| # Copyright 2020 The gRPC Authors |
| # |
| # Licensed under the Apache License, Version 2.0 (the "License"); |
| # you may not use this file except in compliance with the License. |
| # You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, software |
| # distributed under the License is distributed on an "AS IS" BASIS, |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| # See the License for the specific language governing permissions and |
| # limitations under the License. |
| """Server of the Python AsyncIO example of customizing authentication mechanism.""" |
| |
| import argparse |
| import asyncio |
| import logging |
| from typing import Awaitable, Callable, Tuple |
| |
| import _credentials |
| import grpc |
| |
| helloworld_pb2, helloworld_pb2_grpc = grpc.protos_and_services( |
| "helloworld.proto" |
| ) |
| |
| _LOGGER = logging.getLogger(__name__) |
| _LOGGER.setLevel(logging.INFO) |
| |
| _LISTEN_ADDRESS_TEMPLATE = "localhost:%d" |
| _SIGNATURE_HEADER_KEY = "x-signature" |
| |
| |
| class SignatureValidationInterceptor(grpc.aio.ServerInterceptor): |
| def __init__(self): |
| def abort(ignored_request, context: grpc.aio.ServicerContext) -> None: |
| context.abort(grpc.StatusCode.UNAUTHENTICATED, "Invalid signature") |
| |
| self._abort_handler = grpc.unary_unary_rpc_method_handler(abort) |
| |
| async def intercept_service( |
| self, |
| continuation: Callable[ |
| [grpc.HandlerCallDetails], Awaitable[grpc.RpcMethodHandler] |
| ], |
| handler_call_details: grpc.HandlerCallDetails, |
| ) -> grpc.RpcMethodHandler: |
| # Example HandlerCallDetails object: |
| # _HandlerCallDetails( |
| # method=u'/helloworld.Greeter/SayHello', |
| # invocation_metadata=...) |
| method_name = handler_call_details.method.split("/")[-1] |
| expected_metadata = (_SIGNATURE_HEADER_KEY, method_name[::-1]) |
| if expected_metadata in handler_call_details.invocation_metadata: |
| return await continuation(handler_call_details) |
| else: |
| return self._abort_handler |
| |
| |
| class SimpleGreeter(helloworld_pb2_grpc.GreeterServicer): |
| async def SayHello( |
| self, request: helloworld_pb2.HelloRequest, unused_context |
| ) -> helloworld_pb2.HelloReply: |
| return helloworld_pb2.HelloReply(message="Hello, %s!" % request.name) |
| |
| |
| async def run_server(port: int) -> Tuple[grpc.aio.Server, int]: |
| # Bind interceptor to server |
| server = grpc.aio.server(interceptors=(SignatureValidationInterceptor(),)) |
| helloworld_pb2_grpc.add_GreeterServicer_to_server(SimpleGreeter(), server) |
| |
| # Loading credentials |
| server_credentials = grpc.ssl_server_credentials( |
| ( |
| ( |
| _credentials.SERVER_CERTIFICATE_KEY, |
| _credentials.SERVER_CERTIFICATE, |
| ), |
| ) |
| ) |
| |
| # Pass down credentials |
| port = server.add_secure_port( |
| _LISTEN_ADDRESS_TEMPLATE % port, server_credentials |
| ) |
| |
| await server.start() |
| return server, port |
| |
| |
| async def main() -> None: |
| parser = argparse.ArgumentParser() |
| parser.add_argument( |
| "--port", nargs="?", type=int, default=50051, help="the listening port" |
| ) |
| args = parser.parse_args() |
| |
| server, port = await run_server(args.port) |
| logging.info("Server is listening at port :%d", port) |
| await server.wait_for_termination() |
| |
| |
| if __name__ == "__main__": |
| logging.basicConfig(level=logging.INFO) |
| asyncio.run(main()) |
