ayan.poddar/eShopOnContainers
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Ingress and security

Browse Source
This commit is contained in:
Siarhei_Sialitski 2023-01-08 11:24:08 +01:00
parent d60be0ccaa
commit 10f9ecc038
4 changed files with 355 additions and 298 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

302
deploy/k8s/helm/apigwms/envoy.yaml
View File

@ -6,142 +6,168 @@ admin:
port_value: 8001
static_resources:
listeners:
- address:
socket_address:
address: 0.0.0.0
port_value: 8080
filter_chains:
- filters:
- name: envoy.filters.network.http_connection_manager
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
stat_prefix: ingress_http
codec_type: AUTO
route_config:
name: eshop_backend_route
virtual_hosts:
- name: eshop_backend
domains:
- ["*"]
routes:
- name: "c-short"
match:
prefix: "/c/"
route:
auto_host_rewrite: true
prefix_rewrite: "/catalog-api/"
cluster: catalog
- name: "c-long"
match:
prefix: "/catalog-api/"
route:
auto_host_rewrite: true
cluster: catalog
- name: "o-short"
match:
prefix: "/o/"
route:
auto_host_rewrite: true
prefix_rewrite: "/ordering-api/"
cluster: ordering
- name: "o-long"
match:
prefix: "/ordering-api/"
route:
auto_host_rewrite: true
cluster: ordering
- name: "h-long"
match:
prefix: "/hub/notificationhub"
route:
auto_host_rewrite: true
cluster: signalr-hub
timeout: 300s
- name: "b-short"
match:
prefix: "/b/"
route:
auto_host_rewrite: true
prefix_rewrite: "/basket-api/"
cluster: basket
- name: "b-long"
match:
prefix: "/basket-api/"
route:
auto_host_rewrite: true
cluster: basket
- name: "agg"
match:
prefix: "/"
route:
auto_host_rewrite: true
prefix_rewrite: "/"
cluster: shoppingagg
http_filters:
- name: envoy.filters.http.router
- address:
socket_address:
address: 0.0.0.0
port_value: 8080
filter_chains:
- filters:
- name: envoy.filters.network.http_connection_manager
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
stat_prefix: ingress_http
codec_type: AUTO
route_config:
name: eshop_backend_route
virtual_hosts:
- name: eshop_backend
domains:
- ["*"]
routes:
- name: "c-short"
match:
prefix: "/c/"
route:
auto_host_rewrite: true
prefix_rewrite: "/catalog-api/"
cluster: catalog
- name: "c-long"
match:
prefix: "/catalog-api/"
route:
auto_host_rewrite: true
cluster: catalog
- name: "cp-short"
match:
prefix: "/cp/"
route:
auto_host_rewrite: true
prefix_rewrite: "/coupon-api/"
cluster: coupon
- name: "cp-long"
match:
prefix: "/coupon-api/"
route:
auto_host_rewrite: true
cluster: coupon
- name: "o-short"
match:
prefix: "/o/"
route:
auto_host_rewrite: true
prefix_rewrite: "/ordering-api/"
cluster: ordering
- name: "o-long"
match:
prefix: "/ordering-api/"
route:
auto_host_rewrite: true
cluster: ordering
- name: "h-long"
match:
prefix: "/hub/notificationhub"
route:
auto_host_rewrite: true
cluster: signalr-hub
timeout: 300s
- name: "b-short"
match:
prefix: "/b/"
route:
auto_host_rewrite: true
prefix_rewrite: "/basket-api/"
cluster: basket
- name: "b-long"
match:
prefix: "/basket-api/"
route:
auto_host_rewrite: true
cluster: basket
- name: "agg"
match:
prefix: "/"
route:
auto_host_rewrite: true
prefix_rewrite: "/"
cluster: shoppingagg
http_filters:
- name: envoy.filters.http.router
clusters:
- name: shoppingagg
connect_timeout: 0.25s
type: strict_dns
lb_policy: round_robin
load_assignment:
cluster_name: shoppingagg
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: webshoppingagg
port_value: 80
- name: catalog
connect_timeout: 0.25s
type: strict_dns
lb_policy: round_robin
load_assignment:
cluster_name: catalog
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: catalog-api
port_value: 80
- name: basket
connect_timeout: 0.25s
type: strict_dns
lb_policy: round_robin
load_assignment:
cluster_name: basket
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: basket-api
port_value: 80
- name: ordering
connect_timeout: 0.25s
type: strict_dns
lb_policy: round_robin
load_assignment:
cluster_name: ordering
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: ordering-api
port_value: 80
- name: signalr-hub
connect_timeout: 0.25s
type: strict_dns
lb_policy: round_robin
load_assignment:
cluster_name: signalr-hub
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: ordering-signalrhub
port_value: 80
- name: shoppingagg
connect_timeout: 0.25s
type: strict_dns
lb_policy: round_robin
load_assignment:
cluster_name: shoppingagg
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: webshoppingagg
port_value: 80
- name: catalog
connect_timeout: 0.25s
type: strict_dns
lb_policy: round_robin
load_assignment:
cluster_name: catalog
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: catalog-api
port_value: 80
- name: coupon
connect_timeout: 0.25s
type: strict_dns
lb_policy: round_robin
load_assignment:
cluster_name: coupon
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: coupon-api
port_value: 80
- name: basket
connect_timeout: 0.25s
type: strict_dns
lb_policy: round_robin
load_assignment:
cluster_name: basket
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: basket-api
port_value: 80
- name: ordering
connect_timeout: 0.25s
type: strict_dns
lb_policy: round_robin
load_assignment:
cluster_name: ordering
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: ordering-api
port_value: 80
- name: signalr-hub
connect_timeout: 0.25s
type: strict_dns
lb_policy: round_robin
load_assignment:
cluster_name: signalr-hub
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: ordering-signalrhub
port_value: 80

