mirror of
https://github.com/linka-cloud/grpc.git
synced 2025-01-10 18:17:20 +00:00
breaking change: auth options now takes fully qualified method names
Signed-off-by: Adphi <philippe.adrien.nousse@gmail.com>
This commit is contained in:
parent
4de0ec6a3b
commit
9729fb8b8a
@ -3,7 +3,6 @@ package auth
|
|||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
"crypto/subtle"
|
"crypto/subtle"
|
||||||
"strings"
|
|
||||||
|
|
||||||
grpc_auth "github.com/grpc-ecosystem/go-grpc-middleware/auth"
|
grpc_auth "github.com/grpc-ecosystem/go-grpc-middleware/auth"
|
||||||
"google.golang.org/grpc"
|
"google.golang.org/grpc"
|
||||||
@ -71,15 +70,8 @@ func (i *interceptor) isNotProtected(endpoint string) bool {
|
|||||||
if len(i.o.ignoredMethods) == 0 && len(i.o.methods) == 0 {
|
if len(i.o.ignoredMethods) == 0 && len(i.o.methods) == 0 {
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
// endpoint is like /helloworld.Greeter/SayHello
|
|
||||||
parts := strings.Split(strings.TrimPrefix(endpoint, "/"), "/")
|
|
||||||
// invalid endpoint format
|
|
||||||
if len(parts) != 2 {
|
|
||||||
return false
|
|
||||||
}
|
|
||||||
method := parts[1]
|
|
||||||
for _, v := range i.o.ignoredMethods {
|
for _, v := range i.o.ignoredMethods {
|
||||||
if v == method {
|
if v == endpoint {
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -87,7 +79,7 @@ func (i *interceptor) isNotProtected(endpoint string) bool {
|
|||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
for _, v := range i.o.methods {
|
for _, v := range i.o.methods {
|
||||||
if v == method {
|
if v == endpoint {
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -15,21 +15,21 @@ import (
|
|||||||
|
|
||||||
func TestNotProtectededOnly(t *testing.T) {
|
func TestNotProtectededOnly(t *testing.T) {
|
||||||
assert := assert2.New(t)
|
assert := assert2.New(t)
|
||||||
i := &interceptor{o: options{ignoredMethods: []string{"ignored"}}}
|
i := &interceptor{o: options{ignoredMethods: []string{"/test.Service/ignored"}}}
|
||||||
assert.False(i.isNotProtected("/test.Service/protected"))
|
assert.False(i.isNotProtected("/test.Service/protected"))
|
||||||
assert.True(i.isNotProtected("/test.Service/ignored"))
|
assert.True(i.isNotProtected("/test.Service/ignored"))
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestProtectedOnly(t *testing.T) {
|
func TestProtectedOnly(t *testing.T) {
|
||||||
assert := assert2.New(t)
|
assert := assert2.New(t)
|
||||||
i := &interceptor{o: options{methods: []string{"protected"}}}
|
i := &interceptor{o: options{methods: []string{"/test.Service/protected"}}}
|
||||||
assert.False(i.isNotProtected("/test.Service/protected"))
|
assert.False(i.isNotProtected("/test.Service/protected"))
|
||||||
assert.True(i.isNotProtected("/test.Service/ignored"))
|
assert.True(i.isNotProtected("/test.Service/ignored"))
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestProtectedAndIgnored(t *testing.T) {
|
func TestProtectedAndIgnored(t *testing.T) {
|
||||||
assert := assert2.New(t)
|
assert := assert2.New(t)
|
||||||
i := &interceptor{o: options{methods: []string{"protected"}, ignoredMethods: []string{"ignored"}}}
|
i := &interceptor{o: options{methods: []string{"/test.Service/protected"}, ignoredMethods: []string{"/test.Service/ignored"}}}
|
||||||
assert.True(i.isNotProtected("/test.Service/ignored"))
|
assert.True(i.isNotProtected("/test.Service/ignored"))
|
||||||
assert.False(i.isNotProtected("/test.Service/protected"))
|
assert.False(i.isNotProtected("/test.Service/protected"))
|
||||||
assert.True(i.isNotProtected("/test.Service/other"))
|
assert.True(i.isNotProtected("/test.Service/other"))
|
||||||
@ -37,7 +37,7 @@ func TestProtectedAndIgnored(t *testing.T) {
|
|||||||
|
|
||||||
func TestProtectedByDefault(t *testing.T) {
|
func TestProtectedByDefault(t *testing.T) {
|
||||||
i := &interceptor{}
|
i := &interceptor{}
|
||||||
assert2.False(t, i.isNotProtected("nooop"))
|
assert2.False(t, i.isNotProtected("/test.Service/noop"))
|
||||||
assert2.False(t, i.isNotProtected("/test.Service/method/cannotExists"))
|
assert2.False(t, i.isNotProtected("/test.Service/method/cannotExists"))
|
||||||
assert2.False(t, i.isNotProtected("/test.Service/validMethod"))
|
assert2.False(t, i.isNotProtected("/test.Service/validMethod"))
|
||||||
}
|
}
|
||||||
|
@ -6,12 +6,14 @@ import (
|
|||||||
|
|
||||||
type Option func(o *options)
|
type Option func(o *options)
|
||||||
|
|
||||||
|
// WithMethods change the behaviour to not protect by default, it takes a list of fully qualified method names to protect, e.g. /helloworld.Greeter/SayHello
|
||||||
func WithMethods(methods ...string) Option {
|
func WithMethods(methods ...string) Option {
|
||||||
return func(o *options) {
|
return func(o *options) {
|
||||||
o.methods = append(o.methods, methods...)
|
o.methods = append(o.methods, methods...)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// WithIgnoredMethods bypass auth for the given methods, it takes a list of fully qualified method name, e.g. /helloworld.Greeter/SayHello
|
||||||
func WithIgnoredMethods(methods ...string) Option {
|
func WithIgnoredMethods(methods ...string) Option {
|
||||||
return func(o *options) {
|
return func(o *options) {
|
||||||
o.ignoredMethods = append(o.ignoredMethods, methods...)
|
o.ignoredMethods = append(o.ignoredMethods, methods...)
|
||||||
|
Loading…
x
Reference in New Issue
Block a user