Forem: maxwellhertz The latest articles on Forem by maxwellhertz (@maxwellhertz). https://forem.com/maxwellhertz https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F240696%2F05585e0f-4b82-44f3-9f66-aac22202b0fb.jpeg Forem: maxwellhertz https://forem.com/maxwellhertz en A Go Microservices Demo using Go kit And API Gateway Pattern maxwellhertz Fri, 31 Jan 2020 10:24:51 +0000 https://forem.com/maxwellhertz/a-go-microservices-demo-using-go-kit-and-api-gateway-pattern-2321 https://forem.com/maxwellhertz/a-go-microservices-demo-using-go-kit-and-api-gateway-pattern-2321 <p><a href="https://gokit.io/">Go kit</a> is a popular Go microservices framework. I've found it quite interesting but lacking clear and detailed examples that a learner can follow. The official hello-world tutorial <a href="https://gokit.io/examples/stringsvc.html">stringsvc</a> really confused me when I tried to implement <a href="https://github.com/go-kit/kit/tree/master/examples/stringsvc3">stringsvc3</a>. After some struggles, I realized that all this example wanted to do was to "simulate" an <a href="https://microservices.io/patterns/apigateway.html">API gateway</a>, which was kinda impractical in the real world. Therefore, I combined stringsvc3 with <a href="https://github.com/go-kit/kit/tree/master/examples/apigateway">apigateway</a> to create a more practical microservices application. I hope this article may help you if you want to write a useful demo with Go kit.</p> <blockquote> <p>In this article, I will focus on the implementation of API gateway rather than basic concepts in Go kit such as endpoint, transport or service.</p> </blockquote> <h1> API Gateway Based On Service Discovery </h1> <p><a href="https://www.nginx.com/blog/service-discovery-in-a-microservices-architecture/">Service discovery</a> is an essential component of a microservices architecture. In a nutshell, we don't need to bother choosing which instance of a service to use because the service discovery system will do this under the hood. </p> <p>In this example, I will use <a href="https://www.consul.io/">Consul</a> to implement a very simple client-side service discovery system. </p> <h1> Service Registration </h1> <p>Firstly, download the source code of stringsvc3, remove the file <code>proxying.go</code> and delete the relevant code in <code>main.go</code>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="c">// We don't need this anymore.</span> <span class="c">// svc = proxyingMiddleware(context.Background(), *proxy, logger)(svc)</span> </code></pre> </div> <p>Then, we can register the stringsvc using Go kit's sd package.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">main</span> <span class="k">import</span> <span class="p">(</span> <span class="o">....</span> <span class="s">"github.com/go-kit/kit/sd/consul"</span> <span class="s">"github.com/hashicorp/consul/api"</span> <span class="p">)</span> <span class="k">func</span> <span class="n">main</span><span class="p">()</span> <span class="p">{</span> <span class="o">...</span> <span class="c">// Build consul client and register services.</span> <span class="c">// Specify the information of an instance.</span> <span class="n">asr</span> <span class="o">:=</span> <span class="n">api</span><span class="o">.</span><span class="n">AgentServiceRegistration</span><span class="p">{</span> <span class="c">// Every service instance must have an unique ID.</span> <span class="n">ID</span><span class="o">:</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Sprintf</span><span class="p">(</span><span class="s">"%v%v/%v"</span><span class="p">,</span> <span class="n">host</span><span class="p">,</span> <span class="n">listen</span><span class="p">,</span> <span class="n">prefix</span><span class="p">),</span> <span class="n">Name</span><span class="o">:</span> <span class="n">serviceName</span><span class="p">,</span> <span class="c">// These two values are the location of an instance.</span> <span class="n">Address</span><span class="o">:</span> <span class="n">host</span><span class="p">,</span> <span class="n">Port</span><span class="o">:</span> <span class="n">port</span><span class="p">,</span> <span class="p">}</span> <span class="n">consulConfig</span> <span class="o">:=</span> <span class="n">api</span><span class="o">.</span><span class="n">DefaultConfig</span><span class="p">()</span> <span class="c">// We can get the address of consul server from environment variale or a config file.</span> <span class="k">if</span> <span class="nb">len</span><span class="p">(</span><span class="n">consulServer</span><span class="p">)</span> <span class="o">&gt;</span> <span class="m">0</span> <span class="p">{</span> <span class="n">consulConfig</span><span class="o">.</span><span class="n">Address</span> <span class="o">=</span> <span class="n">consulServer</span> <span class="p">}</span> <span class="n">consulClient</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">api</span><span class="o">.</span><span class="n">NewClient</span><span class="p">(</span><span class="n">consulConfig</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">logger</span><span class="o">.</span><span class="n">Log</span><span class="p">(</span><span class="s">"err"</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="n">os</span><span class="o">.</span><span class="n">Exit</span><span class="p">(</span><span class="m">1</span><span class="p">)</span> <span class="p">}</span> <span class="n">sdClient</span> <span class="o">:=</span> <span class="n">consul</span><span class="o">.</span><span class="n">NewClient</span><span class="p">(</span><span class="n">consulClient</span><span class="p">)</span> <span class="n">registar</span> <span class="o">:=</span> <span class="n">consul</span><span class="o">.</span><span class="n">NewRegistrar</span><span class="p">(</span><span class="n">sdClient</span><span class="p">,</span> <span class="o">&amp;</span><span class="n">asr</span><span class="p">,</span> <span class="n">logger</span><span class="p">)</span> <span class="n">registar</span><span class="o">.</span><span class="n">Register</span><span class="p">()</span> <span class="c">// According to the official doc of Go kit, </span> <span class="c">// it's important to call registar.Deregister() before the program exits.</span> <span class="k">defer</span> <span class="n">registar</span><span class="o">.</span><span class="n">Deregister</span><span class="p">()</span> <span class="o">...</span> <span class="p">}</span> </code></pre> </div> <p>It's pretty simple to register services in Consul, the service registry. You can do some additional configurations like some tags for the service. Further reading: <a href="https://godoc.org/github.com/hashicorp/consul/api">Go consul API's Godoc</a>.</p> <p>I am gonna deploy this demo using Docker Compose later so right now I want to build a Docker image of stringsvc (I have converted this app into a Go modules project in order to manage dependencies more conveniently).<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight docker"><code><span class="k">FROM</span><span class="w"> </span><span class="s">golang:latest</span><span class="w"> </span><span class="k">as</span><span class="w"> </span><span class="s">builder</span> <span class="k">ENV</span><span class="s"> GO111MODULE=on</span> <span class="k">ENV</span><span class="s"> GOPROXY=https://goproxy.cn,direct</span> <span class="k">RUN </span><span class="nb">mkdir</span> /app <span class="k">WORKDIR</span><span class="s"> /app</span> <span class="k">COPY</span><span class="s"> . .</span> <span class="k">RUN </span><span class="nv">CGO_ENABLED</span><span class="o">=</span>0 <span class="nv">GOOS</span><span class="o">=</span>linux go build <span class="nt">-o</span> out <span class="k">FROM</span><span class="s"> alpine:latest</span> <span class="k">RUN </span><span class="nb">mkdir</span> /app <span class="k">WORKDIR</span><span class="s"> /app</span> <span class="k">COPY</span><span class="s"> --from=builder /app/out .