update occelot apigw

meofiscoding · Nov 19, 2023 · d18f739 · d18f739
1 parent 0ba2090
commit d18f739
Show file tree

Hide file tree

Showing 12 changed files with 144 additions and 95 deletions.
diff --git a/SimpleServer/src/ApiGateways/Web.Bff.SimpleNetflix/OcelotApiGw/Program.cs b/SimpleServer/src/ApiGateways/Web.Bff.SimpleNetflix/OcelotApiGw/Program.cs
@@ -1,5 +1,4 @@
-using Microsoft.AspNetCore.Authentication.JwtBearer;
-using Microsoft.IdentityModel.Logging;
+using Microsoft.IdentityModel.Logging;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 using Microsoft.IdentityModel.Tokens;
 using Ocelot.DependencyInjection;
@@ -16,9 +15,9 @@
         options.Authority = builder.Configuration["IdentityUrl"];
         options.TokenValidationParameters = new TokenValidationParameters
         {
-            ValidateAudience = false
+            ValidateAudience = true,
+            ValidAudiences = new[] { "payment", "movies" }
         };
-        // options.Configuration = new OpenIdConnectConfiguration();
     });
 
 builder.Services.AddOcelot();
@@ -47,8 +46,8 @@
     builder.AllowAnyMethod();
 });
 app.UseHttpsRedirection();
-app.UseAuthorization();
 app.UseAuthentication();
+app.UseAuthorization();
 app.UseOcelot().Wait();
 app.MapControllers();
 app.Run();
diff --git a/SimpleServer/src/ApiGateways/Web.Bff.SimpleNetflix/OcelotApiGw/appsettings.Development.json b/SimpleServer/src/ApiGateways/Web.Bff.SimpleNetflix/OcelotApiGw/appsettings.Development.json
@@ -5,6 +5,6 @@
       "Microsoft.AspNetCore": "Warning"
     }
   },
-  "IdentityUrl":"http://localhost:5002"
+  "IdentityUrl":"https://localhost:7096"
 }
 
diff --git a/SimpleServer/src/ApiGateways/Web.Bff.SimpleNetflix/OcelotApiGw/appsettings.json b/SimpleServer/src/ApiGateways/Web.Bff.SimpleNetflix/OcelotApiGw/appsettings.json
@@ -6,6 +6,6 @@
     }
   },
   "AllowedHosts": "*",
-  "IdentityUrl": "http://localhost:5002"
+  "IdentityUrl": "https://localhost:7096"
 }
 
