/
auth.go
106 lines (85 loc) 路 2.82 KB
/
auth.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
/*
* Copyright (c) 2020 Nguyen Trung Tin. All rights reserved.
* Use of this source code is governed by a BSD-style
* license that can be found in the LICENSE file.
*/
package interceptor
import (
"context"
"google.golang.org/grpc/codes"
"google.golang.org/grpc/metadata"
"google.golang.org/grpc/status"
"github.com/nguyentrungtin/go-grpc-boilerplate/pkg/connect"
log "github.com/sirupsen/logrus"
"google.golang.org/grpc"
"gorm.io/gorm"
)
type AuthInterceptor struct {
db *gorm.DB
connector connect.Connector
}
// NewAuthInterceptor create new AuthInterceptor
func NewAuthInterceptor(db *gorm.DB, cnt connect.Connector) *AuthInterceptor {
return &AuthInterceptor{
db: db,
connector: cnt,
}
}
// Unary is unary interceptor which validate token and RBAC permissions
func (interceptor *AuthInterceptor) Unary() grpc.UnaryServerInterceptor {
return func(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (resp interface{}, err error) {
log.WithField("method", info.FullMethod).Info("Unary interceptor")
// get authorization token
token, err := interceptor.GetToken(ctx, info.FullMethod)
if err != nil {
// @TODO: return error
//return nil, err
// temporary pass for demo
return handler(ctx, req)
}
// @TODO: use token to check auth instead of log to stdout
log.WithField("token", token).Info("TOKEN")
cnn, err := interceptor.connector.Connect("ANOTHER-GRPC")
defer cnn.Close()
// @TODO: Call gRPC to PAVE-ID to check auth
return handler(ctx, req)
}
}
// Stream is stream interceptor which validate token and RBAC permissions
func (interceptor *AuthInterceptor) Stream() grpc.StreamServerInterceptor {
return func(
srv interface{},
stream grpc.ServerStream,
info *grpc.StreamServerInfo,
handler grpc.StreamHandler,
) error {
log.WithField("method", info.FullMethod).Info("Stream interceptor")
// get authorization token
token, err := interceptor.GetToken(stream.Context(), info.FullMethod)
if err != nil {
// @TODO: return error
//return err
// temporary pass for demo
return handler(srv, stream)
}
// @TODO: use token to check auth instead of log to stdout
log.WithField("token", token).Info("TOKEN")
cnn, err := interceptor.connector.Connect("ANOTHER-GRPC")
defer cnn.Close()
// @TODO: Call gRPC to PAVE-ID to check auth
return handler(srv, stream)
}
}
// GetToken get jwt token on metadata
func (interceptor *AuthInterceptor) GetToken(ctx context.Context, method string) (string, error) {
md, ok := metadata.FromIncomingContext(ctx)
if !ok {
return "", status.Errorf(codes.Unauthenticated, "metadata is not provided")
}
values := md["authorization"]
if len(values) == 0 {
return "", status.Errorf(codes.Unauthenticated, "authorization token is not provided")
}
token := values[0]
return token, nil
}