aspnetcore微服務(wù)之間grpc通信,無proto文件
aspnetcore微服務(wù)之間通信grpc,一般服務(wù)對外接口用restful架構(gòu),HTTP請求,服務(wù)之間的通信grpc多走內(nèi)網(wǎng)。
以前寫過一篇grpc和web前端之間的通訊,代碼如下:
exercisebook/grpc/grpc-web at main · liuzhixin405/exercisebook (github.com)
本次是微服務(wù)之間的通信使用了開源軟件MagicOnion,該軟件定義接口約束免去proto復(fù)雜配置,類似orleans或者webservice,服務(wù)調(diào)用都通過約定接口規(guī)范做傳輸調(diào)用,使用起來非常簡單和簡潔。
下面通過服務(wù)之間調(diào)用的示例代碼做演示:
Server里面包含簡單jwt的token的生成,client和002需要調(diào)用登錄,通過外部接口調(diào)用傳入用戶和密碼,內(nèi)部再調(diào)用jwt服務(wù)。
服務(wù)之間調(diào)用如果不用proto的話,那么接口必須是公共部分,值得注意的是接口的參數(shù)和返回值必須 包含[MessagePackObject(true)]的特性,硬性條件。返回值必須被UnaryResult包裹,接口繼承MagicOnion的IService,有興趣深入的自己研究源碼。
using System; using System.Collections.Generic; using System.Linq; using System.Text; using System.Threading.Tasks; using MagicOnion; using MessagePack; namespace MicroService.Shared { public interface IAccountService:IService<IAccountService> { UnaryResult<SignInResponse> SignInAsync(string signInId, string password); UnaryResult<CurrentUserResponse> GetCurrentUserNameAsync(); UnaryResult<string> DangerousOperationAsync(); } [MessagePackObject(true)] public class SignInResponse { public long UserId { get; set; } public string Name { get; set; } public string Token { get; set; } public DateTimeOffset Expiration { get; set; } public bool Success { get; set; } public static SignInResponse Failed { get; } = new SignInResponse() { Success = false }; public SignInResponse() { } public SignInResponse(long userId, string name, string token, DateTimeOffset expiration) { Success = true; UserId = userId; Name = name; Token = token; Expiration = expiration; } } [MessagePackObject(true)] public class CurrentUserResponse { public static CurrentUserResponse Anonymous { get; } = new CurrentUserResponse() { IsAuthenticated = false, Name = "Anonymous" }; public bool IsAuthenticated { get; set; } public string Name { get; set; } public long UserId { get; set; } } }
上面GrpcClientPool和IGrpcClientFactory是我封裝的客戶端請求的一個(gè)鏈接池,跟MagicOnion沒有任何關(guān)系。客戶端如果使用原生的Grpc.Net.Client庫作為客戶端請求完全可以,通過 MagicOnionClient.Create<IAccountService>(channel)把grpcchannel塞入拿到接口服務(wù)即可。
服務(wù)端代碼如下:
using JwtAuthApp.Server.Authentication; using Microsoft.AspNetCore.Authentication.JwtBearer; using Microsoft.AspNetCore.Server.Kestrel.Core; using Microsoft.IdentityModel.Tokens; namespace JwtAuthApp.Server { public class Program { public static void Main(string[] args) { var builder = WebApplication.CreateBuilder(args); // Add services to the container. builder.WebHost.ConfigureKestrel(options => { options.ConfigureEndpointDefaults(endpointOptions => { endpointOptions.Protocols = HttpProtocols.Http2; }); }); builder.Services.AddGrpc(); builder.Services.AddMagicOnion(); builder.Services.AddSingleton<JwtTokenService>(); builder.Services.Configure<JwtTokenServiceOptions>(builder.Configuration.GetSection("JwtAuthApp.Server:JwtTokenService")); builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme) .AddJwtBearer(options => { options.TokenValidationParameters = new TokenValidationParameters { IssuerSigningKey = new SymmetricSecurityKey(Convert.FromBase64String(builder.Configuration.GetSection("JwtAuthApp.Server:JwtTokenService:Secret").Value!)), RequireExpirationTime = true, RequireSignedTokens = true, ClockSkew = TimeSpan.FromSeconds(10), ValidateIssuer = false, ValidateAudience = false, ValidateLifetime = true, ValidateIssuerSigningKey = true, }; #if DEBUG