- }
- if len(auth) != 1 {
- // Value of "authorization" or "grpc-authorization" was empty or repeated.
- return nil, status.Error(codes.Unauthenticated, "Auth token invalid")
- }
- userID, username, vars, exp, token, ok := parseBearerAuth([]byte(config.GetSession().EncryptionKey), auth[0])
- if !ok {
- // Value of "authorization" or "grpc-authorization" was malformed or expired.
- return nil, status.Error(codes.Unauthenticated, "Auth token invalid")
- }
- if !sessionCache.IsValidSession(userID, exp, token) {
- return nil, status.Error(codes.Unauthenticated, "Auth token invalid")
- }
- ctx = context.WithValue(context.WithValue(context.WithValue(context.WithValue(ctx, ctxUserIDKey{}, userID), ctxUsernameKey{}, username), ctxVarsKey{}, vars), ctxExpiryKey{}, exp)
- default:
- // Unless explicitly defined above, handlers require full user authentication.
- md, ok := metadata.FromIncomingContext(ctx)
- if !ok {
- logger.Error("Cannot extract metadata from incoming context")
- return nil, status.Error(codes.FailedPrecondition, "Cannot extract metadata from incoming context")
- }