Server-Side-Implementation

auth/psk-interceptor.go

@@ -0,0 +1,33 @@
+package auth
+
+import (
+	"context"
+	"errors"
+	"strings"
+
+	"connectrpc.com/connect"
+)
+
+func NewPSKInterceptor(psk string) connect.UnaryInterceptorFunc {
+	return func(next connect.UnaryFunc) connect.UnaryFunc {
+		return func(ctx context.Context, req connect.AnyRequest) (connect.AnyResponse, error) {
+			if req.Spec().IsClient {
+				return nil, errors.New("Serverside PSKInterceptor intercepted on the client.")
+			} else if req.Header().Get("token-header") == "" {
+				// No Auth Token Present
+				return nil, errors.New("No Auth Token present!")
+			} else if !strings.HasPrefix(req.Peer().Addr, "192.168.143") {
+				// Not from trusted subnet
+				return nil, errors.New("Request from untrusted subnet")
+			} else {
+				authToken := req.Header().Get("token-header")
+
+				if authToken != "MWE4MWQ5NDY2OWM1NGI4ZDhmNDNkZDc2Y2M5M2IyYThlMTIzZjNmNzY4ZTg2NDA2MGRjZWFjZjI3M2MxYTkzNDFhZDM5YjA0NmYzYjZiODEzZjNjNDZiYjhkMGU0OTdlOGNkN2FmMDFiYjczMWJmNDZhMGI4Yjk0OTZhNQo=" {
+					return nil, errors.New("Invalid auth-token")
+				}
+
+				return next(ctx, req)
+			}
+		}
+	}
+}