options.RequireHttpsMetadata = false; #endif }); builder.Services.AddAuthorization(); builder.Services.AddControllers(); // Learn more about configuring Swagger/OpenAPI at https://aka.ms/aspnetcore/swashbuckle builder.Services.AddEndpointsApiExplorer(); builder.Services.AddSwaggerGen(); var app = builder.Build(); // Configure the HTTP request pipeline. if (app.Environment.IsDevelopment()) { app.UseSwagger(); app.UseSwaggerUI(); } app.UseHttpsRedirection(); app.UseAuthentication(); app.UseAuthorization(); app.MapControllers(); app.MapMagicOnionService(); app.Run(); } } }
實(shí)際上跟組件有關(guān)的代碼只有這么多了,剩下的就是jwt的。
builder.WebHost.ConfigureKestrel(options => { options.ConfigureEndpointDefaults(endpointOptions => { endpointOptions.Protocols = HttpProtocols.Http2; }); }); builder.Services.AddGrpc(); builder.Services.AddMagicOnion(); app.MapMagicOnionService();
當(dāng)然作為服務(wù)的提供者實(shí)現(xiàn)IAccountService的接口是必須的。
using Grpc.Core; using JwtAuthApp.Server.Authentication; using System.Security.Claims; using MagicOnion; using MagicOnion.Server; using MicroService.Shared; using Microsoft.AspNetCore.Authorization; namespace JwtAuthApp.Server.GrpcService { [Authorize] public class AccountService : ServiceBase<IAccountService>, IAccountService { private static IDictionary<string, (string Password, long UserId, string DisplayName)> DummyUsers = new Dictionary<string, (string, long, string)>(StringComparer.OrdinalIgnoreCase) { {"signInId001", ("123456", 1001, "Jack")}, {"signInId002", ("123456", 1002, "Rose")}, }; private readonly JwtTokenService _jwtTokenService; public AccountService(JwtTokenService jwtTokenService) { _jwtTokenService = jwtTokenService ?? throw new ArgumentNullException(nameof(jwtTokenService)); } [AllowAnonymous] public async UnaryResult<SignInResponse> SignInAsync(string signInId, string password) { await Task.Delay(1); // some workloads... if (DummyUsers.TryGetValue(signInId, out var userInfo) && userInfo.Password == password) { var (token, expires) = _jwtTokenService.CreateToken(userInfo.UserId, userInfo.DisplayName); return new SignInResponse( userInfo.UserId, userInfo.DisplayName, token, expires ); } return SignInResponse.Failed; } [AllowAnonymous] public async UnaryResult<CurrentUserResponse> GetCurrentUserNameAsync() { await Task.Delay(1); // some workloads... var userPrincipal = Context.CallContext.GetHttpContext().User; if (userPrincipal.Identity?.IsAuthenticated ?? false) { if (!int.TryParse(userPrincipal.Claims.FirstOrDefault(x => x.Type == ClaimTypes.NameIdentifier)?.Value, out var userId)) { return CurrentUserResponse.Anonymous; } var user = DummyUsers.SingleOrDefault(x => x.Value.UserId == userId).Value; return new CurrentUserResponse() { IsAuthenticated = true, UserId = user.UserId, Name = user.DisplayName, }; } return CurrentUserResponse.Anonymous; } [Authorize(Roles = "Administrators")] public async UnaryResult<string> DangerousOperationAsync() { await Task.Delay(1); // some workloads... return "rm -rf /"; } } }
當(dāng)然jwt服務(wù)的代碼也必不可少,還有密鑰串json文件。
