mirror of
https://github.com/postmannen/ctrl.git
synced 2024-12-14 12:37:31 +00:00
refactored calling the handler for subscribers
This commit is contained in:
parent
2b2064c3cb
commit
592425d53c
1 changed files with 84 additions and 82 deletions
166
process.go
166
process.go
|
@ -520,98 +520,24 @@ func (p process) messageSubscriberHandler(natsConn *nats.Conn, thisNode string,
|
||||||
p.errorKernel.errSend(p, message, er)
|
p.errorKernel.errSend(p, message, er)
|
||||||
}
|
}
|
||||||
|
|
||||||
out := []byte{}
|
//var err error
|
||||||
var err error
|
|
||||||
|
|
||||||
doHandler := false
|
out := p.callHandler(message, mh, thisNode)
|
||||||
|
|
||||||
switch {
|
// Send a confirmation message back to the publisher to ACK that the
|
||||||
|
// message was received by the subscriber. The reply should be sent
|
||||||
// If no checking enabled we should just allow the message.
|
//no matter if the handler was executed successfully or not
|
||||||
case !p.nodeAuth.configuration.EnableSignatureCheck && !p.nodeAuth.configuration.EnableAclCheck:
|
|
||||||
log.Printf(" * DEBUG: verify acl/sig: EnableSignatureCheck=false, EnableAclCheck=false\n")
|
|
||||||
log.Printf(" * DEBUG: no checking at all is enabled, allow the message\n")
|
|
||||||
doHandler = true
|
|
||||||
|
|
||||||
// If only sig check enabled, and sig OK, we should allow the message.
|
|
||||||
case p.nodeAuth.configuration.EnableSignatureCheck && !p.nodeAuth.configuration.EnableAclCheck:
|
|
||||||
log.Printf(" * DEBUG: verify acl/sig: EnableSignatureCheck=true, EnableAclCheck=false\n")
|
|
||||||
log.Printf(" * DEBUG: only signature checking enabled, allow the message if sigOK\n")
|
|
||||||
|
|
||||||
sigOK := p.nodeAuth.verifySignature(message)
|
|
||||||
log.Printf("info: sigOK=%v\n", sigOK)
|
|
||||||
|
|
||||||
if sigOK {
|
|
||||||
doHandler = true
|
|
||||||
}
|
|
||||||
|
|
||||||
// If both sig and acl check enabled, and sig and acl OK, we should allow the message.
|
|
||||||
case p.nodeAuth.configuration.EnableSignatureCheck && p.nodeAuth.configuration.EnableAclCheck:
|
|
||||||
log.Printf(" * DEBUG: verify acl/sig: EnableSignatureCheck=true, EnableAclCheck=true\n")
|
|
||||||
log.Printf(" * DEBUG: both signature and acl checking enabled, allow the message if sigOK and aclOK\n")
|
|
||||||
|
|
||||||
sigOK := p.nodeAuth.verifySignature(message)
|
|
||||||
log.Printf("info: sigOK=%v\n", sigOK)
|
|
||||||
aclOK := p.nodeAuth.verifyAcl(message)
|
|
||||||
log.Printf("info: aclOK=%v\n", aclOK)
|
|
||||||
|
|
||||||
if sigOK && aclOK {
|
|
||||||
doHandler = true
|
|
||||||
}
|
|
||||||
|
|
||||||
// none of the verification options matched, we should keep the default value
|
|
||||||
// of doHandler=false, so the handler is not done.
