mirror of
https://github.com/cloudflare/cloudflared.git
synced 2025-05-22 17:06:34 +00:00
109 lines
3.5 KiB
Go
109 lines
3.5 KiB
Go
/*
|
|
*
|
|
* Copyright 2018 gRPC authors.
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
* you may not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*
|
|
*/
|
|
|
|
// The server demonstrates how to consume and validate OAuth2 tokens provided by
|
|
// clients for each RPC.
|
|
package main
|
|
|
|
import (
|
|
"crypto/tls"
|
|
"log"
|
|
"net"
|
|
"strings"
|
|
|
|
"golang.org/x/net/context"
|
|
"google.golang.org/grpc"
|
|
"google.golang.org/grpc/codes"
|
|
"google.golang.org/grpc/credentials"
|
|
pb "google.golang.org/grpc/examples/helloworld/helloworld"
|
|
"google.golang.org/grpc/metadata"
|
|
"google.golang.org/grpc/status"
|
|
"google.golang.org/grpc/testdata"
|
|
)
|
|
|
|
var (
|
|
errMissingMetadata = status.Errorf(codes.InvalidArgument, "missing metadata")
|
|
errInvalidToken = status.Errorf(codes.Unauthenticated, "invalid token")
|
|
)
|
|
|
|
func main() {
|
|
log.Println("server starting on port 8080...")
|
|
cert, err := tls.LoadX509KeyPair(testdata.Path("server1.pem"), testdata.Path("server1.key"))
|
|
if err != nil {
|
|
log.Fatalf("failed to load key pair: %s", err)
|
|
}
|
|
opts := []grpc.ServerOption{
|
|
// The following grpc.ServerOption adds an interceptor for all unary
|
|
// RPCs. To configure an interceptor for streaming RPCs, see:
|
|
// https://godoc.org/google.golang.org/grpc#StreamInterceptor
|
|
grpc.UnaryInterceptor(ensureValidToken),
|
|
// Enable TLS for all incoming connections.
|
|
grpc.Creds(credentials.NewServerTLSFromCert(&cert)),
|
|
}
|
|
s := grpc.NewServer(opts...)
|
|
pb.RegisterGreeterServer(s, &server{})
|
|
lis, err := net.Listen("tcp", ":8080")
|
|
if err != nil {
|
|
log.Fatalf("failed to listen: %v", err)
|
|
}
|
|
if err := s.Serve(lis); err != nil {
|
|
log.Fatalf("failed to serve: %v", err)
|
|
}
|
|
}
|
|
|
|
// server is used to implement helloworld.GreeterServer.
|
|
type server struct{}
|
|
|
|
// SayHello implements helloworld.GreeterServer
|
|
func (s *server) SayHello(ctx context.Context, in *pb.HelloRequest) (*pb.HelloReply, error) {
|
|
return &pb.HelloReply{Message: "Hello " + in.Name}, nil
|
|
}
|
|
|
|
// valid validates the authorization.
|
|
func valid(authorization []string) bool {
|
|
if len(authorization) < 1 {
|
|
return false
|
|
}
|
|
token := strings.TrimPrefix(authorization[0], "Bearer ")
|
|
// Perform the token validation here. For the sake of this example, the code
|
|
// here forgoes any of the usual OAuth2 token validation and instead checks
|
|
// for a token matching an arbitrary string.
|
|
if token != "some-secret-token" {
|
|
return false
|
|
}
|
|
return true
|
|
}
|
|
|
|
// ensureValidToken ensures a valid token exists within a request's metadata. If
|
|
// the token is missing or invalid, the interceptor blocks execution of the
|
|
// handler and returns an error. Otherwise, the interceptor invokes the unary
|
|
// handler.
|
|
func ensureValidToken(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (interface{}, error) {
|
|
md, ok := metadata.FromIncomingContext(ctx)
|
|
if !ok {
|
|
return nil, errMissingMetadata
|
|
}
|
|
// The keys within metadata.MD are normalized to lowercase.
|
|
// See: https://godoc.org/google.golang.org/grpc/metadata#New
|
|
if !valid(md["authorization"]) {
|
|
return nil, errInvalidToken
|
|
}
|
|
// Continue execution of handler after ensuring a valid token.
|
|
return handler(ctx, req)
|
|
}
|