2021-12-13 12:08:10 +01:00
|
|
|
package auth
|
|
|
|
|
|
|
|
import (
|
|
|
|
"context"
|
2022-03-11 12:33:18 +01:00
|
|
|
"crypto/subtle"
|
2021-12-13 12:08:10 +01:00
|
|
|
|
|
|
|
grpc_auth "github.com/grpc-ecosystem/go-grpc-middleware/auth"
|
|
|
|
"google.golang.org/grpc"
|
|
|
|
"google.golang.org/grpc/codes"
|
|
|
|
"google.golang.org/grpc/status"
|
2022-11-03 17:13:28 +01:00
|
|
|
"google.golang.org/protobuf/types/known/anypb"
|
2021-12-13 12:08:10 +01:00
|
|
|
|
2023-07-08 01:33:10 +02:00
|
|
|
"go.linka.cloud/grpc-toolkit/interceptors"
|
2021-12-13 12:08:10 +01:00
|
|
|
)
|
|
|
|
|
|
|
|
func ChainedAuthFuncs(fn ...grpc_auth.AuthFunc) grpc_auth.AuthFunc {
|
|
|
|
return func(ctx context.Context) (context.Context, error) {
|
2022-11-03 17:13:28 +01:00
|
|
|
spb := status.New(codes.Unauthenticated, codes.Unauthenticated.String()).Proto()
|
2021-12-13 12:08:10 +01:00
|
|
|
for _, v := range fn {
|
|
|
|
ctx2, err := v(ctx)
|
|
|
|
if err == nil {
|
|
|
|
return ctx2, nil
|
|
|
|
}
|
|
|
|
s, ok := status.FromError(err)
|
|
|
|
if !ok {
|
|
|
|
return ctx2, err
|
|
|
|
}
|
2022-11-03 17:13:28 +01:00
|
|
|
if spb.Code != s.Proto().Code {
|
|
|
|
spb.Code = s.Proto().Code
|
2021-12-13 12:08:10 +01:00
|
|
|
}
|
2022-11-03 17:13:28 +01:00
|
|
|
d, _ := anypb.New(s.Proto())
|
|
|
|
spb.Details = append(spb.Details, d)
|
|
|
|
spb.Message += ", " + s.Proto().Message
|
2021-12-13 12:08:10 +01:00
|
|
|
}
|
2022-11-03 17:13:28 +01:00
|
|
|
return ctx, status.FromProto(spb).Err()
|
2021-12-13 12:08:10 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func NewServerInterceptors(opts ...Option) interceptors.ServerInterceptors {
|
|
|
|
o := options{}
|
|
|
|
for _, v := range opts {
|
|
|
|
v(&o)
|
|
|
|
}
|
|
|
|
return &interceptor{o: o, authFn: ChainedAuthFuncs(o.authFns...)}
|
|
|
|
}
|
|
|
|
|
2022-03-11 12:33:18 +01:00
|
|
|
type interceptor struct {
|
|
|
|
o options
|
2021-12-13 12:08:10 +01:00
|
|
|
authFn grpc_auth.AuthFunc
|
|
|
|
}
|
|
|
|
|
|
|
|
func (i *interceptor) UnaryServerInterceptor() grpc.UnaryServerInterceptor {
|
|
|
|
a := grpc_auth.UnaryServerInterceptor(i.authFn)
|
|
|
|
return func(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (resp interface{}, err error) {
|
|
|
|
if i.isNotProtected(info.FullMethod) {
|
|
|
|
return handler(ctx, req)
|
|
|
|
}
|
|
|
|
return a(ctx, req, info, handler)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func (i *interceptor) StreamServerInterceptor() grpc.StreamServerInterceptor {
|
|
|
|
a := grpc_auth.StreamServerInterceptor(i.authFn)
|
|
|
|
return func(srv interface{}, ss grpc.ServerStream, info *grpc.StreamServerInfo, handler grpc.StreamHandler) error {
|
|
|
|
if i.isNotProtected(info.FullMethod) {
|
|
|
|
return handler(srv, ss)
|
|
|
|
}
|
|
|
|
return a(srv, ss, info, handler)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func (i *interceptor) isNotProtected(endpoint string) bool {
|
|
|
|
// default to not ignored
|
|
|
|
if len(i.o.ignoredMethods) == 0 && len(i.o.methods) == 0 {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
for _, v := range i.o.ignoredMethods {
|
2022-07-16 19:03:44 +02:00
|
|
|
if v == endpoint {
|
2021-12-13 12:08:10 +01:00
|
|
|
return true
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if len(i.o.methods) == 0 {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
for _, v := range i.o.methods {
|
2022-07-16 19:03:44 +02:00
|
|
|
if v == endpoint {
|
2021-12-13 12:08:10 +01:00
|
|
|
return false
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return true
|
|
|
|
}
|
2022-03-11 12:33:18 +01:00
|
|
|
|
|
|
|
func Equals(s1, s2 string) bool {
|
|
|
|
return subtle.ConstantTimeCompare([]byte(s1), []byte(s2)) == 1
|
|
|
|
}
|