blob: 9ebf19d1522a3362e6939d71bf2bfa02a122d785 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
|
package gitalyauth
import (
"context"
"fmt"
"strconv"
"time"
"google.golang.org/grpc/credentials"
)
// RPCCredentialsV2 can be used with grpc.WithPerRPCCredentials to create
// a grpc.DialOption that inserts an V2 (HMAC) token with the current
// timestamp for authentication with a Gitaly server. The shared secret
// must match the one used on the Gitaly server.
func RPCCredentialsV2(sharedSecret string) credentials.PerRPCCredentials {
return &rpcCredentialsV2{sharedSecret: sharedSecret}
}
type rpcCredentialsV2 struct {
sharedSecret string
}
func (*rpcCredentialsV2) RequireTransportSecurity() bool { return false }
func (rc2 *rpcCredentialsV2) GetRequestMetadata(context.Context, ...string) (map[string]string, error) {
message := strconv.FormatInt(time.Now().Unix(), 10)
signature := hmacSign([]byte(rc2.sharedSecret), message)
return map[string]string{
"authorization": "Bearer " + fmt.Sprintf("v2.%x.%s", signature, message),
}, nil
}
|