如何在Go中通过HTTP对RPC服务器和客户端进行身份验证?

huangapple go评论94阅读模式
英文:

How to perform authentication of RPC server&client by HTTP in Go?

问题

我是你的中文翻译助手,以下是翻译好的内容:

我对GO语言还不熟悉,正在按照https://parthdesai.me/articles/2016/05/20/go-rpc-server/上的指南构建一个简单的RPC服务器和客户端。在这篇文章中,它说:

这种方法(HTTP)的好处是,您可以在允许RPC之前,使用HTTP支持的任何身份验证方法轻松对客户端进行身份验证。

但是页面上的示例似乎没有执行这个操作。我在StackOverflow上搜索到了https://stackoverflow.com/questions/50621335/passing-authentication-details-with-a-json-rpc-call,其中提到:

有两种方法可以实现你想要的功能:要么实现一个支持HTTP的io.ReadWriteCloser,并像你的示例中那样使用它,要么实现一个执行HTTP基本身份验证的rpc.ClientCodec,并与rpc.NewClientWithCodec一起使用。

然而,我仍然不知道如何做到这一点。我可以给你一些示例代码(可能是基本身份验证方法)吗?

英文:

I'm new to GO and I'm following https://parthdesai.me/articles/2016/05/20/go-rpc-server/ to build a simple RPC server&client. In this article, it says

> Benefit of this approach (HTTP) is, you can perform authentication of client easily, before allowing RPC, using any authentication method supported by HTTP.

But the example on the page doesn't seem to perform it. I have searched it on StackOverflow, and found https://stackoverflow.com/questions/50621335/passing-authentication-details-with-a-json-rpc-call saying

> There's two ways to accomplish what you want: either implement an HTTP-speaking io.ReadWriteCloser and use as in your example or implement an rpc.ClientCodec that does the HTTP basic auth and use in conjunction with rpc.NewClientWithCodec.

However, I still don't know how to do it. Could I have some example code (may be Basic Authentication method)?

答案1

得分: 1

在使用gRPC网关的情况下,使用转码和检查身份验证的gRPC中间件对于HTTP服务器优于gRPC。

要在标头中获取授权,请使用gRPC中间件并从gRPC MD中的上下文中获取。

srv := grpc.NewServer(exampleJwtMiddleware())

func exampleJwtMiddleware() grpc.UnaryServerInterceptor {
	return func(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (resp interface{}, err error) {

        token, err := extractHeaderFromContext(ctx, "Authorization")
        // 做一些操作...
		return handler(ctx, req)

	}
}

func extractHeaderFromContext(ctx context.Context, header string) ([]string, error) {
	md, ok := metadata.FromIncomingContext(ctx)
	if !ok {
		return nil, ERROR_NO_HEADER_IN_REQUEST
	}

	foundedHeaders, ok := md[header]
	if !ok {
		return nil, ERROR_NO_HEADER_IN_REQUEST
	}

	return foundedHeaders, nil
}
英文:

Using transcoding and checking authentication in gRPC middleware is better for http server over gRPC using gRPC gateway.

https://cloud.google.com/endpoints/docs/grpc/transcoding

To get authorization in headers, use gRPC middleware and get from context with gRPC MD.

srv := grpc.NewServer(exampleJwtMiddleware())

func exampleJwtMiddleware() grpc.UnaryServerInterceptor {
	return func(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (resp interface{}, err error) {

        token, err := extractHeaderFromContext(ctx, "Authorization")
        // do sometings...
		return handler(ctx, req)

	}
}

func extractHeaderFromContext(ctx context.Context, header string) ([]string, error) {
	md, ok := metadata.FromIncomingContext(ctx)
	if !ok {
		return nil, ERROR_NO_HEADER_IN_REQUEST
	}

	foundedHeaders, ok := md[header]
	if !ok {
		return nil, ERROR_NO_HEADER_IN_REQUEST
	}

	return foundedHeaders, nil
}

huangapple
  • 本文由 发表于 2022年10月15日 16:52:51
  • 转载请务必保留本文链接:https://go.coder-hub.com/74078022.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定