Chain interceptors using grpc_middleware

Signed-off-by: Mustafa Gezen <mustafa@ctrliq.com>
This commit is contained in:
Mustafa Gezen 2022-08-26 21:40:47 +02:00
parent 226c0f4c30
commit eeaced0b14
Signed by untrusted user who does not match committer: mustafa
GPG Key ID: DCDF010D946438C1
3 changed files with 15 additions and 38 deletions

View File

@ -29,11 +29,14 @@ go_library(
"//vendor/github.com/go-chi/chi/middleware",
"//vendor/github.com/go-openapi/runtime",
"//vendor/github.com/go-openapi/strfmt",
"//vendor/github.com/grpc-ecosystem/go-grpc-middleware",
"//vendor/github.com/grpc-ecosystem/go-grpc-prometheus",
"//vendor/github.com/jmoiron/sqlx",
"//vendor/github.com/lib/pq",
"//vendor/github.com/ory/hydra-client-go/client",
"//vendor/github.com/ory/hydra-client-go/client/admin",
"//vendor/github.com/ory/hydra-client-go/client/public",
"//vendor/github.com/prometheus/client_golang/prometheus/promhttp",
"//vendor/github.com/sirupsen/logrus",
"//vendor/github.com/spf13/pflag",
"//vendor/github.com/spf13/viper",

View File

@ -32,6 +32,7 @@ package utils
import (
"context"
grpc_middleware "github.com/grpc-ecosystem/go-grpc-middleware"
"github.com/grpc-ecosystem/go-grpc-prometheus"
"github.com/prometheus/client_golang/prometheus/promhttp"
"google.golang.org/grpc/credentials/insecure"
@ -169,25 +170,10 @@ func NewGRPCServer(goptions *GRPCOptions, endpoint func(*Register), serve func(*
// If the server already declares a unary interceptor, let's chain
// and make grpc_prometheus run first
if options.Interceptor != nil {
serverOpts = append(serverOpts, grpc.UnaryInterceptor(
func(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (resp interface{}, err error) {
n := func(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (resp interface{}, err error) {
return options.Interceptor(ctx, req, info, handler)
}
n = func(next grpc.UnaryServerInterceptor) grpc.UnaryServerInterceptor {
return func(ctx context.Context, req interface{}, usi *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (interface{}, error) {
_, err := grpc_prometheus.UnaryServerInterceptor(ctx, req, info, handler)
if err != nil {
return nil, err
}
return next(ctx, req, usi, handler)
}
}(n)
return n(ctx, req, info, handler)
},
))
serverOpts = append(serverOpts, grpc.UnaryInterceptor(grpc_middleware.ChainUnaryServer(
grpc_prometheus.UnaryServerInterceptor,
options.Interceptor,
)))
} else {
// Else, only declare prometheus interceptor
serverOpts = append(serverOpts, grpc.UnaryInterceptor(grpc_prometheus.UnaryServerInterceptor))
@ -196,25 +182,10 @@ func NewGRPCServer(goptions *GRPCOptions, endpoint func(*Register), serve func(*
// If the server already declares a stream interceptor, let's chain
// and make grpc_prometheus run first
if options.ServerInterceptor != nil {
serverOpts = append(serverOpts, grpc.StreamInterceptor(
func(srv interface{}, ss grpc.ServerStream, info *grpc.StreamServerInfo, handler grpc.StreamHandler) error {
n := func(srv interface{}, ss grpc.ServerStream, info *grpc.StreamServerInfo, handler grpc.StreamHandler) error {
return options.ServerInterceptor(srv, ss, info, handler)
}
n = func(next grpc.StreamServerInterceptor) grpc.StreamServerInterceptor {
return func(srv interface{}, ss grpc.ServerStream, info *grpc.StreamServerInfo, handler grpc.StreamHandler) error {
err := grpc_prometheus.StreamServerInterceptor(srv, ss, info, handler)
if err != nil {
return err
}
return next(srv, ss, info, handler)
}
}(n)
return n(srv, ss, info, handler)
},
))
serverOpts = append(serverOpts, grpc.StreamInterceptor(grpc_middleware.ChainStreamServer(
grpc_prometheus.StreamServerInterceptor,
options.ServerInterceptor,
)))
} else {
// Else, only declare prometheus interceptor
serverOpts = append(serverOpts, grpc.StreamInterceptor(grpc_prometheus.StreamServerInterceptor))

View File

@ -118,6 +118,9 @@ func checkAuth(ctx context.Context, hydraSDK *client.OryHydra, hydraAdmin *clien
userInfo.Payload.Name = introspect.Payload.Sub
userInfo.Payload.Email = fmt.Sprintf("%s@%s", introspect.Payload.Sub, "serviceaccount.resf.org")
}
if userInfo.Payload.Sub == "" {
return ctx, status.Errorf(codes.Unauthenticated, "invalid authorization token")
}
// supply subject and token to further requests
pairs := metadata.Pairs("x-user-id", userInfo.Payload.Sub, "x-user-name", userInfo.Payload.Name, "x-user-email", userInfo.Payload.Email, "x-auth-token", authToken[1])