mirror of
https://github.com/linka-cloud/grpc.git
synced 2024-12-22 08:50:46 +00:00
breaking change: auth options now takes fully qualified method names
Signed-off-by: Adphi <philippe.adrien.nousse@gmail.com>
This commit is contained in:
parent
4de0ec6a3b
commit
9729fb8b8a
@ -3,7 +3,6 @@ package auth
|
||||
import (
|
||||
"context"
|
||||
"crypto/subtle"
|
||||
"strings"
|
||||
|
||||
grpc_auth "github.com/grpc-ecosystem/go-grpc-middleware/auth"
|
||||
"google.golang.org/grpc"
|
||||
@ -71,15 +70,8 @@ func (i *interceptor) isNotProtected(endpoint string) bool {
|
||||
if len(i.o.ignoredMethods) == 0 && len(i.o.methods) == 0 {
|
||||
return false
|
||||
}
|
||||
// endpoint is like /helloworld.Greeter/SayHello
|
||||
parts := strings.Split(strings.TrimPrefix(endpoint, "/"), "/")
|
||||
// invalid endpoint format
|
||||
if len(parts) != 2 {
|
||||
return false
|
||||
}
|
||||
method := parts[1]
|
||||
for _, v := range i.o.ignoredMethods {
|
||||
if v == method {
|
||||
if v == endpoint {
|
||||
return true
|
||||
}
|
||||
}
|
||||
@ -87,7 +79,7 @@ func (i *interceptor) isNotProtected(endpoint string) bool {
|
||||
return false
|
||||
}
|
||||
for _, v := range i.o.methods {
|
||||
if v == method {
|
||||
if v == endpoint {
|
||||
return false
|
||||
}
|
||||
}
|
||||
|
@ -15,21 +15,21 @@ import (
|
||||
|
||||
func TestNotProtectededOnly(t *testing.T) {
|
||||
assert := assert2.New(t)
|
||||
i := &interceptor{o: options{ignoredMethods: []string{"ignored"}}}
|
||||
i := &interceptor{o: options{ignoredMethods: []string{"/test.Service/ignored"}}}
|
||||
assert.False(i.isNotProtected("/test.Service/protected"))
|
||||
assert.True(i.isNotProtected("/test.Service/ignored"))
|
||||
}
|
||||
|
||||
func TestProtectedOnly(t *testing.T) {
|
||||
assert := assert2.New(t)
|
||||
i := &interceptor{o: options{methods: []string{"protected"}}}
|
||||
i := &interceptor{o: options{methods: []string{"/test.Service/protected"}}}
|
||||
assert.False(i.isNotProtected("/test.Service/protected"))
|
||||
assert.True(i.isNotProtected("/test.Service/ignored"))
|
||||
}
|
||||
|
||||
func TestProtectedAndIgnored(t *testing.T) {
|
||||
assert := assert2.New(t)
|
||||
i := &interceptor{o: options{methods: []string{"protected"}, ignoredMethods: []string{"ignored"}}}
|
||||
i := &interceptor{o: options{methods: []string{"/test.Service/protected"}, ignoredMethods: []string{"/test.Service/ignored"}}}
|
||||
assert.True(i.isNotProtected("/test.Service/ignored"))
|
||||
assert.False(i.isNotProtected("/test.Service/protected"))
|
||||
assert.True(i.isNotProtected("/test.Service/other"))
|
||||
@ -37,7 +37,7 @@ func TestProtectedAndIgnored(t *testing.T) {
|
||||
|
||||
func TestProtectedByDefault(t *testing.T) {
|
||||
i := &interceptor{}
|
||||
assert2.False(t, i.isNotProtected("nooop"))
|
||||
assert2.False(t, i.isNotProtected("/test.Service/noop"))
|
||||
assert2.False(t, i.isNotProtected("/test.Service/method/cannotExists"))
|
||||
assert2.False(t, i.isNotProtected("/test.Service/validMethod"))
|
||||
}
|
||||
|
@ -6,12 +6,14 @@ import (
|
||||
|
||||
type Option func(o *options)
|
||||
|
||||
// WithMethods change the behaviour to not protect by default, it takes a list of fully qualified method names to protect, e.g. /helloworld.Greeter/SayHello
|
||||
func WithMethods(methods ...string) Option {
|
||||
return func(o *options) {
|
||||
o.methods = append(o.methods, methods...)
|
||||
}
|
||||
}
|
||||
|
||||
// WithIgnoredMethods bypass auth for the given methods, it takes a list of fully qualified method name, e.g. /helloworld.Greeter/SayHello
|
||||
func WithIgnoredMethods(methods ...string) Option {
|
||||
return func(o *options) {
|
||||
o.ignoredMethods = append(o.ignoredMethods, methods...)
|
||||
|
Loading…
Reference in New Issue
Block a user