40 +02:00
|
|
|
}
|
|
|
|
|
2024-08-12 09:03:53 +02:00
|
|
|
// StopJobNatsRequest model
|
|
|
|
type StopJobNatsRequest struct {
|
2024-08-07 16:09:40 +02:00
|
|
|
JobId *int64 `json:"jobId" example:"123000"`
|
|
|
|
Cluster *string `json:"cluster" example:"fritz"`
|
|
|
|
StartTime *int64 `json:"startTime" example:"1649723812"`
|
|
|
|
State schema.JobState `json:"jobState" validate:"required" example:"completed"`
|
|
|
|
StopTime int64 `json:"stopTime" validate:"required" example:"1649763839"`
|
|
|
|
}
|
|
|
|
|
2024-08-12 09:03:53 +02:00
|
|
|
// DeleteJobNatsRequest model
|
|
|
|
type DeleteJobNatsRequest struct {
|
2024-08-07 16:09:40 +02:00
|
|
|
JobId *int64 `json:"jobId" validate:"required" example:"123000"` // Cluster Job ID of job
|
|
|
|
Cluster *string `json:"cluster" example:"fritz"` // Cluster of job
|
|
|
|
StartTime *int64 `json:"startTime" example:"1649723812"` // Start Time of job as epoch
|
|
|
|
}
|
|
|
|
|
2024-08-12 09:03:53 +02:00
|
|
|
// jobEventNatsRequest model
|
|
|
|
type ReceiveEventNatsRequest struct {
|
|
|
|
JobId *int64 `json:"jobId" validate:"required" example:"123000"` // Cluster Job ID of job
|
|
|
|
Cluster *string `json:"cluster" example:"fritz"` // Cluster of job
|
|
|
|
StartTime *int64 `json:"startTime" example:"1649723812"` // Start Time of job as epoch
|
|
|
|
Metric *string `json:"metric" example:"cpu_power"` // Event Target Metric for Job
|
|
|
|
Timestamp *int64 `json:"timestamp" example:"1649724000"` // Event Timestamp
|
|
|
|
Event *string `json:"event" example:"powercap"` // Event Name / Type
|
|
|
|
Value *int64 `json:"value,omitempty" example:"150"` // Optional Value Set for Evenr, eg powercap
|
2024-08-07 16:09:40 +02:00
|
|
|
}
|
|
|
|
|
2024-08-13 10:33:41 +02:00
|
|
|
// Get Singleton
|
|
|
|
func GetNatsMessenger(config *schema.NatsConfig) *NatsMessenger {
|
2024-08-07 16:09:40 +02:00
|
|
|
// Check if Config present
|
|
|
|
if config == nil {
|
|
|
|
log.Info("No NATS config found: Skip NATS init.")
|
2024-08-13 10:33:41 +02:00
|
|
|
return nil
|
2024-08-12 15:55:26 +02:00
|
|
|
}
|
|
|
|
|
2024-08-13 10:33:41 +02:00
|
|
|
if natsMessengerInstance == nil {
|
|
|
|
once.Do(
|
|
|
|
func() {
|
|
|
|
// Raw Init
|
|
|
|
var err error
|
|
|
|
natsMessengerInstance = &NatsMessenger{
|
|
|
|
Server: nil,
|
|
|
|
Connection: nil,
|
|
|
|
Subscriptions: []*nats.Subscription{},
|
|
|
|
JobRepository: repository.GetJobRepository(),
|
|
|
|
jwtPubKey: nil,
|
|
|
|
}
|
|
|
|
// Init JWT PubKey
|
|
|
|
pubKey := os.Getenv("JWT_PUBLIC_KEY")
|
|
|
|
if pubKey == "" {
|
|
|
|
log.Warn("environment variable 'JWT_PUBLIC_KEY' not set (token based authentication will not work for nats: abort setup)")
|
|
|
|
} else {
|
|
|
|
if bytes, err := base64.StdEncoding.DecodeString(pubKey); err != nil {
|
|
|
|
log.Warn("Could not decode JWT public key")
|
|
|
|
} else {
|
|
|
|
natsMessengerInstance.jwtPubKey = ed25519.PublicKey(bytes)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// Start Nats Server
|
|
|
|
// Note: You can configure things like Host, Port, Authorization, and much more using server.Options.
