para autenticação de Trilha Go - Amazon Web Services
Transcript of para autenticação de Trilha Go - Amazon Web Services
![Page 1: para autenticação de Trilha Go - Amazon Web Services](https://reader036.fdocuments.net/reader036/viewer/2022071115/62cb02d848969471db79fdae/html5/thumbnails/1.jpg)
Trilha Go
Uma abordagem simples para autenticação de uma API usando Go
![Page 3: para autenticação de Trilha Go - Amazon Web Services](https://reader036.fdocuments.net/reader036/viewer/2022071115/62cb02d848969471db79fdae/html5/thumbnails/3.jpg)
AUTENTICAÇÃO ✕ AUTORIZAÇÃO
![Page 4: para autenticação de Trilha Go - Amazon Web Services](https://reader036.fdocuments.net/reader036/viewer/2022071115/62cb02d848969471db79fdae/html5/thumbnails/4.jpg)
O Desafio
![Page 5: para autenticação de Trilha Go - Amazon Web Services](https://reader036.fdocuments.net/reader036/viewer/2022071115/62cb02d848969471db79fdae/html5/thumbnails/5.jpg)
O Desafio
60+ microservicesQuem serão os usuários?
Uso back-end e front-end?
Proxy Reverso
JSON Web Tokens
![Page 6: para autenticação de Trilha Go - Amazon Web Services](https://reader036.fdocuments.net/reader036/viewer/2022071115/62cb02d848969471db79fdae/html5/thumbnails/6.jpg)
Proxy Reverso1
![Page 7: para autenticação de Trilha Go - Amazon Web Services](https://reader036.fdocuments.net/reader036/viewer/2022071115/62cb02d848969471db79fdae/html5/thumbnails/7.jpg)
PROXY REVERSO
“A reverse proxy is a server that sits in front of web servers and forwards client requests to those web server.”
Cloudflare
![Page 8: para autenticação de Trilha Go - Amazon Web Services](https://reader036.fdocuments.net/reader036/viewer/2022071115/62cb02d848969471db79fdae/html5/thumbnails/8.jpg)
PROXY REVERSO
![Page 9: para autenticação de Trilha Go - Amazon Web Services](https://reader036.fdocuments.net/reader036/viewer/2022071115/62cb02d848969471db79fdae/html5/thumbnails/9.jpg)
PROXY REVERSO
![Page 10: para autenticação de Trilha Go - Amazon Web Services](https://reader036.fdocuments.net/reader036/viewer/2022071115/62cb02d848969471db79fdae/html5/thumbnails/10.jpg)
TRAEFIK
Forward Authentication
/ PROXY REVERSO
![Page 11: para autenticação de Trilha Go - Amazon Web Services](https://reader036.fdocuments.net/reader036/viewer/2022071115/62cb02d848969471db79fdae/html5/thumbnails/11.jpg)
TRAEFIK
Configurações necessáriasTOML:
[entryPoints][entryPoints.https]
[entryPoints.https.auth.forward]address = "http://auth.local/validate"
/traefik/entrypoints/https/auth/forward/address=http://auth.local/validate
ETCD:
/ PROXY REVERSO
![Page 12: para autenticação de Trilha Go - Amazon Web Services](https://reader036.fdocuments.net/reader036/viewer/2022071115/62cb02d848969471db79fdae/html5/thumbnails/12.jpg)
JSON Web Tokens2
![Page 13: para autenticação de Trilha Go - Amazon Web Services](https://reader036.fdocuments.net/reader036/viewer/2022071115/62cb02d848969471db79fdae/html5/thumbnails/13.jpg)
JSON WEB TOKENS
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJ0ZXN0IiwiaWF0IjoxNTE2MjM5MDIyfQ.ZGWbu4-T4w7wSMIHdMrfYI5FVntFciRUupCZiuI_Cvo
JWT - JSON Web Tokens (RFC 7519)
{ "alg": "HS256", "typ": "JWT"}
{ "sub": "test", "iat": 1516239022}
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJ0ZXN0IiwiaWF0IjoxNTE2MjM5MDIyfQ.ZGWbu4-T4w7wSMIHdMrfYI5FVntFciRUupCZiuI_Cvo
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJ0ZXN0IiwiaWF0IjoxNTE2MjM5MDIyfQ.ZGWbu4-T4w7wSMIHdMrfYI5FVntFciRUupCZiuI_Cvo
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJ0ZXN0IiwiaWF0IjoxNTE2MjM5MDIyfQ.ZGWbu4-T4w7wSMIHdMrfYI5FVntFciRUupCZiuI_Cvo
![Page 14: para autenticação de Trilha Go - Amazon Web Services](https://reader036.fdocuments.net/reader036/viewer/2022071115/62cb02d848969471db79fdae/html5/thumbnails/14.jpg)
HANDS ON / JSON WEB TOKENS
Bibliotecagithub.com/dgrijalva/jwt-go