</span> <span class="k">CMD</span><span class="s"> ["./out"]</span> </code></pre> </div> <h1> Service Discovery Client - API Gateway </h1> <p>Create a new Go modules project called <code>stringclient</code> that will act as the service discovery client i.e. the API gateway. In <code>main.go</code> file, we first need to build a consul instancer that yields instances for a service, which has been registered in Consul:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code> <span class="c">// Build instancer.</span> <span class="n">consulConfig</span> <span class="o">:=</span> <span class="n">api</span><span class="o">.</span><span class="n">DefaultConfig</span><span class="p">()</span> <span class="k">if</span> <span class="nb">len</span><span class="p">(</span><span class="n">consulServer</span><span class="p">)</span> <span class="o">&gt;</span> <span class="m">0</span> <span class="p">{</span> <span class="n">consulConfig</span><span class="o">.</span><span class="n">Address</span> <span class="o">=</span> <span class="n">consulServer</span> <span class="p">}</span> <span class="n">consulClient</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">api</span><span class="o">.</span><span class="n">NewClient</span><span class="p">(</span><span class="n">consulConfig</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">logger</span><span class="o">.</span><span class="n">Log</span><span class="p">(</span><span class="s">"err"</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="n">os</span><span class="o">.</span><span class="n">Exit</span><span class="p">(</span><span class="m">1</span><span class="p">)</span> <span class="p">}</span> <span class="n">client</span> <span class="o">:=</span> <span class="n">consul</span><span class="o">.</span><span class="n">NewClient</span><span class="p">(</span><span class="n">consulClient</span><span class="p">)</span> <span class="n">instancer</span> <span class="o">:=</span> <span class="n">consul</span><span class="o">.</span><span class="n">NewInstancer</span><span class="p">(</span><span class="n">client</span><span class="p">,</span> <span class="n">logger</span><span class="p">,</span> <span class="n">serviceName</span><span class="p">,</span> <span class="p">[]</span><span class="kt">string</span><span class="p">{},</span> <span class="no">true</span><span class="p">)</span> </code></pre> </div> <p>I think the last two parameters of <code>consul.NewInstancer</code> might be confusing (at least I was confused in the very first place). The 4th parameter, <code>tags</code>, indicates only those services with these tags will be returned. This parameter is useful only when you tag your services when you register them. Otherwise, just pass an empty slice of string. As for the last parameter <code>passingOnly</code>, only instances where both the service and any proxy are healthy will be returned if it is <code>true</code>. </p> <p>At last, we just need to create some endpoints for stringsvc and run the client.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code> <span class="c">// uppercase endpoint</span> <span class="c">// Create an endpointer that subscribes to the instancer.</span> <span class="n">uppercaseEndpointer</span> <span class="o">:=</span> <span class="n">sd</span><span class="o">.</span><span class="n">NewEndpointer</span><span class="p">(</span><span class="n">instancer</span><span class="p">,</span> <span class="n">serviceFactoryBuilder</span><span class="p">(</span><span class="n">uppercasePath</span><span class="p">,</span> <span class="s">"POST"</span><span class="p">,</span> <span class="n">encodeRequest</span><span class="p">,</span> <span class="n">decodeResponseFuncBuilder</span><span class="p">(</span><span class="n">uppercaseResponse</span><span class="p">{})),</span> <span class="n">logger</span><span class="p">)</span> <span class="c">// Use round-robin load balancing.</span> <span class="c">// Set retry policy.</span> <span class="n">uppercaseEndpoint</span> <span class="o">:=</span> <span class="n">lb</span><span class="o">.</span><span class="n">Retry</span><span class="p">(</span><span class="m">3</span><span class="p">,</span> <span class="m">3</span><span class="o">*</span><span class="n">time</span><span class="o">.</span><span class="n">Second</span><span class="p">,</span> <span class="n">lb</span><span class="o">.</span><span class="n">NewRoundRobin</span><span class="p">(</span><span class="n">uppercaseEndpointer</span><span class="p">))</span> <span class="n">http</span><span class="o">.</span><span class="n">Handle</span><span class="p">(</span><span class="n">uppercasePath</span><span class="p">,</span> <span class="n">httptransport</span><span class="o">.</span><span class="n">NewServer</span><span class="p">(</span> <span class="n">uppercaseEndpoint</span><span class="p">,</span> <span class="n">decodeRequestFuncBuilder</span><span class="p">(</span><span class="n">uppercaseRequest</span><span class="p">{}),</span> <span class="n">encodeResponse</span><span class="p">,</span> <span class="p">))</span> <span class="c">// count endpoint</span> <span class="n">countEndPointer</span> <span class="o">:=</span> <span class="n">sd</span><span class="o">.</span><span class="n">NewEndpointer</span><span class="p">(</span><span class="n">instancer</span><span class="p">,</span> <span class="n">serviceFactoryBuilder</span><span class="p">(</span><span class="n">countPath</span><span class="p">,</span> <span class="s">"POST"</span><span class="p">,</span> <span class="n">encodeRequest</span><span class="p">,</span> <span class="n">decodeResponseFuncBuilder</span><span class="p">(</span><span class="n">countResponse</span><span class="p">{})),</span> <span class="n">logger</span><span class="p">)</span> <span class="n">countEndPoint</span> <span class="o">:=</span> <span class="n">lb</span><span class="o">.</span><span class="n">Retry</span><span class="p">(</span><span class="m">3</span><span class="p">,</span> <span class="m">3</span><span class="o">*</span><span class="n">time</span><span class="o">.</span><span class="n">Second</span><span class="p">,</span> <span class="n">lb</span><span class="o">.</span><span class="n">NewRoundRobin</span><span class="p">(</span><span class="n">countEndPointer</span><span class="p">))</span> <span class="n">http</span><span class="o">.</span><span class="n">Handle</span><span class="p">(</span><span class="n">countPath</span><span class="p">,</span> <span class="n">httptransport</span><span class="o">.</span><span class="n">NewServer</span><span class="p">(</span> <span class="n">countEndPoint</span><span class="p">,</span> <span class="n">decodeRequestFuncBuilder</span><span class="p">(</span><span class="n">countRequest</span><span class="p">{}),</span> <span class="n">encodeResponse</span><span class="p">,</span> <span class="p">))</span> <span class="n">logger</span><span class="o">.</span><span class="n">Log</span><span class="p">(</span><span class="s">"err"</span><span class="p">,</span> <span class="n">http</span><span class="o">.</span><span class="n">ListenAndServe</span><span class="p">(</span><span class="s">":8080"</span><span class="p">,</span> <span class="no">nil</span><span class="p">))</span> </code></pre> </div> <p>In the above code, <code>sd.NewEndpointer</code> creates an endpointer that subscribes to the instancer. The instancer can retrieve healthy instances from Consul. What the endpointer does is to fetching an instance from the "instance pool" created by the instancer and use a factory function to convert it to a client endpoint. In this case, I define a factory builder function to construct factory function based on some parameters like relative path, HTTP method, etc.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">func</span> <span class="n">serviceFactoryBuilder</span><span class="p">(</span><span class="n">path</span> <span class="kt">string</span><span class="p">,</span> <span class="n">method</span> <span class="kt">string</span><span class="p">,</span> <span class="n">enc</span> <span class="n">httptransport</span><span class="o">.