Skip to content

Instantly share code, notes, and snippets.

@brianpgerson
Last active December 17, 2020 02:12
Show Gist options
  • Save brianpgerson/9c99c6f02e67e09ba31160005e77d6f2 to your computer and use it in GitHub Desktop.
Save brianpgerson/9c99c6f02e67e09ba31160005e77d6f2 to your computer and use it in GitHub Desktop.
package main
import (
"context"
"fmt"
"net"
"strings"
core "github.com/envoyproxy/go-control-plane/envoy/api/v2/core"
auth "github.com/envoyproxy/go-control-plane/envoy/service/auth/v2"
envoy_type "github.com/envoyproxy/go-control-plane/envoy/type"
"github.com/gogo/googleapis/google/rpc"
status "google.golang.org/genproto/googleapis/rpc/status"
"google.golang.org/grpc"
)
type authorizationServer struct{}
func (a *authorizationServer) Check(ctx context.Context, req *auth.CheckRequest) (*auth.CheckResponse, error) {
headers := req.GetAttributes().GetRequest().GetHttp().GetHeaders()
authHeader := headers["authorization"]
fmt.Printf("authHeader: %v", authHeader)
fmt.Println("\n==============")
var splitToken []string
if authHeader != "" {
splitToken = strings.Split(authHeader, "Bearer ")
}
if len(splitToken) == 2 {
token := splitToken[1]
if len(token) == 3 {
return &auth.CheckResponse{
Status: &status.Status{
Code: int32(rpc.OK),
},
HttpResponse: &auth.CheckResponse_OkResponse{
OkResponse: &auth.OkHttpResponse{
Headers: []*core.HeaderValueOption{
{
Header: &core.HeaderValue{
Key: "my-credential-header",
Value: "permission6,permission9",
},
},
},
},
},
}, nil
}
}
return &auth.CheckResponse{
Status: &status.Status{
Code: int32(rpc.UNAUTHENTICATED),
},
HttpResponse: &auth.CheckResponse_DeniedResponse{
DeniedResponse: &auth.DeniedHttpResponse{
Status: &envoy_type.HttpStatus{Code: 401},
Body: "Authorization header must be formatted as Authorization: Bearer TOKEN, where TOKEN is a three-character string",
},
},
}, nil
}
func main() {
lis, _ := net.Listen("tcp", ":4040")
grpcServer := grpc.NewServer()
authServer := &authorizationServer{}
auth.RegisterAuthorizationServer(grpcServer, authServer)
grpcServer.Serve(lis)
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment