aljaz/aperture
1
1
Fork 0
mirror of https://github.com/lightninglabs/aperture.git synced 2025-12-18 09:34:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
0fffe01dcca92f56b59ac2ff4a9bcf70b9575f03
aperture/auth/server_interceptor.go
Oliver Gugger 0fffe01dcc auth: refactor interceptor token extraction
2020-02-03 17:10:58 +01:00

71 lines
2.4 KiB
Go
Raw Blame History

package auth
import (
"bytes"
"context"
"fmt"
"net/http"
"github.com/lightninglabs/loop/lsat"
"google.golang.org/grpc"
"google.golang.org/grpc/metadata"
)
// ServerInterceptor is a gRPC server interceptor that extracts the token ID
// from the request context if an LSAT is present.
type ServerInterceptor struct{}
// UnaryInterceptor is an unary gRPC server interceptor that inspects incoming
// calls for authentication tokens. If an LSAT authentication token is found in
// the request, its token ID is extracted and treated as client ID. The
// extracted ID is then attached to the request context in a format that is easy
// to extract by request handlers.
func (i *ServerInterceptor) UnaryInterceptor(ctx context.Context,
req interface{}, _ *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (
resp interface{}, err error) {
// Try getting the authentication header embedded in the context meta
// data and parse it. We ignore all errors that happen and just forward
// the request to the handler if anything fails. Incoming calls with
// invalid metadata will therefore just be treated as non-identified or
// non-authenticated.
token, err := tokenFromContext(ctx)
if err != nil {
log.Debugf("No token extracted, error was: %v", err)
return handler(ctx, req)
}
// We got a token, create a new context that wraps its value and
// continue the call chain by invoking the handler.
idCtx := AddToContext(ctx, KeyTokenID, *token)
return handler(idCtx, req)
}
// tokenFromContext tries to extract the LSAT from a context.
func tokenFromContext(ctx context.Context) (*lsat.TokenID, error) {
md, ok := metadata.FromIncomingContext(ctx)
if !ok {
return nil, fmt.Errorf("context contains no metadata")
}
header := &http.Header{
HeaderAuthorization: md.Get(HeaderAuthorization),
}
log.Debugf("Auth header present in request: %s",
md.Get(HeaderAuthorization))
macaroon, _, err := FromHeader(header)
if err != nil {
return nil, fmt.Errorf("auth header extraction failed: %v", err)
}
// If there is an LSAT, decode and add it to the context.
identifier, err := lsat.DecodeIdentifier(bytes.NewBuffer(macaroon.Id()))
if err != nil {
return nil, fmt.Errorf("token ID decoding failed: %v", err)
}
var clientID lsat.TokenID
copy(clientID[:], identifier.TokenID[:])
log.Debugf("Decoded client/token ID %s from auth header",
clientID.String())
return &clientID, nil
}
Reference in New Issue View Git Blame Copy Permalink