|
|
|
|
opts := &server.Options{Port: config.Port}
|
|
|
|
if natsMessengerInstance.Server, err = server.NewServer(opts); err != nil {
|
|
|
|
log.Error("nats server error on creation")
|
|
|
|
}
|
|
|
|
|
|
|
|
go natsMessengerInstance.Server.Start()
|
|
|
|
|
|
|
|
if !natsMessengerInstance.Server.ReadyForConnections(3 * time.Second) {
|
|
|
|
log.Error("nats server not ready for connection")
|
|
|
|
}
|
|
|
|
|
|
|
|
// Connect
|
|
|
|
var copts []nats.Option
|
|
|
|
if natsMessengerInstance.Connection, err = nats.Connect(natsMessengerInstance.Server.ClientURL(), copts...); err != nil {
|
|
|
|
natsMessengerInstance.Server.Shutdown()
|
|
|
|
log.Error("nats connection could not be established: nats shut down")
|
|
|
|
}
|
|
|
|
|
|
|
|
// Subscribe
|
|
|
|
if err = natsMessengerInstance.setupSubscriptions(); err != nil {
|
|
|
|
log.Error("error when subscribing to channels: nats shut down")
|
|
|
|
natsMessengerInstance.Connection.Close()
|
|
|
|
natsMessengerInstance.Server.Shutdown()
|
|
|
|
}
|
|
|
|
})
|
|
|
|
log.Infof("NATS server and subscriptions on port '%d' established\n", config.Port)
|
2024-08-12 15:55:26 +02:00
|
|
|
} else {
|
2024-08-13 10:33:41 +02:00
|
|
|
log.Infof("Single NatsMessenger instance already created on port '%d'\n", config.Port)
|
2024-08-07 16:09:40 +02:00
|
|
|
}
|
|
|
|
|
2024-08-13 10:33:41 +02:00
|
|
|
return natsMessengerInstance
|
2024-08-07 16:09:40 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
func (nm *NatsMessenger) StopNatsMessenger() {
|
|
|
|
for _, sub := range nm.Subscriptions {
|
|
|
|
err := sub.Unsubscribe()
|
|
|
|
if err != nil {
|
|
|
|
log.Errorf("NATS unsubscribe failed: %s", err.Error())
|
|
|
|
}
|
2024-08-12 15:55:26 +02:00
|
|
|
sub.Drain()
|
2024-08-07 16:09:40 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
nm.Connection.Close()
|
|
|
|
nm.Server.Shutdown()
|
|
|
|
log.Info("NATS connections closed and server shut down")
|
|
|
|
}
|
|
|
|
|
2024-08-12 09:03:53 +02:00
|
|
|
func (nm *NatsMessenger) setupSubscriptions() (err error) {
|
2024-08-07 16:09:40 +02:00
|
|
|
|
2024-08-12 09:03:53 +02:00
|
|
|
if startSub, err := nm.startJobListener(); err != nil {
|
2024-08-08 15:42:34 +02:00
|
|
|
log.Infof("Subscription to 'start-job' failed: %s", err)
|
|
|
|
} else {
|
|
|
|
log.Info("Subscribed to 'start-job'")
|
2024-08-12 09:03:53 +02:00
|
|
|
nm.Subscriptions = append(nm.Subscriptions, startSub)
|
2024-08-08 15:42:34 +02:00
|
|
|
}
|
|
|
|
|
2024-08-12 09:03:53 +02:00
|
|
|
if stopSub, err := nm.stopJobListener(); err != nil {
|
2024-08-08 15:42:34 +02:00
|
|
|
