gitee.com/ks-custle/core-gm@v0.0.0-20230922171213-b83bdd97b62c/go-grpc-middleware/auth/auth.go (about)

     1  // Copyright 2016 Michal Witkowski. All Rights Reserved.
     2  // See LICENSE for licensing terms.
     3  
     4  package grpc_auth
     5  
     6  import (
     7  	grpcmiddleware "gitee.com/ks-custle/core-gm/go-grpc-middleware"
     8  	"gitee.com/ks-custle/core-gm/grpc"
     9  	"gitee.com/ks-custle/core-gm/net/context"
    10  )
    11  
    12  // AuthFunc is the pluggable function that performs authentication.
    13  //
    14  // The passed in `Context` will contain the gRPC metadata.MD object (for header-based authentication) and
    15  // the peer.Peer information that can contain transport-based credentials (e.g. `credentials.AuthInfo`).
    16  //
    17  // The returned context will be propagated to handlers, allowing user changes to `Context`. However,
    18  // please make sure that the `Context` returned is a child `Context` of the one passed in.
    19  //
    20  // If error is returned, its `grpc.Code()` will be returned to the user as well as the verbatim message.
    21  // Please make sure you use `codes.Unauthenticated` (lacking auth) and `codes.PermissionDenied`
    22  // (authed, but lacking perms) appropriately.
    23  type AuthFunc func(ctx context.Context) (context.Context, error)
    24  
    25  // ServiceAuthFuncOverride allows a given gRPC service implementation to override the global `AuthFunc`.
    26  //
    27  // If a service implements the AuthFuncOverride method, it takes precedence over the `AuthFunc` method,
    28  // and will be called instead of AuthFunc for all method invocations within that service.
    29  type ServiceAuthFuncOverride interface {
    30  	AuthFuncOverride(ctx context.Context, fullMethodName string) (context.Context, error)
    31  }
    32  
    33  // UnaryServerInterceptor returns a new unary server interceptors that performs per-request auth.
    34  func UnaryServerInterceptor(authFunc AuthFunc) grpc.UnaryServerInterceptor {
    35  	return func(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (interface{}, error) {
    36  		var newCtx context.Context
    37  		var err error
    38  		if overrideSrv, ok := info.Server.(ServiceAuthFuncOverride); ok {
    39  			newCtx, err = overrideSrv.AuthFuncOverride(ctx, info.FullMethod)
    40  		} else {
    41  			newCtx, err = authFunc(ctx)
    42  		}
    43  		if err != nil {
    44  			return nil, err
    45  		}
    46  		return handler(newCtx, req)
    47  	}
    48  }
    49  
    50  // StreamServerInterceptor returns a new unary server interceptors that performs per-request auth.
    51  func StreamServerInterceptor(authFunc AuthFunc) grpc.StreamServerInterceptor {
    52  	return func(srv interface{}, stream grpc.ServerStream, info *grpc.StreamServerInfo, handler grpc.StreamHandler) error {
    53  		var newCtx context.Context
    54  		var err error
    55  		if overrideSrv, ok := srv.(ServiceAuthFuncOverride); ok {
    56  			newCtx, err = overrideSrv.AuthFuncOverride(stream.Context(), info.FullMethod)
    57  		} else {
    58  			newCtx, err = authFunc(stream.Context())
    59  		}
    60  		if err != nil {
    61  			return err
    62  		}
    63  		wrapped := grpcmiddleware.WrapServerStream(stream)
    64  		wrapped.WrappedContext = newCtx
    65  		return handler(srv, wrapped)
    66  	}
    67  }