Merge pull request #93 from basenana/feature/fsapi

setup gRPC fsapi

Makefile

@@ -26,6 +26,12 @@ check:
 	@go vet ./...
 lint:
 	golangci-lint run --enable-all
+fsapi:
+	API_V1_DIR="cmd/apps/apis/fsapi/v1"; \
+	protoc --go_out=. --go_opt=paths=source_relative \
+		  --go-grpc_out=. --go-grpc_opt=paths=source_relative \
+		  --go-grpc_opt=require_unimplemented_servers=false \
+		  $${API_V1_DIR}/fsapi-v1.proto
 help:
 	@echo "make build - build multi arch binary"
 	@echo "make clean - clean workspace"

cmd/apps/apis/fsapi/common/auth.go

@@ -0,0 +1,55 @@
+/*
+ Copyright 2023 NanaFS Authors.
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+*/
+
+package common
+
+import (
+	"context"
+	"google.golang.org/grpc/credentials"
+	"google.golang.org/grpc/peer"
+	"strconv"
+)
+
+type AuthInfo struct {
+	Authenticated bool
+	UID           int64
+	Namespace     []string
+}
+
+func CallerAuth(ctx context.Context) AuthInfo {
+	ai := AuthInfo{Authenticated: false, UID: -1}
+	p, ok := peer.FromContext(ctx)
+	if ok {
+		tlsInfo := p.AuthInfo.(credentials.TLSInfo)
+		if len(tlsInfo.State.VerifiedChains) > 0 &&
+			len(tlsInfo.State.VerifiedChains[0]) > 0 {
+			subject := tlsInfo.State.VerifiedChains[0][0].Subject
+
+			var (
+				tmpNum int64
+				err    error
+			)
+			tmpNum, err = strconv.ParseInt(subject.CommonName, 10, 64)
+			if err != nil {
+				return ai
+			}
+			ai.UID = tmpNum
+			ai.Namespace = subject.Organization
+			ai.Authenticated = true
+		}
+	}
+	return ai
+}

cmd/apps/apis/fsapi/common/errors.go

@@ -0,0 +1,48 @@
+/*
+ Copyright 2023 NanaFS Authors.
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+*/
+
+package common
+
+import (
+	"github.com/basenana/nanafs/pkg/types"
+	"google.golang.org/grpc/codes"
+)
+
+func FsApiError(err error) codes.Code {
+	if err == nil {
+		return codes.OK
+	}
+
+	switch err {
+	case types.ErrNotFound:
+		return codes.NotFound
+	case types.ErrIsExist:
+		return codes.AlreadyExists
+	case types.ErrNameTooLong,
+		types.ErrNoGroup,
+		types.ErrNotEmpty,
+		types.ErrIsGroup:
+		return codes.InvalidArgument
+	case types.ErrNoAccess:
+		return codes.Unauthenticated
+	case types.ErrNoPerm:
+		return codes.PermissionDenied
+	case types.ErrUnsupported:
+		return codes.Unimplemented
+	}
+
+	return codes.Unknown
+}

cmd/apps/apis/fsapi/server.go

@@ -0,0 +1,98 @@
+/*
+ Copyright 2023 NanaFS Authors.
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+*/
+
+package fsapi
+
+import (
+	"crypto/tls"
+	"crypto/x509"
+	"fmt"
+	v1 "github.com/basenana/nanafs/cmd/apps/apis/fsapi/v1"
+	"github.com/basenana/nanafs/cmd/apps/apis/pathmgr"
+	"github.com/basenana/nanafs/config"
+	"github.com/basenana/nanafs/pkg/controller"
+	"github.com/basenana/nanafs/utils/logger"
+	"google.golang.org/grpc"
+	"google.golang.org/grpc/credentials"
+	"log"
+	"net"
+	"os"
+)
+
+type Server struct {
+	server   *grpc.Server
+	listener net.Listener
+	services v1.Services
+	cfg      config.FsApi
+}
+
+func (s *Server) Run(stopCh chan struct{}) {
+	if !s.cfg.Enable {
+		return
+	}
+
+	go func() {
+		<-stopCh
+		s.server.GracefulStop()
+	}()
+
+	if err := s.server.Serve(s.listener); err != nil {
+		logger.NewLogger("fsapi").Fatalf("start server failed: %s", err)
+	}
+}
+
+func New(ctrl controller.Controller, pathEntryMgr *pathmgr.PathManager, cfg config.FsApi) (*Server, error) {
+	if !cfg.Enable {
+		return nil, fmt.Errorf("fsapi not enabled")
+	}
+
+	certPool := x509.NewCertPool()
+	ca, err := os.ReadFile(cfg.CaFile)
+	if err != nil {
+		return nil, fmt.Errorf("open ca file error: %s", err)
+	}
+	if ok := certPool.AppendCertsFromPEM(ca); !ok {
+		log.Fatal("failed to append ca certs")
+	}
+
+	certificate, err := tls.LoadX509KeyPair(cfg.CertFile, cfg.KeyFile)
+	if err != nil {
+		return nil, fmt.Errorf("open cert/key file error: %s", err)
+	}
+	creds := credentials.NewTLS(&tls.Config{
+		Certificates: []tls.Certificate{certificate},
+		ServerName:   cfg.ServerName, // NOTE: this is required!
+		RootCAs:      certPool,
+	})
+
+	var opts = []grpc.ServerOption{
+		grpc.Creds(creds),
+	}
+	l, err := net.Listen("tcp", fmt.Sprintf("%s:%d", cfg.Host, cfg.Port))
+	if err != nil {
+		return nil, fmt.Errorf("")
+	}
+	s := &Server{
+		listener: l,
+		server:   grpc.NewServer(opts...),
+		cfg:      cfg,
+	}
+	s.services, err = v1.InitServices(s.server, ctrl, pathEntryMgr)
+	if err != nil {
+		return nil, err
+	}
+	return s, nil
+}