/
authn_client.go
58 lines (51 loc) · 1.54 KB
/
authn_client.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
package apix
import (
"context"
"crypto/x509"
"time"
"github.com/prometheus/client_golang/prometheus"
"google.golang.org/grpc/codes"
"google.golang.org/grpc/status"
api "github.com/powerman/go-monolith-example/api/proto/powerman/example/auth"
"github.com/powerman/go-monolith-example/internal/dom"
"github.com/powerman/go-monolith-example/pkg/grpcx"
)
type authnClient struct {
client api.AuthIntSvcClient
}
// NewAuthnClient returns Authn implementation using gRPC AuthIntSvc at addr.
func NewAuthnClient(
ctx Ctx,
reg *prometheus.Registry,
service string,
ca *x509.CertPool,
addr string,
) (Authn, error) {
const subsystem = "apix"
metrics := grpcx.NewClientMetrics(reg, service, subsystem)
conn, err := grpcx.Dial(ctx, addr, service, metrics, ca)
if err != nil {
return nil, err
}
client := api.NewAuthIntSvcClient(conn)
return &authnClient{client: client}, nil
}
func (c *authnClient) Authenticate(ctx Ctx, accessToken AccessToken) (auth dom.Auth, err error) {
const rpcTimeout = 5 * time.Second
ctx, cancel := context.WithTimeout(ctx, rpcTimeout)
defer cancel()
creds := grpcx.AccessTokenCreds(string(accessToken))
resp, err := c.client.CheckAccessToken(ctx, &api.CheckAccessTokenRequest{}, creds)
var userName *dom.UserName
if err == nil {
userName, err = dom.ParseUserName(resp.GetUser().GetName())
}
if err == nil {
auth.UserName = *userName
auth.Admin = resp.GetUser().GetAccess().GetRole() == api.Access_ROLE_ADMIN
}
if status.Code(err) == codes.Unauthenticated {
err = ErrAccessTokenInvalid
}
return auth, err
}