ayan.poddar
/
eShopOnContainers
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 19 Wiki Activity
Browse Source

Ingress and security

pull/2032/head
Siarhei_Sialitski 2 years ago
parent
d60be0ccaa
commit
10f9ecc038
4 changed files with 355 additions and 298 deletions
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +164
    -138
      deploy/k8s/helm/apigwms/envoy.yaml
  2. +167
    -141
      deploy/k8s/helm/apigwws/envoy.yaml
  3. +12
    -7
      src/Services/Identity/Identity.API/Configuration/Config.cs
  4. +12
    -12
      src/Web/WebSPA/Client/src/modules/shared/services/security.service.ts

+ 164
- 138
deploy/k8s/helm/apigwms/envoy.yaml View File

@ -6,142 +6,168 @@ admin:
port_value: 8001 port_value: 8001
static_resources: static_resources:
listeners: listeners:
- address:
socket_address:
address: 0.0.0.0
port_value: 8080
filter_chains:
- filters:
- name: envoy.filters.network.http_connection_manager
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
stat_prefix: ingress_http
codec_type: AUTO
route_config:
name: eshop_backend_route
virtual_hosts:
- name: eshop_backend
domains:
- ["*"]
routes:
- name: "c-short"
match:
prefix: "/c/"
route:
auto_host_rewrite: true
prefix_rewrite: "/catalog-api/"
cluster: catalog
- name: "c-long"
match:
prefix: "/catalog-api/"
route:
auto_host_rewrite: true
cluster: catalog
- name: "o-short"
match:
prefix: "/o/"
route:
auto_host_rewrite: true
prefix_rewrite: "/ordering-api/"
cluster: ordering
- name: "o-long"
match:
prefix: "/ordering-api/"
route:
auto_host_rewrite: true
cluster: ordering
- name: "h-long"
match:
prefix: "/hub/notificationhub"
route:
auto_host_rewrite: true
cluster: signalr-hub
timeout: 300s
- name: "b-short"
match:
prefix: "/b/"
route:
auto_host_rewrite: true
prefix_rewrite: "/basket-api/"
cluster: basket
- name: "b-long"
match:
prefix: "/basket-api/"
route:
auto_host_rewrite: true
cluster: basket
- name: "agg"
match:
prefix: "/"
route:
auto_host_rewrite: true
prefix_rewrite: "/"
cluster: shoppingagg
http_filters:
- name: envoy.filters.http.router
- address:
socket_address:
address: 0.0.0.0
port_value: 8080
filter_chains:
- filters:
- name: envoy.filters.network.http_connection_manager
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
stat_prefix: ingress_http
codec_type: AUTO
route_config:
name: eshop_backend_route
virtual_hosts:
- name: eshop_backend
domains:
- ["*"]
routes:
- name: "c-short"
match:
prefix: "/c/"
route:
auto_host_rewrite: true
prefix_rewrite: "/catalog-api/"
cluster: catalog
- name: "c-long"
match:
prefix: "/catalog-api/"
route:
auto_host_rewrite: true
cluster: catalog
- name: "cp-short"
match:
prefix: "/cp/"
route:
auto_host_rewrite: true
prefix_rewrite: "/coupon-api/"
cluster: coupon
- name: "cp-long"
match:
prefix: "/coupon-api/"
route:
auto_host_rewrite: true
cluster: coupon
- name: "o-short"
match:
prefix: "/o/"
route:
auto_host_rewrite: true
