diff options
Diffstat (limited to 'src/main.rs')
| -rw-r--r-- | src/main.rs | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/src/main.rs b/src/main.rs new file mode 100644 index 0000000..f84dc08 --- /dev/null +++ b/src/main.rs @@ -0,0 +1,44 @@ +use envoy_types::ext_authz::v3::pb::{ + Authorization, AuthorizationServer, CheckRequest, CheckResponse, +}; +use envoy_types::ext_authz::v3::{CheckRequestExt, CheckResponseExt}; +use tonic::{Request, Response, Status, transport::Server}; + +#[derive(Debug, Default)] +struct PolicyServer; + +#[tonic::async_trait] +impl Authorization for PolicyServer { + async fn check( + &self, + request: Request<CheckRequest>, + ) -> Result<Response<CheckResponse>, Status> { + let request = request.into_inner(); + + let client_headers = request + .get_client_headers() + .ok_or_else(|| Status::invalid_argument("client headers not populated by envoy"))?; + + let mut request_status = Status::unauthenticated("not authorized"); + + if let Some(authorization) = client_headers.get("authorization") { + if authorization == "Bearer valid-token" { + request_status = Status::ok("request is valid"); + } + } + + Ok(Response::new(CheckResponse::with_status(request_status))) + } +} + +#[tokio::main] +async fn main() -> Result<(), Box<dyn std::error::Error>> { + let addr = "[::1]:50051".parse()?; + + Server::builder() + .add_service(AuthorizationServer::new(PolicyServer::default())) + .serve(addr) + .await?; + + Ok(()) +} |