Documentation
¶
Overview ¶
Package grpc provides authentication context utilities for passing user information between HTTP handlers and gRPC services via metadata.
Index ¶
- Constants
- func IsAuthenticated(ctx context.Context) bool
- func IsAuthenticatedWithConfig(ctx context.Context, config *Config) bool
- func StreamAuthInterceptor(config *InterceptorConfig) grpc.StreamServerInterceptor
- func SwitchUserToOutgoingContext(ctx context.Context, switchToUserID string) context.Context
- func SwitchUserToOutgoingContextWithKey(ctx context.Context, switchToUserID string, key string) context.Context
- func UnaryAuthInterceptor(config *InterceptorConfig) grpc.UnaryServerInterceptor
- func UserIDFromContext(ctx context.Context) string
- func UserIDFromContextWithConfig(ctx context.Context, config *Config) string
- func UserIDToOutgoingContext(ctx context.Context, userID string) context.Context
- func UserIDToOutgoingContextWithKey(ctx context.Context, userID string, key string) context.Context
- type Config
- type InterceptorConfig
Constants ¶
const ( // DefaultMetadataKeyUserID is the default gRPC metadata key for the authenticated user ID DefaultMetadataKeyUserID = "x-user-id" // DefaultMetadataKeySwitchUser is the default gRPC metadata key for switching to a different user (testing only) DefaultMetadataKeySwitchUser = "x-switch-user" )
Default metadata keys for authentication context. These can be customized via Config if needed.
Variables ¶
This section is empty.
Functions ¶
func IsAuthenticated ¶
IsAuthenticated returns true if there is an authenticated user in the context.
func IsAuthenticatedWithConfig ¶
IsAuthenticatedWithConfig returns true if there is an authenticated user using the specified config.
func StreamAuthInterceptor ¶
func StreamAuthInterceptor(config *InterceptorConfig) grpc.StreamServerInterceptor
StreamAuthInterceptor returns a gRPC stream interceptor that processes auth metadata.
func SwitchUserToOutgoingContext ¶
SwitchUserToOutgoingContext adds a switch-user header to outgoing gRPC context metadata. This is only effective when EnableSwitchAuth is set on the server.
func SwitchUserToOutgoingContextWithKey ¶
func SwitchUserToOutgoingContextWithKey(ctx context.Context, switchToUserID string, key string) context.Context
SwitchUserToOutgoingContextWithKey adds a switch-user header with a custom key.
func UnaryAuthInterceptor ¶
func UnaryAuthInterceptor(config *InterceptorConfig) grpc.UnaryServerInterceptor
UnaryAuthInterceptor returns a gRPC unary interceptor that processes auth metadata. It handles the switch-user header when EnableSwitchAuth is set in the config.
func UserIDFromContext ¶
UserIDFromContext extracts the authenticated user ID from the gRPC context metadata. Returns empty string if no user is authenticated.
func UserIDFromContextWithConfig ¶
UserIDFromContextWithConfig extracts the authenticated user ID using the specified config.
func UserIDToOutgoingContext ¶
UserIDToOutgoingContext adds the user ID to outgoing gRPC context metadata.
Types ¶
type Config ¶
type Config struct {
// MetadataKeyUserID is the gRPC metadata key for the authenticated user ID.
// Defaults to "x-user-id".
MetadataKeyUserID string
// MetadataKeySwitchUser is the gRPC metadata key for switching to a different user.
// Only used when switch auth is enabled. Defaults to "x-switch-user".
MetadataKeySwitchUser string
// EnableSwitchAuth when true allows the X-Switch-User header to override the user ID.
// Should only be enabled in development/testing environments.
EnableSwitchAuth bool
}
Config holds the metadata key configuration for auth context.
func (*Config) EnsureDefaults ¶
func (c *Config) EnsureDefaults()
EnsureDefaults fills in default values for any unset fields.
type InterceptorConfig ¶
type InterceptorConfig struct {
// Config holds the metadata key configuration.
*Config
// RequireAuth when true rejects unauthenticated requests.
// When false, requests proceed but UserIDFromContext returns empty.
RequireAuth bool
// PublicMethods is a set of method names that don't require auth.
// Only used when RequireAuth is true.
// Keys should be full method names like "/package.Service/Method".
PublicMethods map[string]bool
}
InterceptorConfig configures the auth interceptor behavior.
func DefaultInterceptorConfig ¶
func DefaultInterceptorConfig() *InterceptorConfig
DefaultInterceptorConfig returns a config that requires auth for all methods.
func NewPublicMethodsConfig ¶
func NewPublicMethodsConfig(publicMethods ...string) *InterceptorConfig
NewPublicMethodsConfig creates a config with the specified public methods.
func OptionalAuthConfig ¶
func OptionalAuthConfig() *InterceptorConfig
OptionalAuthConfig returns a config that allows unauthenticated requests.