From a9cd4e842ee01cb2deb412b0341b172badab89e8 Mon Sep 17 00:00:00 2001
From: Nirav Parikh <52062717+niravparikh05@users.noreply.github.com>
Date: Thu, 21 Apr 2022 11:52:20 +0530
Subject: [PATCH] multiple kratos clients for session validation and identity
 creation (#114)

* multiple kratos clients for session validation and identity creation

* fixed review comments

* switching few logs to debug
---
 main.go                    | 23 +++++++++++++++++------
 pkg/auth/v3/interceptor.go |  2 ++
 pkg/auth/v3/service.go     |  2 +-
 pkg/service/user.go        |  3 ++-
 4 files changed, 22 insertions(+), 8 deletions(-)

diff --git a/main.go b/main.go
index d3f0271..edc18ec 100644
--- a/main.go
+++ b/main.go
@@ -82,7 +82,8 @@ const (
 	schedulerNamespaceEnv       = "SCHEDULER_NAMESPACE"
 
 	// kratos
-	kratosAddrEnv = "KRATOS_ADDR"
+	kratosAddrEnv       = "KRATOS_ADDR"
+	kratosPublicAddrEnv = "KRATOS_PUB_ADDR"
 )
 
 var (
@@ -123,8 +124,10 @@ var (
 	schedulerNamespace       string
 
 	// kratos
-	kratosAddr string
-	kc         *kclient.APIClient
+	kratosAddr       string
+	kratosPublicAddr string
+	kc               *kclient.APIClient
+	akc              *kclient.APIClient
 
 	// services
 	ps    service.PartnerService
@@ -198,6 +201,7 @@ func setup() {
 
 	// kratos
 	viper.SetDefault(kratosAddrEnv, "http://localhost:4433")
+	viper.SetDefault(kratosPublicAddrEnv, "http://localhost:4434")
 
 	viper.BindEnv(rpcPortEnv)
 	viper.BindEnv(apiPortEnv)
@@ -211,6 +215,7 @@ func setup() {
 	viper.BindEnv(dbPasswordEnv)
 
 	viper.BindEnv(kratosAddrEnv)
+	viper.BindEnv(kratosPublicAddrEnv)
 
 	viper.BindEnv(sentryPeeringHostEnv)
 	viper.BindEnv(coreRelayConnectorHostEnv)
@@ -240,6 +245,7 @@ func setup() {
 	dbPassword = viper.GetString(dbPasswordEnv)
 
 	kratosAddr = viper.GetString(kratosAddrEnv)
+	kratosPublicAddr = viper.GetString(kratosPublicAddrEnv)
 
 	bootstrapKEK = viper.GetString(bootstrapKEKEnv)
 	sentryPeeringHost = viper.GetString(sentryPeeringHostEnv)
@@ -258,11 +264,16 @@ func setup() {
 
 	rpcRelayPeeringPort = rpcPort + 1
 
-	// Kratos client setup
+	// Kratos client setup for authentication
 	kratosConfig := kclient.NewConfiguration()
-	kratosConfig.Servers[0].URL = kratosAddr
+	kratosConfig.Servers[0].URL = kratosPublicAddr
 	kc = kclient.NewAPIClient(kratosConfig)
 
+	// Kratos client setup for admin purpose
+	kratosAdminConfig := kclient.NewConfiguration()
+	kratosAdminConfig.Servers[0].URL = kratosAddr
+	akc = kclient.NewAPIClient(kratosAdminConfig)
+
 	// db setup
 	dsn := fmt.Sprintf("postgres://%s:%s@%s/%s?sslmode=disable", dbUser, dbPassword, dbAddr, dbName)
 	sqldb := sql.OpenDB(pgdriver.NewConnector(pgdriver.WithDSN(dsn)))
@@ -319,7 +330,7 @@ func setup() {
 		cc.Profile = "production"
 	}
 	ks = service.NewApiKeyService(db, auditLogger)
-	us = service.NewUserService(providers.NewKratosAuthProvider(kc), db, as, ks, cc, auditLogger, dev)
+	us = service.NewUserService(providers.NewKratosAuthProvider(akc), db, as, ks, cc, auditLogger, dev)
 	gs = service.NewGroupService(db, as, auditLogger)
 	rs = service.NewRoleService(db, as, auditLogger)
 	rrs = service.NewRolepermissionService(db)
diff --git a/pkg/auth/v3/interceptor.go b/pkg/auth/v3/interceptor.go
index d86cdcf..1f8aa4b 100644
--- a/pkg/auth/v3/interceptor.go
+++ b/pkg/auth/v3/interceptor.go
@@ -106,12 +106,14 @@ func (ac authContext) NewAuthUnaryInterceptor(opt Option) grpc.UnaryServerInterc
 		}
 
 		s := res.GetStatus()
+		_log.Debug("user authentication status ", s)
 		switch s {
 		case commonv3.RequestStatus_RequestAllowed:
 			sd := res.SessionData
 			sd.ClientIp = ip
 			sd.ClientHost = host
 			sd.ClientUa = ua
+			_log.Debug("session data ", sd)
 			ctx := context.WithValue(ctx, common.SessionDataKey, sd)
 			return handler(ctx, req)
 		case commonv3.RequestStatus_RequestMethodOrURLNotAllowed:
diff --git a/pkg/auth/v3/service.go b/pkg/auth/v3/service.go
index 69c0b13..e5638df 100644
--- a/pkg/auth/v3/service.go
+++ b/pkg/auth/v3/service.go
@@ -84,7 +84,7 @@ func (ac *authContext) authenticate(ctx context.Context, httpreq *http.Request,
 				res.Reason = "no or invalid credentials"
 				return false, nil
 			} else {
-				return false, nil
+				return false, err
 			}
 		}
 		if session.GetActive() {
diff --git a/pkg/service/user.go b/pkg/service/user.go
index 283dbaf..aea29c5 100644
--- a/pkg/service/user.go
+++ b/pkg/service/user.go
@@ -466,7 +466,7 @@ func (s *userService) GetUserInfo(ctx context.Context, user *userv3.User) (*user
 	if s.dev {
 		username = user.GetMetadata().GetName()
 		if len(username) == 0 {
-			fmt.Println("Unable to fetch username. Don't use DEV mode when using from UI.")
+			_log.Warn("Unable to fetch username. Don't use DEV mode when using from UI.")
 			return &userv3.UserInfo{}, fmt.Errorf("username should be provided")
 		}
 	} else {
@@ -476,6 +476,7 @@ func (s *userService) GetUserInfo(ctx context.Context, user *userv3.User) (*user
 		}
 		username = sd.Username
 	}
+	_log.Info("username ", username)
 
 	entity, err := dao.GetByTraits(ctx, s.db, username, &models.KratosIdentities{})
 	if err != nil {