mirror of
https://github.com/rocky-linux/peridot.git
synced 2024-11-22 05:01:26 +00:00
Chain interceptors using grpc_middleware
Signed-off-by: Mustafa Gezen <mustafa@ctrliq.com>
This commit is contained in:
parent
226c0f4c30
commit
eeaced0b14
@ -29,11 +29,14 @@ go_library(
|
|||||||
"//vendor/github.com/go-chi/chi/middleware",
|
"//vendor/github.com/go-chi/chi/middleware",
|
||||||
"//vendor/github.com/go-openapi/runtime",
|
"//vendor/github.com/go-openapi/runtime",
|
||||||
"//vendor/github.com/go-openapi/strfmt",
|
"//vendor/github.com/go-openapi/strfmt",
|
||||||
|
"//vendor/github.com/grpc-ecosystem/go-grpc-middleware",
|
||||||
|
"//vendor/github.com/grpc-ecosystem/go-grpc-prometheus",
|
||||||
"//vendor/github.com/jmoiron/sqlx",
|
"//vendor/github.com/jmoiron/sqlx",
|
||||||
"//vendor/github.com/lib/pq",
|
"//vendor/github.com/lib/pq",
|
||||||
"//vendor/github.com/ory/hydra-client-go/client",
|
"//vendor/github.com/ory/hydra-client-go/client",
|
||||||
"//vendor/github.com/ory/hydra-client-go/client/admin",
|
"//vendor/github.com/ory/hydra-client-go/client/admin",
|
||||||
"//vendor/github.com/ory/hydra-client-go/client/public",
|
"//vendor/github.com/ory/hydra-client-go/client/public",
|
||||||
|
"//vendor/github.com/prometheus/client_golang/prometheus/promhttp",
|
||||||
"//vendor/github.com/sirupsen/logrus",
|
"//vendor/github.com/sirupsen/logrus",
|
||||||
"//vendor/github.com/spf13/pflag",
|
"//vendor/github.com/spf13/pflag",
|
||||||
"//vendor/github.com/spf13/viper",
|
"//vendor/github.com/spf13/viper",
|
||||||
|
@ -32,6 +32,7 @@ package utils
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
|
grpc_middleware "github.com/grpc-ecosystem/go-grpc-middleware"
|
||||||
"github.com/grpc-ecosystem/go-grpc-prometheus"
|
"github.com/grpc-ecosystem/go-grpc-prometheus"
|
||||||
"github.com/prometheus/client_golang/prometheus/promhttp"
|
"github.com/prometheus/client_golang/prometheus/promhttp"
|
||||||
"google.golang.org/grpc/credentials/insecure"
|
"google.golang.org/grpc/credentials/insecure"
|
||||||
@ -169,25 +170,10 @@ func NewGRPCServer(goptions *GRPCOptions, endpoint func(*Register), serve func(*
|
|||||||
// If the server already declares a unary interceptor, let's chain
|
// If the server already declares a unary interceptor, let's chain
|
||||||
// and make grpc_prometheus run first
|
// and make grpc_prometheus run first
|
||||||
if options.Interceptor != nil {
|
if options.Interceptor != nil {
|
||||||
serverOpts = append(serverOpts, grpc.UnaryInterceptor(
|
serverOpts = append(serverOpts, grpc.UnaryInterceptor(grpc_middleware.ChainUnaryServer(
|
||||||
func(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (resp interface{}, err error) {
|
grpc_prometheus.UnaryServerInterceptor,
|
||||||
n := func(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (resp interface{}, err error) {
|
options.Interceptor,
|
||||||
return options.Interceptor(ctx, req, info, handler)
|
)))
|
||||||
}
|
|
||||||
n = func(next grpc.UnaryServerInterceptor) grpc.UnaryServerInterceptor {
|
|
||||||
return func(ctx context.Context, req interface{}, usi *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (interface{}, error) {
|
|
||||||
_, err := grpc_prometheus.UnaryServerInterceptor(ctx, req, info, handler)
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
|
|
||||||
return next(ctx, req, usi, handler)
|
|
||||||
}
