Documentation ¶
Overview ¶
Package auth implements gRPC authentication server interceptors.
Index ¶
- func NoAuth(context.Context, interface{}) error
- func StreamServerInterceptor(authFunc AuthenticationFunction) grpc.StreamServerInterceptor
- func UnaryServerInterceptor(authFunc AuthenticationFunction) grpc.UnaryServerInterceptor
- type AuthenticationFunction
- type PeerCertAuthenticator
- type PeerPubkeyAuthenticator
- type ServerAuth
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func StreamServerInterceptor ¶
func StreamServerInterceptor(authFunc AuthenticationFunction) grpc.StreamServerInterceptor
StreamServerInterceptor returns an authentication stream server interceptor.
StreamServerInterceptor wraps the incoming server stream and authenticates all received messages.
func UnaryServerInterceptor ¶
func UnaryServerInterceptor(authFunc AuthenticationFunction) grpc.UnaryServerInterceptor
UnaryServerInterceptor returns an authentication unary server interceptor.
Types ¶
type AuthenticationFunction ¶
AuthenticationFunction defines the gRPC server default authentication function. This can be overridden per service by implementing AuthFunc on the gRPC service.
type PeerCertAuthenticator ¶
PeerCertAuthenticator is a server side gRPC authentication function that restricts access to all methods based on the hash of the DER representation of the client certificate presented in the TLS handshake.
func NewPeerCertAuthenticator ¶
func NewPeerCertAuthenticator() *PeerCertAuthenticator
NewPeerCertAuthenticator creates a new (empty) PeerCertAuthenticator.
func (*PeerCertAuthenticator) AllowPeerCertificate ¶
func (auth *PeerCertAuthenticator) AllowPeerCertificate(cert *x509.Certificate)
AllowPeerCertificate allows a peer certificate access.
type PeerPubkeyAuthenticator ¶
PeerPubkeyAuthenticator is a server side gRPC authentication function that restricts access to all methods based on the public keys of the client certificate presented in the TLS handshake.
func NewPeerPubkeyAuthenticator ¶
func NewPeerPubkeyAuthenticator() *PeerPubkeyAuthenticator
NewPeerPubkeyAuthenticator creates a new (empty) PeerPubkeyAuthenticator.
func (*PeerPubkeyAuthenticator) AllowPeerPublicKey ¶
func (auth *PeerPubkeyAuthenticator) AllowPeerPublicKey(key signature.PublicKey)
AllowPeerPublicKey allows a peer public key access.
type ServerAuth ¶
type ServerAuth interface { // AuthFunc is the authentication function. The authentication can be done // on the method name, metadata (can be obtained from ctx) and incoming // request. // // Make sure to error with `codes.Unauthenticated` and // `codes.PermissionDenied` appropriately. AuthFunc(ctx context.Context, req interface{}) error }
ServerAuth interface defines gRPC server authentication interface.