-
Notifications
You must be signed in to change notification settings - Fork 1
/
utils.go
123 lines (112 loc) · 3.69 KB
/
utils.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
package rpc
import (
"context"
"crypto/tls"
"net"
"strings"
gwRuntime "github.com/grpc-ecosystem/grpc-gateway/v2/runtime"
"go.bryk.io/pkg/errors"
"google.golang.org/grpc/codes"
"google.golang.org/grpc/metadata"
"google.golang.org/grpc/status"
)
// GetAddress returns the IPv4 address for the specified network interface.
func GetAddress(networkInterface string) (string, error) {
switch networkInterface {
case NetworkInterfaceLocal:
return "127.0.0.1", nil
case NetworkInterfaceAll:
return "", nil
default:
ip, err := GetInterfaceIP(networkInterface)
if err != nil {
return "", errors.Wrap(err, "failed to retrieve interface's IP")
}
return ip.To4().String(), nil
}
}
// GetInterfaceIP returns the IP address for a given network interface.
func GetInterfaceIP(name string) (net.IP, error) {
i, err := net.InterfaceByName(name)
if err != nil {
return nil, errors.Wrap(err, "unknown interface")
}
ls, err := i.Addrs()
if err != nil {
return nil, errors.Wrap(err, "failed to load interface address(es)")
}
var ip net.IP
for _, addr := range ls {
if ipnet, ok := addr.(*net.IPNet); ok && !ipnet.IP.IsLoopback() {
if ipnet.IP.To4() != nil {
ip = ipnet.IP
}
}
}
if ip == nil {
err = errors.New("no IP address found for network interface")
}
return ip, err
}
// LoadCertificate provides a helper method to conveniently parse and existing
// certificate and corresponding private key.
func LoadCertificate(cert []byte, key []byte) (tls.Certificate, error) {
c, err := tls.X509KeyPair(cert, key)
return c, errors.Wrap(err, "failed to load key pair")
}
// ContextWithMetadata returns a context with the provided value set as metadata.
// Any existing metadata already present in the context will be preserved. Intended
// to be used for outgoing RPC calls.
func ContextWithMetadata(ctx context.Context, md metadata.MD) context.Context {
for k := range md {
if vals := md.Get(k); len(vals) > 0 {
size := len(vals)
nv := make([]string, size)
for i := 0; i < size; i++ {
nv[i] = strings.TrimSpace(vals[i])
}
md.Set(k, nv...)
}
}
orig, _ := metadata.FromOutgoingContext(ctx)
return metadata.NewOutgoingContext(ctx, metadata.Join(orig, md))
}
// MetadataFromContext extracts and return the metadata values available in the
// provided context.
func MetadataFromContext(ctx context.Context) metadata.MD {
var list []metadata.MD
if md, ok := metadata.FromIncomingContext(ctx); ok {
list = append(list, md)
}
if md, ok := metadata.FromOutgoingContext(ctx); ok {
list = append(list, md)
}
if md, ok := gwRuntime.ServerMetadataFromContext(ctx); ok {
list = append(list, md.HeaderMD)
list = append(list, md.TrailerMD)
}
return metadata.Join(list...)
}
// GetAuthToken is helper function for extracting the "authorization" header from
// the gRPC metadata of the request. It expects the "authorization" header to be of
// a certain scheme (e.g. `basic`, `bearer`), in a case-insensitive format
// (see rfc2617, sec 1.2). If no such authorization is found, or the token is of wrong
// scheme, an error with gRPC status `Unauthenticated` is returned.
func GetAuthToken(ctx context.Context, scheme string) (string, error) {
md, ok := metadata.FromIncomingContext(ctx)
if !ok {
return "", status.Errorf(codes.Unauthenticated, "no authorization token")
}
t := md.Get("authorization")
if len(t) == 0 {
return "", status.Errorf(codes.Unauthenticated, "no authorization token")
}
splits := strings.SplitN(t[0], " ", 2)
if len(splits) < 2 {
return "", status.Errorf(codes.Unauthenticated, "bad authorization token")
}
if !strings.EqualFold(splits[0], scheme) {
return "", status.Errorf(codes.Unauthenticated, "request unauthenticated with "+scheme)
}
return splits[1], nil
}