go18/skills/rpc/protobuf/hello_service/middleware.go

package hello_service

import (
	context "context"
	"fmt"

	"github.com/infraboard/mcube/v2/ioc/config/log"
	"github.com/rs/zerolog"
	grpc "google.golang.org/grpc"
	codes "google.golang.org/grpc/codes"
	"google.golang.org/grpc/metadata"
	status "google.golang.org/grpc/status"
)

const (
	ClientHeaderKey = "client-id"
	ClientSecretKey = "client-secret"
)

// GrpcAuthUnaryServerInterceptor returns a new unary server interceptor for auth.
func GrpcAuthUnaryServerInterceptor() grpc.UnaryServerInterceptor {
	return newGrpcAuther().Auth
}

func newGrpcAuther() *grpcAuther {
	return &grpcAuther{
		log: log.Sub("Grpc Auther"),
	}
}

// UnaryServerInterceptor provides a hook to intercept the execution of a unary RPC on the server. info
// contains all the information of this RPC the interceptor can operate on. And handler is the wrapper
// of the service method implementation. It is the responsibility of the interceptor to invoke handler
// to complete the RPC.
// type UnaryServerInterceptor func(ctx context.Context, req any, info *UnaryServerInfo, handler UnaryHandler) (resp any, err error)
// internal todo
type grpcAuther struct {
	log *zerolog.Logger
}

func (a *grpcAuther) Auth(
	ctx context.Context, req any,
	info *grpc.UnaryServerInfo,
	handler grpc.UnaryHandler,
) (resp any, err error) {
	// http2  header -> metadata
	// 重上下文中获取认证信息
	md, ok := metadata.FromIncomingContext(ctx)
	if !ok {
		return nil, fmt.Errorf("ctx is not an grpc incoming context")
	}

	fmt.Println("gprc header info: ", md)

	clientId, clientSecret := a.GetClientCredentialsFromMeta(md)

	// 校验调用的客户端凭证是否有效
	if err := a.validateServiceCredential(clientId, clientSecret); err != nil {
		return nil, err
	}

	// 把请求交给后续的Handler处理
	resp, err = handler(ctx, req)
	return resp, err
}

func (a *grpcAuther) GetClientCredentialsFromMeta(md metadata.MD) (
	clientId, clientSecret string) {
	cids := md.Get(ClientHeaderKey)
	sids := md.Get(ClientSecretKey)
	if len(cids) > 0 {
		clientId = cids[0]
	}
	if len(sids) > 0 {
		clientSecret = sids[0]
	}
	return
}

func (a *grpcAuther) validateServiceCredential(clientId, clientSecret string) error {
	if clientId == "" && clientSecret == "" {
		return status.Errorf(codes.Unauthenticated, "client_id or client_secret is \"\"")
	}

	if !(clientId == "admin" && clientSecret == "123456") {
		return status.Errorf(codes.Unauthenticated, "client_id or client_secret invalidate")
	}

	return nil
}
补充grpc认证 2025-08-24 14:51:13 +08:00			`package hello_service`

			`import (`
			`context "context"`
			`"fmt"`

			`"github.com/infraboard/mcube/v2/ioc/config/log"`
			`"github.com/rs/zerolog"`
			`grpc "google.golang.org/grpc"`
			`codes "google.golang.org/grpc/codes"`
			`"google.golang.org/grpc/metadata"`
			`status "google.golang.org/grpc/status"`
			`)`

			`const (`
			`ClientHeaderKey = "client-id"`
			`ClientSecretKey = "client-secret"`
			`)`

			`// GrpcAuthUnaryServerInterceptor returns a new unary server interceptor for auth.`
			`func GrpcAuthUnaryServerInterceptor() grpc.UnaryServerInterceptor {`
			`return newGrpcAuther().Auth`
			`}`

			`func newGrpcAuther() *grpcAuther {`
			`return &grpcAuther{`
			`log: log.Sub("Grpc Auther"),`
			`}`
			`}`

			`// UnaryServerInterceptor provides a hook to intercept the execution of a unary RPC on the server. info`
			`// contains all the information of this RPC the interceptor can operate on. And handler is the wrapper`
			`// of the service method implementation. It is the responsibility of the interceptor to invoke handler`
			`// to complete the RPC.`
			`// type UnaryServerInterceptor func(ctx context.Context, req any, info *UnaryServerInfo, handler UnaryHandler) (resp any, err error)`
			`// internal todo`
			`type grpcAuther struct {`
			`log *zerolog.Logger`
			`}`

			`func (a *grpcAuther) Auth(`
			`ctx context.Context, req any,`
			`info *grpc.UnaryServerInfo,`
			`handler grpc.UnaryHandler,`
			`) (resp any, err error) {`
			`// http2 header -> metadata`
			`// 重上下文中获取认证信息`
			`md, ok := metadata.FromIncomingContext(ctx)`
			`if !ok {`
			`return nil, fmt.Errorf("ctx is not an grpc incoming context")`
			`}`

			`fmt.Println("gprc header info: ", md)`

			`clientId, clientSecret := a.GetClientCredentialsFromMeta(md)`

			`// 校验调用的客户端凭证是否有效`
			`if err := a.validateServiceCredential(clientId, clientSecret); err != nil {`
			`return nil, err`
			`}`

			`// 把请求交给后续的Handler处理`
			`resp, err = handler(ctx, req)`
			`return resp, err`
			`}`

			`func (a *grpcAuther) GetClientCredentialsFromMeta(md metadata.MD) (`
			`clientId, clientSecret string) {`
			`cids := md.Get(ClientHeaderKey)`
			`sids := md.Get(ClientSecretKey)`
			`if len(cids) > 0 {`
			`clientId = cids[0]`
			`}`
			`if len(sids) > 0 {`
			`clientSecret = sids[0]`
			`}`
			`return`
			`}`

			`func (a *grpcAuther) validateServiceCredential(clientId, clientSecret string) error {`
			`if clientId == "" && clientSecret == "" {`
			`return status.Errorf(codes.Unauthenticated, "client_id or client_secret is \"\"")`
			`}`

			`if !(clientId == "admin" && clientSecret == "123456") {`
			`return status.Errorf(codes.Unauthenticated, "client_id or client_secret invalidate")`
			`}`

			`return nil`
			`}`