[public-api] Extract BearerToken from request

easyCZ · easyCZ · commit 3796657490c3 · 2022-05-02T19:05:24.000Z
diff --git a/components/public-api-server/integration_test.go b/components/public-api-server/integration_test.go
@@ -12,12 +12,13 @@ import (
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/credentials/insecure"
+	"google.golang.org/grpc/metadata"
 	"google.golang.org/grpc/status"
 	"testing"
 )
 
 func TestPublicAPIServer_v1_WorkspaceService(t *testing.T) {
-	ctx := context.Background()
+	ctx := metadata.AppendToOutgoingContext(context.Background(), "authorization", "some-token")
 	srv := baseserver.NewForTests(t)
 
 	require.NoError(t, register(srv))
diff --git a/components/public-api-server/pkg/apiv1/workspace.go b/components/public-api-server/pkg/apiv1/workspace.go
@@ -7,6 +7,9 @@ package apiv1
 import (
 	"context"
 	v1 "github.com/gitpod-io/gitpod/public-api/v1"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/metadata"
+	"google.golang.org/grpc/status"
 )
 
 func NewWorkspaceService() *WorkspaceService {
@@ -20,6 +23,11 @@ type WorkspaceService struct {
 }
 
 func (w *WorkspaceService) GetWorkspace(ctx context.Context, r *v1.GetWorkspaceRequest) (*v1.GetWorkspaceResponse, error) {
+	_, err := bearerTokenFromContext(ctx)
+	if err != nil {
+		return nil, err
+	}
+
 	return &v1.GetWorkspaceResponse{
 		ResponseStatus: nil,
 		Result: &v1.Workspace{
@@ -34,3 +42,21 @@ func (w *WorkspaceService) GetWorkspace(ctx context.Context, r *v1.GetWorkspaceR
 		},
 	}, nil
 }
+
+func bearerTokenFromContext(ctx context.Context) (string, error) {
+	md, ok := metadata.FromIncomingContext(ctx)
+	if !ok {
+		return "", status.Error(codes.Unauthenticated, "no credentials provided")
+	}
+
+	values := md.Get("authorization")
+	if len(values) == 0 {
+		return "", status.Error(codes.Unauthenticated, "no authorization header specified")
+	}
+	if len(values) > 1 {
+		return "", status.Error(codes.Unauthenticated, "more than one authorization header specified, exactly one is required")
+	}
+
+	token := values[0]
+	return token, nil
+}
diff --git a/components/public-api-server/pkg/apiv1/workspace_test.go b/components/public-api-server/pkg/apiv1/workspace_test.go
@@ -6,20 +6,34 @@ package apiv1
 
 import (
 	"context"
+	"github.com/gitpod-io/gitpod/common-go/baseserver"
 	v1 "github.com/gitpod-io/gitpod/public-api/v1"
 	"github.com/stretchr/testify/require"
+	"google.golang.org/grpc"
+	"google.golang.org/grpc/credentials/insecure"
+	"google.golang.org/grpc/metadata"
+	"google.golang.org/protobuf/proto"
 	"testing"
 )
 
 func TestWorkspaceService_GetWorkspace(t *testing.T) {
-	svc := NewWorkspaceService()
+	srv := baseserver.NewForTests(t)
+	v1.RegisterWorkspacesServiceServer(srv.GRPC(), NewWorkspaceService())
+	baseserver.StartServerForTests(t, srv)
+
+	conn, err := grpc.Dial(srv.GRPCAddress(), grpc.WithTransportCredentials(insecure.NewCredentials()))
+	require.NoError(t, err)
+
+	client := v1.NewWorkspacesServiceClient(conn)
+
+	ctx := metadata.AppendToOutgoingContext(context.Background(), "authorization", "some-token")
 
 	workspaceID := "some-workspace-id"
-	resp, err := svc.GetWorkspace(context.Background(), &v1.GetWorkspaceRequest{
+	resp, err := client.GetWorkspace(ctx, &v1.GetWorkspaceRequest{
 		WorkspaceId: workspaceID,
 	})
 	require.NoError(t, err)
-	require.Equal(t, &v1.GetWorkspaceResponse{
+	require.True(t, proto.Equal(&v1.GetWorkspaceResponse{
 		ResponseStatus: nil,
 		Result: &v1.Workspace{
 			WorkspaceId: workspaceID,
@@ -31,5 +45,5 @@ func TestWorkspaceService_GetWorkspace(t *testing.T) {
 			},
 			Description: "This is a mock response",
 		},
-	}, resp)
+	}, resp))
 }