</span><span class="n">EncodeRequestFunc</span><span class="p">,</span> <span class="n">dec</span> <span class="n">httptransport</span><span class="o">.</span><span class="n">DecodeResponseFunc</span><span class="p">)</span> <span class="n">sd</span><span class="o">.</span><span class="n">Factory</span> <span class="p">{</span> <span class="c">// instance (host:port) is the location of an instance.</span> <span class="k">return</span> <span class="k">func</span><span class="p">(</span><span class="n">instance</span> <span class="kt">string</span><span class="p">)</span> <span class="p">(</span><span class="n">e</span> <span class="n">endpoint</span><span class="o">.</span><span class="n">Endpoint</span><span class="p">,</span> <span class="n">closer</span> <span class="n">io</span><span class="o">.</span><span class="n">Closer</span><span class="p">,</span> <span class="n">err</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="n">httpPrefix</span> <span class="o">:=</span> <span class="s">"http://"</span> <span class="k">if</span> <span class="o">!</span><span class="n">strings</span><span class="o">.</span><span class="n">HasPrefix</span><span class="p">(</span><span class="n">instance</span><span class="p">,</span> <span class="n">httpPrefix</span><span class="p">)</span> <span class="p">{</span> <span class="n">instance</span> <span class="o">=</span> <span class="n">httpPrefix</span> <span class="o">+</span> <span class="n">instance</span> <span class="p">}</span> <span class="n">tgt</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">url</span><span class="o">.</span><span class="n">Parse</span><span class="p">(</span><span class="n">instance</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="no">nil</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="n">tgt</span><span class="o">.</span><span class="n">Path</span> <span class="o">=</span> <span class="n">path</span> <span class="k">return</span> <span class="n">httptransport</span><span class="o">.</span><span class="n">NewClient</span><span class="p">(</span><span class="n">method</span><span class="p">,</span> <span class="n">tgt</span><span class="p">,</span> <span class="n">enc</span><span class="p">,</span> <span class="n">dec</span><span class="p">)</span><span class="o">.</span><span class="n">Endpoint</span><span class="p">(),</span> <span class="no">nil</span><span class="p">,</span> <span class="no">nil</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>Of course, build the client program into a Docker image using the same Dockerfile in the last section.</p> <h1> Deployment And Test </h1> <p>Like I said before, I would use Docker Compose to deploy this demo.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">version</span><span class="pi">:</span> <span class="s2">"</span><span class="s">3.7"</span> <span class="na">services</span><span class="pi">:</span> <span class="na">consul</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">consul</span> <span class="na">command</span><span class="pi">:</span> <span class="s">agent -server -bootstrap -ui -client=0.0.0.0</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">8500:8500</span> <span class="pi">-</span> <span class="s">8600:8600/udp</span> <span class="na">networks</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">gokit</span> <span class="na">stringsvc1</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">stringsvc</span> <span class="na">depends_on</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">consul</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="m">8001</span> <span class="na">networks</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">gokit</span> <span class="na">stringsvc2</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">stringsvc</span> <span class="na">depends_on</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">consul</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="m">8002</span> <span class="na">networks</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">gokit</span> <span class="na">stringsvc3</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">stringsvc</span> <span class="na">depends_on</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">consul</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="m">8003</span> <span class="na">networks</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">gokit</span> <span class="na">stringclient</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">stringclient</span> <span class="na">depends_on</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">consul</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">8080:8080</span> <span class="na">networks</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">gokit</span> <span class="na">networks</span><span class="pi">:</span> <span class="na">gokit</span><span class="pi">:</span> </code></pre> </div> <p>I created 3 instances of stringsvc called <code>stringsvc1</code>, <code>stringsvc2</code> and <code>stringsvc3</code> respectively. I also created a client that will be the API gateway. After everything is ready, we can test the client:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>curl <span class="nt">-d</span> <span class="s1">'{"s": "foo"}'</span> http://localhost:8080/stringsvc/uppercase <span class="o">{</span><span class="s2">"v"</span>:<span class="s2">"FOO"</span><span class="o">}</span> <span class="nv">$ </span>curl <span class="nt">-d</span> <span class="s1">'{"s": "foo"}'</span> http://localhost:8080/stringsvc/count <span class="o">{</span><span class="s2">"v"</span>:<span class="s2">"3"</span><span class="o">}</span> </code></pre> </div> <p>Great! It works! There is still one more thing I would like to show you before ending this article:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span><span class="k">for </span>s <span class="k">in </span>foo bar baz <span class="p">;</span> <span class="k">do </span>curl <span class="nt">-d</span><span class="s2">"{</span><span class="se">\"</span><span class="s2">s</span><span class="se">\"</span><span class="s2">:</span><span class="se">\"</span><span class="nv">$s</span><span class="se">\"</span><span class="s2">}"</span> localhost:8080/stringsvc/uppercase <span class="p">;</span> <span class="k">done</span> <span class="o">{</span><span class="s2">"v"</span>:<span class="s2">"FOO"</span><span class="o">}</span> <span class="o">{</span><span class="s2">"v"</span>:<span class="s2">"BAR"</span><span class="o">}</span> <span class="o">{</span><span class="s2">"v"</span>:<span class="s2">"BAZ"</span><span class="o">}</span> </code></pre> </div> <p>If we have a look at the logs, we will find something like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>stringsvc2_1 | <span class="nv">listen</span><span class="o">=</span>:8002 <span class="nb">caller</span><span class="o">=</span>logging.go:22 <span class="nv">method</span><span class="o">=</span>uppercase <span class="nv">input</span><span class="o">=</span>foo <span class="nv">output</span><span class="o">=</span>FOO <span class="nv">err</span><span class="o">=</span>null <span class="nv">took</span><span class="o">=</span>629ns stringsvc3_1 | <span class="nv">listen</span><span class="o">=</span>:8003 <span class="nb">caller</span><span class="o">=</span>logging.go:22 <span class="nv">method</span><span class="o">=</span>uppercase <span class="nv">input</span><span class="o">=</span>bar <span class="nv">output</span><span class="o">=</span>BAR <span class="nv">err</span><span class="o">=</span>null <span class="nv">took</span><span class="o">=</span>967ns stringsvc1_1 | <span class="nv">listen</span><span class="o">=</span>:8001 <span class="nb">caller</span><span class="o">=</span>logging.go:22 <span class="nv">method</span><span class="o">=</span>uppercase <span class="nv">input</span><span class="o">=</span>baz <span class="nv">output</span><span class="o">=</span>BAZ <span class="nv">err</span><span class="o">=</span>null <span class="nv">took</span><span class="o">=</span>646ns </code></pre> </div> <p>3 instances of the same services were called one by one and this was because we used the round-robin load balancing policy when we created the endpoint.