Mainflux.mainflux/auth/api/grpc/server.go

// Copyright (c) Mainflux
// SPDX-License-Identifier: Apache-2.0

package grpc

import (
	"context"

	kitot "github.com/go-kit/kit/tracing/opentracing"
	kitgrpc "github.com/go-kit/kit/transport/grpc"
	"github.com/golang/protobuf/ptypes/empty"
	mainflux "github.com/mainflux/mainflux"
	"github.com/mainflux/mainflux/auth"
	"github.com/mainflux/mainflux/pkg/errors"
	opentracing "github.com/opentracing/opentracing-go"
	"google.golang.org/grpc/codes"
	"google.golang.org/grpc/status"
)

var _ mainflux.AuthServiceServer = (*grpcServer)(nil)

type grpcServer struct {
	issue     kitgrpc.Handler
	identify  kitgrpc.Handler
	authorize kitgrpc.Handler
	assign    kitgrpc.Handler
	members   kitgrpc.Handler
}

// NewServer returns new AuthServiceServer instance.
func NewServer(tracer opentracing.Tracer, svc auth.Service) mainflux.AuthServiceServer {
	return &grpcServer{
		issue: kitgrpc.NewServer(
			kitot.TraceServer(tracer, "issue")(issueEndpoint(svc)),
			decodeIssueRequest,
			encodeIssueResponse,
		),
		identify: kitgrpc.NewServer(
			kitot.TraceServer(tracer, "identify")(identifyEndpoint(svc)),
			decodeIdentifyRequest,
			encodeIdentifyResponse,
		),
		authorize: kitgrpc.NewServer(
			kitot.TraceServer(tracer, "authorize")(authorizeEndpoint(svc)),
			decodeAuthorizeRequest,
			encodeAuthorizeResponse,
		),
		assign: kitgrpc.NewServer(
			kitot.TraceServer(tracer, "assign")(assignEndpoint(svc)),
			decodeAssignRequest,
			encodeEmptyResponse,
		),
		members: kitgrpc.NewServer(
			kitot.TraceServer(tracer, "members")(membersEndpoint(svc)),
			decodeMembersRequest,
			encodeMembersResponse,
		),
	}
}

func (s *grpcServer) Issue(ctx context.Context, req *mainflux.IssueReq) (*mainflux.Token, error) {
	_, res, err := s.issue.ServeGRPC(ctx, req)
	if err != nil {
		return nil, encodeError(err)
	}
	return res.(*mainflux.Token), nil
}

func (s *grpcServer) Identify(ctx context.Context, token *mainflux.Token) (*mainflux.UserIdentity, error) {
	_, res, err := s.identify.ServeGRPC(ctx, token)
	if err != nil {
		return nil, encodeError(err)
	}
	return res.(*mainflux.UserIdentity), nil
}

func (s *grpcServer) Authorize(ctx context.Context, token *mainflux.AuthorizeReq) (*mainflux.AuthorizeRes, error) {
	_, res, err := s.authorize.ServeGRPC(ctx, token)
	if err != nil {
		return nil, encodeError(err)
	}
	return res.(*mainflux.AuthorizeRes), nil
}

func (s *grpcServer) Assign(ctx context.Context, token *mainflux.Assignment) (*empty.Empty, error) {
	_, res, err := s.assign.ServeGRPC(ctx, token)
	if err != nil {
		return nil, encodeError(err)
	}
	return res.(*empty.Empty), nil
}

func (s *grpcServer) Members(ctx context.Context, token *mainflux.MembersReq) (*mainflux.MembersRes, error) {
	_, res, err := s.members.ServeGRPC(ctx, token)
	if err != nil {
		return nil, encodeError(err)
	}
	return res.(*mainflux.MembersRes), nil
}

func decodeIssueRequest(_ context.Context, grpcReq interface{}) (interface{}, error) {
	req := grpcReq.(*mainflux.IssueReq)
	return issueReq{id: req.GetId(), email: req.GetEmail(), keyType: req.GetType()}, nil
}

func encodeIssueResponse(_ context.Context, grpcRes interface{}) (interface{}, error) {
	res := grpcRes.(issueRes)
	return &mainflux.Token{Value: res.value}, nil
}

func decodeIdentifyRequest(_ context.Context, grpcReq interface{}) (interface{}, error) {
	req := grpcReq.(*mainflux.Token)
	return identityReq{token: req.GetValue()}, nil
}

func encodeIdentifyResponse(_ context.Context, grpcRes interface{}) (interface{}, error) {
	res := grpcRes.(identityRes)
	return &mainflux.UserIdentity{Id: res.id, Email: res.email}, nil
}

func decodeAuthorizeRequest(_ context.Context, grpcReq interface{}) (interface{}, error) {
	req := grpcReq.(*mainflux.AuthorizeReq)
	return authReq{Act: req.Act, Obj: req.Obj, Sub: req.Sub}, nil
}

func encodeAuthorizeResponse(_ context.Context, grpcRes interface{}) (interface{}, error) {
	res := grpcRes.(*mainflux.AuthorizeRes)
	return res, nil
}

