56 lines
1.1 KiB
Go
56 lines
1.1 KiB
Go
package server
|
|
|
|
import (
|
|
"context"
|
|
"errors"
|
|
|
|
"git.xeserv.us/xena/route/internal/database"
|
|
"github.com/Xe/ln"
|
|
"google.golang.org/grpc"
|
|
"google.golang.org/grpc/codes"
|
|
"google.golang.org/grpc/metadata"
|
|
)
|
|
|
|
// errors
|
|
var (
|
|
ErrNotAuthorized = errors.New("server: not authorized")
|
|
)
|
|
|
|
func (s *Server) getAuth(ctx context.Context, scope string) (database.Token, error) {
|
|
var err error
|
|
|
|
md, ok := metadata.FromContext(ctx)
|
|
if !ok {
|
|
return database.Token{}, grpc.Errorf(codes.Unauthenticated, "valid token required.")
|
|
}
|
|
|
|
jwtToken, ok := md["authorization"]
|
|
if !ok {
|
|
return database.Token{}, grpc.Errorf(codes.Unauthenticated, "valid token required.")
|
|
}
|
|
val := jwtToken[0]
|
|
|
|
t, err := s.db.GetToken(ctx, val)
|
|
if err != nil {
|
|
return database.Token{}, grpc.Errorf(codes.Unauthenticated, "valid token required.")
|
|
}
|
|
|
|
ok = false
|
|
for _, sc := range t.Scopes {
|
|
if sc == scope {
|
|
ok = true
|
|
}
|
|
}
|
|
if !ok {
|
|
return database.Token{}, grpc.Errorf(codes.Unauthenticated, "invalid scope.")
|
|
}
|
|
|
|
return t, nil
|
|
}
|
|
|
|
func handleError(ctx context.Context, clitok database.Token, err error, f ln.F) error {
|
|
ln.Error(err, f, clitok.F())
|
|
|
|
return err
|
|
}
|