diff --git a/SimpleServer/src/ApiGateways/Web.Bff.SimpleNetflix/OcelotApiGw/ocelot.Development.json b/SimpleServer/src/ApiGateways/Web.Bff.SimpleNetflix/OcelotApiGw/ocelot.Development.json
@@ -1,24 +1,122 @@
 {
   "Routes": [
+    {
+      "DownstreamPathTemplate": "/api/pricingPlans",
+      "DownstreamScheme": "http",
+      "DownstreamHostAndPorts": [
+        {
+          "Host": "localhost",
+          "Port": 5031
+        }
+      ],
+      "UpstreamHttpMethod": [
+        "GET"
+      ],
+      "UpstreamPathTemplate": "/payment/planform/{everything}",
+      "AuthenticationOptions": {
+        "AuthenticationProviderKey": "IdentityApiKey",
+        "AllowedScopes": [
+          "payment"
+        ]
+      }
+    },
+    {
+      "DownstreamPathTemplate": "/api/pricingPlans",
+      "DownstreamScheme": "http",
+      "DownstreamHostAndPorts": [
+        {
+          "Host": "localhost",
+          "Port": 5031
+        }
+      ],
+      "UpstreamHttpMethod": [
+        "GET"
+      ],
+      "UpstreamPathTemplate": "/payment/planform",
+      "AuthenticationOptions": {
+        "AuthenticationProviderKey": "IdentityApiKey",
+        "AllowedScopes": [
+          "payment"
+        ]
+      }
+    },
+    {
+      "DownstreamPathTemplate": "/api/subscription",
+      "DownstreamScheme": "http",
+      "DownstreamHostAndPorts": [
+        {
+          "Host": "localhost",
+          "Port": 5031
+        }
+      ],
+      "UpstreamHttpMethod": [
+        "POST"
+      ],
+      "UpstreamPathTemplate": "/payment/subscriptions",
+      "AuthenticationOptions": {
+        "AuthenticationProviderKey": "IdentityApiKey",
+        "AllowedScopes": [
+          "payment"
+        ]
+      }
+    },
+    {
+      "DownstreamPathTemplate": "/api/create-payment-intent",
+      "DownstreamScheme": "http",
+      "DownstreamHostAndPorts": [
+        {
+          "Host": "localhost",
+          "Port": 5031
+        }
+      ],
+      "UpstreamHttpMethod": [
+        "POST"
+      ],
+      "UpstreamPathTemplate": "/payment/checkout",
+      "AuthenticationOptions": {
+        "AuthenticationProviderKey": "IdentityApiKey",
+        "AllowedScopes": [
+          "payment"
+        ]
+      }
+    },
+    {
+      "DownstreamPathTemplate": "/subscription/success",
+      "DownstreamScheme": "http",
+      "DownstreamHostAndPorts": [
+        {
+          "Host": "localhost",
+          "Port": 5031
+        }
+      ],
+      "UpstreamHttpMethod": [
+        "POST"
+      ],
+      "UpstreamPathTemplate": "/payment/success",
+      "AuthenticationOptions": {
+        "AuthenticationProviderKey": "IdentityApiKey",
+        "AllowedScopes": [
+          "payment"
+        ]
+      }
+    },
     {
       "DownstreamPathTemplate": "/api/movie",
       "DownstreamScheme": "http",
       "DownstreamHostAndPorts": [
         {
           // Uncomment this to use the local api
-          // "Host": "localhost",
-          // "Port": 8000
-
+          "Host": "localhost",
+          "Port": 8000
           // Uncomment this to use the docker container
-          "Host": "movie.api",
-          "Port": 80
+          // "Host": "movie.api",
+          // "Port": 80
         }
       ],
       "UpstreamPathTemplate": "/movies",
       "UpstreamHttpMethod": [
         "GET",
-        "POST",
-        "PUT"
+        "POST"
       ],
       "AuthenticationOptions": {
         "AuthenticationProviderKey": "IdentityApiKey",
@@ -27,8 +125,5 @@
         ]
       }
     }
-  ],
-  "GlobalConfiguration": {
-    "BaseUrl": "http:localhost:5001"
-  }
+  ]
 }
diff --git a/SimpleServer/src/Services/Movie/Movie.API/appsettings.Development.json b/SimpleServer/src/Services/Movie/Movie.API/appsettings.Development.json
@@ -10,7 +10,7 @@
     "DatabaseName": "sampleDB",
     "CollectionName": "movies"
   },
-  "IdentityUrl":"http://localhost:5002",
+  "IdentityUrl":"https://localhost:7096",
   "EventBusSettings": {
     "HostAddress": "amqp://guest:guest@localhost:5672"
   }

diff --git a/SimpleServer/src/Services/Movie/Movie.API/appsettings.json b/SimpleServer/src/Services/Movie/Movie.API/appsettings.json
@@ -6,7 +6,7 @@
     }
   },
   "AllowedHosts": "*",
-  "IdentityUrl":"http://localhost:5002",
+  "IdentityUrl":"https://localhost:7096",
   "EventBusSettings": {
     "HostAddress": "amqp://guest:guest@localhost:5672"
   }

diff --git a/SimpleServer/src/Services/Payment/Payment.API/Program.cs b/SimpleServer/src/Services/Payment/Payment.API/Program.cs
@@ -2,6 +2,7 @@
 using Microsoft.AspNetCore.Server.Kestrel.Core;
 using Microsoft.EntityFrameworkCore;
 using Microsoft.IdentityModel.Logging;
+using Microsoft.IdentityModel.Tokens;
 using Payment.API;
 using Payment.API.Data;
 using Payment.API.GrpcService;

