Skip to content

Instantly share code, notes, and snippets.

@Romain-P

Romain-P/VaultRequestInterceptor.java

Created February 15, 2022 16:11
Show Gist options
  • Save Romain-P/bc2d0593b4ba7e1070b2fe9b08b276b9 to your computer and use it in GitHub Desktop.
Save Romain-P/bc2d0593b4ba7e1070b2fe9b08b276b9 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
VaultRequestInterceptor.java
package fr.idfm.sb.payment.client.vault.http;
import feign.RequestInterceptor;
import feign.RequestTemplate;
import fr.idfm.sb.payment.client.VaultConfig;
import fr.idfm.sb.payment.client.dto.vault.AuthDto;
import fr.idfm.sb.payment.client.dto.vault.VaultLoginRequestDto;
import fr.idfm.sb.payment.client.dto.vault.VaultLoginResponseDto;
import fr.idfm.sb.payment.client.dto.vault.VaultTokenLookupSelfResponseDto;
import fr.idfm.sb.payment.common.constant.CustomHttpHeaders;
import fr.idfm.sb.payment.common.constant.ErrorMessage;
import fr.idfm.sb.payment.common.exception.VaultException;
import lombok.AllArgsConstructor;
import lombok.NoArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.stereotype.Component;
import java.util.Date;
@Slf4j
@Component
public class VaultRequestInterceptor implements RequestInterceptor {
private AuthDto authDto;
private final VaultClient vaultClient;
private final VaultConfig vaultConfig;
@Autowired
public VaultRequestInterceptor(VaultClient vaultClient, VaultConfig vaultConfig) {
this.authDto = new AuthDto();
this.vaultClient = vaultClient;
this.vaultConfig = vaultConfig;
}
@Override
public void apply(RequestTemplate requestTemplate) {
if (this.authDto == null) {
login(requestTemplate);
} else {
if(isExpired()){
login(requestTemplate);
}else{
requestTemplate.header(CustomHttpHeaders.X_VAULT_TOKEN, authDto.getClientToken());
}
}
}
private void login(RequestTemplate requestTemplate) {
VaultLoginRequestDto vaultLoginRequestDto = VaultLoginRequestDto.builder().roleId(vaultConfig.getRoleId()).secretId(vaultConfig.getSecretId()).build();
VaultLoginResponseDto vaultLoginResponseDto = vaultClient.login(vaultLoginRequestDto);
if(vaultLoginResponseDto == null
|| vaultLoginResponseDto.getAuth() == null
|| StringUtils.isEmpty(vaultLoginResponseDto.getAuth().getClientToken())){
throw new VaultException(HttpStatus.INTERNAL_SERVER_ERROR, ErrorMessage.INTERNAL_SERVER_ERROR);
}
AuthDto auth = vaultLoginResponseDto.getAuth();
this.authDto = auth;
requestTemplate.header(CustomHttpHeaders.X_VAULT_TOKEN, auth.getClientToken());
}
private boolean isExpired(){
if(StringUtils.isEmpty(authDto.getClientToken())){
throw new VaultException(HttpStatus.INTERNAL_SERVER_ERROR, ErrorMessage.INTERNAL_SERVER_ERROR);
}
VaultTokenLookupSelfResponseDto vaultLoginResponseDto = vaultClient.lookupSelf(authDto.getClientToken());
if(vaultLoginResponseDto.getData() == null || vaultLoginResponseDto.getData().getExpireTime() == null){
throw new VaultException(HttpStatus.INTERNAL_SERVER_ERROR, ErrorMessage.INTERNAL_SERVER_ERROR);
}
Date expireTime = vaultLoginResponseDto.getData().getExpireTime();
return expireTime.before(new Date());
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment