From 94afd684606cc6f0a747c745b480db3185c3ac0b Mon Sep 17 00:00:00 2001 From: Tim Beatham Date: Sun, 1 Oct 2023 19:01:35 +0100 Subject: [PATCH] Implemented JWT authentication --- .vscode/settings.json | 3 +- cmd/wgmeshd/configuration.yaml | 3 + cmd/wgmeshd/main.go | 23 ++- pkg/auth/jwt.go | 121 +++++++++++++++ pkg/conf/conf.go | 35 +++++ pkg/conn/conn.go | 81 ++++++++++ pkg/ctrlserver/ctrlserver.go | 7 +- pkg/ctrlserver/ctrltypes.go | 10 +- pkg/middleware/auth.go | 34 +++++ pkg/robin/robin_requester.go | 8 +- pkg/rpc/authentication.pb.go | 236 ++++++++++++++++++++++++++++++ pkg/rpc/authentication_grpc.pb.go | 105 +++++++++++++ pkg/rpc/ctrlserver.pb.go | 5 +- pkg/rpc/rpc.go | 8 +- 14 files changed, 659 insertions(+), 20 deletions(-) create mode 100644 cmd/wgmeshd/configuration.yaml create mode 100644 pkg/auth/jwt.go create mode 100644 pkg/conf/conf.go create mode 100644 pkg/conn/conn.go create mode 100644 pkg/middleware/auth.go create mode 100644 pkg/rpc/authentication.pb.go create mode 100644 pkg/rpc/authentication_grpc.pb.go diff --git a/.vscode/settings.json b/.vscode/settings.json index 993b529..80e4f53 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -1,5 +1,4 @@ { - "editor.insertSpaces": true, "editor.tabSize": 4, - "editor.detectIndentation": false + "editor.detectIndentation": true } \ No newline at end of file diff --git a/cmd/wgmeshd/configuration.yaml b/cmd/wgmeshd/configuration.yaml new file mode 100644 index 0000000..bee0863 --- /dev/null +++ b/cmd/wgmeshd/configuration.yaml @@ -0,0 +1,3 @@ +certificatePath: "../../cert/cert.pem" +privateKeyPath: "../../cert/key.pem" +skipCertVerification: true \ No newline at end of file diff --git a/cmd/wgmeshd/main.go b/cmd/wgmeshd/main.go index ce0af52..46447ad 100644 --- a/cmd/wgmeshd/main.go +++ b/cmd/wgmeshd/main.go @@ -4,8 +4,11 @@ import ( "log" "net" + "github.com/tim-beatham/wgmesh/pkg/conf" + "github.com/tim-beatham/wgmesh/pkg/conn" ctrlserver "github.com/tim-beatham/wgmesh/pkg/ctrlserver" "github.com/tim-beatham/wgmesh/pkg/ipc" + "github.com/tim-beatham/wgmesh/pkg/middleware" "github.com/tim-beatham/wgmesh/pkg/robin" "github.com/tim-beatham/wgmesh/pkg/rpc" wg "github.com/tim-beatham/wgmesh/pkg/wg" @@ -20,7 +23,21 @@ func main() { log.Fatalf("Could not create interface %s\n", ifName) } - ctrlServer := ctrlserver.NewCtrlServer(wgClient, "wgmesh") + conf, err := conf.ParseConfiguration("./configuration.yaml") + + newConnParams := conn.NewConnectionsParams{ + CertificatePath: conf.CertificatePath, + PrivateKey: conf.PrivateKeyPath, + SkipCertVerification: conf.SkipCertVerification, + } + + conn, err := conn.NewConnection(&newConnParams) + + if err != nil { + return + } + + ctrlServer := ctrlserver.NewCtrlServer(wgClient, conn, "wgmesh") log.Println("Running IPC Handler") @@ -28,7 +45,9 @@ func main() { robinRpc := robin.NewRobinRpc(ctrlServer) go ipc.RunIpcHandler(robinIpc) - grpc := rpc.NewRpcServer(*&robinRpc) + + grpc := conn.Listen(ctrlServer.JwtManager.GetAuthInterceptor()) + rpc.NewRpcServer(grpc, robinRpc, middleware.NewAuthProvider(ctrlServer)) lis, err := net.Listen("tcp", ":8080") if err := grpc.Serve(lis); err != nil { diff --git a/pkg/auth/jwt.go b/pkg/auth/jwt.go new file mode 100644 index 0000000..15ad9f4 --- /dev/null +++ b/pkg/auth/jwt.go @@ -0,0 +1,121 @@ +package auth + +import ( + "context" + "errors" + "time" + + "github.com/golang-jwt/jwt/v5" + "google.golang.org/grpc" + "google.golang.org/grpc/codes" + "google.golang.org/grpc/metadata" + "google.golang.org/grpc/status" +) + +// JwtMesh contains all the sessions with the mesh network +type JwtMesh struct { + meshId string + // nodes contains a set of nodes with the string being the jwt token + nodes map[string]interface{} +} + +// JwtManager manages jwt tokens indicating a session +// between this host and another within a specific mesh +type JwtManager struct { + secretKey string + tokenDuration time.Duration + // meshes contains all the meshes that we have sessions with + meshes map[string]*JwtMesh +} + +// JwtNode represents a jwt node in the mesh network +type JwtNode struct { + MeshId string `json:"meshId"` + Alias string `json:"alias"` + jwt.RegisteredClaims +} + +func NewJwtManager(secretKey string, tokenDuration time.Duration) *JwtManager { + meshes := make(map[string]*JwtMesh) + return &JwtManager{secretKey, tokenDuration, meshes} +} + +func (m *JwtManager) CreateClaims(meshId string, alias string) (*string, error) { + node := JwtNode{ + MeshId: meshId, + Alias: alias, + RegisteredClaims: jwt.RegisteredClaims{ + ExpiresAt: jwt.NewNumericDate(time.Now().Add(m.tokenDuration)), + }, + } + + mesh, contains := m.meshes[meshId] + + if !contains { + return nil, errors.New("The specified mesh does not exist") + } + + token := jwt.NewWithClaims(jwt.SigningMethodES256, node) + signedString, err := token.SignedString([]byte(m.secretKey)) + + if err != nil { + return nil, err + } + + _, exists := mesh.nodes[signedString] + + if exists { + return nil, errors.New("Node already exists") + } + + mesh.nodes[signedString] = struct{}{} + return &signedString, nil +} + +func (m *JwtManager) Verify(accessToken string) (*JwtNode, bool) { + token, err := jwt.ParseWithClaims(accessToken, &JwtNode{}, func(t *jwt.Token) (interface{}, error) { + return []byte(m.secretKey), nil + }) + + if err != nil { + return nil, false + } + + if !token.Valid { + return nil, token.Valid + } + + claims, ok := token.Claims.(*JwtNode) + return claims, ok +} + +func (m *JwtManager) GetAuthInterceptor() grpc.UnaryServerInterceptor { + return func( + ctx context.Context, + req interface{}, + info *grpc.UnaryServerInfo, + handler grpc.UnaryHandler, + ) (interface{}, error) { + md, ok := metadata.FromIncomingContext(ctx) + + if !ok { + return nil, status.Errorf(codes.Unauthenticated, "metadata is not provided") + } + + values := md["authorization"] + + if len(values) == 0 { + return nil, status.Errorf(codes.Unauthenticated, "authorization token is not provided") + } + + acessToken := values[0] + + _, valid := m.Verify(acessToken) + + if !valid { + return nil, status.Errorf(codes.Unauthenticated, "Invalid access token: %s", acessToken) + } + + return handler(ctx, req) + } +} diff --git a/pkg/conf/conf.go b/pkg/conf/conf.go new file mode 100644 index 0000000..3b0239e --- /dev/null +++ b/pkg/conf/conf.go @@ -0,0 +1,35 @@ +// conf defines configuration file parsing for golang +package conf + +import ( + "os" + + logging "github.com/tim-beatham/wgmesh/pkg/log" + "gopkg.in/yaml.v3" +) + +type WgMeshConfiguration struct { + CertificatePath string `yaml:"certificatePath"` + PrivateKeyPath string `yaml:"privateKeyPath"` + SkipCertVerification bool `yaml:"skipCertVerification"` +} + +func ParseConfiguration(filePath string) (*WgMeshConfiguration, error) { + var conf WgMeshConfiguration + + yamlBytes, err := os.ReadFile(filePath) + + if err != nil { + logging.ErrorLog.Printf("Read file error: %s\n", err.Error()) + return nil, err + } + + err = yaml.Unmarshal(yamlBytes, &conf) + + if err != nil { + logging.ErrorLog.Printf("Unmarshal error: %s\n", err.Error()) + return nil, err + } + + return &conf, nil +} diff --git a/pkg/conn/conn.go b/pkg/conn/conn.go new file mode 100644 index 0000000..8f22e82 --- /dev/null +++ b/pkg/conn/conn.go @@ -0,0 +1,81 @@ +// conn manages gRPC connections between peers. +// Includes timers. +package conn + +import ( + "crypto/tls" + + logging "github.com/tim-beatham/wgmesh/pkg/log" + "google.golang.org/grpc" + "google.golang.org/grpc/credentials" +) + +// PeerConnection interfacing for a secure connection between +// two peers. +type PeerConnection interface { + Connect() error +} + +type WgCtrlConnection struct { + serverConfig *tls.Config + clientConfig *tls.Config + conn *grpc.ClientConn +} + +type NewConnectionsParams struct { + CertificatePath string + PrivateKey string + SkipCertVerification bool +} + +func NewConnection(params *NewConnectionsParams) (*WgCtrlConnection, error) { + cert, err := tls.LoadX509KeyPair(params.CertificatePath, params.PrivateKey) + + if err != nil { + logging.ErrorLog.Printf("Failed to load key pair: %s\n", err.Error()) + logging.ErrorLog.Printf("Certificate Path: %s\n", params.CertificatePath) + logging.ErrorLog.Printf("Private Key Path: %s\n", params.PrivateKey) + return nil, err + } + + serverAuth := tls.RequireAndVerifyClientCert + + if params.SkipCertVerification { + serverAuth = tls.RequireAnyClientCert + } + + tlsConfig := &tls.Config{ + ClientAuth: serverAuth, + Certificates: []tls.Certificate{cert}, + } + + clientConfig := &tls.Config{ + Certificates: []tls.Certificate{cert}, + InsecureSkipVerify: params.SkipCertVerification, + } + + wgConnection := WgCtrlConnection{serverConfig: tlsConfig, clientConfig: clientConfig} + + return &wgConnection, nil +} + +// Connect: Connects to a new gRPC peer given the address of the other server +func (c *WgCtrlConnection) Connect(server string) (*grpc.ClientConn, error) { + conn, err := grpc.Dial(server, grpc.WithTransportCredentials(credentials.NewTLS(c.clientConfig))) + + if err != nil { + logging.ErrorLog.Printf("Could not connect: %s\n", err.Error()) + return nil, err + } + + return conn, nil +} + +// Listen: listens to incoming messages +func (c *WgCtrlConnection) Listen(i grpc.UnaryServerInterceptor) *grpc.Server { + server := grpc.NewServer( + grpc.UnaryInterceptor(i), + grpc.Creds(credentials.NewTLS(c.serverConfig)), + ) + return server +} diff --git a/pkg/ctrlserver/ctrlserver.go b/pkg/ctrlserver/ctrlserver.go index 9838b1c..a9fa360 100644 --- a/pkg/ctrlserver/ctrlserver.go +++ b/pkg/ctrlserver/ctrlserver.go @@ -8,7 +8,10 @@ package ctrlserver import ( "errors" "net" + "time" + "github.com/tim-beatham/wgmesh/pkg/auth" + "github.com/tim-beatham/wgmesh/pkg/conn" "github.com/tim-beatham/wgmesh/pkg/lib" "github.com/tim-beatham/wgmesh/pkg/wg" "golang.zx2c4.com/wireguard/wgctrl" @@ -21,11 +24,13 @@ import ( * wgClient: Represents the WireGuard control