func (s *networkServerRPC) ValidateContext(ctx context.Context) error { md, ok := metadata.FromContext(ctx) if !ok { return errors.NewErrInternal("Could not get metadata from context") } var id, token string if ids, ok := md["id"]; ok && len(ids) == 1 { id = ids[0] } if id == "" { return errors.NewErrInvalidArgument("Metadata", "id missing") } if tokens, ok := md["token"]; ok && len(tokens) == 1 { token = tokens[0] } if token == "" { return errors.NewErrInvalidArgument("Metadata", "token missing") } var claims *jwt.StandardClaims claims, err := security.ValidateJWT(token, []byte(s.networkServer.(*networkServer).Identity.PublicKey)) if err != nil { return err } if claims.Subject != id { return errors.NewErrInvalidArgument("Metadata", "token was issued for a different component id") } return nil }
// ValidateNetworkContext validates the context of a network request (router-broker, broker-handler, etc) func (c *Component) ValidateNetworkContext(ctx context.Context) (component *pb_discovery.Announcement, err error) { defer func() { if err != nil { time.Sleep(time.Second) } }() md, ok := metadata.FromContext(ctx) if !ok { err = errors.NewErrInternal("Could not get metadata from context") return } var id, serviceName, token string if ids, ok := md["id"]; ok && len(ids) == 1 { id = ids[0] } if id == "" { err = errors.NewErrInvalidArgument("Metadata", "id missing") return } if serviceNames, ok := md["service-name"]; ok && len(serviceNames) == 1 { serviceName = serviceNames[0] } if serviceName == "" { err = errors.NewErrInvalidArgument("Metadata", "service-name missing") return } if tokens, ok := md["token"]; ok && len(tokens) == 1 { token = tokens[0] } var announcement *pb_discovery.Announcement announcement, err = c.Discover(serviceName, id) if err != nil { return } if announcement.PublicKey == "" { return announcement, nil } if token == "" { err = errors.NewErrInvalidArgument("Metadata", "token missing") return } var claims *jwt.StandardClaims claims, err = security.ValidateJWT(token, []byte(announcement.PublicKey)) if err != nil { return } if claims.Issuer != id { err = errors.NewErrInvalidArgument("Metadata", "token was issued by different component id") return } return announcement, nil }