|
|
||||||
default:
|
|
||||||
log.Printf(" * DEBUG: verify acl/sig: None of the verify flags matched, not doing handler for message\n")
|
|
||||||
}
|
|
||||||
|
|
||||||
switch {
|
|
||||||
case doHandler:
|
|
||||||
log.Printf("info: subscriberHandler: doHandler=true: %v\n", doHandler)
|
|
||||||
out, err = mh.handler(p, message, thisNode)
|
|
||||||
if err != nil {
|
|
||||||
er := fmt.Errorf("error: subscriberHandler: handler method failed: %v", err)
|
|
||||||
p.errorKernel.errSend(p, message, er)
|
|
||||||
log.Printf("%v\n", er)
|
|
||||||
}
|
|
||||||
default:
|
|
||||||
er := fmt.Errorf("error: subscriberHandler: doHandler=false, doing nothing")
|
|
||||||
p.errorKernel.errSend(p, message, er)
|
|
||||||
log.Printf("%v\n", er)
|
|
||||||
}
|
|
||||||
|
|
||||||
// Send a confirmation message back to the publisher
|
|
||||||
natsConn.Publish(msg.Reply, out)
|
natsConn.Publish(msg.Reply, out)
|
||||||
|
|
||||||
// Check for NACK type Event.
|
|
||||||
case p.subject.Event == EventNACK:
|
case p.subject.Event == EventNACK:
|
||||||
mf, ok := p.methodsAvailable.CheckIfExists(message.Method)
|
mh, ok := p.methodsAvailable.CheckIfExists(message.Method)
|
||||||
if !ok {
|
if !ok {
|
||||||
er := fmt.Errorf("error: subscriberHandler: method type not available: %v", p.subject.Event)
|
er := fmt.Errorf("error: subscriberHandler: method type not available: %v", p.subject.Event)
|
||||||
p.errorKernel.errSend(p, message, er)
|
p.errorKernel.errSend(p, message, er)
|
||||||
}
|
}
|
||||||
|
|
||||||
// The verify functions will return true if the signature or acl is correct,
|
// We do not send reply messages for EventNACL, so we can discard the output.
|
||||||
// but will return false if the signature or acl is wrong.
|
_ = p.callHandler(message, mh, thisNode)
|
||||||
// They will also return true if the configuration flag for checking the acl
|
|
||||||
// or the signature is set to false.
|
|
||||||
sigOK := p.nodeAuth.verifySignature(message)
|
|
||||||
aclOK := p.nodeAuth.verifyAcl(message)
|
|
||||||
|
|
||||||
// We should allow to call the handler if either:
|
|
||||||
// 1. signature and acl is OK for when acl verification is enabled.
|
|
||||||
// 2. just signature is OK, if just signature checking is enabled.
|
|
||||||
// 3. Since the verify functions return true if the verification is
|
|
||||||
// disabled, the handler will be called if both are disabled.
|
|
||||||
if sigOK && aclOK || sigOK {
|
|
||||||
|
|
||||||
_, err := mf.handler(p, message, thisNode)
|
|
||||||
|
|
||||||
if err != nil {
|
|
||||||
er := fmt.Errorf("error: subscriberHandler: handler method failed: %v", err)
|
|
||||||
p.errorKernel.errSend(p, message, er)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
default:
|
default:
|
||||||
er := fmt.Errorf("info: did not find that specific type of event: %#v", p.subject.Event)
|
er := fmt.Errorf("info: did not find that specific type of event: %#v", p.subject.Event)
|
||||||
|
@ -620,6 +546,82 @@ func (p process) messageSubscriberHandler(natsConn *nats.Conn, thisNode string,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// callHandler will call the handler for the Request type defined in the message.
|
||||||
|
// If checking signatures and/or acl's are enabled the signatures they will be
|
||||||
|
// verified, and if OK the handler is called.
|
||||||
|
func (p process) callHandler(message Message, mh methodHandler, thisNode string) []byte {
|
||||||
|
out := []byte{}
|
||||||
|
var err error
|
||||||
|
|
||||||
|
switch p.verifySigOrAclFlag(message) {
|
||||||
|
case true:
|
||||||
|
log.Printf("info: subscriberHandler: doHandler=true: %v\n", true)
|
||||||
|
out, err = mh.handler(p, message, thisNode)
|
||||||
|
if err != nil {
|
||||||
|
er := fmt.Errorf("error: subscriberHandler: handler method failed: %v", err)
|
||||||
|
p.errorKernel.errSend(p, message, er)
|
||||||
|
log.Printf("%v\n", er)
|
||||||
|
}
|
||||||
|
default:
|
||||||
|
er := fmt.Errorf("error: subscriberHandler: doHandler=false, doing nothing")
|
||||||
|
p.errorKernel.errSend(p, message, er)
|
||||||
|
log.Printf("%v\n", er)
|
||||||
|
}
|
||||||
|
|
||||||
|
return out
|
||||||
|
}
|
||||||
|
|
||||||
|
// verifySigOrAclFlag will do signature and/or acl checking based on which of
|
||||||
|
// those features are enabled, and then call the handler.