client. * ifName: WireGuard interface name */ -func NewCtrlServer(wgClient *wgctrl.Client, ifName string) *MeshCtrlServer { +func NewCtrlServer(wgClient *wgctrl.Client, conn *conn.WgCtrlConnection, ifName string) *MeshCtrlServer { ctrlServer := new(MeshCtrlServer) ctrlServer.Meshes = make(map[string]Mesh) ctrlServer.Client = wgClient + ctrlServer.Conn = conn ctrlServer.IfName = ifName + ctrlServer.JwtManager = auth.NewJwtManager("bob123", 24*time.Hour) return ctrlServer } diff --git a/pkg/ctrlserver/ctrltypes.go b/pkg/ctrlserver/ctrltypes.go index 0fae3fc..ec63c28 100644 --- a/pkg/ctrlserver/ctrltypes.go +++ b/pkg/ctrlserver/ctrltypes.go @@ -1,6 +1,8 @@ package ctrlserver import ( + "github.com/tim-beatham/wgmesh/pkg/auth" + "github.com/tim-beatham/wgmesh/pkg/conn" "golang.zx2c4.com/wireguard/wgctrl" "golang.zx2c4.com/wireguard/wgctrl/wgtypes" ) @@ -25,7 +27,9 @@ type Mesh struct { * is running */ type MeshCtrlServer struct { - Client *wgctrl.Client - Meshes map[string]Mesh - IfName string + Client *wgctrl.Client + Meshes map[string]Mesh + IfName string + Conn *conn.WgCtrlConnection + JwtManager *auth.JwtManager } diff --git a/pkg/middleware/auth.go b/pkg/middleware/auth.go new file mode 100644 index 0000000..9c9f362 --- /dev/null +++ b/pkg/middleware/auth.go @@ -0,0 +1,34 @@ +package middleware + +import ( + "context" + "errors" + + "github.com/tim-beatham/wgmesh/pkg/ctrlserver" + "github.com/tim-beatham/wgmesh/pkg/rpc" +) + +type AuthRpcProvider struct { + rpc.UnimplementedAuthenticationServer + server *ctrlserver.MeshCtrlServer +} + +func (a *AuthRpcProvider) JoinMesh(ctx context.Context, in *rpc.JoinAuthMeshRequest) (*rpc.JoinAuthMeshReply, error) { + meshId := in.MeshId + + if meshId == "" { + return nil, errors.New("Must specify the meshId") + } + + token, err := a.server.JwtManager.CreateClaims(in.MeshId, "sharedSecret") + + if err != nil { + return nil, err + } + + return &rpc.JoinAuthMeshReply{Success: true, Token: token}, nil +} + +func NewAuthProvider(ctrlServer *ctrlserver.MeshCtrlServer) *AuthRpcProvider { + return &AuthRpcProvider{server: ctrlServer} +} diff --git a/pkg/robin/robin_requester.go b/pkg/robin/robin_requester.go index 69fed7c..d24c086 100644 --- a/pkg/robin/robin_requester.go +++ b/pkg/robin/robin_requester.go @@ -15,8 +15,6 @@ import ( "github.com/tim-beatham/wgmesh/pkg/slaac" "github.com/tim-beatham/wgmesh/pkg/wg" "golang.zx2c4.com/wireguard/wgctrl/wgtypes" - "google.golang.org/grpc" - "google.golang.org/grpc/credentials/insecure" ) type RobinIpc struct { @@ -57,7 +55,7 @@ func (n *RobinIpc) ListMeshes(name string, reply *map[string]ctrlserver.Mesh) er } func updateMesh(n *RobinIpc, meshId string, endPoint string) error { - conn, err := grpc.Dial(endPoint, grpc.WithTransportCredentials(insecure.NewCredentials())) + conn, err := n.Server.Conn.Connect(endPoint) if err != nil { return err @@ -105,7 +103,7 @@ func updateMesh(n *RobinIpc, meshId string, endPoint string) error { } func updatePeer(n *RobinIpc, node ctrlserver.MeshNode, wgHost string, meshId string) error { - conn, err := grpc.Dial(node.HostEndpoint, grpc.WithTransportCredentials(insecure.NewCredentials())) + conn, err := n.Server.Conn.Connect(node.HostEndpoint) if err != nil { return err @@ -159,7 +157,7 @@ func updatePeers(n *RobinIpc, meshId string, wgHost