feat(thalos-bff): wire rest runtime and grpc service adapter
This commit is contained in:
José René White Enciso
parent
9012d28b38
commit
3997d5d77e
@ -0,0 +1,41 @@
|
||||
using Thalos.Bff.Application.Contracts;
|
||||
using Thalos.Bff.Contracts.Api;
|
||||
using Thalos.Service.Identity.Abstractions.Contracts;
|
||||
|
||||
namespace Thalos.Bff.Application.Adapters;
|
||||
|
||||
/// <summary>
|
||||
/// Default adapter implementation for identity edge API and service contracts.
|
||||
/// </summary>
|
||||
public sealed class IdentityEdgeContractAdapter : IIdentityEdgeContractAdapter
|
||||
{
|
||||
/// <inheritdoc />
|
||||
public EvaluateIdentityPolicyRequest ToPolicyRequest(IssueTokenApiRequest request, string permissionCode)
|
||||
{
|
||||
return new EvaluateIdentityPolicyRequest(request.SubjectId, request.TenantId, permissionCode);
|
||||
}
|
||||
|
||||
/// <inheritdoc />
|
||||
public IssueIdentityTokenRequest ToIssueTokenRequest(IssueTokenApiRequest request)
|
||||
{
|
||||
return new IssueIdentityTokenRequest(request.SubjectId, request.TenantId);
|
||||
}
|
||||
|
||||
/// <inheritdoc />
|
||||
public IssueTokenApiResponse ToIssueTokenApiResponse(IssueIdentityTokenResponse response)
|
||||
{
|
||||
return new IssueTokenApiResponse(response.Token, response.ExpiresInSeconds);
|
||||
}
|
||||
|
||||
/// <inheritdoc />
|
||||
public RefreshIdentitySessionRequest ToRefreshSessionRequest(RefreshSessionApiRequest request)
|
||||
{
|
||||
return new RefreshIdentitySessionRequest(request.RefreshToken, request.CorrelationId);
|
||||
}
|
||||
|
||||
/// <inheritdoc />
|
||||
public RefreshSessionApiResponse ToRefreshSessionApiResponse(RefreshIdentitySessionResponse response)
|
||||
{
|
||||
return new RefreshSessionApiResponse(response.Token, response.ExpiresInSeconds);
|
||||
}
|
||||
}
|
||||
@ -0,0 +1,22 @@
|
||||
using Thalos.Bff.Application.Grpc;
|
||||
using Thalos.Bff.Contracts.Api;
|
||||
|
||||
namespace Thalos.Bff.Application.Adapters;
|
||||
|
||||
/// <summary>
|
||||
/// Default adapter implementation for identity edge gRPC contract translation.
|
||||
/// </summary>
|
||||
public sealed class IdentityEdgeGrpcContractAdapter : IIdentityEdgeGrpcContractAdapter
|
||||
{
|
||||
/// <inheritdoc />
|
||||
public IssueIdentityTokenGrpcContract ToGrpc(IssueTokenApiRequest request)
|
||||
{
|
||||
return new IssueIdentityTokenGrpcContract(request.SubjectId, request.TenantId, request.CorrelationId);
|
||||
}
|
||||
|
||||
/// <inheritdoc />
|
||||
public IssueTokenApiRequest FromGrpc(IssueIdentityTokenGrpcContract contract)
|
||||
{
|
||||
return new IssueTokenApiRequest(contract.SubjectId, contract.TenantId, contract.CorrelationId);
|
||||
}
|
||||
}
|
||||
@ -0,0 +1,30 @@
|
||||
using Microsoft.Extensions.DependencyInjection;
|
||||
using Microsoft.Extensions.DependencyInjection.Extensions;
|
||||
using Thalos.Bff.Application.Adapters;
|
||||
using Thalos.Bff.Application.Handlers;
|
||||
using Thalos.Bff.Application.Security;
|
||||
|
||||
namespace Thalos.Bff.Application.DependencyInjection;
|
||||
|
||||
/// <summary>
|
||||
/// Registers application-layer runtime wiring for thalos-bff.
|
||||
/// </summary>
|
||||
public static class ThalosBffApplicationServiceCollectionExtensions
|
||||
{
|
||||
/// <summary>
|
||||
/// Adds thalos-bff application handlers and adapter implementations.
|
||||
/// </summary>
|
||||
/// <param name="services">Service collection.</param>
|
||||
/// <returns>Service collection for fluent chaining.</returns>
|
||||
public static IServiceCollection AddThalosBffApplicationRuntime(this IServiceCollection services)
|
||||
{
|
||||
services.TryAddSingleton<IIdentityEdgeContractAdapter, IdentityEdgeContractAdapter>();
|
||||
services.TryAddSingleton<IIdentityEdgeGrpcContractAdapter, IdentityEdgeGrpcContractAdapter>();
|
||||
services.TryAddSingleton<IPermissionGuard, IdentityPermissionGuard>();
|
||||
|
||||
services.TryAddScoped<IIssueTokenHandler, IssueTokenHandler>();
|
||||
services.TryAddScoped<IRefreshSessionHandler, RefreshSessionHandler>();
|
||||
|
||||
return services;
|
||||
}
|
||||
}
|
||||
@ -0,0 +1,15 @@
|
||||
using Thalos.Service.Identity.Abstractions.Contracts;
|
||||
|
||||
namespace Thalos.Bff.Application.Security;
|
||||
|
||||
/// <summary>
|
||||
/// Default permission guard backed by thalos-service policy evaluation responses.
|
||||
/// </summary>
|
||||
public sealed class IdentityPermissionGuard : IPermissionGuard
|
||||
{
|
||||
/// <inheritdoc />
|
||||
public bool CanAccess(EvaluateIdentityPolicyResponse policyResponse)
|
||||
{
|
||||
return policyResponse.IsAllowed;
|
||||
}
|
||||
}
|
||||
@ -5,6 +5,7 @@
|
||||
<Nullable>enable</Nullable>
|
||||
</PropertyGroup>
|
||||
<ItemGroup>
|
||||
<PackageReference Include="Microsoft.Extensions.DependencyInjection.Abstractions" Version="10.0.0" />
|
||||
<ProjectReference Include="..\Thalos.Bff.Contracts\Thalos.Bff.Contracts.csproj" />
|
||||
<ProjectReference Include="..\..\..\thalos-service\src\Thalos.Service.Identity.Abstractions\Thalos.Service.Identity.Abstractions.csproj" />
|
||||
</ItemGroup>
|
||||
|
||||
107
src/Thalos.Bff.Rest/Adapters/ThalosServiceGrpcClientAdapter.cs
Normal file
107
src/Thalos.Bff.Rest/Adapters/ThalosServiceGrpcClientAdapter.cs
Normal file
@ -0,0 +1,107 @@
|
||||
using Grpc.Core;
|
||||
using Microsoft.Extensions.Primitives;
|
||||
using Thalos.Bff.Application.Adapters;
|
||||
using Thalos.Bff.Application.Contracts;
|
||||
using Thalos.Service.Grpc;
|
||||
using Thalos.Service.Identity.Abstractions.Contracts;
|
||||
|
||||
namespace Thalos.Bff.Rest.Adapters;
|
||||
|
||||
/// <summary>
|
||||
/// gRPC-backed adapter for downstream thalos-service calls.
|
||||
/// </summary>
|
||||
public sealed class ThalosServiceGrpcClientAdapter(
|
||||
IdentityRuntime.IdentityRuntimeClient grpcClient,
|
||||
IHttpContextAccessor httpContextAccessor,
|
||||
IConfiguration configuration) : IThalosServiceClient
|
||||
{
|
||||
private const string CorrelationHeaderName = "x-correlation-id";
|
||||
private readonly string refreshTenantId = configuration["ThalosService:RefreshTenantId"] ?? "refresh";
|
||||
|
||||
/// <inheritdoc />
|
||||
public async Task<IssueIdentityTokenResponse> IssueTokenAsync(IssueIdentityTokenRequest request)
|
||||
{
|
||||
var correlationId = ResolveCorrelationId();
|
||||
var grpcRequest = new IssueIdentityTokenGrpcRequest
|
||||
{
|
||||
SubjectId = request.SubjectId,
|
||||
TenantId = request.TenantId
|
||||
};
|
||||
|
||||
var grpcResponse = await grpcClient.IssueIdentityTokenAsync(