log.Infof("Subscription to 'stop-job' failed: %s", err)
|
|
|
|
} else {
|
|
|
|
log.Info("Subscribed to 'stop-job'")
|
2024-08-12 09:03:53 +02:00
|
|
|
nm.Subscriptions = append(nm.Subscriptions, stopSub)
|
2024-08-08 15:42:34 +02:00
|
|
|
}
|
|
|
|
|
2024-08-12 09:03:53 +02:00
|
|
|
if deleteSub, err := nm.deleteJobListener(); err != nil {
|
2024-08-08 15:42:34 +02:00
|
|
|
log.Infof("Subscription to 'delete-job' failed: %s", err)
|
|
|
|
} else {
|
|
|
|
log.Info("Subscribed to 'delete-job'")
|
2024-08-12 09:03:53 +02:00
|
|
|
nm.Subscriptions = append(nm.Subscriptions, deleteSub)
|
2024-08-08 15:42:34 +02:00
|
|
|
}
|
2024-08-07 16:09:40 +02:00
|
|
|
|
2024-08-12 09:03:53 +02:00
|
|
|
if eventSub, err := nm.jobEventListener(); err != nil {
|
2024-08-08 15:42:34 +02:00
|
|
|
log.Infof("Subscription to 'job-event' failed: %s", err)
|
|
|
|
} else {
|
|
|
|
log.Info("Subscribed to 'job-event'")
|
2024-08-12 09:03:53 +02:00
|
|
|
nm.Subscriptions = append(nm.Subscriptions, eventSub)
|
2024-08-08 15:42:34 +02:00
|
|
|
}
|
|
|
|
|
2024-08-12 09:03:53 +02:00
|
|
|
return err
|
2024-08-08 15:42:34 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
// Listeners: Subscribe to specified channels and handle with specific handler functions
|
|
|
|
|
2024-08-12 09:03:53 +02:00
|
|
|
func (nm *NatsMessenger) startJobListener() (sub *nats.Subscription, err error) {
|
|
|
|
return nm.Connection.Subscribe("start-job", func(m *nats.Msg) {
|
2024-08-12 15:55:26 +02:00
|
|
|
user, err := nm.verifyMessageJWT(m)
|
2024-08-07 16:09:40 +02:00
|
|
|
|
2024-08-12 15:55:26 +02:00
|
|
|
if err != nil {
|
|
|
|
log.Warnf("not authd: %s", err.Error())
|
|
|
|
m.Respond([]byte("not authd: " + err.Error()))
|
|
|
|
} else if user != nil && user.HasRole(schema.RoleApi) {
|
|
|
|
req := schema.JobMeta{BaseJob: schema.JobDefaults}
|
|
|
|
if err := json.Unmarshal(m.Data, &req); err != nil {
|
|
|
|
log.Warnf("Error while unmarshaling raw json nats message content on channel start-job: %s", err.Error())
|
|
|
|
m.Respond([]byte("Error while unmarshaling raw json nats message content on channel start-job: " + err.Error()))
|
|
|
|
}
|
|
|
|
m.Respond(nm.startJobHandler(req))
|
|
|
|
} else {
|
|
|
|
log.Warnf("missing role for nats")
|
|
|
|
m.Respond([]byte("missing role for nats"))
|
|
|
|
}
|
2024-08-07 16:09:40 +02:00
|
|
|
})
|
|
|
|
}
|
|
|
|
|
2024-08-12 09:03:53 +02:00
|
|
|
func (nm *NatsMessenger) stopJobListener() (sub *nats.Subscription, err error) {
|
|
|
|
return nm.Connection.Subscribe("stop-job", func(m *nats.Msg) {
|
2024-08-12 17:29:06 +02:00
|
|
|
user, err := nm.verifyMessageJWT(m)