string, nodesToExclude []str } func (n *RobinIpc) JoinMesh(args ipc.JoinMeshArgs, reply *string) error { - conn, err := grpc.Dial(args.IpAdress+":8080", grpc.WithTransportCredentials(insecure.NewCredentials())) + conn, err := n.Server.Conn.Connect(args.IpAdress + ":8080") if err != nil { return err diff --git a/pkg/rpc/authentication.pb.go b/pkg/rpc/authentication.pb.go new file mode 100644 index 0000000..3cf5a10 --- /dev/null +++ b/pkg/rpc/authentication.pb.go @@ -0,0 +1,236 @@ +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.28.1 +// protoc v3.21.12 +// source: pkg/grpc/ctrlserver/authentication.proto + +package rpc + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +type JoinAuthMeshRequest struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + MeshId string `protobuf:"bytes,1,opt,name=meshId,proto3" json:"meshId,omitempty"` + SharedSecret string `protobuf:"bytes,2,opt,name=sharedSecret,proto3" json:"sharedSecret,omitempty"` +} + +func (x *JoinAuthMeshRequest) Reset() { + *x = JoinAuthMeshRequest{} + if protoimpl.UnsafeEnabled { + mi := &file_pkg_grpc_ctrlserver_authentication_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *JoinAuthMeshRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*JoinAuthMeshRequest) ProtoMessage() {} + +func (x *JoinAuthMeshRequest) ProtoReflect() protoreflect.Message { + mi := &file_pkg_grpc_ctrlserver_authentication_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use JoinAuthMeshRequest.ProtoReflect.Descriptor instead. +func (*JoinAuthMeshRequest) Descriptor() ([]byte, []int) { + return file_pkg_grpc_ctrlserver_authentication_proto_rawDescGZIP(), []int{0} +} + +func (x *JoinAuthMeshRequest) GetMeshId() string { + if x != nil { + return x.MeshId + } + return "" +} + +func (x *JoinAuthMeshRequest) GetSharedSecret() string { + if x != nil { + return x.SharedSecret + } + return "" +} + +type JoinAuthMeshReply struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Success bool `protobuf:"varint,1,opt,name=success,proto3" json:"success,omitempty"` + Token *string `protobuf:"bytes,2,opt,name=token,proto3,oneof" json:"token,omitempty"` +} + +func (x *JoinAuthMeshReply) Reset() { + *x = JoinAuthMeshReply{} + if protoimpl.UnsafeEnabled { + mi := &file_pkg_grpc_ctrlserver_authentication_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *JoinAuthMeshReply) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*JoinAuthMeshReply) ProtoMessage() {} + +func (x *JoinAuthMeshReply) ProtoReflect() protoreflect.Message { + mi := &file_pkg_grpc_ctrlserver_authentication_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use JoinAuthMeshReply.ProtoReflect.Descriptor instead. +func (*JoinAuthMeshReply) Descriptor() ([]byte, []int) { + return file_pkg_grpc_ctrlserver_authentication_proto_rawDescGZIP(), []int{1} +} + +func (x *JoinAuthMeshReply) GetSuccess() bool { + if x != nil { + return x.Success + } + return false +} + +func (x *JoinAuthMeshReply) GetToken() string { + if x != nil && x.Token != nil { + return *x.Token + } + return "" +} + +var File_pkg_grpc_ctrlserver_authentication_proto protoreflect.FileDescriptor + +var file_pkg_grpc_ctrlserver_authentication_proto_rawDesc = []byte{ + 0x0a, 0x28, 0x70, 0x6b, 0x67, 0x2f, 0x67, 0x72, 0x70, 0x63, 0x2f, 0x63, 0x74, 0x72, 0x6c, 0x73, + 0x65, 0x72, 0x76, 0x65, 0x72, 