必要に応じて interceptor でログイン状態を確認する

smatsuodev · Aug 26, 2024 · 3a841a6 · 3a841a6
1 parent 267fec1
commit 3a841a6
Show file tree

Hide file tree

Showing 2 changed files with 67 additions and 1 deletion.
diff --git a/backend/app/handler/interceptor/auth.go b/backend/app/handler/interceptor/auth.go
@@ -0,0 +1,62 @@
+package interceptor
+
+import (
+	"connectrpc.com/connect"
+	"context"
+	"errors"
+	"github.com/google/uuid"
+	"google.golang.org/protobuf/proto"
+	"google.golang.org/protobuf/reflect/protoreflect"
+	"google.golang.org/protobuf/types/descriptorpb"
+	"log"
+	commonv1 "sudoku/gen/sudoku/common/v1"
+	authH "sudoku/handler/auth"
+	authS "sudoku/service/auth"
+)
+
+// TODO: streaming の場合は別の interceptor が必要かも
+func NewAuthInterceptor(authService authS.IAuthService) connect.UnaryInterceptorFunc {
+	interceptor := func(next connect.UnaryFunc) connect.UnaryFunc {
+		return connect.UnaryFunc(func(
+			ctx context.Context,
+			req connect.AnyRequest,
+		) (connect.AnyResponse, error) {
+			methodDesc, ok := req.Spec().Schema.(protoreflect.MethodDescriptor)
+			if !ok {
+				return nil, connect.NewError(connect.CodeInternal, errors.New("invalid method descriptor"))
+			}
+			opts := methodDesc.Options().(*descriptorpb.MethodOptions)
+			requireAuth, ok := proto.GetExtension(opts, commonv1.E_RequireAuth).(bool)
+			if !ok {
+				return nil, connect.NewError(connect.CodeInternal, errors.New("invalid method option"))
+			}
+
+			log.Println("requireAuth", requireAuth)
+
+			if requireAuth {
+				sessionCookie := req.Header().Get(authH.SessionCookieName)
+				if sessionCookie == "" {
+					return nil, connect.NewError(connect.CodeUnauthenticated, errors.New("missing session cookie"))
+				}
+				sessionID, err := uuid.Parse(sessionCookie)
+				if err != nil {
+					return nil, connect.NewError(connect.CodeUnauthenticated, errors.New("invalid session cookie"))
+				}
+
+				output, err := authService.ValidateSession(authS.ValidateSessionInput{
+					SessionID: sessionID,
+				})
+				if err != nil {
+					return nil, connect.NewError(connect.CodeInternal, err)
+				}
+
+				if !output.IsValid {
+					return nil, connect.NewError(connect.CodeUnauthenticated, errors.New("invalid session"))
+				}
+			}
+
+			return next(ctx, req)
+		})
+	}
+	return connect.UnaryInterceptorFunc(interceptor)
+}
diff --git a/backend/app/server/route/register.go b/backend/app/server/route/register.go
@@ -1,11 +1,13 @@
 package route
 
 import (
+	"connectrpc.com/connect"
 	"log"
 	"net/http"
 	"sudoku/config"
 	"sudoku/gen/sudoku/auth/v1/authv1connect"
 	authH "sudoku/handler/auth"
+	"sudoku/handler/interceptor"
 	authI "sudoku/infra/auth"
 	gormRepo "sudoku/infra/gorm"
 	authS "sudoku/service/auth"
@@ -39,6 +41,8 @@ func Register(mux *http.ServeMux) {
 	authCallbackHandler := authH.NewCallbackHandler(authService)
 
 	// register handlers
-	mux.Handle(authv1connect.NewAuthServiceHandler(authHandler))
+	interceptors := connect.WithInterceptors(interceptor.NewAuthInterceptor(authService))
+
+	mux.Handle(authv1connect.NewAuthServiceHandler(authHandler, interceptors))
 	mux.HandleFunc("/auth/github/callback", authCallbackHandler.Handle)
 }