prefix_rewrite: "/ordering-api/"
cluster: ordering
- name: "o-long"
match:
prefix: "/ordering-api/"
route:
auto_host_rewrite: true
cluster: ordering
- name: "h-long"
match:
prefix: "/hub/notificationhub"
route:
auto_host_rewrite: true
cluster: signalr-hub
timeout: 300s
- name: "b-short"
match:
prefix: "/b/"
route:
auto_host_rewrite: true
prefix_rewrite: "/basket-api/"
cluster: basket
- name: "b-long"
match:
prefix: "/basket-api/"
route:
auto_host_rewrite: true
cluster: basket
- name: "agg"
match:
prefix: "/"
route:
auto_host_rewrite: true
prefix_rewrite: "/"
cluster: shoppingagg
http_filters:
- name: envoy.filters.http.router
clusters: clusters:
- name: shoppingagg
connect_timeout: 0.25s
type: strict_dns
lb_policy: round_robin
load_assignment:
cluster_name: shoppingagg
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: webshoppingagg
port_value: 80
- name: catalog
connect_timeout: 0.25s
type: strict_dns
lb_policy: round_robin
load_assignment:
cluster_name: catalog
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: catalog-api
port_value: 80
- name: basket
connect_timeout: 0.25s
type: strict_dns
lb_policy: round_robin
load_assignment:
cluster_name: basket
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: basket-api
port_value: 80
- name: ordering
connect_timeout: 0.25s
type: strict_dns
lb_policy: round_robin
load_assignment:
cluster_name: ordering
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: ordering-api
port_value: 80
- name: signalr-hub
connect_timeout: 0.25s
type: strict_dns
lb_policy: round_robin
load_assignment:
cluster_name: signalr-hub
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: ordering-signalrhub
port_value: 80
- name: shoppingagg
connect_timeout: 0.25s
type: strict_dns
lb_policy: round_robin
load_assignment:
cluster_name: shoppingagg
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: webshoppingagg
port_value: 80
- name: catalog
connect_timeout: 0.25s
type: strict_dns
lb_policy: round_robin
load_assignment:
cluster_name: catalog
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: catalog-api
port_value: 80
- name: coupon
connect_timeout: 0.25s
type: strict_dns
lb_policy: round_robin
load_assignment:
cluster_name: coupon
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: coupon-api
port_value: 80
- name: basket
connect_timeout: 0.25s
type: strict_dns
lb_policy: round_robin
load_assignment:
cluster_name: basket
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: basket-api
port_value: 80
- name: ordering
connect_timeout: 0.25s
type: strict_dns
lb_policy: round_robin
load_assignment:
cluster_name: ordering
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: ordering-api
port_value: 80
- name: signalr-hub
connect_timeout: 0.25s
type: strict_dns
lb_policy: round_robin
load_assignment:
cluster_name: signalr-hub
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: ordering-signalrhub
port_value: 80

