mirror of
https://gitlab.com/pulsechaincom/prysm-pulse.git
synced 2024-12-25 21:07:18 +00:00
ba440abe2d
* store wallet pass on creation * store wallet hash * save hash to wallet dir * initialize wallet hash * gaz * imports spacing * remove mentions of hashed pass from db schema * simplify the wallet hash code * comment removal * Merge branch 'master' into fix-password-override * pass tests * test fix * Merge branch 'fix-password-override' of github.com:prysmaticlabs/prysm into fix-password-override * remove extraneous printfs * tests passing * require auth for create wallet * gaz * fix signup logic * Merge refs/heads/master into fix-password-override * Merge refs/heads/master into fix-password-override * Merge refs/heads/master into fix-password-override * Merge refs/heads/master into fix-password-override * Merge branch 'master' into fix-password-override
77 lines
2.1 KiB
Go
77 lines
2.1 KiB
Go
package rpc
|
|
|
|
import (
|
|
"context"
|
|
"strings"
|
|
"sync"
|
|
|
|
"github.com/dgrijalva/jwt-go"
|
|
"github.com/pkg/errors"
|
|
"google.golang.org/grpc"
|
|
"google.golang.org/grpc/codes"
|
|
"google.golang.org/grpc/metadata"
|
|
"google.golang.org/grpc/status"
|
|
)
|
|
|
|
// noAuthPaths keeps track of the paths which do not require
|
|
// authentication from our API.
|
|
var (
|
|
noAuthPaths = map[string]bool{
|
|
"/ethereum.validator.accounts.v2.Auth/Signup": true,
|
|
"/ethereum.validator.accounts.v2.Auth/Login": true,
|
|
"/ethereum.validator.accounts.v2.Wallet/WalletConfig": true,
|
|
"/ethereum.validator.accounts.v2.Wallet/GenerateMnemonic": true,
|
|
}
|
|
authLock sync.RWMutex
|
|
)
|
|
|
|
// JWTInterceptor is a gRPC unary interceptor to authorize incoming requests
|
|
// for methods that are NOT in the noAuthPaths configuration map.
|
|
func (s *Server) JWTInterceptor() grpc.UnaryServerInterceptor {
|
|
return func(
|
|
ctx context.Context,
|
|
req interface{},
|
|
info *grpc.UnaryServerInfo,
|
|
handler grpc.UnaryHandler,
|
|
) (interface{}, error) {
|
|
// Skip authorize when the path doesn't require auth.
|
|
authLock.RLock()
|
|
shouldAuthenticate := !noAuthPaths[info.FullMethod]
|
|
authLock.RUnlock()
|
|
if shouldAuthenticate {
|
|
if err := s.authorize(ctx); err != nil {
|
|
return nil, err
|
|
}
|
|
}
|
|
|
|
h, err := handler(ctx, req)
|
|
log.Debugf("Request - Method: %s, Error: %v\n", info.FullMethod, err)
|
|
return h, err
|
|
}
|
|
}
|
|
|
|
// Authorize the token received is valid.
|
|
func (s *Server) authorize(ctx context.Context) error {
|
|
md, ok := metadata.FromIncomingContext(ctx)
|
|
if !ok {
|
|
return status.Errorf(codes.InvalidArgument, "Retrieving metadata failed")
|
|
}
|
|
|
|
authHeader, ok := md["authorization"]
|
|
if !ok {
|
|
return status.Errorf(codes.Unauthenticated, "Authorization token could not be found")
|
|
}
|
|
checkParsedKey := func(*jwt.Token) (interface{}, error) {
|
|
return s.jwtKey, nil
|
|
}
|
|
if len(authHeader) < 1 || !strings.Contains(authHeader[0], "Bearer ") {
|
|
return status.Error(codes.Unauthenticated, "Invalid auth header, needs Bearer {token}")
|
|
}
|
|
token := strings.Split(authHeader[0], "Bearer ")[1]
|
|
_, err := jwt.Parse(token, checkParsedKey)
|
|
if err != nil {
|
|
return errors.Wrap(err, "Could not parse JWT token")
|
|
}
|
|
return nil
|
|
}
|