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="n">uppercaseEndpoint</span> <span class="o">:=</span> <span class="n">lb</span><span class="o">.</span><span class="n">Retry</span><span class="p">(</span><span class="m">3</span><span class="p">,</span> <span class="m">3</span><span class="o">*</span><span class="n">time</span><span class="o">.</span><span class="n">Second</span><span class="p">,</span> <span class="n">lb</span><span class="o">.</span><span class="n">NewRoundRobin</span><span class="p">(</span><span class="n">uppercaseEndpointer</span><span class="p">))</span> </code></pre> </div> <p>Read the complete source code <a href="https://github.com/maxwellhertz/Gokit-stringsvc">here</a>.</p> go microservices Something fun about `defer` maxwellhertz Wed, 02 Oct 2019 07:56:28 +0000 https://forem.com/maxwellhertz/something-fun-about-defer-45p2 https://forem.com/maxwellhertz/something-fun-about-defer-45p2 <p>I read this in <a href="https://golang.org/doc/effective_go.html#defer">Effective Go</a>:</p> <blockquote> <p>The arguments to the deferred function (which include the receiver if the function is a method) are evaluated when the defer executes, not when the call executes. Besides avoiding worries about variables changing values as the function executes, this means that a single deferred call site can defer multiple function executions. </p> </blockquote> <p>At first I got confused: what does that mean by saying "The arguments to the deferred function (which include the receiver if the function is a method) are evaluated when the defer executes, not when the call executes." ? I continued reading this passage and I found this example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">func</span> <span class="n">trace</span><span class="p">(</span><span class="n">s</span> <span class="kt">string</span><span class="p">)</span> <span class="kt">string</span> <span class="p">{</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Println</span><span class="p">(</span><span class="s">"entering:"</span><span class="p">,</span> <span class="n">s</span><span class="p">)</span> <span class="k">return</span> <span class="n">s</span> <span class="p">}</span> <span class="k">func</span> <span class="n">un</span><span class="p">(</span><span class="n">s</span> <span class="kt">string</span><span class="p">)</span> <span class="p">{</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Println</span><span class="p">(</span><span class="s">"leaving:"</span><span class="p">,</span> <span class="n">s</span><span class="p">)</span> <span class="p">}</span> <span class="k">func</span> <span class="n">a</span><span class="p">()</span> <span class="p">{</span> <span class="k">defer</span> <span class="n">un</span><span class="p">(</span><span class="n">trace</span><span class="p">(</span><span class="s">"a"</span><span class="p">))</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Println</span><span class="p">(</span><span class="s">"in a"</span><span class="p">)</span> <span class="p">}</span> <span class="k">func</span> <span class="n">b</span><span class="p">()</span> <span class="p">{</span> <span class="k">defer</span> <span class="n">un</span><span class="p">(</span><span class="n">trace</span><span class="p">(</span><span class="s">"b"</span><span class="p">))</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Println</span><span class="p">(</span><span class="s">"in b"</span><span class="p">)</span> <span class="n">a</span><span class="p">()</span> <span class="p">}</span> <span class="k">func</span> <span class="n">main</span><span class="p">()</span> <span class="p">{</span> <span class="n">b</span><span class="p">()</span> <span class="p">}</span> <span class="c">// output:</span> <span class="c">// entering: b</span> <span class="c">// in b</span> <span class="c">// entering: a</span> <span class="c">// in a</span> <span class="c">// leaving: a</span> <span class="c">// leaving: b</span> </code></pre> </div> <p>OMG I got more confused. WHY was "entering" printed before "in" ??? I read the passage again and again and finally I thought I revealed what happened under the hood.</p> <p><code>defer</code> will acutally postpone the <strong>most outer function</strong> if we try to defer multiple functioin executions. In this case, the most outer function is <code>un</code> which needs a string parameter so <code>trace</code> will be executed to evaluate this parameter. In other words, the deferred function's parameters will be evaluaed <strong>when it is deferred</strong>. Therefore, "entering" is printed before "in". </p> <p>Let's try a more complicated example and I'm pretty sure you know the drill:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">func</span> <span class="n">main</span><span class="p">()</span> <span class="p">{</span> <span class="n">b</span><span class="p">()</span> <span class="p">}</span> <span class="k">func</span> <span class="n">entering</span><span class="p">(</span><span class="n">s</span> <span class="kt">string</span><span class="p">)</span> <span class="kt">string</span><span class="p">{</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Println</span><span class="p">(</span><span class="s">"entering:"</span><span class="p">,</span> <span class="n">s</span><span class="p">)</span> <span class="k">return</span> <span class="n">s</span> <span class="p">}</span> <span class="k">func</span> <span class="n">entered</span><span class="p">(</span><span class="n">s</span> <span class="kt">string</span><span class="p">)</span> <span class="kt">string</span> <span class="p">{</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Println</span><span class="p">(</span><span class="s">"entered:"</span><span class="p">,</span> <span class="n">s</span><span class="p">)</span> <span class="k">return</span> <span class="n">s</span> <span class="p">}</span> <span class="k">func</span> <span class="n">leaving</span><span class="p">(</span><span class="n">s</span> <span class="kt">string</span><span class="p">)</span> <span class="p">{</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Println</span><span class="p">(</span><span class="s">"leaving:"</span><span class="p">,</span> <span class="n">s</span><span class="p">)</span> <span class="p">}</span> <span class="k">func</span> <span class="n">a</span><span class="p">()</span> <span class="p">{</span> <span class="k">defer</span> <span class="n">leaving</span><span class="p">(</span><span class="n">entered</span><span class="p">(</span><span class="n">entering</span><span class="p">(</span><span class="s">"a"</span><span class="p">)))</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Println</span><span class="p">(</span><span class="s">"in a"</span><span class="p">)</span> <span class="p">}</span> <span class="k">func</span> <span class="n">b</span><span class="p">()</span> <span class="p">{</span> <span class="k">defer</span> <span class="n">leaving</span><span class="p">(</span><span class="n">entered</span><span class="p">(</span><span class="n">entering</span><span class="p">(</span><span class="s">"b"</span><span class="p">)))</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Println</span><span class="p">(</span><span class="s">"in b"</span><span class="p">)</span> <span class="n">a</span><span class="p">()</span> <span class="p">}</span> </code></pre> </div> go Tutorial: Integrate Gin with Cabsin maxwellhertz Wed, 02 Oct 2019 01:37:20 +0000 https://forem.com/maxwellhertz/tutorial-integrate-gin-with-cabsin-56m0 https://forem.com/maxwellhertz/tutorial-integrate-gin-with-cabsin-56m0 <p>I've been working on a Java project recently in which our team uses <a href="http://shiro.apache.org/">Apache Shiro</a> to do some authentication and authorization stuff. Now I just wonder if there exists a framework like