|
2024-08-08 15:42:34 +02:00
|
|
|
|
2024-08-12 17:29:06 +02:00
|
|
|
if err != nil {
|
|
|
|
log.Warnf("not authd: %s", err.Error())
|
|
|
|
m.Respond([]byte("not authd: " + err.Error()))
|
|
|
|
} else if user != nil && user.HasRole(schema.RoleApi) {
|
|
|
|
var req StopJobNatsRequest
|
|
|
|
if err := json.Unmarshal(m.Data, &req); err != nil {
|
|
|
|
log.Error("Error while unmarshaling raw json nats message content: stopJob")
|
|
|
|
m.Respond([]byte("Error while unmarshaling raw json nats message content: stopJob"))
|
|
|
|
}
|
|
|
|
m.Respond(nm.stopJobHandler(req))
|
|
|
|
} else {
|
|
|
|
log.Warnf("missing role for nats")
|
|
|
|
m.Respond([]byte("missing role for nats"))
|
|
|
|
}
|
2024-08-08 15:42:34 +02:00
|
|
|
})
|
2024-08-07 16:09:40 +02:00
|
|
|
}
|
|
|
|
|
2024-08-12 09:03:53 +02:00
|
|
|
func (nm *NatsMessenger) deleteJobListener() (sub *nats.Subscription, err error) {
|
|
|
|
return nm.Connection.Subscribe("delete-job", func(m *nats.Msg) {
|
2024-08-08 15:42:34 +02:00
|
|
|
var req DevNatsMessage
|
|
|
|
if err := json.Unmarshal(m.Data, &req); err != nil {
|
|
|
|
log.Error("Error while unmarshaling raw json nats message content: deleteJob")
|
|
|
|
}
|
|
|
|
|
2024-08-12 09:03:53 +02:00
|
|
|
if err := nm.deleteJobHandler(req); err != nil {
|
2024-08-08 15:42:34 +02:00
|
|
|
log.Errorf("error: %s", err.Error())
|
|
|
|
}
|
|
|
|
})
|
2024-08-07 16:09:40 +02:00
|
|
|
}
|
|
|
|
|
2024-08-12 09:03:53 +02:00
|
|
|
func (nm *NatsMessenger) jobEventListener() (sub *nats.Subscription, err error) {
|
|
|
|
return nm.Connection.Subscribe("job-event", func(m *nats.Msg) {
|
2024-08-08 15:42:34 +02:00
|
|
|
var req DevNatsMessage
|
|
|
|
if err := json.Unmarshal(m.Data, &req); err != nil {
|
|
|
|
log.Error("Error while unmarshaling raw json nats message content: jobEvent")
|
|
|
|
}
|
|
|
|
|
2024-08-12 09:03:53 +02:00
|
|
|
if err := nm.jobEventHandler(req); err != nil {
|
2024-08-08 15:42:34 +02:00
|
|
|
log.Errorf("error: %s", err.Error())
|
|
|
|
}
|
|
|
|
})
|
2024-08-07 16:09:40 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
// Handlers: Take content of message and perform action, e.g. adding job in db
|
|
|
|
|
2024-08-12 09:03:53 +02:00
|
|
|
func (nm *NatsMessenger) startJobHandler(req schema.JobMeta) []byte {
|
|
|
|
if req.State == "" {
|
|
|
|
req.State = schema.JobStateRunning
|
|
|
|
}
|
|
|
|
if err := importer.SanityChecks(&req.BaseJob); err != nil {
|
|
|
|
log.Error(err)
|
|
|
|
return handleErr(err)
|
|
|
|
}
|
|
|
|
|
|
|
|
// // aquire lock to avoid race condition between API calls --> for NATS required?
