Fixed tls client options

go.mod

@@ -9,7 +9,7 @@ require (
 	github.com/joho/godotenv v1.5.1
 	github.com/rakyll/statik v0.1.7
 	github.com/rs/cors v1.9.0
-	github.com/satanaroom/auth v0.0.0-20230524093436-fc87469d3ad5
+	github.com/satanaroom/auth v0.0.0-20230526072419-e465008b530c
 	google.golang.org/genproto v0.0.0-20230525154841-bd750badd5c6
 	google.golang.org/grpc v1.55.0
 	google.golang.org/protobuf v1.30.0

go.sum

@@ -52,8 +52,8 @@ github.com/rakyll/statik v0.1.7 h1:OF3QCZUuyPxuGEP7B4ypUa7sB/iHtqOTDYZXGM8KOdQ=
 github.com/rakyll/statik v0.1.7/go.mod h1:AlZONWzMtEnMs7W4e/1LURLiI49pIMmp6V9Unghqrcc=
 github.com/rs/cors v1.9.0 h1:l9HGsTsHJcvW14Nk7J9KFz8bzeAWXn3CG6bgt7LsrAE=
 github.com/rs/cors v1.9.0/go.mod h1:XyqrcTp5zjWr1wsJ8PIRZssZ8b/WMcMf71DJnit4EMU=
-github.com/satanaroom/auth v0.0.0-20230524093436-fc87469d3ad5 h1:seqM40Chll/OFPnkck6NBODBlxyI+uTDRFnNm544Cmw=
-github.com/satanaroom/auth v0.0.0-20230524093436-fc87469d3ad5/go.mod h1:+wdPqwDeOTvPmk0src6tRJnxJLBI6+5+UC6K2z5Cgwc=
+github.com/satanaroom/auth v0.0.0-20230526072419-e465008b530c h1:bGZ5J1TUcjqYLLIUeszycpNuSQzZs906vc1qBZvOy9g=
+github.com/satanaroom/auth v0.0.0-20230526072419-e465008b530c/go.mod h1:+wdPqwDeOTvPmk0src6tRJnxJLBI6+5+UC6K2z5Cgwc=
 github.com/sirupsen/logrus v1.4.2 h1:SPIRibHv4MatM3XXNO2BJeFLZwZ2LvZgfQ5+UNI2im4=
 github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=

internal/app/app.go

@@ -100,10 +100,13 @@ func (a *App) initServiceProvider(_ context.Context) error {
 
 func (a *App) initGRPCServer(ctx context.Context) error {
 	a.grpcServer = grpc.NewServer(
-		grpc.UnaryInterceptor(grpcMiddleware.ChainUnaryServer(
-			interceptor.ValidateInterceptor,
-			interceptor.NewAuthInterceptor(a.serviceProvider.AuthClient(ctx)).Unary(),
-		)))
+		grpc.UnaryInterceptor(
+			grpcMiddleware.ChainUnaryServer(
+				interceptor.ValidateInterceptor,
+				interceptor.NewAuthInterceptor(a.serviceProvider.AuthClient(ctx)).Unary(),
+			),
+		),
+	)
 
 	reflection.Register(a.grpcServer)
 

internal/app/service_provider.go

@@ -6,24 +6,26 @@ import (
 	accessV1 "github.com/satanaroom/auth/pkg/access_v1"
 	"github.com/satanaroom/auth/pkg/logger"
 	chatV1 "github.com/satanaroom/chat_server/internal/api/chat_v1"
-	"google.golang.org/grpc/credentials/insecure"
-
 	authClient "github.com/satanaroom/chat_server/internal/clients/grpc/auth"
 	"github.com/satanaroom/chat_server/internal/closer"
 	"github.com/satanaroom/chat_server/internal/config"
 	chatService "github.com/satanaroom/chat_server/internal/service/chat"
 	"google.golang.org/grpc"
+	"google.golang.org/grpc/credentials"
 )
 
 type serviceProvider struct {
 	authConfig    config.AuthClientConfig
 	grpcConfig    config.GRPCConfig
 	httpConfig    config.HTTPConfig
 	swaggerConfig config.SwaggerConfig
+	tlsConfig     config.TLSConfig
 
 	authClient  authClient.Client
 	chatService chatService.Service
 
+	tlsCredentials credentials.TransportCredentials
+
 	chatImpl *chatV1.Implementation
 }
 
@@ -54,7 +56,7 @@ func (s *serviceProvider) AuthClientConfig() config.AuthClientConfig {
 
 func (s *serviceProvider) AuthClient(ctx context.Context) authClient.Client {
 	if s.authClient == nil {
-		opts := grpc.WithTransportCredentials(insecure.NewCredentials())
+		opts := grpc.WithTransportCredentials(s.TLSCredentials(ctx))
 
 		conn, err := grpc.DialContext(ctx, s.AuthClientConfig().Host(), opts)
 		if err != nil {
@@ -108,10 +110,36 @@ func (s *serviceProvider) SwaggerConfig() config.SwaggerConfig {
 	return s.swaggerConfig
 }
 
+func (s *serviceProvider) TLSConfig() config.TLSConfig {
+	if s.tlsConfig == nil {
+		cfg, err := config.NewTLSConfig()
+		if err != nil {
+			logger.Fatalf("failed to get TLS config: %s", err.Error())
+		}
+
+		s.tlsConfig = cfg
+	}
+
+	return s.tlsConfig
+}
+
 func (s *serviceProvider) ChatImpl(ctx context.Context) *chatV1.Implementation {
 	if s.chatImpl == nil {
 		s.chatImpl = chatV1.NewImplementation(s.ChatService(ctx))
 	}
 
 	return s.chatImpl
 }
+
+func (s *serviceProvider) TLSCredentials(_ context.Context) credentials.TransportCredentials {
+	if s.tlsCredentials == nil {
+		creds, err := credentials.NewClientTLSFromFile(s.TLSConfig().CertFile(), "")
+		if err != nil {
+			logger.Fatalf("new client tls from file: %s", err.Error())
+		}
+
+		s.tlsCredentials = creds
+	}
+
+	return s.tlsCredentials
+}

internal/config/tls.go

@@ -0,0 +1,31 @@
+package config
+
+import (
+	"github.com/satanaroom/auth/pkg/env"
+)
+
+var _ TLSConfig = (*tlsConfig)(nil)
+
+const tlsCertFileEnvName = "TLS_AUTH_CERT_FILE"
+
+type TLSConfig interface {
+	CertFile() string
+}
+
+type tlsConfig struct {
+	certFile string
+}
+
+func NewTLSConfig() (*tlsConfig, error) {
+	var certFile string
+
+	env.ToString(&certFile, tlsCertFileEnvName, "service.pem")
+
+	return &tlsConfig{
+		certFile: certFile,
+	}, nil
+}
+
+func (c *tlsConfig) CertFile() string {
+	return c.certFile
+}

internal/interceptor/auth.go

@@ -2,7 +2,6 @@ package interceptor
 
 import (
 	"context"
-	"fmt"
 
 	"github.com/satanaroom/chat_server/internal/clients/grpc/auth"
 	"google.golang.org/grpc"
@@ -28,7 +27,7 @@ func (i *authInterceptor) Unary() grpc.UnaryServerInterceptor {
 
 		ok, err = i.authClient.Check(ctx, info.FullMethod)
 		if err != nil || !ok {
-			return nil, fmt.Errorf("check access: %w", err)
+			return nil, err
 		}
 
 		return handler(ctx, req)