using Microsoft.Extensions.Options; using Microsoft.IdentityModel.Tokens; using System.IdentityModel.Tokens.Jwt; using System.Security.Claims; namespace JwtAuthApp.Server.Authentication { public class JwtTokenService { private readonly SymmetricSecurityKey _securityKey; public JwtTokenService(IOptions<JwtTokenServiceOptions> jwtTokenServiceOptions) { _securityKey = new SymmetricSecurityKey(Convert.FromBase64String(jwtTokenServiceOptions.Value.Secret)); } public (string Token, DateTime Expires) CreateToken(long userId, string displayName) { var jwtTokenHandler = new JwtSecurityTokenHandler(); var expires = DateTime.UtcNow.AddSeconds(10); var token = jwtTokenHandler.CreateEncodedJwt(new SecurityTokenDescriptor() { SigningCredentials = new SigningCredentials(_securityKey, SecurityAlgorithms.HmacSha256), Subject = new ClaimsIdentity(new[] { new Claim(ClaimTypes.Name, displayName), new Claim(ClaimTypes.NameIdentifier, userId.ToString()), }), Expires = expires, }); return (token, expires); } } public class JwtTokenServiceOptions { public string Secret { get; set; } } }
{ "JwtAuthApp.Server": { "JwtTokenService": { /* 64 bytes (512 bits) secret key */ "Secret": "/Z8OkdguxFFbaxOIG1q+V9HeujzMKg1n9gcAYB+x4QvhF87XcD8sQA4VsdwqKVuCmVrXWxReh/6dmVXrjQoo9Q==" } }, "Logging": { "LogLevel": { "Default": "Trace", "System": "Information", "Microsoft": "Information" } } }
上面的代碼完全可以運(yùn)行一個(gè)jwt服務(wù)了。
下面就是客戶端代碼,因?yàn)閮蓚€(gè)客戶端是一樣的只是做測試,所以列出一個(gè)就夠了。
using Login.Client.GrpcClient; using MicroService.Shared.GrpcPool; using MicroService.Shared; namespace Login.Client { public class Program { public static void Main(string[] args) { var builder = WebApplication.CreateBuilder(args); // Add services to the container. builder.Services.AddControllers(); // Learn more about configuring Swagger/OpenAPI at https://aka.ms/aspnetcore/swashbuckle builder.Services.AddEndpointsApiExplorer(); builder.Services.AddSwaggerGen(); builder.Services.AddTransient<IGrpcClientFactory<IAccountService>, LoginClientFactory>(); builder.Services.AddTransient(sp => new GrpcClientPool<IAccountService>(sp.GetService<IGrpcClientFactory<IAccountService>>(), builder.Configuration, builder.Configuration["Grpc:Service:JwtAuthApp.ServiceAddress"])); var app = builder.Build(); // Configure the HTTP request pipeline. if (app.Environment.IsDevelopment()) { app.UseSwagger(); app.UseSwaggerUI(); } app.UseHttpsRedirection(); app.UseAuthorization(); app.MapControllers(); app.Run(); } } }
客戶端Program.cs只是注入了連接池,沒有其他任何多余代碼,配置文件當(dāng)然必不可少。
builder.Services.AddTransient<IGrpcClientFactory<IAccountService>, LoginClientFactory>(); builder.Services.AddTransient(sp => new GrpcClientPool<IAccountService>(sp.GetService<IGrpcClientFactory<IAccountService>>(), builder.Configuration, builder.Configuration["Grpc:Service:JwtAuthApp.ServiceAddress"]));
{ "Logging": { "LogLevel": { "Default": "Information", "Microsoft.AspNetCore": "Warning" } }, "AllowedHosts": "*", "Grpc": { "Service": { "JwtAuthApp.ServiceAddress": "https://localhost:7021" }, "maxConnections": 10, "handoverTimeout":10 // seconds } }
登錄的對外接口如下:
using System.ComponentModel.DataAnnotations; using System.Threading.Channels; using Grpc.Net.Client; using Login.Client.GrpcClient; using MagicOnion.Client; using MicroService.Shared; using MicroService.Shared.GrpcPool; using Microsoft.AspNetCore.Mvc; namespace Login.Client.Controllers { [ApiController] [Route("[controller]")] public class LoginController : ControllerBase { private readonly ILogger<LoginController> _logger; private IConfiguration _configuration; private readonly IGrpcClientFactory<IAccountService> _grpcClientFactory; private readonly GrpcClientPool<IAccountService> _grpcClientPool; public LoginController(ILogger<LoginController> logger, IConfiguration configuration, IGrpcClientFactory<IAccountService> grpcClientFactory, GrpcClientPool<IAccountService> grpcClientPool) { _configuration = configuration; _logger = logger; _grpcClientFactory = grpcClientFactory; _grpcClientPool = grpcClientPool; } [HttpGet(Name = "Login")] public async Task<ActionResult<Tuple<bool,string?