[Feature/redis provider] add redis auth provider #99
Conversation
SlZeroth
commented
Aug 30, 2021
SlZeroth
commented
- created provider.go file and i insert that file to all of logic about redisAuthProvider.
- now createKeyProvider func is include in ServiceSet
- fix config.yaml file to chose auth type
|
I have a question about implementing the redis Provider. In the existing test code, put StaticProvider in "service.InitializeServer". However, in my code, createKeyProvider is initialized using wire DI. I'm curious what opinions you have on this and how you would like it to be changed. |
pkg/service/wire.go
Outdated
| @@ -9,14 +9,14 @@ import ( | |||
| "github.com/livekit/livekit-server/pkg/routing" | |||
| ) | |||
|
|
|||
| func InitializeServer(conf *config.Config, currentNode routing.LocalNode) (*LivekitServer, error) { | |||
| func InitializeServer(conf *config.Config, currentNode routing.LocalNode, isTest bool) (*LivekitServer, error) { | |||
There was a problem hiding this comment.
this is changed InitializeServer func
There was a problem hiding this comment.
we just removed the StaticProvider code to simplify things. sorry, this ended up being a significant change. could you merge and see if issues remain?
There was a problem hiding this comment.
no problem. I think remove StaticProvider version is better than before.
Deleting the StaticProvider and the CreateKeyProvider are included in the wire, so it's easier to work with.
|
do you know about it ?
in my local mage testall commend is work |
cmd/server/main.go
Outdated
| @@ -190,7 +190,9 @@ func startServer(c *cli.Context) error { | |||
| return err | |||
| } | |||
|
|
|||
|
|
|||
There was a problem hiding this comment.
probably not worth changing this file just for spacing? :)
pkg/config/config.go
Outdated
| @@ -30,6 +30,7 @@ type Config struct { | |||
| KeyFile string `yaml:"key_file"` | |||
| Keys map[string]string `yaml:"keys"` | |||
| LogLevel string `yaml:"log_level"` | |||
| AuthType string `yaml:"auth_type"` | |||
There was a problem hiding this comment.
| AuthType string `yaml:"auth_type"` | |
| KeyProvider string `yaml:"key_provider"` |
can you also run go fmt / goimports on files in this commit?
pkg/service/provider.go
Outdated
| } | ||
|
|
||
| func (p *RedisBasedKeyProvider) GetSecret(key string) string { | ||
| fmt.Print("GetSecret CALLED", "\n") |
There was a problem hiding this comment.
let's get rid of prints from the code
config-sample.yaml
Outdated
| @@ -60,6 +60,9 @@ keys: | |||
| key1: secret1 | |||
| key2: secret2 | |||
|
|
|||
| auth_type: redis | |||
There was a problem hiding this comment.
| auth_type: redis | |
| # # auth details could be stored in Redis. when enabled, .... | |
| # key_provider: redis |
once we decide the redis structure, let's include notes on how they keys should be stored in redis.
pkg/service/provider.go
Outdated
|
|
||
| func (p *RedisBasedKeyProvider) GetSecret(key string) string { | ||
| fmt.Print("GetSecret CALLED", "\n") | ||
| secret, _ := p.client.Get(context.Background(), key).Result() |
There was a problem hiding this comment.
I could suggest storing api key/secret in a hash key. it's very hard to remove an API key without a hash of some sort. it's possible to use a hash with a name of "livekit-keys", and storing api key as key of the hash, and secret in the value.. i.e. HGET livekit-keys APIxxxxx
pkg/service/provider.go
Outdated
| } | ||
|
|
||
| func (p *RedisBasedKeyProvider) NumKeys() int { | ||
| return 1 |
pkg/service/utils.go
Outdated
| @@ -157,3 +163,34 @@ func permissionFromGrant(claim *auth.VideoGrant) *livekit.ParticipantPermission | |||
| } | |||
| return p | |||
| } | |||
|
|
|||
| func createKeyProvider(client *redis.Client, conf *config.Config) (auth.KeyProvider, error) { | |||
There was a problem hiding this comment.
this seems to be completely duplicated from CreateKeyProvider.
pkg/service/wire.go
Outdated
| @@ -9,6 +9,7 @@ import ( | |||
| "github.com/livekit/livekit-server/pkg/routing" | |||
| ) | |||
|
|
|||
|
|
|||
There was a problem hiding this comment.
similarly, this file didn't need to be changed.
|
could you remove .DS_Store as well? 🙏 |
| } else { | ||
| return nil, errors.New("conf.auth_type value is not current") | ||
| } | ||
| } |
| @@ -25,4 +26,4 @@ func InitializeRouter(conf *config.Config, currentNode routing.LocalNode) (routi | |||
| ) | |||
|
|
|||
| return nil, nil | |||
| } | |||
| } | |||
There was a problem hiding this comment.
thanks for your review :)
|
pkg/config/config.go
Outdated
| @@ -30,6 +30,7 @@ type Config struct { | |||
| KeyFile string `yaml:"key_file"` | |||
| Keys map[string]string `yaml:"keys"` | |||
| LogLevel string `yaml:"log_level"` | |||
| KeyProvider string `yaml:"key_provider"` | |||
There was a problem hiding this comment.
Thinking that it'd be more extensible to make this into a struct. It'll make it more flexible in the future to customize the behavior. for example:
type KeyProviderConfig struct {
// env (default), config, file, redis
Kind string `yaml:"kind"`
// used with config and env. we could migrate the top level keys to here.
Keys map[string]string
// used with file provider
Path string
// key to use as the hash to load keys
RedisKey string `yaml:"redis_key"`
}There was a problem hiding this comment.
Path string what is that property mean?
because config is only one file and config file include KeyProvider information so I think Path property doesn't need .
There was a problem hiding this comment.
Path can be used for the file provider.. where it could read from a separate keyfile. This is supported today, while probably not a commonly used path.
|
Sorry i will start this task from now on |
|
The requirements for the KeyProvider structure were applied. I'd appreciate it if you let me know what needs to be fixed or added. |
|
Any update on this PR? |
|
|