|
||||
grpcRequest,
|
||||
headers: CreateHeaders(correlationId));
|
||||
|
||||
return new IssueIdentityTokenResponse(grpcResponse.Token, grpcResponse.ExpiresInSeconds);
|
||||
}
|
||||
|
||||
/// <inheritdoc />
|
||||
public async Task<EvaluateIdentityPolicyResponse> EvaluatePolicyAsync(EvaluateIdentityPolicyRequest request)
|
||||
{
|
||||
var correlationId = ResolveCorrelationId();
|
||||
var grpcRequest = new EvaluateIdentityPolicyGrpcRequest
|
||||
{
|
||||
SubjectId = request.SubjectId,
|
||||
TenantId = request.TenantId,
|
||||
PermissionCode = request.PermissionCode
|
||||
};
|
||||
|
||||
var grpcResponse = await grpcClient.EvaluateIdentityPolicyAsync(
|
||||
grpcRequest,
|
||||
headers: CreateHeaders(correlationId));
|
||||
|
||||
return new EvaluateIdentityPolicyResponse(
|
||||
grpcResponse.SubjectId,
|
||||
grpcResponse.PermissionCode,
|
||||
grpcResponse.IsAllowed);
|
||||
}
|
||||
|
||||
/// <inheritdoc />
|
||||
public async Task<RefreshIdentitySessionResponse> RefreshSessionAsync(RefreshIdentitySessionRequest request)
|
||||
{
|
||||
var correlationId = ResolveCorrelationId(request.CorrelationId);
|
||||
var grpcRequest = new IssueIdentityTokenGrpcRequest
|
||||
{
|
||||
SubjectId = request.RefreshToken,
|
||||
TenantId = refreshTenantId
|
||||
};
|
||||
|
||||
var grpcResponse = await grpcClient.IssueIdentityTokenAsync(
|
||||
grpcRequest,
|
||||
headers: CreateHeaders(correlationId));
|
||||
|
||||
return new RefreshIdentitySessionResponse(grpcResponse.Token, grpcResponse.ExpiresInSeconds);
|
||||
}
|
||||
|
||||
private string ResolveCorrelationId(string? preferred = null)
|
||||
{
|
||||
if (!string.IsNullOrWhiteSpace(preferred))
|
||||
{
|
||||
return preferred;
|
||||
}
|
||||
|
||||
var context = httpContextAccessor.HttpContext;
|
||||
if (context?.Items.TryGetValue(CorrelationHeaderName, out var itemValue) == true &&
|
||||
itemValue is string itemCorrelationId &&
|
||||
!string.IsNullOrWhiteSpace(itemCorrelationId))
|
||||
{
|
||||
return itemCorrelationId;
|
||||
}
|
||||
|
||||
if (context?.Request.Headers.TryGetValue(CorrelationHeaderName, out var headerValue) == true &&
|
||||
!StringValues.IsNullOrEmpty(headerValue))
|
||||
{
|
||||
return headerValue.ToString();
|
||||
}
|
||||
|
||||
return context?.TraceIdentifier ?? $"corr-{Guid.NewGuid():N}";
|
||||
}
|
||||
|
||||
private static Metadata CreateHeaders(string correlationId)
|
||||
{
|
||||
return new Metadata
|
||||
{
|
||||
{ CorrelationHeaderName, correlationId }
|
||||
};
|
||||
}
|
||||
}
|
||||
@ -1,18 +1,93 @@
|
||||
using Core.Blueprint.Common.DependencyInjection;
|
||||
using Microsoft.Extensions.Primitives;
|
||||
using Thalos.Bff.Application.Adapters;
|
||||
using Thalos.Bff.Application.DependencyInjection;
|
||||
using Thalos.Bff.Application.Handlers;
|
||||
using Thalos.Bff.Contracts.Api;
|
||||
using Thalos.Bff.Rest.Adapters;
|
||||
using Thalos.Bff.Rest.Endpoints;
|
||||
using Thalos.Service.Grpc;
|
||||
|
||||
const string CorrelationHeaderName = "x-correlation-id";
|
||||
|
||||
var builder = WebApplication.CreateBuilder(args);
|
||||
|
||||
// Stage 3 skeleton: single active external protocol for this deployment is REST.