diff --git a/SimpleServer/src/Services/Payment/Payment.API/appsettings.json b/SimpleServer/src/Services/Payment/Payment.API/appsettings.json
@@ -9,11 +9,6 @@
   "ConnectionStrings": {
     "PaymentDB": "User ID=meofadmin;Password=123456;Server=localhost;Port=5432;Database=PaymentDB"
   },
-  //"Kestrel": {
-  //  "EndpointDefaults": {
-  //    "Protocols": "Http2"
-  //  }
-  //},
-  "GrpcUrl": "http://localhost:50050",
-  "IdentityUrl": "http://localhost:5286"
+  "GrpcUrl": "https://aks.20.44.235.37.nip.io/",
+  "IdentityUrl": "https://localhost:7096"
 }
diff --git a/deploy/k8s/apigw.yaml b/deploy/k8s/apigw.yaml
@@ -50,26 +50,28 @@ spec:
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
-  name: movie-service-ingress
+  name: apigw-service-ingress
   namespace: ingress-nginx
   annotations:
     kubernetes.io/ingress.class: nginx
     nginx.ingress.kubernetes.io/ssl-redirect: "true"
     nginx.ingress.kubernetes.io/use-regex: "true"
     cert-manager.io/cluster-issuer: letsencrypt
+    # nginx.ingress.kubernetes.io/rewrite-target: /identity/$2
 spec:
   tls:
     - hosts:
-        - frontend.20.211.61.204.nip.io # update IP address here
+        - aks.20.44.235.37.nip.io # update IP address here
       secretName: app-web-cert
   rules:
-  - host: frontend.20.211.61.204.nip.io
-    http:
-      paths:
-        - path: /movies(/|$)(.*)
-          pathType: Prefix
-          backend:
-            service:
-              name: apigw-service
-              port:
-                number: 80
+    - host: aks.20.44.235.37.nip.io
+      http:
+        paths:
+          - path: /(.*)
+            pathType: Prefix
+            backend:
+              service:
+                name: apigw-service
+                port:
+                  number: 80
+
diff --git a/deploy/k8s/identity-grpc.yaml b/deploy/k8s/identity-grpc.yaml
@@ -17,7 +17,7 @@ spec:
     spec:
       containers:
         - name: identity-grpc
-          image: 281901/identity:dev
+          image: 281901/identity.grpc:dev
           imagePullPolicy: Always
           ports:
             - containerPort: 80
@@ -61,32 +61,4 @@ spec:
     app: identity-grpc
   ports:
     - protocol: TCP
-      port: 80
----
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: identity-service-ingress
-  namespace: ingress-nginx
-  annotations:
-    kubernetes.io/ingress.class: nginx
-    nginx.ingress.kubernetes.io/ssl-redirect: "true"
-    nginx.ingress.kubernetes.io/use-regex: "true"
-    cert-manager.io/cluster-issuer: letsencrypt
-    # nginx.ingress.kubernetes.io/rewrite-target: /identity/$2
-spec:
-  tls:
-    - hosts:
-        - aks.20.44.235.37.nip.io # update IP address here
-      secretName: app-web-cert
-  rules:
-    - host: aks.20.44.235.37.nip.io
-      http:
-        paths:
-          - path: /(.*)
-            pathType: Prefix
-            backend:
-              service:
-                name: identity-grpc-service
-                port:
-                  number: 80
+      port: 80
diff --git a/deploy/k8s/ocelot-config.yaml b/deploy/k8s/ocelot-config.yaml
@@ -27,6 +27,17 @@ data:
              "movies"
            ]
          }
+       },
+       {
+        "DownstreamPathTemplate": "/",
+        "DownstreamScheme": "http",
+        "DownstreamHostAndPorts": [
+          {
+            "Host": "identity-grpc-service",
+            "Port": 80
+          }
+        ],
+        "UpstreamPathTemplate": "/identity-grpc",
        }
      ]
     }
diff --git a/deploy/k8s/ocelot.Development.json b/deploy/k8s/ocelot.Development.json