go.etcd.io/etcd@v3.3.27+incompatible/proxy/grpcproxy/util.go

go.etcd.io/etcd@v3.3.27+incompatible/proxy/grpcproxy/util.go (about)

     1  // Copyright 2017 The etcd Authors
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //     http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  package grpcproxy
    16  
    17  import (
    18  	"context"
    19  
    20  	"google.golang.org/grpc"
    21  	"google.golang.org/grpc/metadata"
    22  )
    23  
    24  func getAuthTokenFromClient(ctx context.Context) string {
    25  	md, ok := metadata.FromIncomingContext(ctx)
    26  	if ok {
    27  		ts, ok := md["token"]
    28  		if ok {
    29  			return ts[0]
    30  		}
    31  	}
    32  	return ""
    33  }
    34  
    35  func withClientAuthToken(ctx context.Context, ctxWithToken context.Context) context.Context {
    36  	token := getAuthTokenFromClient(ctxWithToken)
    37  	if token != "" {
    38  		ctx = context.WithValue(ctx, "token", token)
    39  	}
    40  	return ctx
    41  }
    42  
    43  type proxyTokenCredential struct {
    44  	token string
    45  }
    46  
    47  func (cred *proxyTokenCredential) RequireTransportSecurity() bool {
    48  	return false
    49  }
    50  
    51  func (cred *proxyTokenCredential) GetRequestMetadata(ctx context.Context, s ...string) (map[string]string, error) {
    52  	return map[string]string{
    53  		"token": cred.token,
    54  	}, nil
    55  }
    56  
    57  func AuthUnaryClientInterceptor(ctx context.Context, method string, req, reply interface{}, cc *grpc.ClientConn, invoker grpc.UnaryInvoker, opts ...grpc.CallOption) error {
    58  	token := getAuthTokenFromClient(ctx)
    59  	if token != "" {
    60  		tokenCred := &proxyTokenCredential{token}
    61  		opts = append(opts, grpc.PerRPCCredentials(tokenCred))
    62  	}
    63  	return invoker(ctx, method, req, reply, cc, opts...)
    64  }
    65  
    66  func AuthStreamClientInterceptor(ctx context.Context, desc *grpc.StreamDesc, cc *grpc.ClientConn, method string, streamer grpc.Streamer, opts ...grpc.CallOption) (grpc.ClientStream, error) {
    67  	tokenif := ctx.Value("token")
    68  	if tokenif != nil {
    69  		tokenCred := &proxyTokenCredential{tokenif.(string)}
    70  		opts = append(opts, grpc.PerRPCCredentials(tokenCred))
    71  	}
    72  	return streamer(ctx, desc, cc, method, opts...)
    73  }