Categorygithub.com/dosquad/go-grpcauth
modulepackage
0.1.0
Repository: https://github.com/dosquad/go-grpcauth.git
Documentation: pkg.go.dev
Overview
Versions
1
Dependencies
10
Dependents
1
Files
149 SLOC

# README

gRPC Authentication Helpers

CI codecov

gRPC authentication helpers for providing access to gRPC servers using basic or bearer HTTP authentication.

Example

Client

    pool, err := x509.SystemCertPool()
    checkErr(err)
    creds := credentials.NewClientTLSFromCert(pool, "")

    opts := []grpc.DialOption{
        grpc.WithTransportCredentials(creds),
        // For Basic Auth
        grpc.WithPerRPCCredentials(grpcauth.NewBasicCredentials("user", "pass")),
        // For Token Auth
        grpc.WithPerRPCCredentials(grpcauth.NewTokenCredentials("secret-token")),
    }
    gc, err := grpc.Dial("grpc.example.com:443", opts...)
    checkErr(err)
    defer gc.Close()

    client := api.NewRPCClient(gc)
    ctx := context.Background()
    resp, err := client.CallRPC(ctx, &api.RPCRequest{})
    checkErr(err)

    // ... do something with response ...

Server

    lis, err := net.Listen("tcp", "localhost:8000")
    checkErr(err)
    defer lis.Close()

    basicAuthFunc := func(username string, password string) (string, bool) {
        if subtle.ConstantTimeCompare([]byte(username), []byte("user")) == 1 &&
         subtle.ConstantTimeCompare([]byte(password), []byte("pass")) == 1 {
            return username, true
        }

        return username, false
    }

    bearerAuthFunc := func(token string) (string, bool, bool) {
        if subtle.ConstantTimeCompare([]byte(token), []byte("secret-token")) == 1 {
            return "token-user", true, true
        }

        logrus.Infof("token does not match")

        return "", false, false
    }

    opts = append(
        opts,
        grpc.StreamInterceptor(
            grpcauth.StreamServerInterceptor(grpcauth.VerifyAuthorizationFunc(basicAuthFunc, bearerAuthFunc)),
        ),
        grpc.UnaryInterceptor(
            grpcauth.UnaryServerInterceptor(grpcauth.VerifyAuthorizationFunc(basicAuthFunc, bearerAuthFunc)),
        ),
    )
    grpcServer := grpc.NewServer(opts...)
    api.RegisterTestServer(grpcServer, testServer)
    err := grpcServer.Serve(lis)
    checkErr(err)

# Packages

No description provided by the author

# Functions

NewBasicCredentials returns a new PerRPCCredentials implementation configured with the plain-text username and password.
NewTokenCredentials returns a new PerRPCCredentials implementation, configured using the raw token.
VerifyAuthorizationFunc returns a function that can be used to verify the authentication on a gRPC request.

# Constants

Online is the context value indicating if a authentication method was online or offline.
Username is the context value of the username returned by the authentication verification function.

# Variables

StreamServerInterceptor returns a new unary server interceptors that performs per-request auth.
UnaryServerInterceptor returns a new unary server interceptors that performs per-request auth.

# Structs

No description provided by the author
No description provided by the author

# Type aliases

AuthVerifyBasicFunc is used to verify HTTP Basic Authorization headers.
AuthVerifyBearerFunc is used to verify HTTP Bearer Authorization headers.