|
|
|
|
// var unlockOnce sync.Once
|
|
|
|
// api.RepositoryMutex.Lock()
|
|
|
|
// defer unlockOnce.Do(api.RepositoryMutex.Unlock)
|
|
|
|
|
|
|
|
// Check if combination of (job_id, cluster_id, start_time) already exists:
|
|
|
|
jobs, err := nm.JobRepository.FindAll(&req.JobID, &req.Cluster, nil)
|
|
|
|
if err != nil && err != sql.ErrNoRows {
|
|
|
|
log.Errorf("checking for duplicate failed: %s", err)
|
|
|
|
return handleErr(fmt.Errorf("checking for duplicate failed: %w", err))
|
|
|
|
} else if err == nil {
|
|
|
|
for _, job := range jobs {
|
|
|
|
if (req.StartTime - job.StartTimeUnix) < 86400 {
|
|
|
|
log.Errorf("a job with that jobId, cluster and startTime already exists: dbid: %d, jobid: %d", job.ID, job.JobID)
|
|
|
|
return handleErr(fmt.Errorf("a job with that jobId, cluster and startTime already exists: dbid: %d, jobid: %d", job.ID, job.JobID))
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// id, err := nm.JobRepository.Start(&req)
|
|
|
|
// if err != nil {
|
|
|
|
// log.Errorf("insert into database failed: %s", err)
|
|
|
|
// return handleErr(fmt.Errorf("insert into database failed: %w", err))
|
|
|
|
// }
|
|
|
|
|
|
|
|
// // unlock here, adding Tags can be async
|
|
|
|
// unlockOnce.Do(api.RepositoryMutex.Unlock)
|
|
|
|
|
|
|
|
for _, tag := range req.Tags {
|
|
|
|
if _, err := nm.JobRepository.AddTagOrCreate(1337, tag.Type, tag.Name); err != nil {
|
|
|
|
log.Errorf("adding tag to new job %d failed: %s", 1337, err)
|
|
|
|
return handleErr(fmt.Errorf("adding tag to new job %d failed: %w", 1337, err))
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
log.Infof("new job (id: %d): cluster=%s, jobId=%d, user=%s, startTime=%d", 1337, req.Cluster, req.JobID, req.User, req.StartTime)
|
|
|
|
|
|
|
|
result, _ := json.Marshal(StartJobNatsResponse{
|
|
|
|
DBID: 1337,
|
|
|
|
})
|
|
|
|
return result
|
2024-08-07 16:09:40 +02:00
|
|
|
}
|
|
|
|
|
2024-08-12 09:03:53 +02:00
|
|
|
func (nm *NatsMessenger) stopJobHandler(req StopJobNatsRequest) []byte {
|
|
|
|
// Fetch job (that will be stopped) from db
|
|
|
|
var job *schema.Job
|
|
|
|
var err error
|
|
|
|
if req.JobId == nil {
|
|
|
|
return handleErr(errors.New("the field 'jobId' is required"))
|
|
|
|
}
|
|
|
|
|
|
|
|
job, err = nm.JobRepository.Find(req.JobId, req.Cluster, req.StartTime)
|
|
|
|
if err != nil {
|
|
|
|
return handleErr(fmt.Errorf("finding job failed: %w", err))
|
|
|
|
}
|
|
|
|
|
|
|
|
// Sanity checks
|
|
|
|
if job == nil || job.StartTime.Unix() >= req.StopTime || job.State != schema.JobStateRunning {
|
|
|
|
return handleErr(errors.New("stopTime must be larger than startTime and only running jobs can be stopped"))
|
|
|
|
}
|
|
|
|
|
|
|
|
if req.State != "" && !req.State.Valid() {
|
|
|
|
return handleErr(fmt.Errorf("invalid job state: %#v", req.State))
|
|
|
|
} else if req.State == "" {
|
|
|
|
req.State = schema.JobStateCompleted
|
|
|
|
}
|
|
|
|
|
|
|
|
// Mark job as stopped in the database (update state and duration)
|
|
|
|
job.Duration = int32(req.StopTime - job.StartTime.Unix())
|
|
|
|
job.State = req.State
|
|
|
|
// if err := nm.JobRepository.Stop(job.ID, job.Duration, job.State, job.MonitoringStatus); err != nil {
|
|
|
|
// return handleErr(fmt.Errorf("marking job as stopped failed: %w", err))
|
|
|
|
// }
|
|
|
|
|
|
|
|
log.Infof("archiving job... (dbid: %d): cluster=%s, jobId=%d, user=%s, startTime=%s", job.ID, job.Cluster, job.JobID, job.User, job.StartTime)
|
|
|
|
|
|
|
|
// // Send a response (with status OK). This means that erros that happen from here on forward
|
|
|
|
// // can *NOT* be communicated to the client. If reading from a MetricDataRepository or
|
|
|
|
// // writing to the filesystem fails, the client will not know.
|
|
|
|
// rw.Header().Add("Content-Type", "application/json")
|
|
|
|
// rw.WriteHeader(http.StatusOK)
|
|
|
|
// json.NewEncoder(rw).Encode(job)
|
|
|
|
|
|
|
|
// Monitoring is disabled...
