vietnam-devs / coolstore-microservices

A full-stack .NET microservices build on Dapr and Tye
https://vietnam-devs.github.io/coolstore-microservices
MIT License
2.48k stars 581 forks source link

Re-architecture the stack using gRPC for internal services #37

Closed thangchung closed 5 years ago

thangchung commented 5 years ago

Upgrade to latest version of netcorekit with gRPC protocol out of the box.

thangchung commented 5 years ago

References:

thangchung commented 5 years ago

Write out EnvoyFilter to port current envoy-proxy config to istio. Another thing is to integrate with id4 server, we have an example which integrates with key-cloak and the article.

Authorization on istio can be at https://istio.io/docs/reference/config/policy-and-telemetry/templates/authorization/

Forward the headers to metadata field mentioned at https://github.com/envoyproxy/envoy/issues/3038

Transcode

https://github.com/luismoramedina/istio-secure-microservices <== https://github.com/istio/proxy/issues/986 ==> great one https://tyk.io/docs/customise-tyk/plugins/rich-plugins/grpc/custom-auth-dot-net/ https://github.com/opentracing-contrib/csharp-grpc https://github.com/plaisted/grpc-csharp-middleware https://github.com/grpc/grpc/blob/master/src/csharp/Grpc.IntegrationTesting/MetadataCredentialsTest.cs https://github.com/istio/proxy/tree/master/src/envoy/http/jwt_auth https://github.com/BuiltCloud/Built/tree/master/src/Built.Grpc.HttpGateway

NodeJS:

thangchung commented 5 years ago

Another approach to build gRPC is to build up the .NET gateway by using .NET Core, then we can implement the calling context handler to call to gRPC service in the downstream. Some of that is planning and implementing by .NET Core 3.0. Some of examples code as below:

thangchung commented 5 years ago

In order to debugging the app, we might need to enable egress-http on envoy-proxy, just like https://github.com/envoyproxy/envoy/blob/master/examples/grpc-bridge/config/s2s-python-envoy.yaml#L25 and https://github.com/envoyproxy/envoy/blob/master/configs/envoy_service_to_service_v2.template.yaml. But we need to do an experiment it a bit.

thangchung commented 5 years ago

Making Catalog and Rating services (Nodejs) work with Idp

// https://github.com/auth0/node-jsonwebtoken
// Verify using getKey callback
// Example uses https://github.com/auth0/node-jwks-rsa as a way to fetch the keys.
var jwksClient = require('jwks-rsa');
var client = jwksClient({
  jwksUri: 'https://sandrino.auth0.com/.well-known/jwks.json'
});
function getKey(header, callback){
  client.getSigningKey(header.kid, function(err, key) {
    var signingKey = key.publicKey || key.rsaPublicKey;
    callback(null, signingKey);
  });
}

jwt.verify(token, getKey, options, function(err, decoded) {
  console.log(decoded.foo) // bar
});

ref: https://github.com/lyphtec/idsvr4-node-jwks