|
||||
builder.Services.AddHttpContextAccessor();
|
||||
builder.Services.AddHealthChecks();
|
||||
builder.Services.AddBlueprintRuntimeCore();
|
||||
builder.Services.AddThalosBffApplicationRuntime();
|
||||
builder.Services.AddScoped<IThalosServiceClient, ThalosServiceGrpcClientAdapter>();
|
||||
builder.Services.AddGrpcClient<IdentityRuntime.IdentityRuntimeClient>(options =>
|
||||
{
|
||||
var serviceAddress = builder.Configuration["ThalosService:GrpcAddress"] ?? "http://localhost:5251";
|
||||
options.Address = new Uri(serviceAddress);
|
||||
});
|
||||
|
||||
var app = builder.Build();
|
||||
|
||||
app.MapPost("/api/identity/token", (IssueTokenApiRequest request) =>
|
||||
app.Use(async (context, next) =>
|
||||
{
|
||||
return Results.Ok(new IssueTokenApiResponse("", 0));
|
||||
var correlationId = ResolveCorrelationId(context);
|
||||
context.Items[CorrelationHeaderName] = correlationId;
|
||||
context.Request.Headers[CorrelationHeaderName] = correlationId;
|
||||
context.Response.Headers[CorrelationHeaderName] = correlationId;
|
||||
await next();
|
||||
});
|
||||
|
||||
app.MapPost("/api/identity/session/refresh", (RefreshSessionApiRequest request) =>
|
||||
app.MapPost($"{EndpointConventions.ApiPrefix}/token", async (
|
||||
IssueTokenApiRequest request,
|
||||
HttpContext context,
|
||||
IIssueTokenHandler handler) =>
|
||||
{
|
||||
return Results.Ok(new RefreshSessionApiResponse("", 0));
|
||||
var normalizedRequest = request with { CorrelationId = ResolveCorrelationId(context, request.CorrelationId) };
|
||||
|
||||
try
|
||||
{
|
||||
var response = await handler.HandleAsync(normalizedRequest);
|
||||
return Results.Ok(response);
|
||||
}
|
||||
catch (UnauthorizedAccessException)
|
||||
{
|
||||
return Results.Unauthorized();
|
||||
}
|
||||
});
|
||||
|
||||
app.MapPost($"{EndpointConventions.ApiPrefix}/session/refresh", async (
|
||||
RefreshSessionApiRequest request,
|
||||
HttpContext context,
|
||||
IRefreshSessionHandler handler) =>
|
||||
{
|
||||
var normalizedRequest = request with { CorrelationId = ResolveCorrelationId(context, request.CorrelationId) };
|
||||
var response = await handler.HandleAsync(normalizedRequest);
|
||||
return Results.Ok(response);
|
||||
});
|
||||
|
||||
app.MapHealthChecks("/healthz");
|
||||
|
||||
app.Run();
|
||||
|
||||
string ResolveCorrelationId(HttpContext context, string? preferred = null)
|
||||
{
|
||||
if (!string.IsNullOrWhiteSpace(preferred))
|
||||
{
|
||||
context.Items[CorrelationHeaderName] = preferred;
|
||||
context.Request.Headers[CorrelationHeaderName] = preferred;
|
||||
context.Response.Headers[CorrelationHeaderName] = preferred;
|
||||
return preferred;
|
||||
}
|
||||
|
||||
if (context.Items.TryGetValue(CorrelationHeaderName, out var itemValue) &&
|
||||
itemValue is string itemCorrelationId &&
|
||||
!string.IsNullOrWhiteSpace(itemCorrelationId))
|
||||
{
|
||||
return itemCorrelationId;
|
||||
}
|
||||
|
||||
if (context.Request.Headers.TryGetValue(CorrelationHeaderName, out var headerValue) &&
|
||||
!StringValues.IsNullOrEmpty(headerValue))
|
||||
{
|
||||
return headerValue.ToString();
|
||||
}
|
||||
|
||||
return context.TraceIdentifier;
|
||||
}
|
||||
|
||||
@ -4,8 +4,22 @@
|
||||
<Nullable>enable</Nullable>
|
||||
<ImplicitUsings>enable</ImplicitUsings>
|
||||
</PropertyGroup>
|
||||
<ItemGroup>
|
||||
<PackageReference Include="Google.Protobuf" Version="3.31.1" />
|
||||
<PackageReference Include="Grpc.Core.Api" Version="2.71.0" />
|
||||
<PackageReference Include="Grpc.Net.Client" Version="2.71.0" />
|
||||
<PackageReference Include="Grpc.Net.ClientFactory" Version="2.71.0" />
|
||||
<PackageReference Include="Grpc.Tools" Version="2.71.0">
|
||||
<PrivateAssets>all</PrivateAssets>
|
||||
<IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
|
||||
</PackageReference>
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<Protobuf Include="..\..\..\thalos-service\src\Thalos.Service.Grpc\Protos\identity_runtime.proto" GrpcServices="Client" Link="Protos\identity_runtime.proto" />
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<ProjectReference Include="..\Thalos.Bff.Application\Thalos.Bff.Application.csproj" />
|
||||
<ProjectReference Include="..\Thalos.Bff.Contracts\Thalos.Bff.Contracts.csproj" />
|
||||
<ProjectReference Include="..\..\..\blueprint-platform\src\Core.Blueprint.Common\Core.Blueprint.Common.csproj" />
|
||||
</ItemGroup>
|
||||
</Project>
|
||||
|
||||
Loading…
Reference in New Issue
Block a user