mirror of
https://github.com/zitadel/zitadel.git
synced 2025-10-24 11:09:14 +00:00
fix: improve interceptor handling (#3578)
* fix: improve interceptor handling * fix: improve interceptor handling Co-authored-by: Florian Forster <florian@caos.ch>
This commit is contained in:
@@ -11,6 +11,7 @@ import (
|
||||
"google.golang.org/grpc/status"
|
||||
|
||||
"github.com/zitadel/zitadel/internal/api/authz"
|
||||
"github.com/zitadel/zitadel/internal/telemetry/tracing"
|
||||
)
|
||||
|
||||
type InstanceVerifier interface {
|
||||
@@ -24,20 +25,23 @@ func InstanceInterceptor(verifier authz.InstanceVerifier, headerName string, ign
|
||||
}
|
||||
|
||||
func setInstance(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler, verifier authz.InstanceVerifier, headerName string, ignoredServices ...string) (_ interface{}, err error) {
|
||||
interceptorCtx, span := tracing.NewServerInterceptorSpan(ctx)
|
||||
defer func() { span.EndWithError(err) }()
|
||||
for _, service := range ignoredServices {
|
||||
if strings.HasPrefix(info.FullMethod, service) {
|
||||
return handler(ctx, req)
|
||||
}
|
||||
}
|
||||
|
||||
host, err := hostNameFromContext(ctx, headerName)
|
||||
host, err := hostNameFromContext(interceptorCtx, headerName)
|
||||
if err != nil {
|
||||
return nil, status.Error(codes.PermissionDenied, err.Error())
|
||||
}
|
||||
instance, err := verifier.InstanceByHost(ctx, host)
|
||||
instance, err := verifier.InstanceByHost(interceptorCtx, host)
|
||||
if err != nil {
|
||||
return nil, status.Error(codes.PermissionDenied, err.Error())
|
||||
}
|
||||
span.End()
|
||||
return handler(authz.WithInstance(ctx, instance), req)
|
||||
}
|
||||
|
||||
|
Reference in New Issue
Block a user