sedkis/README.md

## README.md

      
    Raw
  

              README.md
            
          
compile plugin


load into gateway


use the below YAML:


apiVersion: tyk.tyk.io/v1alpha1
kind: ApiDefinition
metadata:
  name: httpbin-go-auth
spec:
  name: httpbin-go-auth
  use_keyless: false
  protocol: http
  active: true
  use_go_plugin_auth: true
  proxy:
    target_url: http://httpbin.org
    listen_path: /httpbin
    strip_listen_path: true
  custom_middleware:
    driver: goplugin
    pre:
      - name: "AddFooBarHeader"
        path: "/mnt/tyk-gateway/example-go-plugin.so"
    auth_check:
        name: "MyPluginCustomAuthCheck"
        path: "/mnt/tyk-gateway/example-go-plugin.so"


## goplugin.go
package main

import (
	"encoding/json"
	"net/http"
	"github.com/TykTechnologies/tyk/ctx"
	"github.com/TykTechnologies/tyk/user"
	"github.com/TykTechnologies/tyk/log"
	"github.com/TykTechnologies/tyk/headers"
)

// AddFooBarHeader adds custom "Foo: Bar" header to the request
func AddFooBarHeader(rw http.ResponseWriter, r *http.Request) {
	apidef := ctx.GetDefinition(r)
	var logger = log.Get()
	logger.WithField("api-name", apidef.Name).Info("Processing PRE request in Golang plugin!!" )

	r.Header.Add("Foo", "Bar")
}

func getSessionByKey(key string) *user.SessionState {
	// here goes our logic to check if passed API key is valid and appropriate key session can be retrieved
	// perform auth (only one token "abc" is allowed)
	// Here you add code to query your database
	if key != "abc" {
		return nil
	}

	// return session
	return &user.SessionState{
		OrgID: "default",
		Alias: "abc-session",
	}
}

func MyPluginCustomAuthCheck(rw http.ResponseWriter, r *http.Request) {
	apidef := ctx.GetDefinition(r)
	var logger = log.Get()
	logger.WithField("api-name", apidef.Name).Info("Processing AUTH HTTP request in Golang plugin!!" )


	// try to get session by API key
	key := r.Header.Get(headers.Authorization)
	session := getSessionByKey(key)
	if session == nil {
		// auth failed, reply with 403
		rw.WriteHeader(http.StatusForbidden)

		// prepare data to send
		replyData := map[string]string{
			"reason": "Access forbidden",
		}

		writeBody(rw, replyData)
		//jsonData, err := json.Marshal(replyData)
		//if err != nil {
		//	rw.WriteHeader(http.StatusInternalServerError)
		//
		//	rw.Write(jsonData)
		//	return
		//}

		return
	}

	// auth was successful, add session and key to request's context so other middle-wares can use it
	ctx.SetSession(r, session, false, true)
}

func writeBody(rw http.ResponseWriter, replyJson map[string]string) error{

	var logger = log.Get()
	jsonData, err := json.Marshal(replyJson)
	if err != nil {
		logger.WithField("replyJson", replyJson).Error("Golang auth plugin: Failed to marshal")
		rw.WriteHeader(http.StatusInternalServerError)
		return err
	}

	rw.Write(jsonData)
	return nil
}

// called once plugin is loaded, this is where we put all initialization work for plugin
// i.e. setting exported functions, setting up connection pool to storage and etc.
func init() {
	var logger = log.Get()
	logger.Info("Processing Golang plugin init function version 1.2!!" )
	//Here you write the code for db connection
}

func main() {}
	package main

	import (
	"encoding/json"
	"net/http"
	"github.com/TykTechnologies/tyk/ctx"
	"github.com/TykTechnologies/tyk/user"
	"github.com/TykTechnologies/tyk/log"
	"github.com/TykTechnologies/tyk/headers"
	)

	// AddFooBarHeader adds custom "Foo: Bar" header to the request
	func AddFooBarHeader(rw http.ResponseWriter, r *http.Request) {
	apidef := ctx.GetDefinition(r)
	var logger = log.Get()
	logger.WithField("api-name", apidef.Name).Info("Processing PRE request in Golang plugin!!" )

	r.Header.Add("Foo", "Bar")
	}

	func getSessionByKey(key string) *user.SessionState {
	// here goes our logic to check if passed API key is valid and appropriate key session can be retrieved
	// perform auth (only one token "abc" is allowed)
	// Here you add code to query your database
	if key != "abc" {
	return nil
	}

	// return session
	return &user.SessionState{
	OrgID: "default",
	Alias: "abc-session",
	}
	}

	func MyPluginCustomAuthCheck(rw http.ResponseWriter, r *http.Request) {
	apidef := ctx.GetDefinition(r)
	var logger = log.Get()
	logger.WithField("api-name", apidef.Name).Info("Processing AUTH HTTP request in Golang plugin!!" )


	// try to get session by API key
	key := r.Header.Get(headers.Authorization)
	session := getSessionByKey(key)
	if session == nil {
	// auth failed, reply with 403
	rw.WriteHeader(http.StatusForbidden)

	// prepare data to send
	replyData := map[string]string{
	"reason": "Access forbidden",
	}

	writeBody(rw, replyData)
	//jsonData, err := json.Marshal(replyData)
	//if err != nil {
	// rw.WriteHeader(http.StatusInternalServerError)
	//
	// rw.Write(jsonData)
	// return
	//}

	return
	}

	// auth was successful, add session and key to request's context so other middle-wares can use it
	ctx.SetSession(r, session, false, true)
	}

	func writeBody(rw http.ResponseWriter, replyJson map[string]string) error{

	var logger = log.Get()
	jsonData, err := json.Marshal(replyJson)
	if err != nil {
	logger.WithField("replyJson", replyJson).Error("Golang auth plugin: Failed to marshal")
	rw.WriteHeader(http.StatusInternalServerError)
	return err
	}

	rw.Write(jsonData)
	return nil
	}

	// called once plugin is loaded, this is where we put all initialization work for plugin
	// i.e. setting exported functions, setting up connection pool to storage and etc.
	func init() {
	var logger = log.Get()
	logger.Info("Processing Golang plugin init function version 1.2!!" )
	//Here you write the code for db connection
	}

	func main() {}