peridot/vendor/github.com/grpc-ecosystem/go-grpc-middleware/auth/auth.go

// Copyright 2016 Michal Witkowski. All Rights Reserved.
// See LICENSE for licensing terms.

package grpc_auth

import (
	"context"

	"github.com/grpc-ecosystem/go-grpc-middleware"
	"google.golang.org/grpc"
)

// AuthFunc is the pluggable function that performs authentication.
//
// The passed in `Context` will contain the gRPC metadata.MD object (for header-based authentication) and
// the peer.Peer information that can contain transport-based credentials (e.g. `credentials.AuthInfo`).
//
// The returned context will be propagated to handlers, allowing user changes to `Context`. However,
// please make sure that the `Context` returned is a child `Context` of the one passed in.
//
// If error is returned, its `grpc.Code()` will be returned to the user as well as the verbatim message.
// Please make sure you use `codes.Unauthenticated` (lacking auth) and `codes.PermissionDenied`
// (authed, but lacking perms) appropriately.
type AuthFunc func(ctx context.Context) (context.Context, error)

// ServiceAuthFuncOverride allows a given gRPC service implementation to override the global `AuthFunc`.
//
// If a service implements the AuthFuncOverride method, it takes precedence over the `AuthFunc` method,
// and will be called instead of AuthFunc for all method invocations within that service.
type ServiceAuthFuncOverride interface {
	AuthFuncOverride(ctx context.Context, fullMethodName string) (context.Context, error)
}

// UnaryServerInterceptor returns a new unary server interceptors that performs per-request auth.
func UnaryServerInterceptor(authFunc AuthFunc) grpc.UnaryServerInterceptor {
	return func(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (interface{}, error) {
		var newCtx context.Context
		var err error
		if overrideSrv, ok := info.Server.(ServiceAuthFuncOverride); ok {
			newCtx, err = overrideSrv.AuthFuncOverride(ctx, info.FullMethod)
		} else {
			newCtx, err = authFunc(ctx)
		}
		if err != nil {
			return nil, err
		}
		return handler(newCtx, req)
	}
}

// StreamServerInterceptor returns a new unary server interceptors that performs per-request auth.
func StreamServerInterceptor(authFunc AuthFunc) grpc.StreamServerInterceptor {
	return func(srv interface{}, stream grpc.ServerStream, info *grpc.StreamServerInfo, handler grpc.StreamHandler) error {
		var newCtx context.Context
		var err error
		if overrideSrv, ok := srv.(ServiceAuthFuncOverride); ok {
			newCtx, err = overrideSrv.AuthFuncOverride(stream.Context(), info.FullMethod)
		} else {
			newCtx, err = authFunc(stream.Context())
		}
		if err != nil {
			return err
		}
		wrapped := grpc_middleware.WrapServerStream(stream)
		wrapped.WrappedContext = newCtx
		return handler(srv, wrapped)
	}
}
Initial commit 2022-07-07 20:11:50 +00:00			`// Copyright 2016 Michal Witkowski. All Rights Reserved.`
			`// See LICENSE for licensing terms.`

			`package grpc_auth`

			`import (`
			`"context"`

			`"github.com/grpc-ecosystem/go-grpc-middleware"`
			`"google.golang.org/grpc"`
			`)`

			`// AuthFunc is the pluggable function that performs authentication.`
			`//`
			// The passed in `Context` will contain the gRPC metadata.MD object (for header-based authentication) and
			// the peer.Peer information that can contain transport-based credentials (e.g. `credentials.AuthInfo`).
			`//`
			// The returned context will be propagated to handlers, allowing user changes to `Context`. However,
			// please make sure that the `Context` returned is a child `Context` of the one passed in.
			`//`
			// If error is returned, its `grpc.Code()` will be returned to the user as well as the verbatim message.
			// Please make sure you use `codes.Unauthenticated` (lacking auth) and `codes.PermissionDenied`
			`// (authed, but lacking perms) appropriately.`
			`type AuthFunc func(ctx context.Context) (context.Context, error)`

			// ServiceAuthFuncOverride allows a given gRPC service implementation to override the global `AuthFunc`.
			`//`
			// If a service implements the AuthFuncOverride method, it takes precedence over the `AuthFunc` method,
			`// and will be called instead of AuthFunc for all method invocations within that service.`
			`type ServiceAuthFuncOverride interface {`
			`AuthFuncOverride(ctx context.Context, fullMethodName string) (context.Context, error)`
			`}`

			`// UnaryServerInterceptor returns a new unary server interceptors that performs per-request auth.`
			`func UnaryServerInterceptor(authFunc AuthFunc) grpc.UnaryServerInterceptor {`
			`return func(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (interface{}, error) {`
			`var newCtx context.Context`
			`var err error`
			`if overrideSrv, ok := info.Server.(ServiceAuthFuncOverride); ok {`
			`newCtx, err = overrideSrv.AuthFuncOverride(ctx, info.FullMethod)`
			`} else {`
			`newCtx, err = authFunc(ctx)`
			`}`
			`if err != nil {`
			`return nil, err`
			`}`
			`return handler(newCtx, req)`
			`}`
			`}`

			`// StreamServerInterceptor returns a new unary server interceptors that performs per-request auth.`
			`func StreamServerInterceptor(authFunc AuthFunc) grpc.StreamServerInterceptor {`
			`return func(srv interface{}, stream grpc.ServerStream, info *grpc.StreamServerInfo, handler grpc.StreamHandler) error {`
			`var newCtx context.Context`
			`var err error`
			`if overrideSrv, ok := srv.(ServiceAuthFuncOverride); ok {`
			`newCtx, err = overrideSrv.AuthFuncOverride(stream.Context(), info.FullMethod)`
			`} else {`
			`newCtx, err = authFunc(stream.Context())`
			`}`
			`if err != nil {`
			`return err`
			`}`
			`wrapped := grpc_middleware.WrapServerStream(stream)`
			`wrapped.WrappedContext = newCtx`
			`return handler(srv, wrapped)`
			`}`
			`}`