func decodeAssignRequest(_ context.Context, grpcReq interface{}) (interface{}, error) {
	req := grpcReq.(*mainflux.Token)
	return assignReq{token: req.GetValue()}, nil
}

func decodeMembersRequest(_ context.Context, grpcReq interface{}) (interface{}, error) {
	req := grpcReq.(*mainflux.MembersReq)
	return membersReq{token: req.GetToken(), groupID: req.GetGroupID()}, nil
}

func encodeMembersResponse(_ context.Context, grpcRes interface{}) (interface{}, error) {
	res := grpcRes.(*mainflux.MembersRes)
	return membersRes{
		total:     res.GetTotal(),
		offset:    res.GetOffset(),
		limit:     res.GetLimit(),
		groupType: res.GetType(),
		members:   res.GetMembers(),
	}, nil
}

func encodeEmptyResponse(_ context.Context, grpcRes interface{}) (interface{}, error) {
	res := grpcRes.(emptyRes)
	return &empty.Empty{}, encodeError(res.err)
}

func encodeError(err error) error {
	switch {
	case errors.Contains(err, nil):
		return nil
	case errors.Contains(err, auth.ErrMalformedEntity):
		return status.Error(codes.InvalidArgument, "received invalid token request")
	case errors.Contains(err, auth.ErrUnauthorizedAccess):
		return status.Error(codes.Unauthenticated, err.Error())
	case errors.Contains(err, auth.ErrKeyExpired):
		return status.Error(codes.Unauthenticated, err.Error())
	default:
		return status.Error(codes.Internal, "internal server error")
	}
}
NOISSUE - Merge authz and authn into new service auth (#1313) * remove owner id Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * move authz into authn and merge into new service Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * add groups Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * add groups Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * add groups endpoints Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * add group type Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * adding mocks, some renaming, refactor Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * update proto Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * adding mocks, some renaming, refactor Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * fix linter err,and comments Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * undo renaming, add interface for authn and authz Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * renam some variables Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * renaming Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * remove extra slashes from comment Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * resolving small remarks Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> 2020-12-29 23:02:35 +01:00			`// Copyright (c) Mainflux`
			`// SPDX-License-Identifier: Apache-2.0`

			`package grpc`

			`import (`
			`"context"`

			`kitot "github.com/go-kit/kit/tracing/opentracing"`
			`kitgrpc "github.com/go-kit/kit/transport/grpc"`
			`"github.com/golang/protobuf/ptypes/empty"`
			`mainflux "github.com/mainflux/mainflux"`
			`"github.com/mainflux/mainflux/auth"`
			`"github.com/mainflux/mainflux/pkg/errors"`
			`opentracing "github.com/opentracing/opentracing-go"`
			`"google.golang.org/grpc/codes"`
			`"google.golang.org/grpc/status"`
			`)`

			`var _ mainflux.AuthServiceServer = (*grpcServer)(nil)`

			`type grpcServer struct {`
			`issue kitgrpc.Handler`
			`identify kitgrpc.Handler`
			`authorize kitgrpc.Handler`
			`assign kitgrpc.Handler`
			`members kitgrpc.Handler`
			`}`

NOISSUE - Fix Auth typo (#1319) Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com> 2021-01-11 10:00:13 +01:00			`// NewServer returns new AuthServiceServer instance.`
NOISSUE - Merge authz and authn into new service auth (#1313) * remove owner id Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * move authz into authn and merge into new service Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * add groups Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * add groups Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * add groups endpoints Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * add group type Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * adding mocks, some renaming, refactor Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * update proto Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * adding mocks, some renaming, refactor Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * fix linter err,and comments Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * undo renaming, add interface for authn and authz Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * renam some variables Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * renaming Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * remove extra slashes from comment Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * resolving small remarks Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> 2020-12-29 23:02:35 +01:00			`func NewServer(tracer opentracing.Tracer, svc auth.Service) mainflux.AuthServiceServer {`
			`return &grpcServer{`
			`issue: kitgrpc.NewServer(`
			`kitot.TraceServer(tracer, "issue")(issueEndpoint(svc)),`
			`decodeIssueRequest,`
			`encodeIssueResponse,`
			`),`
			`identify: kitgrpc.NewServer(`
			`kitot.TraceServer(tracer, "identify")(identifyEndpoint(svc)),`
			`decodeIdentifyRequest,`
			`encodeIdentifyResponse,`
			`),`
			`authorize: kitgrpc.NewServer(`
			`kitot.TraceServer(tracer, "authorize")(authorizeEndpoint(svc)),`
			`decodeAuthorizeRequest,`
			`encodeAuthorizeResponse,`
			`),`
			`assign: kitgrpc.NewServer(`
			`kitot.TraceServer(tracer, "assign")(assignEndpoint(svc)),`
			`decodeAssignRequest,`
			`encodeEmptyResponse,`
			`),`
			`members: kitgrpc.NewServer(`
			`kitot.TraceServer(tracer, "members")(membersEndpoint(svc)),`
			`decodeMembersRequest,`
			`encodeMembersResponse,`
			`),`
			`}`
			`}`