|
|
|
|
if job.MonitoringStatus == schema.MonitoringStatusDisabled {
|
|
|
|
return handleErr(fmt.Errorf("monitoring is disabled"))
|
|
|
|
}
|
|
|
|
|
|
|
|
// Trigger async archiving
|
|
|
|
// nm.JobRepository.TriggerArchiving(job)
|
|
|
|
|
|
|
|
result, _ := json.Marshal(job)
|
|
|
|
return result
|
2024-08-07 16:09:40 +02:00
|
|
|
}
|
|
|
|
|
2024-08-12 09:03:53 +02:00
|
|
|
func (nm *NatsMessenger) deleteJobHandler(req DevNatsMessage) (err error) {
|
|
|
|
// Allow via Nats?
|
2024-08-08 15:42:34 +02:00
|
|
|
log.Debugf("CALLED HANDLER FOR deleteJob: %s", req.Content)
|
|
|
|
return nil
|
2024-08-07 16:09:40 +02:00
|
|
|
}
|
|
|
|
|
2024-08-12 09:03:53 +02:00
|
|
|
func (nm *NatsMessenger) jobEventHandler(req DevNatsMessage) (err error) {
|
|
|
|
// Implement from scratch
|
2024-08-08 15:42:34 +02:00
|
|
|
log.Debugf("CALLED HANDLER FOR jobEvent: %s", req.Content)
|
|
|
|
return nil
|
2024-08-07 16:09:40 +02:00
|
|
|
}
|
2024-08-12 09:03:53 +02:00
|
|
|
|
2024-08-12 15:55:26 +02:00
|
|
|
// Auth
|
|
|
|
|
|
|
|
func (nm *NatsMessenger) verifyMessageJWT(msg *nats.Msg) (user *schema.User, err error) {
|
|
|
|
|
|
|
|
var rawtoken string
|
|
|
|
if rawtoken = msg.Header.Get("auth"); rawtoken == "" {
|
|
|
|
return nil, errors.New("missing token")
|
|
|
|
}
|
|
|
|
|
|
|
|
token, err := jwt.Parse(rawtoken, func(t *jwt.Token) (interface{}, error) {
|
|
|
|
if t.Method != jwt.SigningMethodEdDSA {
|
|
|
|
return nil, errors.New("only Ed25519/EdDSA supported")
|
|
|
|
}
|
|
|
|
|
|
|
|
return nm.jwtPubKey, nil
|
|
|
|
})
|
|
|
|
if err != nil {
|
|
|
|
log.Warn("Error while parsing JWT token")
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
if !token.Valid {
|
|
|
|
log.Warn("jwt token claims are not valid")
|
|
|
|
return nil, errors.New("jwt token claims are not valid")
|
|
|
|
}
|
|
|
|
|
|
|
|
// Token is valid, extract payload
|
|
|
|
claims := token.Claims.(jwt.MapClaims)
|
|
|
|
sub, _ := claims["sub"].(string)
|
|
|
|
|
|
|
|
// NATS: Always Validate user + roles from JWT against database
|
|
|
|
ur := repository.GetUserRepository()
|
|
|
|
user, err = ur.GetUser(sub)
|
|
|
|
// Deny any logins for unknown usernames
|
|
|
|
if err != nil {
|
|
|
|
log.Warn("Could not find user from JWT in internal database.")
|
|
|
|
return nil, errors.New("unknown user")
|
|
|
|
}
|
|
|
|
|
|
|
|
return &schema.User{
|
|
|
|
Username: sub,
|
|
|
|
Roles: user.Roles, // Take user roles from database instead of trusting the JWT
|
|
|
|
AuthType: schema.AuthToken,
|
|
|
|
AuthSource: -1,
|
|
|
|
}, nil
|
|
|
|
}
|
|
|
|
|
2024-08-12 09:03:53 +02:00
|
|
|
// Helper
|
|
|
|
|
|
|
|
func handleErr(err error) []byte {
|
|
|
|
res, _ := json.Marshal(err.Error())
|
|
|
|
return res
|
|
|
|
}
|