0x2f, 0x61, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, + 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x08, 0x72, 0x70, 0x63, 0x74, + 0x79, 0x70, 0x65, 0x73, 0x22, 0x51, 0x0a, 0x13, 0x4a, 0x6f, 0x69, 0x6e, 0x41, 0x75, 0x74, 0x68, + 0x4d, 0x65, 0x73, 0x68, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x6d, + 0x65, 0x73, 0x68, 0x49, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x6d, 0x65, 0x73, + 0x68, 0x49, 0x64, 0x12, 0x22, 0x0a, 0x0c, 0x73, 0x68, 0x61, 0x72, 0x65, 0x64, 0x53, 0x65, 0x63, + 0x72, 0x65, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x73, 0x68, 0x61, 0x72, 0x65, + 0x64, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x22, 0x52, 0x0a, 0x11, 0x4a, 0x6f, 0x69, 0x6e, 0x41, + 0x75, 0x74, 0x68, 0x4d, 0x65, 0x73, 0x68, 0x52, 0x65, 0x70, 0x6c, 0x79, 0x12, 0x18, 0x0a, 0x07, + 0x73, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x73, + 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x12, 0x19, 0x0a, 0x05, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, + 0x02, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x05, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x88, 0x01, + 0x01, 0x42, 0x08, 0x0a, 0x06, 0x5f, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x32, 0x5a, 0x0a, 0x0e, 0x41, + 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x48, 0x0a, + 0x08, 0x4a, 0x6f, 0x69, 0x6e, 0x4d, 0x65, 0x73, 0x68, 0x12, 0x1d, 0x2e, 0x72, 0x70, 0x63, 0x74, + 0x79, 0x70, 0x65, 0x73, 0x2e, 0x4a, 0x6f, 0x69, 0x6e, 0x41, 0x75, 0x74, 0x68, 0x4d, 0x65, 0x73, + 0x68, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1b, 0x2e, 0x72, 0x70, 0x63, 0x74, 0x79, + 0x70, 0x65, 0x73, 0x2e, 0x4a, 0x6f, 0x69, 0x6e, 0x41, 0x75, 0x74, 0x68, 0x4d, 0x65, 0x73, 0x68, + 0x52, 0x65, 0x70, 0x6c, 0x79, 0x22, 0x00, 0x42, 0x09, 0x5a, 0x07, 0x70, 0x6b, 0x67, 0x2f, 0x72, + 0x70, 0x63, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, +} + +var ( + file_pkg_grpc_ctrlserver_authentication_proto_rawDescOnce sync.Once + file_pkg_grpc_ctrlserver_authentication_proto_rawDescData = file_pkg_grpc_ctrlserver_authentication_proto_rawDesc +) + +func file_pkg_grpc_ctrlserver_authentication_proto_rawDescGZIP() []byte { + file_pkg_grpc_ctrlserver_authentication_proto_rawDescOnce.Do(func() { + file_pkg_grpc_ctrlserver_authentication_proto_rawDescData = protoimpl.X.CompressGZIP(file_pkg_grpc_ctrlserver_authentication_proto_rawDescData) + }) + return file_pkg_grpc_ctrlserver_authentication_proto_rawDescData +} + +var file_pkg_grpc_ctrlserver_authentication_proto_msgTypes = make([]protoimpl.MessageInfo, 2) +var file_pkg_grpc_ctrlserver_authentication_proto_goTypes = []interface{}{ + (*JoinAuthMeshRequest)(nil), // 0: rpctypes.JoinAuthMeshRequest + (*JoinAuthMeshReply)(nil), // 1: rpctypes.JoinAuthMeshReply +} +var file_pkg_grpc_ctrlserver_authentication_proto_depIdxs = []int32{ + 0, // 0: rpctypes.Authentication.JoinMesh:input_type -> rpctypes.JoinAuthMeshRequest + 1, // 1: rpctypes.Authentication.JoinMesh:output_type -> rpctypes.JoinAuthMeshReply + 1, // [1:2] is the sub-list for method output_type + 0, // [0:1] is the sub-list for method input_type + 0, // [0:0] is the sub-list for extension type_name + 0, // [0:0] is the sub-list for extension extendee + 0, // [0:0] is the sub-list for field type_name +} + +func init() { file_pkg_grpc_ctrlserver_authentication_proto_init() } +func file_pkg_grpc_ctrlserver_authentication_proto_init() { + if File_pkg_grpc_ctrlserver_authentication_proto != nil { + return + } + if !protoimpl.UnsafeEnabled { + file_pkg_grpc_ctrlserver_authentication_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*JoinAuthMeshRequest); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_pkg_grpc_ctrlserver_authentication_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*JoinAuthMeshReply); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + file_pkg_grpc_ctrlserver_authentication_proto_msgTypes[1].OneofWrappers = []interface{}{} + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_pkg_grpc_ctrlserver_authentication_proto_rawDesc, + NumEnums: 0, + NumMessages: 2, + NumExtensions: 0, + NumServices: 1, + }, + GoTypes: file_pkg_grpc_ctrlserver_authentication_proto_goTypes, + DependencyIndexes: file_pkg_grpc_ctrlserver_authentication_proto_depIdxs, + MessageInfos: file_pkg_grpc_ctrlserver_authentication_proto_msgTypes, + }.Build() + File_pkg_grpc_ctrlserver_authentication_proto = out.File + file_pkg_grpc_ctrlserver_authentication_proto_rawDesc = nil + file_pkg_grpc_ctrlserver_authentication_proto_goTypes = nil + file_pkg_grpc_ctrlserver_authentication_proto_depIdxs = nil +} diff --git a/pkg/rpc/authentication_grpc.pb.go b/pkg/rpc/authentication_grpc.pb.go new file mode 100644 index 0000000..4d310b2 --- /dev/null +++ b/pkg/rpc/authentication_grpc.pb.go @@ -0,0 +1,105 @@ +// Code generated by protoc-gen-go-grpc. DO NOT EDIT. +// versions: +// - protoc-gen-go-grpc v1.2.0 +// - protoc v3.21.12 +// source: pkg/grpc/ctrlserver/authentication.proto + +package rpc + +import ( + context "context" + grpc "google.golang.org/grpc" + codes "google.golang.org/grpc/codes" + status "google.golang.org/grpc/status" +) + +// This is a compile-time assertion to ensure that this generated file +// is compatible with the grpc package it is being compiled against. +// Requires gRPC-Go v1.32.0 or later. +const _ = grpc.SupportPackageIsVersion7 + +// AuthenticationClient is the client API for Authentication service. +// +// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream. +type AuthenticationClient interface { + JoinMesh(ctx context.Context, in *JoinAuthMeshRequest, opts ...grpc.CallOption) (*JoinAuthMeshReply, error) +} + +type authenticationClient struct { + cc grpc.ClientConnInterface +} + +func NewAuthenticationClient(cc grpc.ClientConnInterface) AuthenticationClient { + return &authenticationClient{cc} +} + +func (c *authenticationClient) JoinMesh(ctx context.Context, in *JoinAuthMeshRequest, opts ...grpc.CallOption) (*JoinAuthMeshReply, error) { + out := new(JoinAuthMeshReply) + err := c.cc.Invoke(ctx, "/rpctypes.Authentication/JoinMesh", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +// AuthenticationServer is the server API for Authentication service. +// All implementations must embed UnimplementedAuthenticationServer +// for forward compatibility +type AuthenticationServer interface { + JoinMesh(context.Context, *JoinAuthMeshRequest) (*JoinAuthMeshReply, error) + mustEmbedUnimplementedAuthenticationServer() +} + +// UnimplementedAuthenticationServer must be embedded to have forward compatible implementations. +type UnimplementedAuthenticationServer struct { +} + +func (UnimplementedAuthenticationServer) JoinMesh(context.Context, *JoinAuthMeshRequest) (*JoinAuthMeshReply, error) { + return nil, status.Errorf(codes.Unimplemented, "method JoinMesh not implemented") +} +func (UnimplementedAuthenticationServer) mustEmbedUnimplementedAuthenticationServer() {} + +// UnsafeAuthenticationServer may be embedded to opt out of forward compatibility for this service. +// Use of this interface is not recommended, as added methods to AuthenticationServer will +// result in compilation errors. +type UnsafeAuthenticationServer interface { + mustEmbedUnimplementedAuthenticationServer() +} + +func RegisterAuthenticationServer(s grpc.ServiceRegistrar, srv AuthenticationServer) { + s.RegisterService(&Authentication_ServiceDesc, srv) +} + +func _Authentication_JoinMesh_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(JoinAuthMeshRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(AuthenticationServer).JoinMesh(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/rpctypes.Authentication/JoinMesh", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(AuthenticationServer).JoinMesh(ctx, req.(*JoinAuthMeshRequest)) + } + return interceptor(ctx, in, info, handler) +} + +// Authentication_ServiceDesc is the grpc.ServiceDesc for Authentication service. +// It's only intended for direct use with grpc.RegisterService, +// and not to be introspected or modified (even as a copy) +var Authentication_ServiceDesc = grpc.ServiceDesc{ + ServiceName: "rpctypes.Authentication", + HandlerType: (*AuthenticationServer)(nil), + Methods: []grpc.MethodDesc{ + { + MethodName: "JoinMesh", + Handler: _Authentication_JoinMesh_Handler, + }, + }, + Streams: []grpc.StreamDesc{}, + Metadata: "pkg/grpc/ctrlserver/authentication.proto", +} diff --git a/pkg/rpc/ctrlserver.pb.go b/pkg/rpc/ctrlserver.pb.go index ce6e369..04f4da1 100644 --- a/pkg/rpc/ctrlserver.pb.go +++ b/pkg/rpc/ctrlserver.pb.go @@ -372,9 +372,8 @@ var file_pkg_grpc_ctrlserver_ctrlserver_proto_rawDesc = []byte{ 0x65, 0x73, 0x68, 0x12, 0x19, 0x2e, 0x72, 0x70, 0x63, 0x74, 0x79, 0x70, 0x65, 0x73, 0x2e, 0x4a, 0x6f, 0x69, 0x6e, 0x4d, 0x65, 0x73, 0x68, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x17, 0x2e, 0x72, 0x70, 0x63, 0x74, 0x79, 0x70, 0x65, 0x73, 0x2e, 0x4a, 0x6f, 0x69, 0x6e, 0x4d, 0x65, - 0x73, 0x68, 0x52, 0x65, 0x70, 0x6c, 0x79, 0x22, 0x00, 0x42, 0x14, 0x5a, 0x12, 0x70, 0x6b, 0x67, - 0x2f, 0x63, 0x74, 0x72, 0x6c, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2f, 0x72, 0x70, 0x63, 0x62, - 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x73, 0x68, 0x52, 0x65, 0x70, 0x6c, 0x79, 0x22, 0x00, 0x42, 0x09, 0x5a, 0x07, 0x70, 0x6b, 0x67, + 0x2f, 0x72, 0x70, 0x63, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( diff --git a/pkg/rpc/rpc.go b/pkg/rpc/rpc.go index 06022d3..cec334d 100644 --- a/pkg/rpc/rpc.go +++ b/pkg/rpc/rpc.go @@ -2,8 +2,8 @@ package rpc import grpc "google.golang.org/grpc" -func NewRpcServer(server MeshCtrlServerServer) *grpc.Server { - grpc := grpc.NewServer() - RegisterMeshCtrlServerServer(grpc, server) - return grpc +func NewRpcServer(rpcServer *grpc.Server, server MeshCtrlServerServer, auth AuthenticationServer) *grpc.Server { + RegisterMeshCtrlServerServer(rpcServer, server) + RegisterAuthenticationServer(rpcServer, auth) + return rpcServer }