			`func (s grpcServer) Issue(ctx context.Context, req mainflux.IssueReq) (*mainflux.Token, error) {`
			`_, res, err := s.issue.ServeGRPC(ctx, req)`
			`if err != nil {`
			`return nil, encodeError(err)`
			`}`
			`return res.(*mainflux.Token), nil`
			`}`

			`func (s grpcServer) Identify(ctx context.Context, token mainflux.Token) (*mainflux.UserIdentity, error) {`
			`_, res, err := s.identify.ServeGRPC(ctx, token)`
			`if err != nil {`
			`return nil, encodeError(err)`
			`}`
			`return res.(*mainflux.UserIdentity), nil`
			`}`

			`func (s grpcServer) Authorize(ctx context.Context, token mainflux.AuthorizeReq) (*mainflux.AuthorizeRes, error) {`
			`_, res, err := s.authorize.ServeGRPC(ctx, token)`
			`if err != nil {`
			`return nil, encodeError(err)`
			`}`
			`return res.(*mainflux.AuthorizeRes), nil`
			`}`

			`func (s grpcServer) Assign(ctx context.Context, token mainflux.Assignment) (*empty.Empty, error) {`
			`_, res, err := s.assign.ServeGRPC(ctx, token)`
			`if err != nil {`
			`return nil, encodeError(err)`
			`}`
			`return res.(*empty.Empty), nil`
			`}`

			`func (s grpcServer) Members(ctx context.Context, token mainflux.MembersReq) (*mainflux.MembersRes, error) {`
			`_, res, err := s.members.ServeGRPC(ctx, token)`
			`if err != nil {`
			`return nil, encodeError(err)`
			`}`
			`return res.(*mainflux.MembersRes), nil`
			`}`

			`func decodeIssueRequest(_ context.Context, grpcReq interface{}) (interface{}, error) {`
			`req := grpcReq.(*mainflux.IssueReq)`
			`return issueReq{id: req.GetId(), email: req.GetEmail(), keyType: req.GetType()}, nil`
			`}`

			`func encodeIssueResponse(_ context.Context, grpcRes interface{}) (interface{}, error) {`
			`res := grpcRes.(issueRes)`
			`return &mainflux.Token{Value: res.value}, nil`
			`}`

			`func decodeIdentifyRequest(_ context.Context, grpcReq interface{}) (interface{}, error) {`
			`req := grpcReq.(*mainflux.Token)`
			`return identityReq{token: req.GetValue()}, nil`
			`}`

			`func encodeIdentifyResponse(_ context.Context, grpcRes interface{}) (interface{}, error) {`
			`res := grpcRes.(identityRes)`
			`return &mainflux.UserIdentity{Id: res.id, Email: res.email}, nil`
			`}`

			`func decodeAuthorizeRequest(_ context.Context, grpcReq interface{}) (interface{}, error) {`
			`req := grpcReq.(*mainflux.AuthorizeReq)`
			`return authReq{Act: req.Act, Obj: req.Obj, Sub: req.Sub}, nil`
			`}`

			`func encodeAuthorizeResponse(_ context.Context, grpcRes interface{}) (interface{}, error) {`
			`res := grpcRes.(*mainflux.AuthorizeRes)`
			`return res, nil`
			`}`

			`func decodeAssignRequest(_ context.Context, grpcReq interface{}) (interface{}, error) {`
			`req := grpcReq.(*mainflux.Token)`
			`return assignReq{token: req.GetValue()}, nil`
			`}`

			`func decodeMembersRequest(_ context.Context, grpcReq interface{}) (interface{}, error) {`
			`req := grpcReq.(*mainflux.MembersReq)`
			`return membersReq{token: req.GetToken(), groupID: req.GetGroupID()}, nil`
			`}`

			`func encodeMembersResponse(_ context.Context, grpcRes interface{}) (interface{}, error) {`
			`res := grpcRes.(*mainflux.MembersRes)`
			`return membersRes{`
			`total: res.GetTotal(),`
			`offset: res.GetOffset(),`
			`limit: res.GetLimit(),`
			`groupType: res.GetType(),`
			`members: res.GetMembers(),`
			`}, nil`
			`}`

			`func encodeEmptyResponse(_ context.Context, grpcRes interface{}) (interface{}, error) {`
			`res := grpcRes.(emptyRes)`
			`return &empty.Empty{}, encodeError(res.err)`
			`}`

			`func encodeError(err error) error {`
			`switch {`
			`case errors.Contains(err, nil):`
			`return nil`
			`case errors.Contains(err, auth.ErrMalformedEntity):`
			`return status.Error(codes.InvalidArgument, "received invalid token request")`
			`case errors.Contains(err, auth.ErrUnauthorizedAccess):`
			`return status.Error(codes.Unauthenticated, err.Error())`
			`case errors.Contains(err, auth.ErrKeyExpired):`
			`return status.Error(codes.Unauthenticated, err.Error())`
			`default:`
			`return status.Error(codes.Internal, "internal server error")`
			`}`
			`}`