grpc-ecosystem · johanbrandhorst · May 12, 2020 · May 12, 2020
diff --git a/auth/examples_test.go b/auth/examples_test.go
@@ -2,41 +2,85 @@ package auth_test
 
 import (
 	"context"
+	"log"
 
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"
+	pb "google.golang.org/grpc/examples/helloworld/helloworld"
 
 	"github.com/grpc-ecosystem/go-grpc-middleware/v2/auth"
 	"github.com/grpc-ecosystem/go-grpc-middleware/v2/interceptors/tags"
 )
 
-func parseToken(string) (struct{}, error) {
+func parseToken(token string) (struct{}, error) {
 	return struct{}{}, nil
 }
 
 func userClaimFromToken(struct{}) string {
 	return "foobar"
 }
 
-// Simple example of server initialization code.
-func Example_serverConfig() {
-	exampleAuthFunc := func(ctx context.Context) (context.Context, error) {
-		token, err := auth.AuthFromMD(ctx, "bearer")
-		if err != nil {
-			return nil, err
-		}
-		tokenInfo, err := parseToken(token)
-		if err != nil {
-			return nil, status.Errorf(codes.Unauthenticated, "invalid auth token: %v", err)
-		}
-		tags.Extract(ctx).Set("auth.sub", userClaimFromToken(tokenInfo))
-		newCtx := context.WithValue(ctx, "tokenInfo", tokenInfo)
-		return newCtx, nil
+// exampleAuthFunc is used by a middleware to authenticate requests
+func exampleAuthFunc(ctx context.Context) (context.Context, error) {
+	token, err := auth.AuthFromMD(ctx, "bearer")
+	if err != nil {
+		return nil, err
+	}
+
+	tokenInfo, err := parseToken(token)
+	if err != nil {
+		return nil, status.Errorf(codes.Unauthenticated, "invalid auth token: %v", err)
 	}
 
+	tags.Extract(ctx).Set("auth.sub", userClaimFromToken(tokenInfo))
+
+	// WARNING: in production define your own type to avoid context collisions
+	newCtx := context.WithValue(ctx, "tokenInfo", tokenInfo)
+
+	return newCtx, nil
+}
+
+// Simple example of server initialization code
+func Example_serverConfig() {
 	_ = grpc.NewServer(
 		grpc.StreamInterceptor(auth.StreamServerInterceptor(exampleAuthFunc)),
 		grpc.UnaryInterceptor(auth.UnaryServerInterceptor(exampleAuthFunc)),
 	)
 }
+
+type gRPCserverAuthenticated struct{}
+
+// SayHello only can be called by client when authenticated by exampleAuthFunc
+func (g gRPCserverAuthenticated) SayHello(ctx context.Context, request *pb.HelloRequest) (*pb.HelloReply, error) {
+	return &pb.HelloReply{Message: "pong authenticated"}, nil
+}
+
+type gRPCserverUnauthenticated struct{}
+
+// SayHello can be called by client without being authenticated by exampleAuthFunc as AuthFuncOverride is called instead
+func (g *gRPCserverUnauthenticated) SayHello(ctx context.Context, request *pb.HelloRequest) (*pb.HelloReply, error) {
+	return &pb.HelloReply{Message: "pong unauthenticated"}, nil
+}
+
+// AuthFuncOverride is called instead of exampleAuthFunc
+func (g *gRPCserverUnauthenticated) AuthFuncOverride(ctx context.Context, fullMethodName string) (context.Context, error) {
+	log.Println("client is calling method:", fullMethodName)
+	return ctx, nil
+}
+
+// Simple example of server initialization code with AuthFuncOverride method.
+func Example_serverConfigWithAuthOverride() {
+	server := grpc.NewServer(
+		grpc.StreamInterceptor(auth.StreamServerInterceptor(exampleAuthFunc)),
+		grpc.UnaryInterceptor(auth.UnaryServerInterceptor(exampleAuthFunc)),
+	)
+
+	overrideActive := true
+
+	if overrideActive {
+		pb.RegisterGreeterServer(server, &gRPCserverUnauthenticated{})
+	} else {
+		pb.RegisterGreeterServer(server, &gRPCserverAuthenticated{})
+	}
+}