34 lines
1.0 KiB
Go
34 lines
1.0 KiB
Go
package auth
|
|
|
|
import (
|
|
"context"
|
|
"errors"
|
|
"strings"
|
|
|
|
"connectrpc.com/connect"
|
|
)
|
|
|
|
func NewPSKInterceptor(psk string) connect.UnaryInterceptorFunc {
|
|
return func(next connect.UnaryFunc) connect.UnaryFunc {
|
|
return func(ctx context.Context, req connect.AnyRequest) (connect.AnyResponse, error) {
|
|
if req.Spec().IsClient {
|
|
return nil, errors.New("Serverside PSKInterceptor intercepted on the client.")
|
|
} else if req.Header().Get("token-header") == "" {
|
|
// No Auth Token Present
|
|
return nil, errors.New("No Auth Token present!")
|
|
} else if !strings.HasPrefix(req.Peer().Addr, "192.168.143") {
|
|
// Not from trusted subnet
|
|
return nil, errors.New("Request from untrusted subnet")
|
|
} else {
|
|
authToken := req.Header().Get("token-header")
|
|
|
|
if authToken != "MWE4MWQ5NDY2OWM1NGI4ZDhmNDNkZDc2Y2M5M2IyYThlMTIzZjNmNzY4ZTg2NDA2MGRjZWFjZjI3M2MxYTkzNDFhZDM5YjA0NmYzYjZiODEzZjNjNDZiYjhkMGU0OTdlOGNkN2FmMDFiYjczMWJmNDZhMGI4Yjk0OTZhNQo=" {
|
|
return nil, errors.New("Invalid auth-token")
|
|
}
|
|
|
|
return next(ctx, req)
|
|
}
|
|
}
|
|
}
|
|
}
|