Use allowlist

grpc-ecosystem · Nov 25, 2020 · 0f6ed9b · 0f6ed9b
1 parent 0e0086f
commit 0f6ed9b
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 9 deletions.
diff --git a/interceptors/skip/examples_test.go b/interceptors/skip/examples_test.go
@@ -5,23 +5,35 @@ import (
 
 	"google.golang.org/grpc"
 
+	middleware "github.com/grpc-ecosystem/go-grpc-middleware/v2"
 	"github.com/grpc-ecosystem/go-grpc-middleware/v2/auth"
 	"github.com/grpc-ecosystem/go-grpc-middleware/v2/interceptors"
 	"github.com/grpc-ecosystem/go-grpc-middleware/v2/interceptors/skip"
+	"github.com/grpc-ecosystem/go-grpc-middleware/v2/interceptors/tags"
 )
 
 // Simple example of skipping auth interceptor in the reflection method.
 func Example_initialization() {
 	_ = grpc.NewServer(
-		grpc.UnaryInterceptor(skip.UnaryServerInterceptor(auth.UnaryServerInterceptor(exampleAuthFunc), ReflectionFilter)),
-		grpc.StreamInterceptor(skip.StreamServerInterceptor(auth.StreamServerInterceptor(exampleAuthFunc), ReflectionFilter)),
+		grpc.UnaryInterceptor(skip.UnaryServerInterceptor(auth.UnaryServerInterceptor(dummyAuth), SkipReflectionService)),
+		grpc.StreamInterceptor(skip.StreamServerInterceptor(auth.StreamServerInterceptor(dummyAuth), SkipReflectionService)),
+	)
+}
+
+func Example_chain() {
+	_ = grpc.NewServer(
+		grpc.UnaryInterceptor(skip.UnaryServerInterceptor(
+			middleware.ChainUnaryServer(
+				tags.UnaryServerInterceptor(),
+				auth.UnaryServerInterceptor(dummyAuth),
+			), SkipReflectionService)),
 	)
 }
 
 func dummyAuth(ctx context.Context) (context.Context, error) {
 	return ctx, nil
 }
 
-func SkilReflectionService(ctx context.Context, gRPCType interceptors.GRPCType, service string, method string) bool {
-	return service == "grpc.reflection.v1alpha.ServerReflection"
+func SkipReflectionService(ctx context.Context, gRPCType interceptors.GRPCType, service string, method string) bool {
+	return service != "grpc.reflection.v1alpha.ServerReflection"
 }
diff --git a/interceptors/skip/interceptor.go b/interceptors/skip/interceptor.go
@@ -18,7 +18,7 @@ func UnaryServerInterceptor(in grpc.UnaryServerInterceptor, filter Filter) grpc.
 
 	return func(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (interface{}, error) {
 		service, method := interceptors.SplitMethodName(info.FullMethod)
-		if filter(ctx, interceptors.Unary, service, method) {
+		if !filter(ctx, interceptors.Unary, service, method) {
 			// Skip interceptor.
 			return handler(ctx, req)
 		}
@@ -34,7 +34,7 @@ func StreamServerInterceptor(in grpc.StreamServerInterceptor, filter Filter) grp
 
 	return func(srv interface{}, ss grpc.ServerStream, info *grpc.StreamServerInfo, handler grpc.StreamHandler) error {
 		service, method := interceptors.SplitMethodName(info.FullMethod)
-		if filter(ss.Context(), interceptors.StreamRPCType(info), service, method) {
+		if !filter(ss.Context(), interceptors.StreamRPCType(info), service, method) {
 			// Skip interceptor.
 			return handler(srv, ss)
 		}

diff --git a/interceptors/skip/interceptor_test.go b/interceptors/skip/interceptor_test.go
@@ -87,10 +87,9 @@ func filter(ctx context.Context, gRPCType interceptors.GRPCType, service string,
 	m.Set(keyMethod, method)
 
 	if v := m.Get("skip"); len(v) > 0 && v[0] == "true" {
-
-		return true
+		return false
 	}
-	return false
+	return true
 }
 
 func TestSkipSuite(t *testing.T) {