308
deploy/k8s/helm/apigwws/envoy.yaml
View File

@ -6,145 +6,171 @@ admin:
port_value: 8001
static_resources:
listeners:
- address:
socket_address:
address: 0.0.0.0
port_value: 8080
filter_chains:
- filters:
- name: envoy.filters.network.http_connection_manager
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
stat_prefix: ingress_http
codec_type: AUTO
route_config:
name: eshop_backend_route
virtual_hosts:
- name: eshop_backend
domains:
- ["*"]
routes:
- name: "c-short"
match:
prefix: "/c/"
route:
auto_host_rewrite: true
prefix_rewrite: "/catalog-api/"
cluster: catalog
- name: "c-long"
match:
prefix: "/catalog-api/"
route:
auto_host_rewrite: true
cluster: catalog
- name: "o-short"
match:
prefix: "/o/"
route:
auto_host_rewrite: true
prefix_rewrite: "/ordering-api/"
cluster: ordering
- name: "o-long"
match:
prefix: "/ordering-api/"
route:
auto_host_rewrite: true
cluster: ordering
- name: "h-long"
match:
prefix: "/hub/notificationhub"
route:
auto_host_rewrite: true
cluster: signalr-hub
timeout: 300s
upgrade_configs:
upgrade_type: "websocket"
enabled: true
- name: "b-short"
match:
prefix: "/b/"
route:
auto_host_rewrite: true
prefix_rewrite: "/basket-api/"
cluster: basket
- name: "b-long"
match:
prefix: "/basket-api/"
route:
auto_host_rewrite: true
cluster: basket
- name: "agg"
match:
prefix: "/"
route:
auto_host_rewrite: true
prefix_rewrite: "/"
cluster: shoppingagg
http_filters:
- name: envoy.filters.http.router
- address:
socket_address:
address: 0.0.0.0
port_value: 8080
filter_chains:
- filters:
- name: envoy.filters.network.http_connection_manager
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
stat_prefix: ingress_http
codec_type: AUTO
route_config:
name: eshop_backend_route
virtual_hosts:
- name: eshop_backend
domains:
- ["*"]
routes:
- name: "c-short"
match:
prefix: "/c/"
route:
auto_host_rewrite: true
prefix_rewrite: "/catalog-api/"
cluster: catalog
- name: "c-long"
match:
prefix: "/catalog-api/"
route:
auto_host_rewrite: true
cluster: catalog
- name: "cp-short"
match:
prefix: "/cp/"
route:
auto_host_rewrite: true
prefix_rewrite: "/coupon-api/"
cluster: coupon
- name: "cp-long"
match:
prefix: "/coupon-api/"
route:
auto_host_rewrite: true
cluster: coupon
- name: "o-short"
match:
prefix: "/o/"
route:
auto_host_rewrite: true
prefix_rewrite: "/ordering-api/"
cluster: ordering
- name: "o-long"
match:
prefix: "/ordering-api/"
route:
auto_host_rewrite: true
cluster: ordering
- name: "h-long"
match:
prefix: "/hub/notificationhub"
route:
auto_host_rewrite: true
cluster: signalr-hub
timeout: 300s
upgrade_configs:
upgrade_type: "websocket"
enabled: true
- name: "b-short"
match:
prefix: "/b/"
route:
auto_host_rewrite: true
prefix_rewrite: "/basket-api/"
cluster: basket
- name: "b-long"
match:
prefix: "/basket-api/"
route:
auto_host_rewrite: true
cluster: basket
- name: "agg"
match:
prefix: "/"
route:
auto_host_rewrite: true
prefix_rewrite: "/"
cluster: shoppingagg
http_filters:
- name: envoy.filters.http.router
clusters:
- name: shoppingagg
connect_timeout: 0.25s
type: strict_dns
lb_policy: round_robin
load_assignment:
cluster_name: shoppingagg
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: webshoppingagg
port_value: 80
- name: catalog
connect_timeout: 0.25s
type: strict_dns
lb_policy: round_robin
load_assignment:
cluster_name: catalog
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: catalog-api
port_value: 80
- name: basket
connect_timeout: 0.25s
type: strict_dns
lb_policy: round_robin
load_assignment:
cluster_name: basket
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: basket-api
port_value: 80
- name: ordering
connect_timeout: 0.25s
type: strict_dns
lb_policy: round_robin
load_assignment:
cluster_name: ordering
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: ordering-api
port_value: 80
- name: signalr-hub
connect_timeout: 0.25s
type: strict_dns
lb_policy: round_robin
load_assignment:
cluster_name: signalr-hub
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: ordering-signalrhub
port_value: 80
- name: shoppingagg
connect_timeout: 0.25s
type: strict_dns
lb_policy: round_robin
load_assignment:
cluster_name: shoppingagg
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: webshoppingagg
port_value: 80
- name: catalog
connect_timeout: 0.25s
type: strict_dns
lb_policy: round_robin
load_assignment:
cluster_name: catalog
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: catalog-api
port_value: 80
- name: coupon
connect_timeout: 0.25s
type: strict_dns
lb_policy: round_robin
load_assignment:
cluster_name: coupon
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: coupon-api
port_value: 80
- name: basket
connect_timeout: 0.25s
type: strict_dns
lb_policy: round_robin
load_assignment:
cluster_name: basket
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: basket-api
port_value: 80
- name: ordering
connect_timeout: 0.25s
type: strict_dns
lb_policy: round_robin
load_assignment:
cluster_name: ordering
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: ordering-api
port_value: 80
- name: signalr-hub
connect_timeout: 0.25s
type: strict_dns
lb_policy: round_robin
load_assignment:
cluster_name: signalr-hub
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: ordering-signalrhub
port_value: 80

