route/internal/server/common.go

69 lines
1.4 KiB
Go

package server
import (
"context"
"errors"
"git.xeserv.us/xena/route/internal/database"
"github.com/Xe/ln"
"golang.org/x/net/trace"
"google.golang.org/grpc"
"google.golang.org/grpc/codes"
"google.golang.org/grpc/metadata"
)
// errors
var (
ErrNotAuthorized = errors.New("server: not authorized")
)
func (s *Server) getAuth(ctx context.Context, operation, scope string) (context.Context, database.Token, error) {
var err error
md, ok := metadata.FromIncomingContext(ctx)
if !ok {
return nil, database.Token{}, grpc.Errorf(codes.Unauthenticated, "valid token required.")
}
jwtToken, ok := md["authorization"]
if !ok {
return nil, database.Token{}, grpc.Errorf(codes.Unauthenticated, "valid token required.")
}
val := jwtToken[0]
t, err := s.db.GetToken(ctx, val)
if err != nil {
return nil, database.Token{}, grpc.Errorf(codes.Unauthenticated, "valid token required.")
}
ok = false
for _, sc := range t.Scopes {
if sc == scope {
ok = true
}
}
if !ok {
return nil, database.Token{}, grpc.Errorf(codes.Unauthenticated, "invalid scope.")
}
tr := trace.New("routed-grpc", operation)
ctx = trace.NewContext(ctx, tr)
ln.Log(ctx, t)
return ctx, t, nil
}
func handleError(ctx context.Context, clitok database.Token, err error, f ln.F) error {
tr, ok := trace.FromContext(ctx)
if !ok {
goto skip
}
tr.SetError()
skip:
ln.Error(ctx, err, f, clitok)
return err
}