1 files changed, 44 insertions, 0 deletions

diff --git a/src/main.rs b/src/main.rs
new file mode 100644
index 00000000..f84dc08e
--- /dev/null
+++ b/src/main.rs
@@ -0,0 +1,44 @@
+use envoy_types::ext_authz::v3::pb::{
+    Authorization, AuthorizationServer, CheckRequest, CheckResponse,
+};
+use envoy_types::ext_authz::v3::{CheckRequestExt, CheckResponseExt};
+use tonic::{Request, Response, Status, transport::Server};
+
+#[derive(Debug, Default)]
+struct PolicyServer;
+
+#[tonic::async_trait]
+impl Authorization for PolicyServer {
+    async fn check(
+        &self,
+        request: Request<CheckRequest>,
+    ) -> Result<Response<CheckResponse>, Status> {
+        let request = request.into_inner();
+
+        let client_headers = request
+            .get_client_headers()
+            .ok_or_else(|| Status::invalid_argument("client headers not populated by envoy"))?;
+
+        let mut request_status = Status::unauthenticated("not authorized");
+
+        if let Some(authorization) = client_headers.get("authorization") {
+            if authorization == "Bearer valid-token" {
+                request_status = Status::ok("request is valid");
+            }
+        }
+
+        Ok(Response::new(CheckResponse::with_status(request_status)))
+    }
+}
+
+#[tokio::main]
+async fn main() -> Result<(), Box<dyn std::error::Error>> {
+    let addr = "[::1]:50051".parse()?;
+
+    Server::builder()
+        .add_service(AuthorizationServer::new(PolicyServer::default()))
+        .serve(addr)
+        .await?;
+
+    Ok(())
+}