-
Notifications
You must be signed in to change notification settings - Fork 0
/
auth.go
116 lines (93 loc) · 2.96 KB
/
auth.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
package auth
import (
"context"
"github.com/galexrt/fivenet/pkg/grpc/auth/userinfo"
"github.com/grpc-ecosystem/go-grpc-middleware/v2/interceptors/logging"
"go.opentelemetry.io/otel/attribute"
"go.opentelemetry.io/otel/trace"
"google.golang.org/grpc/codes"
"google.golang.org/grpc/status"
)
const (
AuthAccIDCtxTag = "auth.accid"
AuthActiveCharIDCtxTag = "auth.chrid"
AuthSubCtxTag = "auth.sub"
AuthActiveCharJobCtxTag = "auth.chrjob"
)
const (
PermCanBeSuper = "CanBeSuper"
PermCanBeSuperKey = "canbesuper"
PermSuperUser = "SuperUser"
PermSuperUserKey = "superuser"
PermAny = "Any"
)
type userInfoCtxMarker struct{}
var userInfoCtxMarkerKey = &userInfoCtxMarker{}
var (
ErrNoToken = status.Errorf(codes.Unauthenticated, "errors.pkg-auth.ErrNoToken")
ErrInvalidToken = status.Error(codes.Unauthenticated, "errors.pkg-auth.ErrInvalidToken")
ErrCheckToken = status.Error(codes.Unauthenticated, "errors.pkg-auth.ErrCheckToken")
ErrUserNoPerms = status.Error(codes.PermissionDenied, "errors.pkg-auth.ErrUserNoPerms")
ErrNoUserInfo = status.Error(codes.Unauthenticated, "errors.pkg-auth.ErrNoUserInfo")
ErrPermissionDenied = status.Errorf(codes.PermissionDenied, "errors.pkg-auth.ErrPermissionDenied")
)
type GRPCAuth struct {
ui userinfo.UserInfoRetriever
tm *TokenMgr
}
func NewGRPCAuth(ui userinfo.UserInfoRetriever, tm *TokenMgr) *GRPCAuth {
return &GRPCAuth{
ui: ui,
tm: tm,
}
}
func (g *GRPCAuth) GRPCAuthFunc(ctx context.Context, fullMethod string) (context.Context, error) {
t, err := GetTokenFromGRPCContext(ctx)
if err != nil {
return nil, err
}
if t == "" {
return nil, ErrNoToken
}
// Parse token only returns the token info when the token is still valid
tInfo, err := g.tm.ParseWithClaims(t)
if err != nil {
return nil, ErrInvalidToken
}
userInfo, err := g.ui.GetUserInfo(ctx, tInfo.CharID, tInfo.AccID)
if err != nil {
return nil, err
}
ctx = logging.InjectFields(ctx, logging.Fields{
AuthSubCtxTag, tInfo.Subject,
AuthAccIDCtxTag, tInfo.CharID,
AuthActiveCharIDCtxTag, tInfo.CharID,
AuthActiveCharJobCtxTag, userInfo.Job,
})
trace.SpanFromContext(ctx).SetAttributes(
attribute.Int64("fivenet.auth.acc_id", int64(tInfo.AccID)),
attribute.Int("fivenet.auth.char_id", int(tInfo.CharID)),
attribute.String("fivenet.job", userInfo.Job),
)
return context.WithValue(ctx, userInfoCtxMarkerKey, userInfo), nil
}
func (g *GRPCAuth) GRPCAuthFuncWithoutUserInfo(ctx context.Context, fullMethod string) (context.Context, error) {
t, err := GetTokenFromGRPCContext(ctx)
if err != nil {
return nil, err
}
if t == "" {
return nil, ErrNoToken
}
// Parse token only returns the token info when the token is still valid
tInfo, err := g.tm.ParseWithClaims(t)
if err != nil {
return nil, ErrInvalidToken
}
ctx = logging.InjectFields(ctx, logging.Fields{
AuthSubCtxTag, tInfo.Subject,
AuthAccIDCtxTag, tInfo.CharID,
AuthActiveCharIDCtxTag, tInfo.CharID,
})
return ctx, nil
}