1 files changed, 36 insertions, 8 deletions

diff --git a/src/server.rs b/src/server.rs
index b52c56f..3b7d55e 100644
--- a/src/server.rs
+++ b/src/server.rs
@@ -1,10 +1,39 @@
-use tonic::{Request, Response, Status, transport::Server};
-
+use authz_rpc::ability_server::{Ability, AbilityServer};
+use authz_rpc::{AllowReply, AllowRequest};
+use envoy_types::ext_authz::v3::pb::{
+    Authorization, AuthorizationServer, CheckRequest, CheckResponse,
+};
+use envoy_types::ext_authz::v3::{CheckRequestExt, CheckResponseExt};
 use hello_world::greeter_server::{Greeter, GreeterServer};
 use hello_world::{HelloReply, HelloRequest};
+use tonic::{Request, Response, Status, transport::Server};
 
-use authz_rpc::ability_server::{Ability, AbilityServer};
-use authz_rpc::{AllowReply, AllowRequest};
+#[derive(Default)]
+struct MyServer;
+
+#[tonic::async_trait]
+impl Authorization for MyServer {
+    async fn check(
+        &self,
+        request: Request<CheckRequest>,
+    ) -> Result<Response<CheckResponse>, Status> {
+        let request = request.into_inner();
+
+        let client_headers = request
+            .get_client_headers()
+            .ok_or_else(|| Status::invalid_argument("client headers not populated by envoy"))?;
+
+        let mut request_status = Status::unauthenticated("not authorized");
+
+        if let Some(authorization) = client_headers.get("authorization") {
+            if authorization == "Bearer valid-token" {
+                request_status = Status::ok("request is valid");
+            }
+        }
+
+        Ok(Response::new(CheckResponse::with_status(request_status)))
+    }
+}
 
 pub mod authz_rpc {
     tonic::include_proto!("authz.rpc");
@@ -52,12 +81,11 @@ impl Greeter for MyGreeter {
 #[tokio::main]
 async fn main() -> Result<(), Box<dyn std::error::Error>> {
     let addr = "[::1]:50051".parse()?;
-    let ability = MyAbility::default();
-    let greeter = MyGreeter::default();
 
     Server::builder()
-        .add_service(GreeterServer::new(greeter))
-        .add_service(AbilityServer::new(ability))
+        .add_service(GreeterServer::new(MyGreeter::default()))
+        .add_service(AbilityServer::new(MyAbility::default()))
+        .add_service(AuthorizationServer::new(MyServer::default()))
         .serve(addr)
         .await?;