Shiro in Go's world? After some search, I found <a href="https://github.com/casbin/casbin">Casbin</a>. It's also a powerful and interesting library but maybe it's kinda hard for a newbie to write a demo from sractch. </p> <p>I completed a basic web app based on <a href="https://github.com/gin-gonic/gin">Gin</a> and Casbin after struggling for a whole afternoon. This tutorial is a simple replay. Hope it will help. :)</p> <h2> Structure of Our Project </h2> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>root/ main.go # entry point of application handler/ # Gin handler functions middleware/ # Gin middlewares config/ # some configuration files like Casbin's rbac_model.conf component/ # global components like GORM DB instance </code></pre> </div> <h2> Initialize DB Connection And Cache </h2> <p>Create a file called <code>persistence.go</code> in <code>component</code> in which we will initialize DB connection using <a href="https://github.com/jinzhu/gorm">GORM</a> and cache using <a href="https://github.com/allegro/bigcache">BigCache</a>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">import</span> <span class="p">(</span> <span class="s">"fmt"</span> <span class="s">"github.com/allegro/bigcache"</span> <span class="n">_</span> <span class="s">"github.com/go-sql-driver/mysql"</span> <span class="s">"github.com/jinzhu/gorm"</span> <span class="s">"time"</span> <span class="p">)</span> <span class="k">var</span> <span class="p">(</span> <span class="n">DB</span> <span class="o">*</span><span class="n">gorm</span><span class="o">.</span><span class="n">DB</span> <span class="n">GlobalCache</span> <span class="o">*</span><span class="n">bigcache</span><span class="o">.</span><span class="n">BigCache</span> <span class="p">)</span> <span class="k">func</span> <span class="n">init</span><span class="p">()</span> <span class="p">{</span> <span class="c">// Connect to DB</span> <span class="k">var</span> <span class="n">err</span> <span class="kt">error</span> <span class="n">DB</span><span class="p">,</span> <span class="n">err</span> <span class="o">=</span> <span class="n">gorm</span><span class="o">.</span><span class="n">Open</span><span class="p">(</span><span class="s">"mysql"</span><span class="p">,</span> <span class="s">"your_db_url"</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="nb">panic</span><span class="p">(</span><span class="n">fmt</span><span class="o">.</span><span class="n">Sprintf</span><span class="p">(</span><span class="s">"failed to connect to DB: %v"</span><span class="p">,</span> <span class="n">err</span><span class="p">))</span> <span class="p">}</span> <span class="c">// Initialize cache</span> <span class="n">GlobalCache</span><span class="p">,</span> <span class="n">err</span> <span class="o">=</span> <span class="n">bigcache</span><span class="o">.</span><span class="n">NewBigCache</span><span class="p">(</span><span class="n">bigcache</span><span class="o">.</span><span class="n">DefaultConfig</span><span class="p">(</span><span class="m">30</span> <span class="o">*</span> <span class="n">time</span><span class="o">.</span><span class="n">Minute</span><span class="p">))</span> <span class="c">// Set expire time to 30 mins</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="nb">panic</span><span class="p">(</span><span class="n">fmt</span><span class="o">.</span><span class="n">Sprintf</span><span class="p">(</span><span class="s">"failed to initialize cahce: %v"</span><span class="p">,</span> <span class="n">err</span><span class="p">))</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>In our application, we will store Casbin's policies in DB (which we will talk about soon) and store current user in cache.</p> <h2> Configure Casbin </h2> <h3> Model Configuration File </h3> <p>Ar first you may find some concepts in Casbin quite confusing. The first one is its model configuration file. I don't want to talk too much about it here (cuz I don't get it very well yet 😣) so I'm gonna give a simple example which is quite specific to our application. We will control a user's request based on <br> his role, which is called RBAC aka Role-based access control. Therefore we will create a <code>rbac_model.conf</code> in <code>config</code> directory.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight conf"><code>[<span class="n">request_definition</span>] <span class="n">r</span> = <span class="n">sub</span>, <span class="n">obj</span>, <span class="n">act</span> [<span class="n">policy_definition</span>] <span class="n">p</span> = <span class="n">sub</span>, <span class="n">obj</span>, <span class="n">act</span> [<span class="n">role_definition</span>] <span class="n">g</span> = <span class="err">_</span>, <span class="err">_</span> [<span class="n">policy_effect</span>] <span class="n">e</span> = <span class="n">some</span>(<span class="n">where</span> (<span class="n">p</span>.<span class="n">eft</span> == <span class="n">allow</span>)) [<span class="n">matchers</span>] <span class="n">m</span> = <span class="n">g</span>(<span class="n">r</span>.<span class="n">sub</span>, <span class="n">p</span>.<span class="n">sub</span>) &amp;&amp; <span class="n">r</span>.<span class="n">obj</span> == <span class="n">p</span>.<span class="n">obj</span> &amp;&amp; <span class="n">r</span>.<span class="n">act</span> == <span class="n">p</span>.<span class="n">act</span> </code></pre> </div> <p>A model configuration file tells Casbin how to determine if a user has some qualifications. In the above example, we just declare some stuff:</p> <ol> <li> <code>r = sub, obj, act</code> defines that a limited request will consist of 3 parts: *sub*ject - user, *obj*ect - URL or more generally resource and *act*ion - operation.</li> <li> <code>p = sub, obj, act</code> defines the format of policy. For example, <code>admin, data, write</code> means <code>All admins can write data.</code> </li> <li> <code>e = some(where (p.eft == allow))</code> means that a user can do something as long as there is a defined policy which allows him to do so.</li> <li> <code>g = _, _</code> defines the format of definition of user's role. For example, <code>Alice, admin</code> indicates Alice is an admin.</li> <li> <code>m = g(r.sub, p.sub) &amp;&amp; r.obj == p.obj &amp;&amp; r.act == p.act</code> defines the workflow of authorization: check user's role -&gt; check the resource which user is trying to access -&gt; check what user wants to do. </li> </ol> <p>Note that there are at least four sections in a model configuration file: <code>request_definition</code>, <code>policy_definition</code>, <code>policy_effect</code> and <code>matchers</code>. Sometimes we don't do RBAC so <code>role_definition</code> section is not necessary.</p> <h3> Policies </h3> <p>Let's say we have some policies and user groups like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>p, user, data, read p, admin, data, read p, admin, data, write g, Alice, admin g, Bob, user </code></pre> </div> <p>Here we firstly define 3 policies: </p> <ol> <li>All users can only read data.</li> <li>All admins can read data.</li> <li>All admins can also write data. </li> </ol> <p>Then we assign roles to user:</p> <ol> <li>Alice is an admin.</li> <li>Bob is a user.</li> </ol> <p>Thus Alice has full control over data while Bob can only read data. He will be blocked if he wants to write data.