func (r *routerRPC) gatewayFromMetadata(md metadata.MD) (gtw *gateway.Gateway, err error) {
gatewayID, err := api.IDFromMetadata(md)
if err != nil {
return nil, err
}
token, _ := api.TokenFromMetadata(md)
if !viper.GetBool("router.skip-verify-gateway-token") {
if token == "" {
return nil, errors.NewErrPermissionDenied("No gateway token supplied")
}
if r.router.TokenKeyProvider == nil {
return nil, errors.NewErrInternal("No token provider configured")
}
claims, err := claims.FromToken(r.router.TokenKeyProvider, token)
if err != nil {
return nil, errors.NewErrPermissionDenied(fmt.Sprintf("Gateway token invalid: %s", err.Error()))
}
if claims.Type != "gateway" || claims.Subject != gatewayID {
return nil, errors.NewErrPermissionDenied("Gateway token not consistent")
}
}
gtw = r.router.getGateway(gatewayID)
gtw.SetToken(token)
return gtw, nil
}
// ValidateTTNAuthContext gets a token from the context and validates it
func (c *Component) ValidateTTNAuthContext(ctx context.Context) (*claims.Claims, error) {
token, err := api.TokenFromContext(ctx)
if err != nil {
return nil, err
}
if c.TokenKeyProvider == nil {
return nil, errors.NewErrInternal("No token provider configured")
}
claims, err := claims.FromToken(c.TokenKeyProvider, token)
if err != nil {
return nil, errors.NewErrPermissionDenied(err.Error())
}
return claims, nil
}