+ 167
- 141
deploy/k8s/helm/apigwws/envoy.yaml View File

@ -6,145 +6,171 @@ admin:
port_value: 8001 port_value: 8001
static_resources: static_resources:
listeners: listeners:
- address:
socket_address:
address: 0.0.0.0
port_value: 8080
filter_chains:
- filters:
- name: envoy.filters.network.http_connection_manager
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
stat_prefix: ingress_http
codec_type: AUTO
route_config:
name: eshop_backend_route
virtual_hosts:
- name: eshop_backend
domains:
- ["*"]
routes:
- name: "c-short"
match:
prefix: "/c/"
route:
auto_host_rewrite: true
prefix_rewrite: "/catalog-api/"
cluster: catalog
- name: "c-long"
match:
prefix: "/catalog-api/"
route:
auto_host_rewrite: true
cluster: catalog
- name: "o-short"
match:
prefix: "/o/"
route:
auto_host_rewrite: true
prefix_rewrite: "/ordering-api/"
cluster: ordering
- name: "o-long"
match:
prefix: "/ordering-api/"
route:
auto_host_rewrite: true
cluster: ordering
- name: "h-long"
match:
prefix: "/hub/notificationhub"
route:
auto_host_rewrite: true
cluster: signalr-hub
timeout: 300s
upgrade_configs:
upgrade_type: "websocket"
enabled: true
- name: "b-short"
match:
prefix: "/b/"
route:
auto_host_rewrite: true
prefix_rewrite: "/basket-api/"
cluster: basket
- name: "b-long"
match:
prefix: "/basket-api/"
route:
auto_host_rewrite: true
cluster: basket
- name: "agg"
match:
prefix: "/"
route:
auto_host_rewrite: true
prefix_rewrite: "/"
cluster: shoppingagg
http_filters:
- name: envoy.filters.http.router
- address:
socket_address:
address: 0.0.0.0
port_value: 8080
filter_chains:
- filters:
- name: envoy.filters.network.http_connection_manager
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
stat_prefix: ingress_http
codec_type: AUTO
route_config:
name: eshop_backend_route
virtual_hosts:
- name: eshop_backend
domains:
- ["*"]
routes:
- name: "c-short"
match:
prefix: "/c/"
route:
auto_host_rewrite: true
prefix_rewrite: "/catalog-api/"
cluster: catalog
- name: "c-long"
match:
prefix: "/catalog-api/"
route:
auto_host_rewrite: true
cluster: catalog
- name: "cp-short"
match:
prefix: "/cp/"
route:
auto_host_rewrite: true
prefix_rewrite: "/coupon-api/"
cluster: coupon
- name: "cp-long"
match:
prefix: "/coupon-api/"
route:
auto_host_rewrite: true
cluster: coupon
- name: "o-short"
match:
prefix: "/o/"
route:
auto_host_rewrite: true
prefix_rewrite: "/ordering-api/"
cluster: ordering
- name: "o-long"
match:
prefix: "/ordering-api/"
route:
auto_host_rewrite: true
cluster: ordering
- name: "h-long"
match:
prefix: "/hub/notificationhub"
route:
auto_host_rewrite: true
cluster: signalr-hub
timeout: 300s
upgrade_configs:
upgrade_type: "websocket"
enabled: true
- name: "b-short"
match:
prefix: "/b/"
route:
auto_host_rewrite: true
prefix_rewrite: "/basket-api/"
cluster: basket
- name: "b-long"
match:
prefix: "/basket-api/"
route:
auto_host_rewrite: true
cluster: basket
- name: "agg"
match:
prefix: "/"
route:
auto_host_rewrite: true
prefix_rewrite: "/"
cluster: shoppingagg
http_filters:
- name: envoy.filters.http.router
clusters: clusters:
- name: shoppingagg
connect_timeout: 0.25s
type: strict_dns
lb_policy: round_robin
load_assignment:
cluster_name: shoppingagg
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: webshoppingagg
port_value: 80
- name: catalog
connect_timeout: 0.25s
type: strict_dns
lb_policy: round_robin
load_assignment:
cluster_name: catalog
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: catalog-api
port_value: 80
- name: basket
connect_timeout: 0.25s
type: strict_dns
lb_policy: round_robin
load_assignment:
cluster_name: basket
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: basket-api
port_value: 80
- name: ordering
connect_timeout: 0.25s
type: strict_dns
lb_policy: round_robin
load_assignment:
cluster_name: ordering
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: ordering-api
port_value: 80
- name: signalr-hub
connect_timeout: 0.25s
type: strict_dns
lb_policy: round_robin
load_assignment:
cluster_name: signalr-hub
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: ordering-signalrhub
port_value: 80
- name: shoppingagg
connect_timeout: 0.25s
type: strict_dns
lb_policy: round_robin
load_assignment:
cluster_name: shoppingagg
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: webshoppingagg
port_value: 80
- name: catalog
connect_timeout: 0.25s
type: strict_dns
lb_policy: round_robin
load_assignment:
cluster_name: catalog
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: catalog-api
port_value: 80
- name: coupon
connect_timeout: 0.25s
type: strict_dns
lb_policy: round_robin
load_assignment:
cluster_name: coupon
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: coupon-api
port_value: 80
- name: basket
connect_timeout: 0.25s
type: strict_dns
lb_policy: round_robin
load_assignment:
cluster_name: basket
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: basket-api
port_value: 80
- name: ordering
connect_timeout: 0.25s
type: strict_dns
lb_policy: round_robin
load_assignment:
cluster_name: ordering
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: ordering-api
port_value: 80
- name: signalr-hub
connect_timeout: 0.25s
type: strict_dns
lb_policy: round_robin
load_assignment:
cluster_name: signalr-hub
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: ordering-signalrhub
port_value: 80

