multiple kratos clients for session validation and identity creation (#114)

* multiple kratos clients for session validation and identity creation * fixed review comments * switching few logs to debug
2026-05-06 08:26:53 +00:00 · 2022-04-21 11:52:20 +05:30
parent faf5e92ed6
commit a9cd4e842e
4 changed files with 22 additions and 8 deletions
--- a/main.go
+++ b/main.go
@@ -82,7 +82,8 @@ const (
 	schedulerNamespaceEnv       = "SCHEDULER_NAMESPACE"

 	// kratos
-	kratosAddrEnv = "KRATOS_ADDR"
+	kratosAddrEnv       = "KRATOS_ADDR"
+	kratosPublicAddrEnv = "KRATOS_PUB_ADDR"
 )

 var (
@@ -123,8 +124,10 @@ var (
 	schedulerNamespace       string

 	// kratos
-	kratosAddr string
-	kc         *kclient.APIClient
+	kratosAddr       string
+	kratosPublicAddr string
+	kc               *kclient.APIClient
+	akc              *kclient.APIClient

 	// services
 	ps    service.PartnerService
@@ -198,6 +201,7 @@ func setup() {

 	// kratos
 	viper.SetDefault(kratosAddrEnv, "http://localhost:4433")
+	viper.SetDefault(kratosPublicAddrEnv, "http://localhost:4434")

 	viper.BindEnv(rpcPortEnv)
 	viper.BindEnv(apiPortEnv)
@@ -211,6 +215,7 @@ func setup() {
 	viper.BindEnv(dbPasswordEnv)

 	viper.BindEnv(kratosAddrEnv)
+	viper.BindEnv(kratosPublicAddrEnv)

 	viper.BindEnv(sentryPeeringHostEnv)
 	viper.BindEnv(coreRelayConnectorHostEnv)
@@ -240,6 +245,7 @@ func setup() {
 	dbPassword = viper.GetString(dbPasswordEnv)

 	kratosAddr = viper.GetString(kratosAddrEnv)
+	kratosPublicAddr = viper.GetString(kratosPublicAddrEnv)

 	bootstrapKEK = viper.GetString(bootstrapKEKEnv)
 	sentryPeeringHost = viper.GetString(sentryPeeringHostEnv)
@@ -258,11 +264,16 @@ func setup() {

 	rpcRelayPeeringPort = rpcPort + 1

-	// Kratos client setup
+	// Kratos client setup for authentication
 	kratosConfig := kclient.NewConfiguration()
-	kratosConfig.Servers[0].URL = kratosAddr
+	kratosConfig.Servers[0].URL = kratosPublicAddr
 	kc = kclient.NewAPIClient(kratosConfig)

+	// Kratos client setup for admin purpose
+	kratosAdminConfig := kclient.NewConfiguration()
+	kratosAdminConfig.Servers[0].URL = kratosAddr
+	akc = kclient.NewAPIClient(kratosAdminConfig)
+
 	// db setup
 	dsn := fmt.Sprintf("postgres://%s:%s@%s/%s?sslmode=disable", dbUser, dbPassword, dbAddr, dbName)
 	sqldb := sql.OpenDB(pgdriver.NewConnector(pgdriver.WithDSN(dsn)))
@@ -319,7 +330,7 @@ func setup() {
 		cc.Profile = "production"
 	}
 	ks = service.NewApiKeyService(db, auditLogger)
-	us = service.NewUserService(providers.NewKratosAuthProvider(kc), db, as, ks, cc, auditLogger, dev)
+	us = service.NewUserService(providers.NewKratosAuthProvider(akc), db, as, ks, cc, auditLogger, dev)
 	gs = service.NewGroupService(db, as, auditLogger)
 	rs = service.NewRoleService(db, as, auditLogger)
 	rrs = service.NewRolepermissionService(db)
--- a/pkg/auth/v3/interceptor.go
+++ b/pkg/auth/v3/interceptor.go
@@ -106,12 +106,14 @@ func (ac authContext) NewAuthUnaryInterceptor(opt Option) grpc.UnaryServerInterc
 		}

 		s := res.GetStatus()
+		_log.Debug("user authentication status ", s)
 		switch s {
 		case commonv3.RequestStatus_RequestAllowed:
 			sd := res.SessionData
 			sd.ClientIp = ip
 			sd.ClientHost = host
 			sd.ClientUa = ua
+			_log.Debug("session data ", sd)
 			ctx := context.WithValue(ctx, common.SessionDataKey, sd)
 			return handler(ctx, req)
 		case commonv3.RequestStatus_RequestMethodOrURLNotAllowed:
--- a/pkg/auth/v3/service.go
+++ b/pkg/auth/v3/service.go
@@ -84,7 +84,7 @@ func (ac *authContext) authenticate(ctx context.Context, httpreq *http.Request,
 				res.Reason = "no or invalid credentials"
 				return false, nil
 			} else {
-				return false, nil
+				return false, err
 			}
 		}
 		if session.GetActive() {
--- a/pkg/service/user.go
+++ b/pkg/service/user.go
@@ -466,7 +466,7 @@ func (s *userService) GetUserInfo(ctx context.Context, user *userv3.User) (*user
 	if s.dev {
 		username = user.GetMetadata().GetName()
 		if len(username) == 0 {
-			fmt.Println("Unable to fetch username. Don't use DEV mode when using from UI.")
+			_log.Warn("Unable to fetch username. Don't use DEV mode when using from UI.")
 			return &userv3.UserInfo{}, fmt.Errorf("username should be provided")
 		}
 	} else {
@@ -476,6 +476,7 @@ func (s *userService) GetUserInfo(ctx context.Context, user *userv3.User) (*user
 		}
 		username = sd.Username
 	}
+	_log.Info("username ", username)

 	entity, err := dao.GetByTraits(ctx, s.db, username, &models.KratosIdentities{})
 	if err != nil {