github.com/kaisenlinux/docker.io@v0.0.0-20230510090727-ea55db55fac7/swarmkit/protobuf/plugin/authenticatedwrapper/authenticatedwrapper.go (about) 1 package authenticatedwrapper 2 3 import ( 4 "strings" 5 6 "github.com/docker/swarmkit/protobuf/plugin" 7 "github.com/gogo/protobuf/proto" 8 "github.com/gogo/protobuf/protoc-gen-gogo/descriptor" 9 "github.com/gogo/protobuf/protoc-gen-gogo/generator" 10 ) 11 12 type authenticatedWrapperGen struct { 13 gen *generator.Generator 14 } 15 16 func init() { 17 generator.RegisterPlugin(new(authenticatedWrapperGen)) 18 } 19 20 func (g *authenticatedWrapperGen) Init(gen *generator.Generator) { 21 g.gen = gen 22 } 23 24 func (g *authenticatedWrapperGen) Name() string { 25 return "authenticatedwrapper" 26 } 27 28 func (g *authenticatedWrapperGen) genAuthenticatedStruct(s *descriptor.ServiceDescriptorProto) { 29 g.gen.P("type " + serviceTypeName(s) + " struct {") 30 g.gen.P(" local " + s.GetName() + "Server") 31 g.gen.P(" authorize func(context.Context, []string) error") 32 g.gen.P("}") 33 } 34 35 func (g *authenticatedWrapperGen) genAuthenticatedConstructor(s *descriptor.ServiceDescriptorProto) { 36 g.gen.P("func NewAuthenticatedWrapper" + s.GetName() + "Server(local " + s.GetName() + "Server, authorize func(context.Context, []string) error)" + s.GetName() + "Server {") 37 g.gen.P("return &" + serviceTypeName(s) + `{ 38 local: local, 39 authorize: authorize, 40 }`) 41 g.gen.P("}") 42 } 43 44 func getInputTypeName(m *descriptor.MethodDescriptorProto) string { 45 parts := strings.Split(m.GetInputType(), ".") 46 return parts[len(parts)-1] 47 } 48 49 func getOutputTypeName(m *descriptor.MethodDescriptorProto) string { 50 parts := strings.Split(m.GetOutputType(), ".") 51 return parts[len(parts)-1] 52 } 53 54 func serviceTypeName(s *descriptor.ServiceDescriptorProto) string { 55 return "authenticatedWrapper" + s.GetName() + "Server" 56 } 57 58 func sigPrefix(s *descriptor.ServiceDescriptorProto, m *descriptor.MethodDescriptorProto) string { 59 return "func (p *" + serviceTypeName(s) + ") " + m.GetName() + "(" 60 } 61 62 func genRoles(auth *plugin.TLSAuthorization) string { 63 rolesSlice := "[]string{" 64 first := true 65 for _, role := range auth.Roles { 66 if !first { 67 rolesSlice += "," 68 } 69 first = false 70 rolesSlice += `"` + role + `"` 71 } 72 73 rolesSlice += "}" 74 75 return rolesSlice 76 } 77 78 func (g *authenticatedWrapperGen) genServerStreamingMethod(s *descriptor.ServiceDescriptorProto, m *descriptor.MethodDescriptorProto) { 79 g.gen.P(sigPrefix(s, m) + "r *" + getInputTypeName(m) + ", stream " + s.GetName() + "_" + m.GetName() + "Server) error {") 80 81 authIntf, err := proto.GetExtension(m.Options, plugin.E_TlsAuthorization) 82 if err != nil { 83 g.gen.P(` 84 panic("no authorization information in protobuf")`) 85 g.gen.P(`}`) 86 return 87 } 88 89 auth := authIntf.(*plugin.TLSAuthorization) 90 91 if auth.Insecure != nil && *auth.Insecure { 92 if len(auth.Roles) != 0 { 93 panic("Roles and Insecure cannot both be specified") 94 } 95 g.gen.P(` 96 return p.local.` + m.GetName() + `(r, stream)`) 97 g.gen.P(`}`) 98 return 99 } 100 101 g.gen.P(` 102 if err := p.authorize(stream.Context(),` + genRoles(auth) + `); err != nil { 103 return err 104 } 105 return p.local.` + m.GetName() + `(r, stream)`) 106 g.gen.P("}") 107 } 108 109 func (g *authenticatedWrapperGen) genClientServerStreamingMethod(s *descriptor.ServiceDescriptorProto, m *descriptor.MethodDescriptorProto) { 110 g.gen.P(sigPrefix(s, m) + "stream " + s.GetName() + "_" + m.GetName() + "Server) error {") 111 112 authIntf, err := proto.GetExtension(m.Options, plugin.E_TlsAuthorization) 113 if err != nil { 114 g.gen.P(` 115 panic("no authorization information in protobuf")`) 116 g.gen.P(`}`) 117 return 118 } 119 120 auth := authIntf.(*plugin.TLSAuthorization) 121 122 if auth.Insecure != nil && *auth.Insecure { 123 if len(auth.Roles) != 0 { 124 panic("Roles and Insecure cannot both be specified") 125 } 126 g.gen.P(` 127 return p.local.` + m.GetName() + `(stream)`) 128 g.gen.P(`}`) 129 return 130 } 131 132 g.gen.P(` 133 if err := p.authorize(stream.Context(), ` + genRoles(auth) + `); err != nil { 134 return err 135 } 136 return p.local.` + m.GetName() + `(stream)`) 137 g.gen.P("}") 138 } 139 140 func (g *authenticatedWrapperGen) genSimpleMethod(s *descriptor.ServiceDescriptorProto, m *descriptor.MethodDescriptorProto) { 141 g.gen.P(sigPrefix(s, m) + "ctx context.Context, r *" + getInputTypeName(m) + ") (*" + getOutputTypeName(m) + ", error) {") 142 143 authIntf, err := proto.GetExtension(m.Options, plugin.E_TlsAuthorization) 144 if err != nil { 145 g.gen.P(` 146 panic("no authorization information in protobuf")`) 147 g.gen.P(`}`) 148 return 149 } 150 151 auth := authIntf.(*plugin.TLSAuthorization) 152 153 if auth.Insecure != nil && *auth.Insecure { 154 if len(auth.Roles) != 0 { 155 panic("Roles and Insecure cannot both be specified") 156 } 157 g.gen.P(` 158 return p.local.` + m.GetName() + `(ctx, r)`) 159 g.gen.P(`}`) 160 return 161 } 162 163 g.gen.P(` 164 if err := p.authorize(ctx, ` + genRoles(auth) + `); err != nil { 165 return nil, err 166 } 167 return p.local.` + m.GetName() + `(ctx, r)`) 168 g.gen.P("}") 169 } 170 171 func (g *authenticatedWrapperGen) genAuthenticatedMethod(s *descriptor.ServiceDescriptorProto, m *descriptor.MethodDescriptorProto) { 172 g.gen.P() 173 switch { 174 case m.GetClientStreaming(): 175 g.genClientServerStreamingMethod(s, m) 176 case m.GetServerStreaming(): 177 g.genServerStreamingMethod(s, m) 178 default: 179 g.genSimpleMethod(s, m) 180 } 181 g.gen.P() 182 } 183 184 func (g *authenticatedWrapperGen) Generate(file *generator.FileDescriptor) { 185 g.gen.P() 186 for _, s := range file.Service { 187 g.genAuthenticatedStruct(s) 188 g.genAuthenticatedConstructor(s) 189 for _, m := range s.Method { 190 g.genAuthenticatedMethod(s, m) 191 } 192 } 193 g.gen.P() 194 } 195 196 func (g *authenticatedWrapperGen) GenerateImports(file *generator.FileDescriptor) { 197 }