|
||||||
|
// The handler will also be called if neither signature or acl checking is enabled
|
||||||
|
// since it is up to the subscriber to decide if it want to use the auth features
|
||||||
|
// or not.
|
||||||
|
func (p process) verifySigOrAclFlag(message Message) bool {
|
||||||
|
doHandler := false
|
||||||
|
|
||||||
|
switch {
|
||||||
|
|
||||||
|
// If no checking enabled we should just allow the message.
|
||||||
|
case !p.nodeAuth.configuration.EnableSignatureCheck && !p.nodeAuth.configuration.EnableAclCheck:
|
||||||
|
log.Printf(" * DEBUG: verify acl/sig: EnableSignatureCheck=false, EnableAclCheck=false\n")
|
||||||
|
log.Printf(" * DEBUG: no checking at all is enabled, allow the message\n")
|
||||||
|
doHandler = true
|
||||||
|
|
||||||
|
// If only sig check enabled, and sig OK, we should allow the message.
|
||||||
|
case p.nodeAuth.configuration.EnableSignatureCheck && !p.nodeAuth.configuration.EnableAclCheck:
|
||||||
|
log.Printf(" * DEBUG: verify acl/sig: EnableSignatureCheck=true, EnableAclCheck=false\n")
|
||||||
|
log.Printf(" * DEBUG: only signature checking enabled, allow the message if sigOK\n")
|
||||||
|
|
||||||
|
sigOK := p.nodeAuth.verifySignature(message)
|
||||||
|
log.Printf("info: sigOK=%v\n", sigOK)
|
||||||
|
|
||||||
|
if sigOK {
|
||||||
|
doHandler = true
|
||||||
|
}
|
||||||
|
|
||||||
|
// If both sig and acl check enabled, and sig and acl OK, we should allow the message.
|
||||||
|
case p.nodeAuth.configuration.EnableSignatureCheck && p.nodeAuth.configuration.EnableAclCheck:
|
||||||
|
log.Printf(" * DEBUG: verify acl/sig: EnableSignatureCheck=true, EnableAclCheck=true\n")
|
||||||
|
log.Printf(" * DEBUG: both signature and acl checking enabled, allow the message if sigOK and aclOK\n")
|
||||||
|
|
||||||
|
sigOK := p.nodeAuth.verifySignature(message)
|
||||||
|
log.Printf("info: sigOK=%v\n", sigOK)
|
||||||
|
aclOK := p.nodeAuth.verifyAcl(message)
|
||||||
|
log.Printf("info: aclOK=%v\n", aclOK)
|
||||||
|
|
||||||
|
if sigOK && aclOK {
|
||||||
|
doHandler = true
|
||||||
|
}
|
||||||
|
|
||||||
|
// none of the verification options matched, we should keep the default value
|
||||||
|
// of doHandler=false, so the handler is not done.
|
||||||
|
default:
|
||||||
|
log.Printf(" * DEBUG: verify acl/sig: None of the verify flags matched, not doing handler for message\n")
|
||||||
|
}
|
||||||
|
|
||||||
|
return doHandler
|
||||||
|
}
|
||||||
|
|
||||||
// SubscribeMessage will register the Nats callback function for the specified
|
// SubscribeMessage will register the Nats callback function for the specified
|
||||||
// nats subject. This allows us to receive Nats messages for a given subject
|
// nats subject. This allows us to receive Nats messages for a given subject
|
||||||
// on a node.
|
// on a node.
|
||||||
|
|
Loading…
Reference in a new issue