>>> Login([Required]string signInId, [Required]string pwd) { SignInResponse authResult; /*using (var channel = GrpcChannel.ForAddress(_configuration["JwtAuthApp.ServiceAddress"])) { //var accountClient = MagicOnionClient.Create<IAccountService>(channel); }*/ var client = _grpcClientPool.GetClient(); try { // 使用client進(jìn)行g(shù)RPC調(diào)用 authResult = await client.SignInAsync(signInId, pwd); } finally { _grpcClientPool.ReleaseClient(client); } return (authResult!=null && authResult.Success)? Tuple.Create(true,authResult.Token): Tuple.Create(false,string.Empty); } } }
客戶端就剩下一個(gè)返回服務(wù)的接口工廠了
using Grpc.Net.Client; using MagicOnion.Client; using MicroService.Shared; using MicroService.Shared.GrpcPool; namespace Login.Client.GrpcClient { public class LoginClientFactory : IGrpcClientFactory<IAccountService> { public IAccountService Create(GrpcChannel channel) { return MagicOnionClient.Create<IAccountService>(channel); } } }
最后就是連接池的實(shí)現(xiàn):
using System; using System.Collections.Concurrent; using System.Collections.Generic; using System.Linq; using System.Text; using System.Threading.Channels; using System.Threading.Tasks; using Grpc.Core; using Grpc.Net.Client; using Microsoft.Extensions.Configuration; using Microsoft.Extensions.Hosting; namespace MicroService.Shared.GrpcPool { public class GrpcClientPool<TClient> { private readonly static ConcurrentBag<TClient> _clientPool = new ConcurrentBag<TClient>(); private readonly IGrpcClientFactory<TClient> _clientFactory; private readonly int _maxConnections; private readonly TimeSpan _handoverTimeout; private readonly string _address; private readonly DateTime _now; public GrpcClientPool(IGrpcClientFactory<TClient> clientFactory, IConfiguration configuration,string address) { _now = DateTime.Now; _clientFactory = clientFactory; _maxConnections = int.Parse(configuration["Grpc:maxConnections"]?? throw new ArgumentNullException("grpc maxconnections is null")); _handoverTimeout = TimeSpan.FromSeconds(double.Parse(configuration["Grpc:maxConnections"]??throw new ArgumentNullException("grpc timeout is null"))); _address = address; } public TClient GetClient() { if (_clientPool.TryTake(out var client)) { return client; } if (_clientPool.Count < _maxConnections) { var channel = GrpcChannel.ForAddress(_address); client = _clientFactory.Create(channel); _clientPool.Add(client); return client; } if (!_clientPool.TryTake(out client) && DateTime.Now.Subtract(_now) > _handoverTimeout) { throw new TimeoutException("Failed to acquire a connection from the pool within the specified timeout."); } return client; } public void ReleaseClient(TClient client) { if (client == null) { return; } _clientPool.Add(client); } } }
上面已經(jīng)演示過了接口調(diào)用的接口,這里不再展示,代碼示例如下:
liuzhixin405/efcore-template (github.com)
不想做池化客戶端注入的代碼全部不需要了,只需要下面代碼就可以了,代碼會更少更精簡。
SignInResponse authResult; using (var channel = GrpcChannel.ForAddress(_configuration["JwtAuthApp.ServiceAddress"])) { var accountClient = MagicOnionClient.Create<IAccountService>(channel); authResult = await accountClient.SignInAsync(user, pwd); }
浙公網(wǎng)安備 33010602011771號