From eeaced0b14abf1a114286325fba9ab3be9b3e5ee Mon Sep 17 00:00:00 2001 From: Mustafa Gezen Date: Fri, 26 Aug 2022 21:40:47 +0200 Subject: [PATCH] Chain interceptors using grpc_middleware Signed-off-by: Mustafa Gezen --- utils/BUILD.bazel | 3 +++ utils/grpc.go | 47 +++++++++---------------------------------- utils/interceptors.go | 3 +++ 3 files changed, 15 insertions(+), 38 deletions(-) diff --git a/utils/BUILD.bazel b/utils/BUILD.bazel index b560152a..33a7a2d7 100644 --- a/utils/BUILD.bazel +++ b/utils/BUILD.bazel @@ -29,11 +29,14 @@ go_library( "//vendor/github.com/go-chi/chi/middleware", "//vendor/github.com/go-openapi/runtime", "//vendor/github.com/go-openapi/strfmt", + "//vendor/github.com/grpc-ecosystem/go-grpc-middleware", + "//vendor/github.com/grpc-ecosystem/go-grpc-prometheus", "//vendor/github.com/jmoiron/sqlx", "//vendor/github.com/lib/pq", "//vendor/github.com/ory/hydra-client-go/client", "//vendor/github.com/ory/hydra-client-go/client/admin", "//vendor/github.com/ory/hydra-client-go/client/public", + "//vendor/github.com/prometheus/client_golang/prometheus/promhttp", "//vendor/github.com/sirupsen/logrus", "//vendor/github.com/spf13/pflag", "//vendor/github.com/spf13/viper", diff --git a/utils/grpc.go b/utils/grpc.go index 4aab8cfa..7aa52def 100644 --- a/utils/grpc.go +++ b/utils/grpc.go @@ -32,6 +32,7 @@ package utils import ( "context" + grpc_middleware "github.com/grpc-ecosystem/go-grpc-middleware" "github.com/grpc-ecosystem/go-grpc-prometheus" "github.com/prometheus/client_golang/prometheus/promhttp" "google.golang.org/grpc/credentials/insecure" @@ -169,25 +170,10 @@ func NewGRPCServer(goptions *GRPCOptions, endpoint func(*Register), serve func(* // If the server already declares a unary interceptor, let's chain // and make grpc_prometheus run first if options.Interceptor != nil { - serverOpts = append(serverOpts, grpc.UnaryInterceptor( - func(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (resp interface{}, err error) { - n := func(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (resp interface{}, err error) { - return options.Interceptor(ctx, req, info, handler) - } - n = func(next grpc.UnaryServerInterceptor) grpc.UnaryServerInterceptor { - return func(ctx context.Context, req interface{}, usi *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (interface{}, error) { - _, err := grpc_prometheus.UnaryServerInterceptor(ctx, req, info, handler) - if err != nil { - return nil, err - } - - return next(ctx, req, usi, handler) - } - }(n) - - return n(ctx, req, info, handler) - }, - )) + serverOpts = append(serverOpts, grpc.UnaryInterceptor(grpc_middleware.ChainUnaryServer( + grpc_prometheus.UnaryServerInterceptor, + options.Interceptor, + ))) } else { // Else, only declare prometheus interceptor serverOpts = append(serverOpts, grpc.UnaryInterceptor(grpc_prometheus.UnaryServerInterceptor)) @@ -196,25 +182,10 @@ func NewGRPCServer(goptions *GRPCOptions, endpoint func(*Register), serve func(* // If the server already declares a stream interceptor, let's chain // and make grpc_prometheus run first if options.ServerInterceptor != nil { - serverOpts = append(serverOpts, grpc.StreamInterceptor( - func(srv interface{}, ss grpc.ServerStream, info *grpc.StreamServerInfo, handler grpc.StreamHandler) error { - n := func(srv interface{}, ss grpc.ServerStream, info *grpc.StreamServerInfo, handler grpc.StreamHandler) error { - return options.ServerInterceptor(srv, ss, info, handler) - } - n = func(next grpc.StreamServerInterceptor) grpc.StreamServerInterceptor { - return func(srv interface{}, ss grpc.ServerStream, info *grpc.StreamServerInfo, handler grpc.StreamHandler) error { - err := grpc_prometheus.StreamServerInterceptor(srv, ss, info, handler) - if err != nil { - return err - } - - return next(srv, ss, info, handler) - } - }(n) - - return n(srv, ss, info, handler) - }, - )) + serverOpts = append(serverOpts, grpc.StreamInterceptor(grpc_middleware.ChainStreamServer( + grpc_prometheus.StreamServerInterceptor, + options.ServerInterceptor, + ))) } else { // Else, only declare prometheus interceptor serverOpts = append(serverOpts, grpc.StreamInterceptor(grpc_prometheus.StreamServerInterceptor)) diff --git a/utils/interceptors.go b/utils/interceptors.go index ad9b8ecf..c27a89c5 100644 --- a/utils/interceptors.go +++ b/utils/interceptors.go @@ -118,6 +118,9 @@ func checkAuth(ctx context.Context, hydraSDK *client.OryHydra, hydraAdmin *clien userInfo.Payload.Name = introspect.Payload.Sub userInfo.Payload.Email = fmt.Sprintf("%s@%s", introspect.Payload.Sub, "serviceaccount.resf.org") } + if userInfo.Payload.Sub == "" { + return ctx, status.Errorf(codes.Unauthenticated, "invalid authorization token") + } // supply subject and token to further requests pairs := metadata.Pairs("x-user-id", userInfo.Payload.Sub, "x-user-name", userInfo.Payload.Name, "x-user-email", userInfo.Payload.Email, "x-auth-token", authToken[1])