|
|
||||||
}(n)
|
|
||||||
|
|
||||||
return n(ctx, req, info, handler)
|
|
||||||
},
|
|
||||||
))
|
|
||||||
} else {
|
} else {
|
||||||
// Else, only declare prometheus interceptor
|
// Else, only declare prometheus interceptor
|
||||||
serverOpts = append(serverOpts, grpc.UnaryInterceptor(grpc_prometheus.UnaryServerInterceptor))
|
serverOpts = append(serverOpts, grpc.UnaryInterceptor(grpc_prometheus.UnaryServerInterceptor))
|
||||||
@ -196,25 +182,10 @@ func NewGRPCServer(goptions *GRPCOptions, endpoint func(*Register), serve func(*
|
|||||||
// If the server already declares a stream interceptor, let's chain
|
// If the server already declares a stream interceptor, let's chain
|
||||||
// and make grpc_prometheus run first
|
// and make grpc_prometheus run first
|
||||||
if options.ServerInterceptor != nil {
|
if options.ServerInterceptor != nil {
|
||||||
serverOpts = append(serverOpts, grpc.StreamInterceptor(
|
serverOpts = append(serverOpts, grpc.StreamInterceptor(grpc_middleware.ChainStreamServer(
|
||||||
func(srv interface{}, ss grpc.ServerStream, info *grpc.StreamServerInfo, handler grpc.StreamHandler) error {
|
grpc_prometheus.StreamServerInterceptor,
|
||||||
n := func(srv interface{}, ss grpc.ServerStream, info *grpc.StreamServerInfo, handler grpc.StreamHandler) error {
|
options.ServerInterceptor,
|
||||||
return options.ServerInterceptor(srv, ss, info, handler)
|
)))
|
||||||
}
|
|
||||||
n = func(next grpc.StreamServerInterceptor) grpc.StreamServerInterceptor {
|
|
||||||
return func(srv interface{}, ss grpc.ServerStream, info *grpc.StreamServerInfo, handler grpc.StreamHandler) error {
|
|
||||||
err := grpc_prometheus.StreamServerInterceptor(srv, ss, info, handler)
|
|
||||||
if err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
|
|
||||||
return next(srv, ss, info, handler)
|
|
||||||
}
|
|
||||||
}(n)
|
|
||||||
|
|
||||||
return n(srv, ss, info, handler)
|
|
||||||
},
|
|
||||||
))
|
|
||||||
} else {
|
} else {
|
||||||
// Else, only declare prometheus interceptor
|
// Else, only declare prometheus interceptor
|
||||||
serverOpts = append(serverOpts, grpc.StreamInterceptor(grpc_prometheus.StreamServerInterceptor))
|
serverOpts = append(serverOpts, grpc.StreamInterceptor(grpc_prometheus.StreamServerInterceptor))
|
||||||
|
@ -118,6 +118,9 @@ func checkAuth(ctx context.Context, hydraSDK *client.OryHydra, hydraAdmin *clien
|
|||||||
userInfo.Payload.Name = introspect.Payload.Sub
|
userInfo.Payload.Name = introspect.Payload.Sub
|
||||||
userInfo.Payload.Email = fmt.Sprintf("%s@%s", introspect.Payload.Sub, "serviceaccount.resf.org")
|
userInfo.Payload.Email = fmt.Sprintf("%s@%s", introspect.Payload.Sub, "serviceaccount.resf.org")
|
||||||
}
|
}
|
||||||
|
if userInfo.Payload.Sub == "" {
|
||||||
|
return ctx, status.Errorf(codes.Unauthenticated, "invalid authorization token")
|
||||||
|
}
|
||||||
|
|
||||||
// supply subject and token to further requests
|
// supply subject and token to further requests
|
||||||
pairs := metadata.Pairs("x-user-id", userInfo.Payload.Sub, "x-user-name", userInfo.Payload.Name, "x-user-email", userInfo.Payload.Email, "x-auth-token", authToken[1])
|
pairs := metadata.Pairs("x-user-id", userInfo.Payload.Sub, "x-user-name", userInfo.Payload.Name, "x-user-email", userInfo.Payload.Email, "x-auth-token", authToken[1])
|
||||||
|
Loading…
Reference in New Issue
Block a user