![Page 15: para autenticação de Trilha Go - Amazon Web Services](https://reader036.fdocuments.net/reader036/viewer/2022071115/62cb02d848969471db79fdae/html5/thumbnails/15.jpg)
HANDS ON / JSON WEB TOKENS
func (a Service) GenerateToken(u User) (string, error) {
now := time.Now().Unix()
expiration := now + int64(a.tokenPeriod)
token := jwt.NewWithClaims(jwt.SigningMethodHS256,
jwt.MapClaims{
"sub": user.ID,
"iat": now,
"exp": expiration,
})
return token.SignedString([]byte(a.privateKey)) }
![Page 16: para autenticação de Trilha Go - Amazon Web Services](https://reader036.fdocuments.net/reader036/viewer/2022071115/62cb02d848969471db79fdae/html5/thumbnails/16.jpg)
HANDS ON / JSON WEB TOKENS
func (a Service) ValidateToken(t string) error {
_, err := jwt.Parse(t, a.validationCallback))
if err != nil {
return errors.New("invalid access token")
}
return nil
}
![Page 17: para autenticação de Trilha Go - Amazon Web Services](https://reader036.fdocuments.net/reader036/viewer/2022071115/62cb02d848969471db79fdae/html5/thumbnails/17.jpg)
HANDS ON / JSON WEB TOKENS
func (a Service) validationCallback(token *jwt.Token)
(interface{}, error) {
if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
return nil, errors.New("unexpected signing method")
}
return []byte(a.privateKey), nil
}
![Page 18: para autenticação de Trilha Go - Amazon Web Services](https://reader036.fdocuments.net/reader036/viewer/2022071115/62cb02d848969471db79fdae/html5/thumbnails/18.jpg)
HANDS ON / JSON WEB TOKENS
POST /authenticate
Authorization: Bearer identifier:secret
Authenticate(c Credentials) (User, error)
GenerateToken(u User) (string, error)
200 OK
Content-Type: application/json
"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJ0ZXN0IiwiaWF0
IjoxNTE2MjM5MDIyfQ.ZGWbu4-T4w7wSMIHdMrfYI5FVntFciRUupCZiuI_Cv"
![Page 19: para autenticação de Trilha Go - Amazon Web Services](https://reader036.fdocuments.net/reader036/viewer/2022071115/62cb02d848969471db79fdae/html5/thumbnails/19.jpg)
HANDS ON / JSON WEB TOKENS
GET /validate
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ
zdWIiOiJ0ZXN0IiwiaWF0IjoxNTE2MjM5MDIyfQ.ZGWbu4-T4w7wSMIHdMrfYI
5FVntFciRUupCZiuI_Cv
ValidateToken(t string) error
200 OK
![Page 20: para autenticação de Trilha Go - Amazon Web Services](https://reader036.fdocuments.net/reader036/viewer/2022071115/62cb02d848969471db79fdae/html5/thumbnails/20.jpg)
Escalabilidade3
![Page 21: para autenticação de Trilha Go - Amazon Web Services](https://reader036.fdocuments.net/reader036/viewer/2022071115/62cb02d848969471db79fdae/html5/thumbnails/21.jpg)
ESCALABILIDADE
Criptografia Simétrica
Autenticação Stateless
Sem Operações de IO
![Page 22: para autenticação de Trilha Go - Amazon Web Services](https://reader036.fdocuments.net/reader036/viewer/2022071115/62cb02d848969471db79fdae/html5/thumbnails/22.jpg)
ESCALABILIDADE
1.000
750
500
250
00% 90% 99% 99.9%
![Page 23: para autenticação de Trilha Go - Amazon Web Services](https://reader036.fdocuments.net/reader036/viewer/2022071115/62cb02d848969471db79fdae/html5/thumbnails/23.jpg)
ESCALABILIDADE
![Page 24: para autenticação de Trilha Go - Amazon Web Services](https://reader036.fdocuments.net/reader036/viewer/2022071115/62cb02d848969471db79fdae/html5/thumbnails/24.jpg)
RAM:CPU:
Pico RAM:Pico CPU:
ESCALABILIDADE
< 5 MB< 0.0004 s< 20 MB< 0.04 s
Escalabilidade Horizontal
![Page 25: para autenticação de Trilha Go - Amazon Web Services](https://reader036.fdocuments.net/reader036/viewer/2022071115/62cb02d848969471db79fdae/html5/thumbnails/25.jpg)
ESCALABILIDADE
0% de erros @ 1000 req/s500
325
250
125
0
0% 90% 99% 99.9%
![Page 26: para autenticação de Trilha Go - Amazon Web Services](https://reader036.fdocuments.net/reader036/viewer/2022071115/62cb02d848969471db79fdae/html5/thumbnails/26.jpg)
OBRIGADO.Raí TamarindoSoftware [email protected]