From 69cdecb5b6cef0eed52231b48b30f06906e6ad69 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 28 Apr 2026 13:36:12 +0200 Subject: [PATCH] Enable auth endpoint Signed-off-by: Nikolai Rodionov --- api/v1/accounts_auth.go | 17 ++++++++ api/v1/{accounts.go => accounts_no_auth.go} | 2 +- go.mod | 2 +- go.sum | 4 +- internal/interceptors/authjwt.go | 43 +++++++++++++++++++++ main.go | 10 ++++- 6 files changed, 72 insertions(+), 6 deletions(-) create mode 100644 api/v1/accounts_auth.go rename api/v1/{accounts.go => accounts_no_auth.go} (96%) create mode 100644 internal/interceptors/authjwt.go diff --git a/api/v1/accounts_auth.go b/api/v1/accounts_auth.go new file mode 100644 index 0000000..2c42abe --- /dev/null +++ b/api/v1/accounts_auth.go @@ -0,0 +1,17 @@ +package v1 + +import ( + "gitea.badhouseplants.net/softplayer/softplayer-backend/internal/controllers" + accounts "gitea.badhouseplants.net/softplayer/softplayer-go-proto/pkg/accounts/v1" +) + +func NewAccountAuthRPCImpl(ctrl *controllers.AccountController) *AccountsAuthServer { + return &AccountsAuthServer{ + ctrl: ctrl, + } +} + +type AccountsAuthServer struct { + accounts.UnimplementedAccountsAuthServiceServer + ctrl *controllers.AccountController +} diff --git a/api/v1/accounts.go b/api/v1/accounts_no_auth.go similarity index 96% rename from api/v1/accounts.go rename to api/v1/accounts_no_auth.go index be597e9..4331e9c 100644 --- a/api/v1/accounts.go +++ b/api/v1/accounts_no_auth.go @@ -14,7 +14,7 @@ import ( "google.golang.org/protobuf/types/known/emptypb" ) -func NewAccountRPCImpl(ctrl *controllers.AccountController) *AccountsNoAuthServer { +func NewAccountNoAuthRPCImpl(ctrl *controllers.AccountController) *AccountsNoAuthServer { return &AccountsNoAuthServer{ ctrl: ctrl, } diff --git a/go.mod b/go.mod index 2be84a6..1a052d0 100644 --- a/go.mod +++ b/go.mod @@ -137,7 +137,7 @@ require ( ) require ( - gitea.badhouseplants.net/softplayer/softplayer-go-proto v0.0.0-20260427171725-b565d3fa2b01 + gitea.badhouseplants.net/softplayer/softplayer-go-proto v0.0.0-20260428111006-efa5c57e6a14 github.com/golang/protobuf v1.5.4 golang.org/x/net v0.49.0 // indirect golang.org/x/sys v0.40.0 // indirect diff --git a/go.sum b/go.sum index a20b3ff..e3e8e4c 100644 --- a/go.sum +++ b/go.sum @@ -3,8 +3,8 @@ dario.cat/mergo v1.0.1 h1:Ra4+bf83h2ztPIQYNP99R6m+Y7KfnARDfID+a+vLl4s= dario.cat/mergo v1.0.1/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA= filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4= -gitea.badhouseplants.net/softplayer/softplayer-go-proto v0.0.0-20260427171725-b565d3fa2b01 h1:iaBLJRS0A6QykeBgIj170itknvQ4Zc5LSe+6hmsRL7g= -gitea.badhouseplants.net/softplayer/softplayer-go-proto v0.0.0-20260427171725-b565d3fa2b01/go.mod h1:AgOh1lkPHyRgBf3/s1btKcAqke/33LbKYarTD13qeAg= +gitea.badhouseplants.net/softplayer/softplayer-go-proto v0.0.0-20260428111006-efa5c57e6a14 h1:PwOWag8dum67a1w/QIP7NlSGPL/Z7rZDHAwjRJjyk3U= +gitea.badhouseplants.net/softplayer/softplayer-go-proto v0.0.0-20260428111006-efa5c57e6a14/go.mod h1:AgOh1lkPHyRgBf3/s1btKcAqke/33LbKYarTD13qeAg= github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 