</p> <p>Casbin allows us to simply store all policies in a CSV file and this is the most basic way. But this time we will store them in a MySQL DB. Casbin ususally stores policies in a table named <code>casbin_rule</code> and it will create this table automatically if not existed. In our case, the structure of table <code>casbin_rule</code> will look like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">CREATE</span> <span class="k">TABLE</span> <span class="n">casbin_rule</span> <span class="p">(</span> <span class="n">p_type</span> <span class="nb">VARCHAR</span><span class="p">(</span><span class="mi">100</span><span class="p">),</span> <span class="n">v0</span> <span class="nb">VARCHAR</span><span class="p">(</span><span class="mi">100</span><span class="p">),</span> <span class="n">v1</span> <span class="nb">VARCHAR</span><span class="p">(</span><span class="mi">100</span><span class="p">),</span> <span class="n">v2</span> <span class="nb">VARCHAR</span><span class="p">(</span><span class="mi">100</span><span class="p">)</span> <span class="p">);</span> </code></pre> </div> <p>Add a policy:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">INSERT</span> <span class="k">INTO</span> <span class="n">casbin_rule</span> <span class="k">VALUES</span><span class="p">(</span><span class="s1">'p'</span><span class="p">,</span> <span class="s1">'user'</span><span class="p">,</span> <span class="s1">'data'</span><span class="p">,</span> <span class="s1">'read'</span><span class="p">);</span> </code></pre> </div> <p>Add a user group:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">INSERT</span> <span class="k">INTO</span> <span class="n">casbin_rule</span><span class="p">(</span><span class="n">p_type</span><span class="p">,</span> <span class="n">v0</span><span class="p">,</span> <span class="n">v1</span><span class="p">)</span> <span class="k">VALUES</span><span class="p">(</span><span class="s1">'g'</span><span class="p">,</span> <span class="s1">'Bob'</span><span class="p">,</span> <span class="s1">'user'</span><span class="p">);</span> </code></pre> </div> <h2> Implement Gin Handler Functions </h2> <p>At first, we will implement the logic of user login.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="c">// handler/user_handler.go</span> <span class="k">func</span> <span class="n">Login</span><span class="p">(</span><span class="n">c</span> <span class="o">*</span><span class="n">gin</span><span class="o">.</span><span class="n">Context</span><span class="p">)</span> <span class="p">{</span> <span class="n">username</span><span class="p">,</span> <span class="n">password</span> <span class="o">:=</span> <span class="n">c</span><span class="o">.</span><span class="n">PostForm</span><span class="p">(</span><span class="s">"username"</span><span class="p">),</span> <span class="n">c</span><span class="o">.</span><span class="n">PostForm</span><span class="p">(</span><span class="s">"password"</span><span class="p">)</span> <span class="c">// Authentication</span> <span class="c">// blahblah...</span> <span class="c">// Generate random session id</span> <span class="n">u</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">uuid</span><span class="o">.</span><span class="n">NewRandom</span><span class="p">()</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">log</span><span class="o">.</span><span class="n">Fatal</span><span class="p">(</span><span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="n">sessionId</span> <span class="o">:=</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Sprintf</span><span class="p">(</span><span class="s">"%s-%s"</span><span class="p">,</span> <span class="n">u</span><span class="o">.</span><span class="n">String</span><span class="p">(),</span> <span class="n">username</span><span class="p">)</span> <span class="c">// Store current subject in cache</span> <span class="n">component</span><span class="o">.</span><span class="n">GlobalCache</span><span class="o">.</span><span class="n">Set</span><span class="p">(</span><span class="n">sessionId</span><span class="p">,</span> <span class="p">[]</span><span class="kt">byte</span><span class="p">(</span><span class="n">username</span><span class="p">))</span> <span class="c">// Send cache key back to client in cookie</span> <span class="n">c</span><span class="o">.</span><span class="n">SetCookie</span><span class="p">(</span><span class="s">"current_subject"</span><span class="p">,</span> <span class="n">sessionId</span><span class="p">,</span> <span class="m">30</span><span class="o">*</span><span class="m">60</span><span class="p">,</span> <span class="s">"/resource"</span><span class="p">,</span> <span class="s">""</span><span class="p">,</span> <span class="no">false</span><span class="p">,</span> <span class="no">true</span><span class="p">)</span> <span class="n">c</span><span class="o">.</span><span class="n">JSON</span><span class="p">(</span><span class="m">200</span><span class="p">,</span> <span class="n">component</span><span class="o">.</span><span class="n">RestResponse</span><span class="p">{</span><span class="n">Code</span><span class="o">:</span> <span class="m">1</span><span class="p">,</span> <span class="n">Message</span><span class="o">:</span><span class="n">username</span> <span class="o">+</span> <span class="s">" logged in successfully"</span><span class="p">})</span> <span class="p">}</span> </code></pre> </div> <p>If a user has been identified, we need to store current user (or subject) in cache. In fact, what we do here is the same that Shiro stores current subject in session. Don't forget to send cache's key (or you can call it session id) back to client side.</p> <p>Note that Shiro will do authentication stuff for us while Casbin just leaves that to us. So we have to implement authentication logic ourselves.</p> <p>Don't forget to provide handlers for users to access resource:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="c">// handler/resource_handler.go</span> <span class="k">func</span> <span class="n">ReadResource</span><span class="p">(</span><span class="n">c</span> <span class="o">*</span><span class="n">gin</span><span class="o">.</span><span class="n">Context</span><span class="p">)</span> <span class="p">{</span> <span class="c">// some stuff</span> <span class="c">// blahblah...</span> <span class="n">c</span><span class="o">.</span><span class="n">JSON</span><span class="p">(</span><span class="m">200</span><span class="p">,</span> <span class="n">component</span><span class="o">.</span><span class="n">RestResponse</span><span class="p">{</span><span class="n">Code</span><span class="o">:</span> <span class="m">1</span><span class="p">,</span> <span class="n">Message</span><span class="o">:</span> <span class="s">"read resource successfully"</span><span class="p">,</span> <span class="n">Data</span><span class="o">:</span> <span class="s">"resource"</span><span class="p">})</span> <span class="p">}</span> <span class="k">func</span> <span class="n">WriteResource</span><span class="p">(</span><span class="n">c</span> <span class="o">*</span><span class="n">gin</span><span class="o">.</span><span class="n">Context</span><span class="p">)</span> <span class="p">{</span> <span class="c">// some stuff</span> <span class="c">// blahblah...</span> <span class="n">c</span><span class="o">.</span><span class="n">JSON</span><span class="p">(</span><span class="m">200</span><span class="p">,</span> <span class="n">component</span><span class="o">.</span><span class="n">RestResponse</span><span class="p">{</span><span class="n">Code</span><span class="o">:</span> <span class="m">1</span><span class="p">,</span> <span class="n">Message</span><span class="o">:</span> <span class="s">"write resource successfully"</span><span class="p">,</span> <span class="n">Data</span><span class="o">:</span> <span class="s">"resource"</span><span class="p">})</span> <span class="p">}</span> </code></pre> </div> <p>After this, we should register these functions and start our application in <code>main.go</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="c">// main.go</span> <span class="k">var</span> <span class="p">(</span> <span class="n">router</span> <span class="o">*</span><span class="n">gin</span><span class="o">.</span><span class="n">Engine</span> <span class="p">)</span> <span class="k">func</span> <span class="n">init</span><span class="p">()</span> <span class="p">{</span> <span class="c">// Initialize gin router</span> <span class="n">router</span> <span class="o">=</span> <span class="n">gin</span><span class="o">.</span><span class="n">Default</span><span class="p">()</span> <span class="n">corsConfig</span> <span class="o">:=</span> <span class="n">cors</span><span class="o">.