breaking change: auth options now takes fully qualified method names

Signed-off-by: Adphi <philippe.adrien.nousse@gmail.com>
2024-11-21 18:36:25 +00:00 · 2022-07-16 19:03:44 +02:00 · 2022-07-16 19:03:44 +02:00 · 9729fb8b8a
commit 9729fb8b8a
parent 4de0ec6a3b
3 changed files with 8 additions and 14 deletions
--- a/interceptors/auth/interceptors.go
+++ b/interceptors/auth/interceptors.go
@ -3,7 +3,6 @@ package auth
 import (
 	"context"
 	"crypto/subtle"
-	"strings"

 	grpc_auth "github.com/grpc-ecosystem/go-grpc-middleware/auth"
 	"google.golang.org/grpc"
@ -71,15 +70,8 @@ func (i *interceptor) isNotProtected(endpoint string) bool {
 	if len(i.o.ignoredMethods) == 0 && len(i.o.methods) == 0 {
 		return false
 	}
-	// endpoint is like /helloworld.Greeter/SayHello
-	parts := strings.Split(strings.TrimPrefix(endpoint, "/"), "/")
-	// invalid endpoint format
-	if len(parts) != 2 {
-		return false
-	}
-	method := parts[1]
 	for _, v := range i.o.ignoredMethods {
-		if v == method {
+		if v == endpoint {
 			return true
 		}
 	}
@ -87,7 +79,7 @@ func (i *interceptor) isNotProtected(endpoint string) bool {
 		return false
 	}
 	for _, v := range i.o.methods {
-		if v == method {
+		if v == endpoint {
 			return false
 		}
 	}
--- a/interceptors/auth/interceptors_test.go
+++ b/interceptors/auth/interceptors_test.go
@ -15,21 +15,21 @@ import (

 func TestNotProtectededOnly(t *testing.T) {
 	assert := assert2.New(t)
-	i := &interceptor{o: options{ignoredMethods: []string{"ignored"}}}
+	i := &interceptor{o: options{ignoredMethods: []string{"/test.Service/ignored"}}}
 	assert.False(i.isNotProtected("/test.Service/protected"))
 	assert.True(i.isNotProtected("/test.Service/ignored"))
 }

 func TestProtectedOnly(t *testing.T) {
 	assert := assert2.New(t)
-	i := &interceptor{o: options{methods: []string{"protected"}}}
+	i := &interceptor{o: options{methods: []string{"/test.Service/protected"}}}
 	assert.False(i.isNotProtected("/test.Service/protected"))
 	assert.True(i.isNotProtected("/test.Service/ignored"))
 }

 func TestProtectedAndIgnored(t *testing.T) {
 	assert := assert2.New(t)
-	i := &interceptor{o: options{methods: []string{"protected"}, ignoredMethods: []string{"ignored"}}}
+	i := &interceptor{o: options{methods: []string{"/test.Service/protected"}, ignoredMethods: []string{"/test.Service/ignored"}}}
 	assert.True(i.isNotProtected("/test.Service/ignored"))
 	assert.False(i.isNotProtected("/test.Service/protected"))
 	assert.True(i.isNotProtected("/test.Service/other"))
@ -37,7 +37,7 @@ func TestProtectedAndIgnored(t *testing.T) {

 func TestProtectedByDefault(t *testing.T) {
 	i := &interceptor{}
-	assert2.False(t, i.isNotProtected("nooop"))
+	assert2.False(t, i.isNotProtected("/test.Service/noop"))
 	assert2.False(t, i.isNotProtected("/test.Service/method/cannotExists"))
 	assert2.False(t, i.isNotProtected("/test.Service/validMethod"))
 }
--- a/interceptors/auth/options.go
+++ b/interceptors/auth/options.go
@ -6,12 +6,14 @@ import (

 type Option func(o *options)

+// WithMethods change the behaviour to not protect by default, it takes a list of fully qualified method names to protect, e.g. /helloworld.Greeter/SayHello
 func WithMethods(methods ...string) Option {
 	return func(o *options) {
 		o.methods = append(o.methods, methods...)
 	}
 }

+// WithIgnoredMethods bypass auth for the given methods, it takes a list of fully qualified method name, e.g. /helloworld.Greeter/SayHello
 func WithIgnoredMethods(methods ...string) Option {
 	return func(o *options) {
 		o.ignoredMethods = append(o.ignoredMethods, methods...)