+ 12
- 7
src/Services/Identity/Identity.API/Configuration/Config.cs View File

@ -6,7 +6,7 @@ namespace Microsoft.eShopOnContainers.Services.Identity.API.Configuration
{ {
// ApiResources define the apis in your system // ApiResources define the apis in your system
public static IEnumerable<ApiResource> GetApis() public static IEnumerable<ApiResource> GetApis()
{
{
return new List<ApiResource> return new List<ApiResource>
{ {
new ApiResource("orders", "Orders Service"), new ApiResource("orders", "Orders Service"),
@ -15,6 +15,7 @@ namespace Microsoft.eShopOnContainers.Services.Identity.API.Configuration
new ApiResource("webshoppingagg", "Web Shopping Aggregator"), new ApiResource("webshoppingagg", "Web Shopping Aggregator"),
new ApiResource("orders.signalrhub", "Ordering Signalr Hub"), new ApiResource("orders.signalrhub", "Ordering Signalr Hub"),
new ApiResource("webhooks", "Webhooks registration Service"), new ApiResource("webhooks", "Webhooks registration Service"),
new ApiResource("coupon", "Coupon Service"),
}; };
} }
@ -53,7 +54,8 @@ namespace Microsoft.eShopOnContainers.Services.Identity.API.Configuration
"basket", "basket",
"webshoppingagg", "webshoppingagg",
"orders.signalrhub", "orders.signalrhub",
"webhooks"
"webhooks",
"coupon"
}, },
}, },
new Client new Client
@ -63,7 +65,7 @@ namespace Microsoft.eShopOnContainers.Services.Identity.API.Configuration
AllowedGrantTypes = GrantTypes.Hybrid, AllowedGrantTypes = GrantTypes.Hybrid,
//Used to retrieve the access token on the back channel. //Used to retrieve the access token on the back channel.
ClientSecrets = ClientSecrets =
{
{
new Secret("secret".Sha256()) new Secret("secret".Sha256())
}, },
RedirectUris = { clientsUrl["Xamarin"] }, RedirectUris = { clientsUrl["Xamarin"] },
@ -79,7 +81,8 @@ namespace Microsoft.eShopOnContainers.Services.Identity.API.Configuration
"orders", "orders",
"basket", "basket",
"mobileshoppingagg", "mobileshoppingagg",
"webhooks"
"webhooks",
"coupon"
}, },
//Allow requesting refresh tokens for long lived API access //Allow requesting refresh tokens for long lived API access
AllowOfflineAccess = true, AllowOfflineAccess = true,
@ -91,7 +94,7 @@ namespace Microsoft.eShopOnContainers.Services.Identity.API.Configuration
ClientName = "MVC Client", ClientName = "MVC Client",
ClientSecrets = new List<Secret> ClientSecrets = new List<Secret>
{ {
new Secret("secret".Sha256()) new Secret("secret".Sha256())
}, },
ClientUri = $"{clientsUrl["Mvc"]}", // public uri of the client ClientUri = $"{clientsUrl["Mvc"]}", // public uri of the client
@ -117,7 +120,8 @@ namespace Microsoft.eShopOnContainers.Services.Identity.API.Configuration
"basket", "basket",
"webshoppingagg", "webshoppingagg",
"orders.signalrhub", "orders.signalrhub",
"webhooks"
"webhooks",
"coupon"
}, },
AccessTokenLifetime = 60*60*2, // 2 hours AccessTokenLifetime = 60*60*2, // 2 hours
IdentityTokenLifetime= 60*60*2 // 2 hours IdentityTokenLifetime= 60*60*2 // 2 hours
@ -183,7 +187,8 @@ namespace Microsoft.eShopOnContainers.Services.Identity.API.Configuration
"orders", "orders",
"basket", "basket",
"webshoppingagg", "webshoppingagg",
"webhooks"
"webhooks",
"coupon"
}, },
}, },
new Client new Client


+ 12
- 12
src/Web/WebSPA/Client/src/modules/shared/services/security.service.ts View File

@ -1,11 +1,11 @@
import { Injectable } from '@angular/core'; import { Injectable } from '@angular/core';
import { HttpClient, HttpHeaders } from '@angular/common/http';
import { Observable, Subject } from 'rxjs';
import { Router } from '@angular/router';
import { ActivatedRoute } from '@angular/router';
import { ConfigurationService } from './configuration.service';
import { StorageService } from './storage.service';
import { HttpClient, HttpHeaders } from '@angular/common/http';
import { Observable, Subject } from 'rxjs';
import { Router } from '@angular/router';
import { ActivatedRoute } from '@angular/router';
import { ConfigurationService } from './configuration.service';
import { StorageService } from './storage.service';
@Injectable() @Injectable()
export class SecurityService { export class SecurityService {
@ -69,10 +69,10 @@ export class SecurityService {
this.authenticationSource.next(true); this.authenticationSource.next(true);
window.location.href = location.origin; window.location.href = location.origin;
}, },
error => this.HandleError(error),
() => {
console.log(this.UserData);
});
error => this.HandleError(error),
() => {
console.log(this.UserData);
});
} }
public Authorize() { public Authorize() {
@ -82,7 +82,7 @@ export class SecurityService {
let client_id = 'js'; let client_id = 'js';
let redirect_uri = location.origin + '/'; let redirect_uri = location.origin + '/';
let response_type = 'id_token token'; let response_type = 'id_token token';
let scope = 'openid profile orders basket webshoppingagg orders.signalrhub';
let scope = 'openid profile orders basket webshoppingagg orders.signalrhub coupon';
let nonce = 'N' + Math.random() + '' + Date.now(); let nonce = 'N' + Math.random() + '' + Date.now();
let state = Date.now() + '' + Math.random(); let state = Date.now() + '' + Math.random();
@ -198,7 +198,7 @@ export class SecurityService {
if (typeof token !== 'undefined') { if (typeof token !== 'undefined') {
let encoded = token.split('.')[1]; let encoded = token.split('.')[1];
data = JSON.parse(this.urlBase64Decode(encoded)); data = JSON.parse(this.urlBase64Decode(encoded));
} }


Write Preview
Loading…
Cancel
Save