h1:bvDV9vkmnHYOMsOr4WLk+Vo07yKIzd94sVoIqshQ4bU= github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24/go.mod h1:8o94RPi1/7XTJvwPpRSzSUedZrtlirdB3r9Z20bi2f8= github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c h1:udKWzYgxTojEKWjV8V+WSxDXJ4NFATAsZjh8iIbsQIg= diff --git a/internal/interceptors/authjwt.go b/internal/interceptors/authjwt.go new file mode 100644 index 0000000..ce778eb --- /dev/null +++ b/internal/interceptors/authjwt.go @@ -0,0 +1,43 @@ +package interceptors + +import ( + "context" + "strings" + + "gitea.badhouseplants.net/softplayer/softplayer-backend/internal/tools/logger" + "google.golang.org/grpc" + "google.golang.org/grpc/codes" + "google.golang.org/grpc/status" +) + +type JWTVerifier struct { + secret []byte + serverCtx context.Context +} + +func NewJWTVerifier(ctx context.Context, secret []byte) *JWTVerifier { + return &JWTVerifier{ + serverCtx: ctx, + secret: secret, + } +} + +// This is an interceptors that should verify that a user is authorized +func (v *JWTVerifier) JWTAuthInterceptor( + ctx context.Context, + req interface{}, + info *grpc.UnaryServerInfo, + handler grpc.UnaryHandler, +) (interface{}, error) { + log := logger.FromContext(v.serverCtx).WithValues("method", info.FullMethod) + if !strings.Contains(info.FullMethod, "NoAuth") { + log.Info("Checking the JWT token") + return nil, status.Error(codes.Unauthenticated, "Use is not authorized") + // Get the token from the metadata + // Validate the token + // Get the user id from the token + } else { + log.Info("Auth is not required for this request") + } + return handler(ctx, req) +} diff --git a/main.go b/main.go index 98d4f7d..e79dbeb 100644 --- a/main.go +++ b/main.go @@ -10,6 +10,7 @@ import ( v1 "gitea.badhouseplants.net/softplayer/softplayer-backend/api/v1" "gitea.badhouseplants.net/softplayer/softplayer-backend/internal/controllers" + "gitea.badhouseplants.net/softplayer/softplayer-backend/internal/interceptors" "gitea.badhouseplants.net/softplayer/softplayer-backend/internal/tools/logger" accounts "gitea.badhouseplants.net/softplayer/softplayer-go-proto/pkg/accounts/v1" "github.com/alecthomas/kong" @@ -152,9 +153,13 @@ func server(ctx context.Context, params Serve) error { if err != nil { return err } + + jwtVerifier := interceptors.NewJWTVerifier(ctx, []byte(params.JWTSecret)) + grpcServer := grpc.NewServer( - grpc.UnaryInterceptor( + grpc.ChainUnaryInterceptor( grpc_zap.UnaryServerInterceptor(logger.SetupLogger("info")), + jwtVerifier.JWTAuthInterceptor, ), grpc.StreamInterceptor(grpc_zap.StreamServerInterceptor(logger.SetupLogger("info"))), ) @@ -175,7 +180,8 @@ func server(ctx context.Context, params Serve) error { JWTSecret: []byte(params.JWTSecret), Redis: rdb, } - accounts.RegisterAccountsNoAuthServiceServer(grpcServer, v1.NewAccountRPCImpl(accountCtrl)) + accounts.RegisterAccountsNoAuthServiceServer(grpcServer, v1.NewAccountNoAuthRPCImpl(accountCtrl)) + accounts.RegisterAccountsAuthServiceServer(grpcServer, v1.NewAccountAuthRPCImpl(accountCtrl)) if err := grpcServer.Serve(lis); err != nil { return err