</span><span class="n">DefaultConfig</span><span class="p">()</span> <span class="n">corsConfig</span><span class="o">.</span><span class="n">AllowAllOrigins</span> <span class="o">=</span> <span class="no">true</span> <span class="n">corsConfig</span><span class="o">.</span><span class="n">AllowCredentials</span> <span class="o">=</span> <span class="no">true</span> <span class="n">router</span><span class="o">.</span><span class="n">Use</span><span class="p">(</span><span class="n">cors</span><span class="o">.</span><span class="n">New</span><span class="p">(</span><span class="n">corsConfig</span><span class="p">))</span> <span class="c">// CORS configuraion</span> <span class="n">router</span><span class="o">.</span><span class="n">POST</span><span class="p">(</span><span class="s">"/user/login"</span><span class="p">,</span> <span class="n">handler</span><span class="o">.</span><span class="n">Login</span><span class="p">)</span> <span class="n">router</span><span class="o">.</span><span class="n">GET</span><span class="p">(</span><span class="s">"/resource"</span><span class="p">,</span> <span class="n">handler</span><span class="o">.</span><span class="n">ReadResource</span><span class="p">)</span> <span class="n">router</span><span class="o">.</span><span class="n">POST</span><span class="p">(</span><span class="s">"/resource"</span><span class="p">,</span> <span class="n">handler</span><span class="o">.</span><span class="n">WriteResource</span><span class="p">)</span> <span class="p">}</span> <span class="k">func</span> <span class="n">main</span><span class="p">()</span> <span class="p">{</span> <span class="k">defer</span> <span class="n">component</span><span class="o">.</span><span class="n">DB</span><span class="o">.</span><span class="n">Close</span><span class="p">()</span> <span class="c">// Start our application</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">router</span><span class="o">.</span><span class="n">Run</span><span class="p">(</span><span class="s">":8081"</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="nb">panic</span><span class="p">(</span><span class="n">fmt</span><span class="o">.</span><span class="n">Sprintf</span><span class="p">(</span><span class="s">"failed to start gin engin: %v"</span><span class="p">,</span> <span class="n">err</span><span class="p">))</span> <span class="p">}</span> <span class="n">log</span><span class="o">.</span><span class="n">Println</span><span class="p">(</span><span class="s">"application is now running..."</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <p>Ok, almost done! The last piece and most important part of our application is to secure our API by RBAC.</p> <h2> Enforce Casbin Policies </h2> <h3> Load Policies From DB </h3> <p>The first problem is: how can we load policies from DB dynamically? We can do this using <a href="https://casbin.org/docs/en/adapters">Casbin Adapters</a>. More specifically, we will use <a href="https://github.com/casbin/gorm-adapter">Gorm Adapter</a> here. </p> <p>The first step is to initialize an adapter with existing GORM instance:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="c">// main.go</span> <span class="k">func</span> <span class="n">init</span><span class="p">()</span> <span class="p">{</span> <span class="c">// Initialize casbin adapter</span> <span class="n">adapter</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">gormadapter</span><span class="o">.</span><span class="n">NewAdapterByDB</span><span class="p">(</span><span class="n">component</span><span class="o">.</span><span class="n">DB</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="nb">panic</span><span class="p">(</span><span class="n">fmt</span><span class="o">.</span><span class="n">Sprintf</span><span class="p">(</span><span class="s">"failed to initialize casbin adapter: %v"</span><span class="p">,</span> <span class="n">err</span><span class="p">))</span> <span class="p">}</span> <span class="c">// Initialize gin router</span> <span class="n">router</span> <span class="o">=</span> <span class="n">gin</span><span class="o">.</span><span class="n">Default</span><span class="p">()</span> <span class="n">corsConfig</span> <span class="o">:=</span> <span class="n">cors</span><span class="o">.</span><span class="n">DefaultConfig</span><span class="p">()</span> <span class="n">corsConfig</span><span class="o">.</span><span class="n">AllowAllOrigins</span> <span class="o">=</span> <span class="no">true</span> <span class="n">corsConfig</span><span class="o">.</span><span class="n">AllowCredentials</span> <span class="o">=</span> <span class="no">true</span> <span class="n">router</span><span class="o">.</span><span class="n">Use</span><span class="p">(</span><span class="n">cors</span><span class="o">.</span><span class="n">New</span><span class="p">(</span><span class="n">corsConfig</span><span class="p">))</span> <span class="c">// CORS configuraion</span> <span class="n">router</span><span class="o">.</span><span class="n">POST</span><span class="p">(</span><span class="s">"/user/login"</span><span class="p">,</span> <span class="n">handler</span><span class="o">.</span><span class="n">Login</span><span class="p">)</span> <span class="n">router</span><span class="o">.</span><span class="n">GET</span><span class="p">(</span><span class="s">"/resource"</span><span class="p">,</span> <span class="n">handler</span><span class="o">.</span><span class="n">ReadResource</span><span class="p">)</span> <span class="n">router</span><span class="o">.</span><span class="n">POST</span><span class="p">(</span><span class="s">"/resource"</span><span class="p">,</span> <span class="n">handler</span><span class="o">.</span><span class="n">WriteResource</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <p>Apparently, we should force policies to control access to resource before any relevant handler functions are called. In my opinion, an elegant way to do this is utilizing Gin's <a href="https://github.com/gin-gonic/gin#using-middleware">middlewares</a> and <a href="https://github.com/gin-gonic/gin#grouping-routes">grouping routes</a>. Firstly, let's define a middleware in which our policies will be enforced. I think the code showed below is self-explanatory:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="c">// middleware/access_control.go</span> <span class="c">// Authorize determines if current subject has been authorized to take an action on an object.</span> <span class="k">func</span> <span class="n">Authorize</span><span class="p">(</span><span class="n">obj</span> <span class="kt">string</span><span class="p">,</span> <span class="n">act</span> <span class="kt">string</span><span class="p">,</span> <span class="n">adapter</span> <span class="o">*</span><span class="n">gormadapter</span><span class="o">.</span><span class="n">Adapter</span><span class="p">)</span> <span class="n">gin</span><span class="o">.</span><span class="n">HandlerFunc</span> <span class="p">{</span> <span class="k">return</span> <span class="k">func</span><span class="p">(</span><span class="n">c</span> <span class="o">*</span><span class="n">gin</span><span class="o">.</span><span class="n">Context</span><span class="p">)</span> <span class="p">{</span> <span class="c">// Get current user/subject</span> <span class="n">val</span><span class="p">,</span> <span class="n">existed</span> <span class="o">:=</span> <span class="n">c</span><span class="o">.</span><span class="n">Get</span><span class="p">(</span><span class="s">"current_subject"</span><span class="p">)</span> <span class="k">if</span> <span class="o">!</span><span class="n">existed</span> <span class="p">{</span> <span class="n">c</span><span class="o">.</span><span class="n">AbortWithStatusJSON</span><span class="p">(</span><span class="m">401</span><span class="p">,</span> <span class="n">component</span><span class="o">.