go.chromium.org/luci@v0.0.0-20240309015107-7cdc2e660f33/appengine/gaeauth/server/service.go (about) 1 // Copyright 2015 The LUCI Authors. 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 package server 16 17 import ( 18 "context" 19 20 "go.chromium.org/luci/auth/identity" 21 "go.chromium.org/luci/server/auth" 22 ) 23 24 // InboundAppIDAuthMethod implements auth.Method by checking special HTTP 25 // header (X-Appengine-Inbound-Appid), that is set iff one GAE app talks to 26 // another. 27 // 28 // Deprecated: switch to using service accounts for authenticating calls between 29 // services instead. 30 type InboundAppIDAuthMethod struct{} 31 32 var _ auth.Method = InboundAppIDAuthMethod{} 33 34 // Authenticate extracts peer's identity from the incoming request. 35 func (m InboundAppIDAuthMethod) Authenticate(ctx context.Context, r auth.RequestMetadata) (*auth.User, auth.Session, error) { 36 appID := r.Header("X-Appengine-Inbound-Appid") 37 if appID == "" { 38 return nil, nil, nil 39 } 40 id, err := identity.MakeIdentity("service:" + appID) 41 if err != nil { 42 return nil, nil, err 43 } 44 return &auth.User{Identity: id}, nil, nil 45 }