mirror of
https://github.com/linka-cloud/grpc.git
synced 2024-12-25 18:30:45 +00:00
auth interceptors: preserve error message
Signed-off-by: Adphi <philippe.adrien.nousse@gmail.com>
This commit is contained in:
parent
1d3d5315a4
commit
dcd2f18f65
@ -8,13 +8,14 @@ import (
|
||||
"google.golang.org/grpc"
|
||||
"google.golang.org/grpc/codes"
|
||||
"google.golang.org/grpc/status"
|
||||
"google.golang.org/protobuf/types/known/anypb"
|
||||
|
||||
"go.linka.cloud/grpc/interceptors"
|
||||
)
|
||||
|
||||
func ChainedAuthFuncs(fn ...grpc_auth.AuthFunc) grpc_auth.AuthFunc {
|
||||
return func(ctx context.Context) (context.Context, error) {
|
||||
code := codes.Unauthenticated
|
||||
spb := status.New(codes.Unauthenticated, codes.Unauthenticated.String()).Proto()
|
||||
for _, v := range fn {
|
||||
ctx2, err := v(ctx)
|
||||
if err == nil {
|
||||
@ -24,11 +25,14 @@ func ChainedAuthFuncs(fn ...grpc_auth.AuthFunc) grpc_auth.AuthFunc {
|
||||
if !ok {
|
||||
return ctx2, err
|
||||
}
|
||||
if s.Code() == codes.PermissionDenied {
|
||||
code = codes.PermissionDenied
|
||||
if spb.Code != s.Proto().Code {
|
||||
spb.Code = s.Proto().Code
|
||||
}
|
||||
d, _ := anypb.New(s.Proto())
|
||||
spb.Details = append(spb.Details, d)
|
||||
spb.Message += ", " + s.Proto().Message
|
||||
}
|
||||
return ctx, status.Error(code, code.String())
|
||||
return ctx, status.FromProto(spb).Err()
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -13,7 +13,7 @@ import (
|
||||
"go.linka.cloud/grpc/errors"
|
||||
)
|
||||
|
||||
func TestNotProtectededOnly(t *testing.T) {
|
||||
func TestNotProtectedOnly(t *testing.T) {
|
||||
assert := assert2.New(t)
|
||||
i := &interceptor{o: options{ignoredMethods: []string{"/test.Service/ignored"}}}
|
||||
assert.False(i.isNotProtected("/test.Service/protected"))
|
||||
@ -99,14 +99,14 @@ func TestChainedAuthFuncs(t *testing.T) {
|
||||
name: "empty bearer",
|
||||
auth: "bearer ",
|
||||
err: true,
|
||||
code: codes.PermissionDenied,
|
||||
code: codes.Unauthenticated,
|
||||
},
|
||||
{
|
||||
name: "internal error",
|
||||
auth: "bearer internal",
|
||||
internalError: true,
|
||||
err: true,
|
||||
code: codes.PermissionDenied,
|
||||
code: codes.Internal,
|
||||
},
|
||||
{
|
||||
name: "multiple auth: first basic valid",
|
||||
@ -120,13 +120,13 @@ func TestChainedAuthFuncs(t *testing.T) {
|
||||
name: "invalid auth: bearer",
|
||||
auth: "bearer noop",
|
||||
err: true,
|
||||
code: codes.PermissionDenied,
|
||||
code: codes.Unauthenticated,
|
||||
},
|
||||
{
|
||||
name: "invalid auth: basic",
|
||||
auth: BasicAuth("other", "other"),
|
||||
err: true,
|
||||
code: codes.PermissionDenied,
|
||||
code: codes.Unauthenticated,
|
||||
},
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user