</span><span class="n">RestResponse</span><span class="p">{</span><span class="n">Message</span><span class="o">:</span> <span class="s">"user hasn't logged in yet"</span><span class="p">})</span> <span class="k">return</span> <span class="p">}</span> <span class="c">// Casbin enforces policy</span> <span class="n">ok</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">enforce</span><span class="p">(</span><span class="n">val</span><span class="o">.</span><span class="p">(</span><span class="kt">string</span><span class="p">),</span> <span class="n">obj</span><span class="p">,</span> <span class="n">act</span><span class="p">,</span> <span class="n">adapter</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">log</span><span class="o">.</span><span class="n">Println</span><span class="p">(</span><span class="n">err</span><span class="p">)</span> <span class="n">c</span><span class="o">.</span><span class="n">AbortWithStatusJSON</span><span class="p">(</span><span class="m">500</span><span class="p">,</span> <span class="n">component</span><span class="o">.</span><span class="n">RestResponse</span><span class="p">{</span><span class="n">Message</span><span class="o">:</span> <span class="s">"error occurred when authorizing user"</span><span class="p">})</span> <span class="k">return</span> <span class="p">}</span> <span class="k">if</span> <span class="o">!</span><span class="n">ok</span> <span class="p">{</span> <span class="n">c</span><span class="o">.</span><span class="n">AbortWithStatusJSON</span><span class="p">(</span><span class="m">403</span><span class="p">,</span> <span class="n">component</span><span class="o">.</span><span class="n">RestResponse</span><span class="p">{</span><span class="n">Message</span><span class="o">:</span> <span class="s">"forbidden"</span><span class="p">})</span> <span class="k">return</span> <span class="p">}</span> <span class="n">c</span><span class="o">.</span><span class="n">Next</span><span class="p">()</span> <span class="p">}</span> <span class="p">}</span> <span class="k">func</span> <span class="n">enforce</span><span class="p">(</span><span class="n">sub</span> <span class="kt">string</span><span class="p">,</span> <span class="n">obj</span> <span class="kt">string</span><span class="p">,</span> <span class="n">act</span> <span class="kt">string</span><span class="p">,</span> <span class="n">adapter</span> <span class="o">*</span><span class="n">gormadapter</span><span class="o">.</span><span class="n">Adapter</span><span class="p">)</span> <span class="p">(</span><span class="kt">bool</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="c">// Load model configuration file and policy store adapter</span> <span class="n">enforcer</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">casbin</span><span class="o">.</span><span class="n">NewEnforcer</span><span class="p">(</span><span class="s">"config/rbac_model.conf"</span><span class="p">,</span> <span class="n">adapter</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="no">false</span><span class="p">,</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Errorf</span><span class="p">(</span><span class="s">"failed to create casbin enforcer: %w"</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="c">// Load policies from DB dynamically</span> <span class="n">err</span> <span class="o">=</span> <span class="n">enforcer</span><span class="o">.</span><span class="n">LoadPolicy</span><span class="p">()</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="no">false</span><span class="p">,</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Errorf</span><span class="p">(</span><span class="s">"failed to load policy from DB: %w"</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="c">// Verify</span> <span class="n">ok</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">enforcer</span><span class="o">.</span><span class="n">Enforce</span><span class="p">(</span><span class="n">sub</span><span class="p">,</span> <span class="n">obj</span><span class="p">,</span> <span class="n">act</span><span class="p">)</span> <span class="k">return</span> <span class="n">ok</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> </code></pre> </div> <p>At last, group all routes needed to secure and use our middleware:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="c">// main.go</span> <span class="k">func</span> <span class="n">init</span><span class="p">()</span> <span class="p">{</span> <span class="c">// Initialize casbin adapter</span> <span class="n">adapter</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">gormadapter</span><span class="o">.</span><span class="n">NewAdapterByDB</span><span class="p">(</span><span class="n">component</span><span class="o">.</span><span class="n">DB</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="nb">panic</span><span class="p">(</span><span class="n">fmt</span><span class="o">.</span><span class="n">Sprintf</span><span class="p">(</span><span class="s">"failed to initialize casbin adapter: %v"</span><span class="p">,</span> <span class="n">err</span><span class="p">))</span> <span class="p">}</span> <span class="c">// Initialize Gin router</span> <span class="n">router</span> <span class="o">=</span> <span class="n">gin</span><span class="o">.</span><span class="n">Default</span><span class="p">()</span> <span class="n">corsConfig</span> <span class="o">:=</span> <span class="n">cors</span><span class="o">.</span><span class="n">DefaultConfig</span><span class="p">()</span> <span class="n">corsConfig</span><span class="o">.</span><span class="n">AllowAllOrigins</span> <span class="o">=</span> <span class="no">true</span> <span class="n">corsConfig</span><span class="o">.</span><span class="n">AllowCredentials</span> <span class="o">=</span> <span class="no">true</span> <span class="n">router</span><span class="o">.</span><span class="n">Use</span><span class="p">(</span><span class="n">cors</span><span class="o">.</span><span class="n">New</span><span class="p">(</span><span class="n">corsConfig</span><span class="p">))</span> <span class="c">// CORS configuraion</span> <span class="n">router</span><span class="o">.</span><span class="n">POST</span><span class="p">(</span><span class="s">"/user/login"</span><span class="p">,</span> <span class="n">handler</span><span class="o">.</span><span class="n">Login</span><span class="p">)</span> <span class="c">// Secure our API</span> <span class="n">resource</span> <span class="o">:=</span> <span class="n">router</span><span class="o">.</span><span class="n">Group</span><span class="p">(</span><span class="s">"/api"</span><span class="p">)</span> <span class="p">{</span> <span class="n">resource</span><span class="o">.</span><span class="n">GET</span><span class="p">(</span><span class="s">"/resource"</span><span class="p">,</span> <span class="n">middleware</span><span class="o">.</span><span class="n">Authorize</span><span class="p">(</span><span class="s">"resource"</span><span class="p">,</span> <span class="s">"read"</span><span class="p">,</span> <span class="n">adapter</span><span class="p">),</span> <span class="n">handler</span><span class="o">.</span><span class="n">ReadResource</span><span class="p">)</span> <span class="n">resource</span><span class="o">.</span><span class="n">POST</span><span class="p">(</span><span class="s">"/resource"</span><span class="p">,</span> <span class="n">middleware</span><span class="o">.</span><span class="n">Authorize</span><span class="p">(</span><span class="s">"resource"</span><span class="p">,</span> <span class="s">"write"</span><span class="p">,</span> <span class="n">adapter</span><span class="p">),</span> <span class="n">handler</span><span class="o">.</span><span class="n">WriteResource</span><span class="p">)</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>Boom! All are set to go! If a client doesn't log in firstly, he will be denied when he tries to <code>GET /api/resource</code> or <code>POST /api/resource</code>; if he is just a user, he will also be blocked when he wants to write data.</p> <p><a href="https://github.com/maxwellhertz/casbin_example">Source code</a></p> go