gateway

package

v1.0.1 Latest Latest Go to latest Published: Sep 21, 2020 License: Apache-2.0 Imports: 15 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/rewe-digital/cortex-gateway

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
type Config
- func (cfg *Config) RegisterFlags(f *flag.FlagSet)
- func (cfg *Config) Validate() error
type Gateway
- func New(cfg Config, svr *server.Server) (*Gateway, error)
- func (g *Gateway) Start()
type Proxy
- func (p *Proxy) Handler(res http.ResponseWriter, req *http.Request)

Constants ¶

This section is empty.

Variables ¶

View Source

var AuthenticateTenant = middleware.Func(func(next http.Handler) http.Handler {
	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		logger := log.With(util.WithContext(r.Context(), util.Logger), "ip_address", r.RemoteAddr)
		level.Debug(logger).Log("msg", "authenticating request", "route", r.RequestURI)

		tokenString := r.Header.Get("Authorization")
		if tokenString == "" {
			level.Info(logger).Log("msg", "no bearer token provided")
			http.Error(w, "No bearer token provided", http.StatusUnauthorized)
			authFailures.WithLabelValues("no_token").Inc()
			return
		}

		te := &tenant{}
		_, err := jwtReq.ParseFromRequest(
			r,
			jwtReq.AuthorizationHeaderExtractor,
			func(token *jwt.Token) (interface{}, error) {

				if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
					level.Info(logger).Log("msg", "unexpected signing method", "used_method", token.Header["alg"])
					return nil, fmt.Errorf("Unexpected signing method: %v", token.Header["alg"])
				}

				return []byte(jwtSecret), nil
			},
			jwtReq.WithClaims(te))

		if err != nil {
			level.Info(logger).Log("msg", "invalid bearer token", "err", err.Error())
			http.Error(w, "Invalid bearer token", http.StatusUnauthorized)
			authFailures.WithLabelValues("token_not_valid").Inc()
			return
		}

		authSuccess.WithLabelValues(te.TenantID).Inc()
		r.Header.Set("X-Scope-OrgID", te.TenantID)
		next.ServeHTTP(w, r)
	})
})

AuthenticateTenant validates the Bearer Token and attaches the TenantID to the request

Functions ¶

This section is empty.

Types ¶

type Config ¶

type Config struct {
	DistributorAddress   string
	QueryFrontendAddress string
}

Config for a gateway

func (*Config) RegisterFlags ¶

func (cfg *Config) RegisterFlags(f *flag.FlagSet)

RegisterFlags adds the flags required to config this package's Config struct

func (*Config) Validate ¶

func (cfg *Config) Validate() error

Validate given config parameters. Returns nil if everything is fine

type Gateway ¶

type Gateway struct {
	// contains filtered or unexported fields
}

Gateway hosts a reverse proxy for each upstream cortex service we'd like to tunnel after successful authentication

func New ¶

func New(cfg Config, svr *server.Server) (*Gateway, error)

New instantiates a new Gateway

func (*Gateway) Start ¶

func (g *Gateway) Start()

Start initializes the Gateway and starts it

type Proxy ¶

type Proxy struct {
	// contains filtered or unexported fields
}

Proxy pipes the traffic between the requester (Prometheus / Grafana) and upstream service

func (*Proxy) Handler ¶

func (p *Proxy) Handler(res http.ResponseWriter, req *http.Request)

Handler is the route handler which must be bound to the routes

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL