...

Source file src/golang.conradwood.net/go-easyops/server/authenticate.go

Documentation: golang.conradwood.net/go-easyops/server 

     1  package server
     2  
     3  import (
     4  	"context"
     5  	"fmt"
     6  
     7  	apb "golang.conradwood.net/apis/auth"
     8  	"golang.conradwood.net/go-easyops/auth"
     9  
    10  	//	"golang.conradwood.net/go-easyops/authremote"
    11  	"golang.conradwood.net/go-easyops/cmdline"
    12  	//	"golang.conradwood.net/go-easyops/ctx"
    13  	"sync"
    14  
    15  	"golang.conradwood.net/go-easyops/errors"
    16  	"golang.conradwood.net/go-easyops/rpc"
    17  	"golang.conradwood.net/go-easyops/utils"
    18  	"google.golang.org/grpc/peer"
    19  )
    20  
    21  var (
    22  	debuglock  sync.Mutex
    23  	gettingrpc = false
    24  	rpclock    sync.Mutex
    25  	//	disable_interceptor = flag.Bool("ge_disable_interceptor", false, "if true, will not use rpc interceptor for access checks (very experimental!)")
    26  	//verify_interceptor  = flag.Bool("ge_verify_noninterceptor", true, "if true, will compare the non-interceptor with interceptor by doing the actual intercept call and comparing results")
    27  )
    28  
    29  /*
    30  *********************************************************************
    31  newest method of authentication...
    32  *********************************************************************
    33  */
    34  // return error if not allowed to access
    35  func (sd *serverDef) checkAccess(octx context.Context, rc *rpccall) error {
    36  	if sd.noAuth || cmdline.IsStandalone() {
    37  		return nil
    38  	}
    39  	if auth.GetUser(octx) == nil && auth.GetService(octx) == nil {
    40  		fmt.Printf("[go-easyops] access denied to %s/%s for no-user and no-service to service with auth requirement (caller:%s)\n", rc.ServiceName, rc.MethodName, utils.CallingFunction())
    41  		return errors.Unauthenticated(octx, "denied for access with no user and no service to rpc with auth requirement")
    42  	}
    43  	return nil
    44  }
    45  
    46  // authenticate a user (and authorise access to this method/service)
    47  func Authenticate(ictx context.Context, cs *rpc.CallState) error {
    48  	panic("obsolete codepath")
    49  }
    50  
    51  /*
    52  	func MetaFromContext(ctx context.Context) *rc.InMetadata {
    53  		headers, ok := metadata.FromIncomingContext(ctx)
    54  		if !ok {
    55  			fmt.Printf("[go-easyops] Warning - cannot extract metadata from context (peer=%s)\n", peerFromContext(ctx))
    56  			return nil
    57  		}
    58  		ims := headers[tokens.METANAME]
    59  		if ims == nil || len(ims) == 0 {
    60  			fmt.Printf("[go-easyops] Warning - metadata in context is nil or 0 (peer=%s)\n", peerFromContext(ctx))
    61  			return nil
    62  		}
    63  		res := &rc.InMetadata{}
    64  		err := utils.Unmarshal(ims[0], res)
    65  		if err != nil {
    66  			fmt.Printf("[go-easyops] Warning - unable to unmarshal metadata (%s)\n", err)
    67  			return nil
    68  		}
    69  		return res
    70  	}
    71  */
    72  func peerFromContext(ctx context.Context) string {
    73  	s := ""
    74  	t, ok := peer.FromContext(ctx)
    75  	if ok && t != nil && t.Addr != nil {
    76  		s = t.Addr.String()
    77  	}
    78  	return s
    79  }
    80  
    81  func username(user *apb.User) string {
    82  	if user == nil {
    83  		return "[nouser]"
    84  	}
    85  	return fmt.Sprintf("[#%s %s]", user.ID, user.Email)
    86  }
    87  

View as plain text