diff --git a/go.mod b/go.mod index 50e9d4a..89f73d5 100644 --- a/go.mod +++ b/go.mod @@ -9,7 +9,7 @@ require ( github.com/joho/godotenv v1.5.1 github.com/rakyll/statik v0.1.7 github.com/rs/cors v1.9.0 - github.com/satanaroom/auth v0.0.0-20230524093436-fc87469d3ad5 + github.com/satanaroom/auth v0.0.0-20230526072419-e465008b530c google.golang.org/genproto v0.0.0-20230525154841-bd750badd5c6 google.golang.org/grpc v1.55.0 google.golang.org/protobuf v1.30.0 diff --git a/go.sum b/go.sum index ebd97a0..b3e48be 100644 --- a/go.sum +++ b/go.sum @@ -52,8 +52,8 @@ github.com/rakyll/statik v0.1.7 h1:OF3QCZUuyPxuGEP7B4ypUa7sB/iHtqOTDYZXGM8KOdQ= github.com/rakyll/statik v0.1.7/go.mod h1:AlZONWzMtEnMs7W4e/1LURLiI49pIMmp6V9Unghqrcc= github.com/rs/cors v1.9.0 h1:l9HGsTsHJcvW14Nk7J9KFz8bzeAWXn3CG6bgt7LsrAE= github.com/rs/cors v1.9.0/go.mod h1:XyqrcTp5zjWr1wsJ8PIRZssZ8b/WMcMf71DJnit4EMU= -github.com/satanaroom/auth v0.0.0-20230524093436-fc87469d3ad5 h1:seqM40Chll/OFPnkck6NBODBlxyI+uTDRFnNm544Cmw= -github.com/satanaroom/auth v0.0.0-20230524093436-fc87469d3ad5/go.mod h1:+wdPqwDeOTvPmk0src6tRJnxJLBI6+5+UC6K2z5Cgwc= +github.com/satanaroom/auth v0.0.0-20230526072419-e465008b530c h1:bGZ5J1TUcjqYLLIUeszycpNuSQzZs906vc1qBZvOy9g= +github.com/satanaroom/auth v0.0.0-20230526072419-e465008b530c/go.mod h1:+wdPqwDeOTvPmk0src6tRJnxJLBI6+5+UC6K2z5Cgwc= github.com/sirupsen/logrus v1.4.2 h1:SPIRibHv4MatM3XXNO2BJeFLZwZ2LvZgfQ5+UNI2im4= github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= diff --git a/internal/app/app.go b/internal/app/app.go index 6a6cc43..4d6fab9 100644 --- a/internal/app/app.go +++ b/internal/app/app.go @@ -100,10 +100,13 @@ func (a *App) initServiceProvider(_ context.Context) error { func (a *App) initGRPCServer(ctx context.Context) error { a.grpcServer = grpc.NewServer( - grpc.UnaryInterceptor(grpcMiddleware.ChainUnaryServer( - interceptor.ValidateInterceptor, - interceptor.NewAuthInterceptor(a.serviceProvider.AuthClient(ctx)).Unary(), - ))) + grpc.UnaryInterceptor( + grpcMiddleware.ChainUnaryServer( + interceptor.ValidateInterceptor, + interceptor.NewAuthInterceptor(a.serviceProvider.AuthClient(ctx)).Unary(), + ), + ), + ) reflection.Register(a.grpcServer) diff --git a/internal/app/service_provider.go b/internal/app/service_provider.go index b784c91..ba8f99f 100644 --- a/internal/app/service_provider.go +++ b/internal/app/service_provider.go @@ -6,13 +6,12 @@ import ( accessV1 "github.com/satanaroom/auth/pkg/access_v1" "github.com/satanaroom/auth/pkg/logger" chatV1 "github.com/satanaroom/chat_server/internal/api/chat_v1" - "google.golang.org/grpc/credentials/insecure" - authClient "github.com/satanaroom/chat_server/internal/clients/grpc/auth" "github.com/satanaroom/chat_server/internal/closer" "github.com/satanaroom/chat_server/internal/config" chatService "github.com/satanaroom/chat_server/internal/service/chat" "google.golang.org/grpc" + "google.golang.org/grpc/credentials" ) type serviceProvider struct { @@ -20,10 +19,13 @@ type serviceProvider struct { grpcConfig config.GRPCConfig httpConfig config.HTTPConfig swaggerConfig config.SwaggerConfig + tlsConfig config.TLSConfig authClient authClient.Client chatService chatService.Service + tlsCredentials credentials.TransportCredentials + chatImpl *chatV1.Implementation } @@ -54,7 +56,7 @@ func (s *serviceProvider) AuthClientConfig() config.AuthClientConfig { func (s *serviceProvider) AuthClient(ctx context.Context) authClient.Client { if s.authClient == nil { - opts := grpc.WithTransportCredentials(insecure.NewCredentials()) + opts := grpc.WithTransportCredentials(s.TLSCredentials(ctx)) conn, err := grpc.DialContext(ctx, s.AuthClientConfig().Host(), opts) if err != nil { @@ -108,6 +110,19 @@ func (s *serviceProvider) SwaggerConfig() config.SwaggerConfig { return s.swaggerConfig } +func (s *serviceProvider) TLSConfig() config.TLSConfig { + if s.tlsConfig == nil { + cfg, err := config.NewTLSConfig() + if err != nil { + logger.Fatalf("failed to get TLS config: %s", err.Error()) + } + + s.tlsConfig = cfg + } + + return s.tlsConfig +} + func (s *serviceProvider) ChatImpl(ctx context.Context) *chatV1.Implementation { if s.chatImpl == nil { s.chatImpl = chatV1.NewImplementation(s.ChatService(ctx)) @@ -115,3 +130,16 @@ func (s *serviceProvider) ChatImpl(ctx context.Context) *chatV1.Implementation { return s.chatImpl } + +func (s *serviceProvider) TLSCredentials(_ context.Context) credentials.TransportCredentials { + if s.tlsCredentials == nil { + creds, err := credentials.NewClientTLSFromFile(s.TLSConfig().CertFile(), "") + if err != nil { + logger.Fatalf("new client tls from file: %s", err.Error()) + } + + s.tlsCredentials = creds + } + + return s.tlsCredentials +} diff --git a/internal/config/tls.go b/internal/config/tls.go new file mode 100644 index 0000000..ddeb11f --- /dev/null +++ b/internal/config/tls.go @@ -0,0 +1,31 @@ +package config + +import ( + "github.com/satanaroom/auth/pkg/env" +) + +var _ TLSConfig = (*tlsConfig)(nil) + +const tlsCertFileEnvName = "TLS_AUTH_CERT_FILE" + +type TLSConfig interface { + CertFile() string +} + +type tlsConfig struct { + certFile string +} + +func NewTLSConfig() (*tlsConfig, error) { + var certFile string + + env.ToString(&certFile, tlsCertFileEnvName, "service.pem") + + return &tlsConfig{ + certFile: certFile, + }, nil +} + +func (c *tlsConfig) CertFile() string { + return c.certFile +} diff --git a/internal/interceptor/auth.go b/internal/interceptor/auth.go index 0f1ffe4..deb184b 100644 --- a/internal/interceptor/auth.go +++ b/internal/interceptor/auth.go @@ -2,7 +2,6 @@ package interceptor import ( "context" - "fmt" "github.com/satanaroom/chat_server/internal/clients/grpc/auth" "google.golang.org/grpc" @@ -28,7 +27,7 @@ func (i *authInterceptor) Unary() grpc.UnaryServerInterceptor { ok, err = i.authClient.Check(ctx, info.FullMethod) if err != nil || !ok { - return nil, fmt.Errorf("check access: %w", err) + return nil, err } return handler(ctx, req)