linka-cloud/grpc-toolkit
2
0
Fork 0
mirror of https://github.com/linka-cloud/grpc.git synced 2025-06-22 17:22:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

add auth interceptors

Browse Source
This commit is contained in:
Adphi
2021-12-13 12:08:10 +01:00
parent 55251b5020
commit e578d62a29
6 changed files with 400 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
interceptors/auth/x509.go Normal file
View File

@ -0,0 +1,49 @@
package auth
import (
"context"
grpc_auth "github.com/grpc-ecosystem/go-grpc-middleware/auth"
"google.golang.org/grpc/credentials"
"google.golang.org/grpc/peer"
"go.linka.cloud/grpc/errors"
)
type X509Validator func(ctx context.Context, sans []string) (context.Context, error)
// func _(ctx context.Context) {
// p, ok := peer.FromContext(ctx)
// if !ok {
// return
// }
// i, ok := p.AuthInfo.(credentials.TLSInfo)
// if !ok {
// return
// }
// i.State.VerifiedChains
// }
func makeX509AuthFunc(v X509Validator) grpc_auth.AuthFunc {
return func(ctx context.Context) (context.Context, error) {
p, ok := peer.FromContext(ctx)
if !ok {
return ctx, errors.Internalf("peer not found")
}
i, ok := p.AuthInfo.(credentials.TLSInfo)
if !ok {
return ctx, errors.Unauthenticatedf("no TLS credentials")
}
if !i.State.HandshakeComplete {
return ctx, errors.Unauthenticatedf("handshake not complete")
}
var sans []string
for _, v := range i.State.VerifiedChains {
if len(v) == 0 {
continue
}
sans = append(sans, v[0].PermittedDNSDomains...)
}
return v(ctx, sans)
}
}