library/cpp/tvmauth/client/examples/service_using_tvmtool_client/service.cpp


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84

#include "service.h"

#include <library/cpp/tvmauth/client/facade.h>

#include <library/cpp/cgiparam/cgiparam.h>
#include <library/cpp/http/server/response.h>
#include <library/cpp/http/simple/http_client.h>
#include <library/cpp/json/json_reader.h>

namespace NExample {
    static const TString BACK_C = "BACK_C";

    TSomeService::TSomeService(const TConfig& cfg)
        : Config_(cfg)
    {
        NTvmAuth::TLoggerPtr log = MakeIntrusive<NTvmAuth::TCerrLogger>(7);

        Tvm_ = MakeHolder<NTvmAuth::TTvmClient>(
            NTvmAuth::NTvmTool::TClientSettings(
                "my_service" // specified in Qloud/YP/tvmtool interface
                ),
            log);
    }

    TSomeService::~TSomeService() {
    }

    void TSomeService::HandleRequest(THttpInput& in, THttpOutput& out) {
        auto servIt = std::find_if(in.Headers().Begin(),
                                   in.Headers().End(),
                                   [](const auto& h) { return h.Name() == "X-Ya-Service-Ticket"; });
        auto userIt = std::find_if(in.Headers().Begin(),
                                   in.Headers().End(),
                                   [](const auto& h) { return h.Name() == "X-Ya-User-Ticket"; });
        try {
            if (servIt == in.Headers().End() || userIt == in.Headers().End()) {
                ythrow yexception() << "Need tickets";
            }

            // WARNING: См. Здесь
            NTvmAuth::TCheckedServiceTicket st = Tvm_->CheckServiceTicket(servIt->Value());
            NTvmAuth::TCheckedUserTicket ut = Tvm_->CheckUserTicket(userIt->Value());
            if (!st || !ut) {
                ythrow yexception() << "Invalid tickets";
            }

            // WARNING: См. Здесь
            // Ждём ABC - после их релиза эти три строки можно будет удалить
            if (Config_.AllowedTvmIds.find(st.GetSrc()) == Config_.AllowedTvmIds.end()) {
                ythrow yexception() << "Consumer is not allowed";
            }

            // WARNING: См. Здесь
            if (!ut.HasScope("some_service:allow_secret_data")) {
                ythrow yexception() << "UserTicket does not have scopes for secret data";
            }

            // Access-log
            Cout << "Data fetched for: " << ut.GetDefaultUid() << Endl;

            THttpResponse resp(HTTP_OK);
            resp.SetContent(GetDataFromBackendC(userIt->Value()), "text/plain");
            resp.OutTo(out);
        } catch (...) {
            THttpResponse resp(HTTP_BAD_REQUEST);
            resp.SetContent("Request can not be performed", "text/plain");
            resp.OutTo(out);
        }

        out.Finish();
    }

    TString TSomeService::GetDataFromBackendC(const TString& userTicket) {
        TSimpleHttpClient cl("my_backend", // specified in Qloud/YP/tvmtool interface
                             80);
        TStringStream s;
        cl.DoGet("/api?",
                 &s,
                 // WARNING: См. Здесь
                 {{"X-Ya-Service-Ticket", Tvm_->GetServiceTicketFor(BACK_C)},
                  {"X-Ya-User-Ticket", userTicket}});
        return s.Str();
    }
}