| 1 | /* |
|---|
| 2 | * |
|---|
| 3 | * Copyright 2015 gRPC authors. |
|---|
| 4 | * |
|---|
| 5 | * Licensed under the Apache License, Version 2.0 (the "License"); |
|---|
| 6 | * you may not use this file except in compliance with the License. |
|---|
| 7 | * You may obtain a copy of the License at |
|---|
| 8 | * |
|---|
| 9 | * http://www.apache.org/licenses/LICENSE-2.0 |
|---|
| 10 | * |
|---|
| 11 | * Unless required by applicable law or agreed to in writing, software |
|---|
| 12 | * distributed under the License is distributed on an "AS IS" BASIS, |
|---|
| 13 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
|---|
| 14 | * See the License for the specific language governing permissions and |
|---|
| 15 | * limitations under the License. |
|---|
| 16 | * |
|---|
| 17 | */ |
|---|
| 18 | |
|---|
| 19 | #ifndef GRPCPP_SECURITY_AUTH_METADATA_PROCESSOR_H |
|---|
| 20 | #define GRPCPP_SECURITY_AUTH_METADATA_PROCESSOR_H |
|---|
| 21 | |
|---|
| 22 | #include <map> |
|---|
| 23 | |
|---|
| 24 | #include <grpcpp/security/auth_context.h> |
|---|
| 25 | #include <grpcpp/support/status.h> |
|---|
| 26 | #include <grpcpp/support/string_ref.h> |
|---|
| 27 | |
|---|
| 28 | namespace grpc { |
|---|
| 29 | |
|---|
| 30 | /// Interface allowing custom server-side authorization based on credentials |
|---|
| 31 | /// encoded in metadata. Objects of this type can be passed to |
|---|
| 32 | /// \a ServerCredentials::SetAuthMetadataProcessor(). |
|---|
| 33 | /// Please also check out \a grpc::experimental::Interceptor for another way to |
|---|
| 34 | /// do customized operations on the information provided by a specific call. |
|---|
| 35 | class AuthMetadataProcessor { |
|---|
| 36 | public: |
|---|
| 37 | typedef std::multimap<grpc::string_ref, grpc::string_ref> InputMetadata; |
|---|
| 38 | typedef std::multimap<std::string, std::string> OutputMetadata; |
|---|
| 39 | |
|---|
| 40 | virtual ~AuthMetadataProcessor() {} |
|---|
| 41 | |
|---|
| 42 | /// If this method returns true, the \a Process function will be scheduled in |
|---|
| 43 | /// a different thread from the one processing the call. |
|---|
| 44 | virtual bool IsBlocking() const { return true; } |
|---|
| 45 | |
|---|
| 46 | /// Processes a Call associated with a connection. |
|---|
| 47 | /// auth_metadata: the authentication metadata associated with the particular |
|---|
| 48 | /// call |
|---|
| 49 | /// context: contains the connection-level info, e.g. the peer identity. This |
|---|
| 50 | /// parameter is readable and writable. Note that since the information is |
|---|
| 51 | /// shared for all calls associated with the connection, if the |
|---|
| 52 | /// implementation updates the info in a specific call, all the subsequent |
|---|
| 53 | /// calls will see the updates. A typical usage of context is to use |
|---|
| 54 | /// |auth_metadata| to infer the peer identity, and augment it with |
|---|
| 55 | /// properties. |
|---|
| 56 | /// consumed_auth_metadata: contains the metadata that the implementation |
|---|
| 57 | /// wants to remove from the current call, so that the server application is |
|---|
| 58 | /// no longer able to see it anymore. A typical usage would be to do token |
|---|
| 59 | /// authentication in the first call, and then remove the token information |
|---|
| 60 | /// for all subsequent calls. |
|---|
| 61 | /// response_metadata(CURRENTLY NOT SUPPORTED): the metadata that will be sent |
|---|
| 62 | /// as part of the response. |
|---|
| 63 | /// return: if the return value is not Status::OK, the rpc call will be |
|---|
| 64 | /// aborted with the error code and error message sent back to the client. |
|---|
| 65 | virtual grpc::Status Process(const InputMetadata& auth_metadata, |
|---|
| 66 | grpc::AuthContext* context, |
|---|
| 67 | OutputMetadata* consumed_auth_metadata, |
|---|
| 68 | OutputMetadata* response_metadata) = 0; |
|---|
| 69 | }; |
|---|
| 70 | |
|---|
| 71 | } // namespace grpc |
|---|
| 72 | |
|---|
| 73 | #endif // GRPCPP_SECURITY_AUTH_METADATA_PROCESSOR_H |
|---|
| 74 | |
|---|
