diff options
| -rw-r--r-- | Cargo.lock | 12 | ||||
| -rw-r--r-- | Cargo.toml | 1 | ||||
| -rw-r--r-- | src/server.rs | 44 |
3 files changed, 49 insertions, 8 deletions
@@ -53,6 +53,7 @@ checksum = "1505bd5d3d116872e7271a6d4e16d81d0c8570876c8de68093a09ac269d8aac0" name = "authzd" version = "0.1.0" dependencies = [ + "envoy-types", "prost", "tokio", "tonic", @@ -150,6 +151,17 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "48c757948c5ede0e46177b7add2e67155f70e33c07fea8284df6576da70b3719" [[package]] +name = "envoy-types" +version = "0.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "065b6b0018b25902cab074d44c0e2098205329b6b5a309a33cc688bc0ac9573d" +dependencies = [ + "futures-core", + "prost", + "tonic", +] + +[[package]] name = "equivalent" version = "1.0.2" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -12,6 +12,7 @@ name = "authzd-client" path = "src/client.rs" [dependencies] +envoy-types = "0.6.0" prost = "0.13" tokio = { version = "1.0", features = ["macros", "rt-multi-thread"] } tonic = "*" diff --git a/src/server.rs b/src/server.rs index b52c56f..3b7d55e 100644 --- a/src/server.rs +++ b/src/server.rs @@ -1,10 +1,39 @@ -use tonic::{Request, Response, Status, transport::Server}; - +use authz_rpc::ability_server::{Ability, AbilityServer}; +use authz_rpc::{AllowReply, AllowRequest}; +use envoy_types::ext_authz::v3::pb::{ + Authorization, AuthorizationServer, CheckRequest, CheckResponse, +}; +use envoy_types::ext_authz::v3::{CheckRequestExt, CheckResponseExt}; use hello_world::greeter_server::{Greeter, GreeterServer}; use hello_world::{HelloReply, HelloRequest}; +use tonic::{Request, Response, Status, transport::Server}; -use authz_rpc::ability_server::{Ability, AbilityServer}; -use authz_rpc::{AllowReply, AllowRequest}; +#[derive(Default)] +struct MyServer; + +#[tonic::async_trait] +impl Authorization for MyServer { + async fn check( + &self, + request: Request<CheckRequest>, + ) -> Result<Response<CheckResponse>, Status> { + let request = request.into_inner(); + + let client_headers = request + .get_client_headers() + .ok_or_else(|| Status::invalid_argument("client headers not populated by envoy"))?; + + let mut request_status = Status::unauthenticated("not authorized"); + + if let Some(authorization) = client_headers.get("authorization") { + if authorization == "Bearer valid-token" { + request_status = Status::ok("request is valid"); + } + } + + Ok(Response::new(CheckResponse::with_status(request_status))) + } +} pub mod authz_rpc { tonic::include_proto!("authz.rpc"); @@ -52,12 +81,11 @@ impl Greeter for MyGreeter { #[tokio::main] async fn main() -> Result<(), Box<dyn std::error::Error>> { let addr = "[::1]:50051".parse()?; - let ability = MyAbility::default(); - let greeter = MyGreeter::default(); Server::builder() - .add_service(GreeterServer::new(greeter)) - .add_service(AbilityServer::new(ability)) + .add_service(GreeterServer::new(MyGreeter::default())) + .add_service(AbilityServer::new(MyAbility::default())) + .add_service(AuthorizationServer::new(MyServer::default())) .serve(addr) .await?; |