19
src/Services/Identity/Identity.API/Configuration/Config.cs
View File

@ -6,7 +6,7 @@ namespace Microsoft.eShopOnContainers.Services.Identity.API.Configuration
{
// ApiResources define the apis in your system
public static IEnumerable<ApiResource> GetApis()
{
{
return new List<ApiResource>
{
new ApiResource("orders", "Orders Service"),
@ -15,6 +15,7 @@ namespace Microsoft.eShopOnContainers.Services.Identity.API.Configuration
new ApiResource("webshoppingagg", "Web Shopping Aggregator"),
new ApiResource("orders.signalrhub", "Ordering Signalr Hub"),
new ApiResource("webhooks", "Webhooks registration Service"),
new ApiResource("coupon", "Coupon Service"),
};
}
@ -53,7 +54,8 @@ namespace Microsoft.eShopOnContainers.Services.Identity.API.Configuration
"basket",
"webshoppingagg",
"orders.signalrhub",
"webhooks"
"webhooks",
"coupon"
},
},
new Client
@ -63,7 +65,7 @@ namespace Microsoft.eShopOnContainers.Services.Identity.API.Configuration
AllowedGrantTypes = GrantTypes.Hybrid,
//Used to retrieve the access token on the back channel.
ClientSecrets =
{
{
new Secret("secret".Sha256())
},
RedirectUris = { clientsUrl["Xamarin"] },
@ -79,7 +81,8 @@ namespace Microsoft.eShopOnContainers.Services.Identity.API.Configuration
"orders",
"basket",
"mobileshoppingagg",
"webhooks"
"webhooks",
"coupon"
},
//Allow requesting refresh tokens for long lived API access
AllowOfflineAccess = true,
@ -91,7 +94,7 @@ namespace Microsoft.eShopOnContainers.Services.Identity.API.Configuration
ClientName = "MVC Client",
ClientSecrets = new List<Secret>
{
new Secret("secret".Sha256())
},
ClientUri = $"{clientsUrl["Mvc"]}", // public uri of the client
@ -117,7 +120,8 @@ namespace Microsoft.eShopOnContainers.Services.Identity.API.Configuration
"basket",
"webshoppingagg",
"orders.signalrhub",
"webhooks"
"webhooks",
"coupon"
},
AccessTokenLifetime = 60*60*2, // 2 hours
IdentityTokenLifetime= 60*60*2 // 2 hours
@ -183,7 +187,8 @@ namespace Microsoft.eShopOnContainers.Services.Identity.API.Configuration
"orders",
"basket",
"webshoppingagg",
"webhooks"
"webhooks",
"coupon"
},
},
new Client

24
src/Web/WebSPA/Client/src/modules/shared/services/security.service.ts
View File

@ -1,11 +1,11 @@
import { Injectable } from '@angular/core';
import { HttpClient, HttpHeaders } from '@angular/common/http';
import { Observable, Subject } from 'rxjs';
import { Router } from '@angular/router';
import { ActivatedRoute } from '@angular/router';
import { ConfigurationService } from './configuration.service';
import { StorageService } from './storage.service';
import { HttpClient, HttpHeaders } from '@angular/common/http';
import { Observable, Subject } from 'rxjs';
import { Router } from '@angular/router';
import { ActivatedRoute } from '@angular/router';
import { ConfigurationService } from './configuration.service';
import { StorageService } from './storage.service';
@Injectable()
export class SecurityService {
@ -69,10 +69,10 @@ export class SecurityService {
this.authenticationSource.next(true);
window.location.href = location.origin;
},
error => this.HandleError(error),
() => {
console.log(this.UserData);
});
error => this.HandleError(error),
() => {
console.log(this.UserData);
});
}
public Authorize() {
@ -82,7 +82,7 @@ export class SecurityService {
let client_id = 'js';
let redirect_uri = location.origin + '/';
let response_type = 'id_token token';
let scope = 'openid profile orders basket webshoppingagg orders.signalrhub';
let scope = 'openid profile orders basket webshoppingagg orders.signalrhub coupon';
let nonce = 'N' + Math.random() + '' + Date.now();
let state = Date.now() + '' + Math.random();
@ -198,7 +198,7 @@ export class SecurityService {
if (typeof token !== 'undefined') {
let encoded = token.split('.')[1];
data = JSON.parse(this.urlBase64Decode(encoded));
}