breaking change: auth options now takes fully qualified method names

Signed-off-by: Adphi <philippe.adrien.nousse@gmail.com>

interceptors/auth/interceptors.go

@@ -3,7 +3,6 @@ package auth
 import (
 	"context"
 	"crypto/subtle"
-	"strings"
 
 	grpc_auth "github.com/grpc-ecosystem/go-grpc-middleware/auth"
 	"google.golang.org/grpc"
@@ -71,15 +70,8 @@ func (i *interceptor) isNotProtected(endpoint string) bool {
 	if len(i.o.ignoredMethods) == 0 && len(i.o.methods) == 0 {
 		return false
 	}
-	// endpoint is like /helloworld.Greeter/SayHello
-	parts := strings.Split(strings.TrimPrefix(endpoint, "/"), "/")
-	// invalid endpoint format
-	if len(parts) != 2 {
-		return false
-	}
-	method := parts[1]
 	for _, v := range i.o.ignoredMethods {
-		if v == method {
+		if v == endpoint {
 			return true
 		}
 	}
@@ -87,7 +79,7 @@ func (i *interceptor) isNotProtected(endpoint string) bool {
 		return false
 	}
 	for _, v := range i.o.methods {
-		if v == method {
+		if v == endpoint {
 			return false
 		}
 	}

interceptors/auth/interceptors_test.go

@@ -15,21 +15,21 @@ import (
 
 func TestNotProtectededOnly(t *testing.T) {
 	assert := assert2.New(t)
-	i := &interceptor{o: options{ignoredMethods: []string{"ignored"}}}
+	i := &interceptor{o: options{ignoredMethods: []string{"/test.Service/ignored"}}}
 	assert.False(i.isNotProtected("/test.Service/protected"))
 	assert.True(i.isNotProtected("/test.Service/ignored"))
 }
 
 func TestProtectedOnly(t *testing.T) {
 	assert := assert2.New(t)
-	i := &interceptor{o: options{methods: []string{"protected"}}}
+	i := &interceptor{o: options{methods: []string{"/test.Service/protected"}}}
 	assert.False(i.isNotProtected("/test.Service/protected"))
 	assert.True(i.isNotProtected("/test.Service/ignored"))
 }
 
 func TestProtectedAndIgnored(t *testing.T) {
 	assert := assert2.New(t)
-	i := &interceptor{o: options{methods: []string{"protected"}, ignoredMethods: []string{"ignored"}}}
+	i := &interceptor{o: options{methods: []string{"/test.Service/protected"}, ignoredMethods: []string{"/test.Service/ignored"}}}
 	assert.True(i.isNotProtected("/test.Service/ignored"))
 	assert.False(i.isNotProtected("/test.Service/protected"))
 	assert.True(i.isNotProtected("/test.Service/other"))
@@ -37,7 +37,7 @@ func TestProtectedAndIgnored(t *testing.T) {
 
 func TestProtectedByDefault(t *testing.T) {
 	i := &interceptor{}
-	assert2.False(t, i.isNotProtected("nooop"))
+	assert2.False(t, i.isNotProtected("/test.Service/noop"))
 	assert2.False(t, i.isNotProtected("/test.Service/method/cannotExists"))
 	assert2.False(t, i.isNotProtected("/test.Service/validMethod"))
 }

interceptors/auth/options.go

@@ -6,12 +6,14 @@ import (
 
 type Option func(o *options)
 
+// WithMethods change the behaviour to not protect by default, it takes a list of fully qualified method names to protect, e.g. /helloworld.Greeter/SayHello
 func WithMethods(methods ...string) Option {
 	return func(o *options) {
 		o.methods = append(o.methods, methods...)
 	}
 }
 
+// WithIgnoredMethods bypass auth for the given methods, it takes a list of fully qualified method name, e.g. /helloworld.Greeter/SayHello
 func WithIgnoredMethods(methods ...string) Option {
 	return func(o *options) {
 		o.ignoredMethods = append(o.ignoredMethods, methods...)