summaryrefslogtreecommitdiff
path: root/src/server.rs
blob: 3b7d55eeb7a7b3ff0d5d4a171aa518f5566176b5 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93

use authz_rpc::ability_server::{Ability, AbilityServer};
use authz_rpc::{AllowReply, AllowRequest};
use envoy_types::ext_authz::v3::pb::{
    Authorization, AuthorizationServer, CheckRequest, CheckResponse,
};
use envoy_types::ext_authz::v3::{CheckRequestExt, CheckResponseExt};
use hello_world::greeter_server::{Greeter, GreeterServer};
use hello_world::{HelloReply, HelloRequest};
use tonic::{Request, Response, Status, transport::Server};

#[derive(Default)]
struct MyServer;

#[tonic::async_trait]
impl Authorization for MyServer {
    async fn check(
        &self,
        request: Request<CheckRequest>,
    ) -> Result<Response<CheckResponse>, Status> {
        let request = request.into_inner();

        let client_headers = request
            .get_client_headers()
            .ok_or_else(|| Status::invalid_argument("client headers not populated by envoy"))?;

        let mut request_status = Status::unauthenticated("not authorized");

        if let Some(authorization) = client_headers.get("authorization") {
            if authorization == "Bearer valid-token" {
                request_status = Status::ok("request is valid");
            }
        }

        Ok(Response::new(CheckResponse::with_status(request_status)))
    }
}

pub mod authz_rpc {
    tonic::include_proto!("authz.rpc");
}

#[derive(Debug, Default)]
pub struct MyAbility {}

#[tonic::async_trait]
impl Ability for MyAbility {
    async fn allowed(
        &self,
        request: Request<AllowRequest>,
    ) -> Result<Response<AllowReply>, Status> {
        println!("Got a request: {:?}", request);

        let reply = AllowReply { result: true };
        Ok(Response::new(reply))
    }
}

pub mod hello_world {
    tonic::include_proto!("helloworld");
}

#[derive(Debug, Default)]
pub struct MyGreeter {}

#[tonic::async_trait]
impl Greeter for MyGreeter {
    async fn say_hello(
        &self,
        request: Request<HelloRequest>,
    ) -> Result<Response<HelloReply>, Status> {
        println!("Got a request: {:?}", request);

        let reply = HelloReply {
            message: format!("Hello {}!", request.into_inner().name),
        };

        Ok(Response::new(reply))
    }
}

#[tokio::main]
async fn main() -> Result<(), Box<dyn std::error::Error>> {
    let addr = "[::1]:50051".parse()?;

    Server::builder()
        .add_service(GreeterServer::new(MyGreeter::default()))
        .add_service(AbilityServer::new(MyAbility::default()))
        .add_service(AuthorizationServer::new(MyServer::default()))
        .serve(addr)
        .await?;

    Ok(())
}
generated by cgit v1.2.3 (git 2.39.1) at 2026-02-02 04:13:11 +0000