From 9729fb8b8a72c56479bc4f7a004d3efb94711b94 Mon Sep 17 00:00:00 2001 From: Adphi Date: Sat, 16 Jul 2022 19:03:44 +0200 Subject: [PATCH] breaking change: auth options now takes fully qualified method names Signed-off-by: Adphi --- interceptors/auth/interceptors.go | 12 ++---------- interceptors/auth/interceptors_test.go | 8 ++++---- interceptors/auth/options.go | 2 ++ 3 files changed, 8 insertions(+), 14 deletions(-) diff --git a/interceptors/auth/interceptors.go b/interceptors/auth/interceptors.go index f376fd9..d9dc129 100644 --- a/interceptors/auth/interceptors.go +++ b/interceptors/auth/interceptors.go @@ -3,7 +3,6 @@ package auth import ( "context" "crypto/subtle" - "strings" grpc_auth "github.com/grpc-ecosystem/go-grpc-middleware/auth" "google.golang.org/grpc" @@ -71,15 +70,8 @@ func (i *interceptor) isNotProtected(endpoint string) bool { if len(i.o.ignoredMethods) == 0 && len(i.o.methods) == 0 { return false } - // endpoint is like /helloworld.Greeter/SayHello - parts := strings.Split(strings.TrimPrefix(endpoint, "/"), "/") - // invalid endpoint format - if len(parts) != 2 { - return false - } - method := parts[1] for _, v := range i.o.ignoredMethods { - if v == method { + if v == endpoint { return true } } @@ -87,7 +79,7 @@ func (i *interceptor) isNotProtected(endpoint string) bool { return false } for _, v := range i.o.methods { - if v == method { + if v == endpoint { return false } } diff --git a/interceptors/auth/interceptors_test.go b/interceptors/auth/interceptors_test.go index 2ae06ed..c85a2b6 100644 --- a/interceptors/auth/interceptors_test.go +++ b/interceptors/auth/interceptors_test.go @@ -15,21 +15,21 @@ import ( func TestNotProtectededOnly(t *testing.T) { assert := assert2.New(t) - i := &interceptor{o: options{ignoredMethods: []string{"ignored"}}} + i := &interceptor{o: options{ignoredMethods: []string{"/test.Service/ignored"}}} assert.False(i.isNotProtected("/test.Service/protected")) assert.True(i.isNotProtected("/test.Service/ignored")) } func TestProtectedOnly(t *testing.T) { assert := assert2.New(t) - i := &interceptor{o: options{methods: []string{"protected"}}} + i := &interceptor{o: options{methods: []string{"/test.Service/protected"}}} assert.False(i.isNotProtected("/test.Service/protected")) assert.True(i.isNotProtected("/test.Service/ignored")) } func TestProtectedAndIgnored(t *testing.T) { assert := assert2.New(t) - i := &interceptor{o: options{methods: []string{"protected"}, ignoredMethods: []string{"ignored"}}} + i := &interceptor{o: options{methods: []string{"/test.Service/protected"}, ignoredMethods: []string{"/test.Service/ignored"}}} assert.True(i.isNotProtected("/test.Service/ignored")) assert.False(i.isNotProtected("/test.Service/protected")) assert.True(i.isNotProtected("/test.Service/other")) @@ -37,7 +37,7 @@ func TestProtectedAndIgnored(t *testing.T) { func TestProtectedByDefault(t *testing.T) { i := &interceptor{} - assert2.False(t, i.isNotProtected("nooop")) + assert2.False(t, i.isNotProtected("/test.Service/noop")) assert2.False(t, i.isNotProtected("/test.Service/method/cannotExists")) assert2.False(t, i.isNotProtected("/test.Service/validMethod")) } diff --git a/interceptors/auth/options.go b/interceptors/auth/options.go index dd59b57..8780c54 100644 --- a/interceptors/auth/options.go +++ b/interceptors/auth/options.go @@ -6,12 +6,14 @@ import ( type Option func(o *options) +// WithMethods change the behaviour to not protect by default, it takes a list of fully qualified method names to protect, e.g. /helloworld.Greeter/SayHello func WithMethods(methods ...string) Option { return func(o *options) { o.methods = append(o.methods, methods...) } } +// WithIgnoredMethods bypass auth for the given methods, it takes a list of fully qualified method name, e.g. /helloworld.Greeter/SayHello func WithIgnoredMethods(methods ...string) Option { return func(o *options) { o.ignoredMethods = append(o.ignoredMethods, methods...)