当前位置:
首页 > temp > python入门教程 >
-
基与python的GRPC SSL/TLS加密及Token鉴权
目录结构
. ├── protos │ └── hello_world.proto ├── dists │ ├── __init__.py │ ├── hello_world_pb2.py │ └── hello_world_pb2_grpc.py ├── server.py ├── client.py ├── token.py ├── grpc_ssl_key.pem ├── grpc_ssl_cert.pem └── grpc_ssl_server.pem
回到顶部
构建protobuf
# protos/hello_world.proto syntax = "proto3"; package test; message User { string name = 1; } message Result { string reply = 1; } service Test { rpc Hello(User) returns (Result) {} } # 通过命令构建 python -m grpc_tools.protoc \ -I protos \ --python_out=dists \ --grpc_python_out=dists \ protos/hello_world.proto
回到顶部
SSL/TLS加密
回到顶部
创建密钥
1 // 创建grpc_ssl_key.pem和grpc_ssl_cert.pem 2 // 其中<domain>务必事先指定, 后续需要用到 3 openssl req -subj "/CN=black-ip.yazx.com" -x509 -newkey rsa:4096 -days 7200 \ 4 -keyout grpc-ssl-key.pem \ 5 -out grpc-ssl-cert.pem 6 // 创建grpc_ssl_server.pem 7 openssl rsa -in grpc-ssl-key.pem -out grpc-ssl-server.pem
回到顶部
服务端加载密钥
# server.py from grpc.experimental import aio from typing import AnyStr from dist import hello_world_pb2 from dist import hello_world_pb2_grpc # 实现具体的grpc函数 class TestServicer(hello_world_pb2_grpc.TestServicer): async def Hello(self, request, context) -> hello_world_pb2.Result: return hello_world_pb2.Result(reply=f"hello {request.name}") # 读取密钥二进制数据 def read_file(path: str, binary: bool) -> AnyStr: with open(path, 'rb' if binary else 'r') as f: return f.read() # 创建grpc服务端证书 def create_ssl_server_credentials() -> aio.grpc.ChannelCredentials: return aio.grpc.ssl_server_credentials( private_key_certificate_chain_pairs=( ( read_file('grpc_ssl_server.pem', True), read_file('grpc_ssl_cert.pem', True), ), ) ) # 运行grpc服务 async def run(host: str, port: int) -> None: server = aio.server() server_credetials = create_ssl_server_credentials() server.add_secure_port(f'[::]:{port}', server_credetials) hello_world_pb2_grpc.add_TestServicer_to_server(TestServicer(), server) await server.start() await server.wait_for_termination()
回到顶部
客户端加载密钥
# client.py from grpc.experimental import aio from typing import AnyStr from dist import hello_world_pb2 from dist import hello_world_pb2_grpc # 创建grpc客户端证书 def create_ssl_channel_credentials() -> aio.grpc.ChannelCredentials: return aio.grpc.ssl_channel_credentials( root_certificates=read_file('grpc_ssl_cert.pem') ) # 运行grpc客户端 async def run(host: str, port: int) -> None: options = (('grpc.ssl_target_name_override', '<domain>'),) kwargs = { 'target': f"{host}:{port}", 'options': ( ("grpc.lb_policy_name", "round_robin"), # 自动根据dns域名解析服务列表 *options ) } channel_credentials = create_ssl_channel_credentials() creds = aio.grpc.composite_channel_credentials(channel_credentials) channel = aio.secure_channel(**kwargs, credentials=creds) await channel.channel_ready() stub = hello_world_pb2_grpc.TestStub(channel) result = await stub.Hello(hello_world_pb2.User(name='world'))
回到顶部
Token鉴权
grpc强制Token鉴权必须使用SSL/TLS加密
回到顶部
实现Token校验
# token.py from typing import Callable, List, Any from grpc.experimental import aio class BearerToken(object): code: aio.grpc.StatusCode = aio.grpc.StatusCode.UNAUTHENTICATED details: str = 'bad bearer token' def __init__(self, token: str) -> None: self.token = token def __call__(self, func) -> Callable: async def wrapper(inner_self, request, context: aio.ServicerContext) -> Any: metadata = context.invocation_metadata() for item in metadata: if item[0] == 'authorization' and item[1] == f'Bearer {self.token}': return await func(inner_self, request, context) await context.abort( code=self.code, details=self.details, trailing_metadata=metadata ) return wrapper
回到顶部
服务端校验Token
# server.py from grpc.experimental import aio from typing import AnyStr from dist import hello_world_pb2 from dist import hello_world_pb2_grpc from token import BearerToken # 实现具体的grpc函数 class TestServicer(hello_world_pb2_grpc.TestServicer): @BearerToken(token='xxx') async def Hello(self, request, context) -> hello_world_pb2.Result: return hello_world_pb2.Result(reply=f"hello {request.name}")
回到顶部
客户端注入Token
# client.py from grpc.experimental import aio token = 'xxx' # 创建Token认证 def create_access_token_credentials(cls) -> aio.grpc.CallCredentials: return aio.grpc.access_token_call_credentials(token) # 运行grpc客户端 async def run(host: str, port: int) -> None: options = (('grpc.ssl_target_name_override', '<domain>'),) kwargs = { 'target': f"{host}:{port}", 'options': ( ("grpc.lb_policy_name", "round_robin"), # 自动根据dns域名解析服务列表 *options ) } channel_credentials = create_ssl_channel_credentials() token_credentials = self.create_access_token_credentials() creds = aio.grpc.composite_channel_credentials( channel_credentials, token_credentials ) channel = aio.secure_channel(**kwargs, credentials=creds) await channel.channel_ready() stub = hello_world_pb2_grpc.TestStub(channel) result = await stub.Hello(hello_world_pb2.User(name='world'))
出处:https://www.cnblogs.com/pungchur/p/16186686.html
最新更新
nodejs爬虫
Python正则表达式完全指南
爬取豆瓣Top250图书数据
shp 地图文件批量添加字段
爬虫小试牛刀(爬取学校通知公告)
【python基础】函数-初识函数
【python基础】函数-返回值
HTTP请求:requests模块基础使用必知必会
Python初学者友好丨详解参数传递类型
如何有效管理爬虫流量?
2个场景实例讲解GaussDB(DWS)基表统计信息估
常用的 SQL Server 关键字及其含义
动手分析SQL Server中的事务中使用的锁
openGauss内核分析:SQL by pass & 经典执行
一招教你如何高效批量导入与更新数据
天天写SQL,这些神奇的特性你知道吗?
openGauss内核分析:执行计划生成
[IM002]Navicat ODBC驱动器管理器 未发现数据
初入Sql Server 之 存储过程的简单使用
SQL Server -- 解决存储过程传入参数作为s
关于JS定时器的整理
JS中使用Promise.all控制所有的异步请求都完
js中字符串的方法
import-local执行流程与node模块路径解析流程
检测数据类型的四种方法
js中数组的方法,32种方法
前端操作方法
数据类型
window.localStorage.setItem 和 localStorage.setIte
如何完美解决前端数字计算精度丢失与数