github.com/weaviate/weaviate@v1.24.6/adapters/handlers/grpc/v1/auth.go (about) 1 // _ _ 2 // __ _____ __ ___ ___ __ _| |_ ___ 3 // \ \ /\ / / _ \/ _` \ \ / / |/ _` | __/ _ \ 4 // \ V V / __/ (_| |\ V /| | (_| | || __/ 5 // \_/\_/ \___|\__,_| \_/ |_|\__,_|\__\___| 6 // 7 // Copyright © 2016 - 2024 Weaviate B.V. All rights reserved. 8 // 9 // CONTACT: hello@weaviate.io 10 // 11 12 package v1 13 14 import ( 15 "context" 16 "strings" 17 18 "github.com/weaviate/weaviate/entities/models" 19 "google.golang.org/grpc/metadata" 20 ) 21 22 // This should probably be run as part of a middleware. In the initial gRPC 23 // implementation there is only a single endpoint, so it's fine to run this 24 // straight from the endpoint. But the moment we add a second endpoint, this 25 // should be called from a central place. This way we can make sure it's 26 // impossible to forget to add it to a new endpoint. 27 func (s *Service) principalFromContext(ctx context.Context) (*models.Principal, error) { 28 md, ok := metadata.FromIncomingContext(ctx) 29 if !ok { 30 return s.tryAnonymous() 31 } 32 33 // the grpc library will lowercase all md keys, so we need to make sure to 34 // check a lowercase key 35 authValue, ok := md["authorization"] 36 if !ok { 37 return s.tryAnonymous() 38 } 39 40 if len(authValue) == 0 { 41 return s.tryAnonymous() 42 } 43 44 if !strings.HasPrefix(authValue[0], "Bearer ") { 45 return s.tryAnonymous() 46 } 47 48 token := strings.TrimPrefix(authValue[0], "Bearer ") 49 return s.authComposer(token, nil) 50 } 51 52 func (s *Service) tryAnonymous() (*models.Principal, error) { 53 if s.allowAnonymousAccess { 54 return nil, nil 55 } 56 57 return s.authComposer("", nil) 58 }