Skip to content
Snippets Groups Projects
Commit 90c5e5e6 authored by ko_oler's avatar ko_oler
Browse files

добавлен PrincipalInterceptorConnect

parent 5949056b
No related branches found
No related tags found
No related merge requests found
...@@ -6,6 +6,7 @@ import ( ...@@ -6,6 +6,7 @@ import (
"crypto/x509" "crypto/x509"
"net/url" "net/url"
"connectrpc.com/connect"
"git.perx.ru/perxis/perxis-go/pkg/errors" "git.perx.ru/perxis/perxis-go/pkg/errors"
kitgrpc "github.com/go-kit/kit/transport/grpc" kitgrpc "github.com/go-kit/kit/transport/grpc"
"golang.org/x/oauth2/clientcredentials" "golang.org/x/oauth2/clientcredentials"
...@@ -150,3 +151,62 @@ func TLSCredentials(ctx context.Context, cert, cacert, key []byte) (credentials. ...@@ -150,3 +151,62 @@ func TLSCredentials(ctx context.Context, cert, cacert, key []byte) (credentials.
} }
return credentials.NewTLS(&tls.Config{Certificates: []tls.Certificate{clientCert}, RootCAs: certPool}), nil return credentials.NewTLS(&tls.Config{Certificates: []tls.Certificate{clientCert}, RootCAs: certPool}), nil
} }
// PrincipalInterceptorConnect интерсептор для клиента и сервера
// используется для получения данных принципала из запроса и добавления в контекст.
func PrincipalInterceptorConnect(factory *PrincipalFactory) connect.UnaryInterceptorFunc { //nolint:gocognit // example
interceptor := func(next connect.UnaryFunc) connect.UnaryFunc {
return func(
ctx context.Context,
req connect.AnyRequest,
) (connect.AnyResponse, error) {
if req.Spec().IsClient {
p := GetPrincipal(ctx)
switch p := p.(type) {
case *UserPrincipal:
if p.GetIdentity(ctx) != "" {
req.Header().Set(OAuth2IdentityMetadata, p.GetIdentity(ctx))
}
case *ClientPrincipal:
if ident := p.GetIdentity(ctx); ident != nil {
switch {
case ident.OAuthClientID != "":
req.Header().Set(OAuth2IdentityMetadata, ident.OAuthClientID+"@clients")
case ident.TLSSubject != "":
req.Header().Set(TLSIdentityMetadata, ident.TLSSubject)
case ident.APIKey != "":
req.Header().Set(AuthorizationMetadata, "API-Key "+ident.APIKey)
}
}
case *SystemPrincipal:
req.Header().Set(AccessMetadata, p.GetID(ctx))
}
return next(ctx, req)
}
if identity := req.Header().Get(TLSIdentityMetadata); identity != "" {
ctx = WithPrincipal(ctx, factory.Principal(identity))
return next(ctx, req)
}
if identity := req.Header().Get(OAuth2IdentityMetadata); identity != "" {
ctx = WithPrincipal(ctx, factory.Principal(identity))
return next(ctx, req)
}
if identity := req.Header().Get(AuthorizationMetadata); identity != "" {
ctx = WithPrincipal(ctx, factory.Principal(identity))
return next(ctx, req)
}
if access := req.Header().Get(AccessMetadata); access != "" {
ctx = WithPrincipal(ctx, factory.Principal(access))
return next(ctx, req)
}
ctx = WithPrincipal(ctx, factory.Anonymous())
return next(ctx, req)
}
}
return interceptor
}
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment