Created
February 15, 2022 16:11
-
-
Save Romain-P/bc2d0593b4ba7e1070b2fe9b08b276b9 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package fr.idfm.sb.payment.client.vault.http; | |
import feign.RequestInterceptor; | |
import feign.RequestTemplate; | |
import fr.idfm.sb.payment.client.VaultConfig; | |
import fr.idfm.sb.payment.client.dto.vault.AuthDto; | |
import fr.idfm.sb.payment.client.dto.vault.VaultLoginRequestDto; | |
import fr.idfm.sb.payment.client.dto.vault.VaultLoginResponseDto; | |
import fr.idfm.sb.payment.client.dto.vault.VaultTokenLookupSelfResponseDto; | |
import fr.idfm.sb.payment.common.constant.CustomHttpHeaders; | |
import fr.idfm.sb.payment.common.constant.ErrorMessage; | |
import fr.idfm.sb.payment.common.exception.VaultException; | |
import lombok.AllArgsConstructor; | |
import lombok.NoArgsConstructor; | |
import lombok.extern.slf4j.Slf4j; | |
import org.apache.commons.lang3.StringUtils; | |
import org.springframework.beans.factory.annotation.Autowired; | |
import org.springframework.http.HttpStatus; | |
import org.springframework.stereotype.Component; | |
import java.util.Date; | |
@Slf4j | |
@Component | |
public class VaultRequestInterceptor implements RequestInterceptor { | |
private AuthDto authDto; | |
private final VaultClient vaultClient; | |
private final VaultConfig vaultConfig; | |
@Autowired | |
public VaultRequestInterceptor(VaultClient vaultClient, VaultConfig vaultConfig) { | |
this.authDto = new AuthDto(); | |
this.vaultClient = vaultClient; | |
this.vaultConfig = vaultConfig; | |
} | |
@Override | |
public void apply(RequestTemplate requestTemplate) { | |
if (this.authDto == null) { | |
login(requestTemplate); | |
} else { | |
if(isExpired()){ | |
login(requestTemplate); | |
}else{ | |
requestTemplate.header(CustomHttpHeaders.X_VAULT_TOKEN, authDto.getClientToken()); | |
} | |
} | |
} | |
private void login(RequestTemplate requestTemplate) { | |
VaultLoginRequestDto vaultLoginRequestDto = VaultLoginRequestDto.builder().roleId(vaultConfig.getRoleId()).secretId(vaultConfig.getSecretId()).build(); | |
VaultLoginResponseDto vaultLoginResponseDto = vaultClient.login(vaultLoginRequestDto); | |
if(vaultLoginResponseDto == null | |
|| vaultLoginResponseDto.getAuth() == null | |
|| StringUtils.isEmpty(vaultLoginResponseDto.getAuth().getClientToken())){ | |
throw new VaultException(HttpStatus.INTERNAL_SERVER_ERROR, ErrorMessage.INTERNAL_SERVER_ERROR); | |
} | |
AuthDto auth = vaultLoginResponseDto.getAuth(); | |
this.authDto = auth; | |
requestTemplate.header(CustomHttpHeaders.X_VAULT_TOKEN, auth.getClientToken()); | |
} | |
private boolean isExpired(){ | |
if(StringUtils.isEmpty(authDto.getClientToken())){ | |
throw new VaultException(HttpStatus.INTERNAL_SERVER_ERROR, ErrorMessage.INTERNAL_SERVER_ERROR); | |
} | |
VaultTokenLookupSelfResponseDto vaultLoginResponseDto = vaultClient.lookupSelf(authDto.getClientToken()); | |
if(vaultLoginResponseDto.getData() == null || vaultLoginResponseDto.getData().getExpireTime() == null){ | |
throw new VaultException(HttpStatus.INTERNAL_SERVER_ERROR, ErrorMessage.INTERNAL_SERVER_ERROR); | |
} | |
Date expireTime = vaultLoginResponseDto.getData().getExpireTime(); | |
return expireTime.before(new Date()); | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment