v0.4.0

Author: Forest33

README.md

@@ -10,12 +10,14 @@
 <img src="assets/gui.webp" alt="Warthog UI" title="Warthog cross platform gRPC client"
 </p>
 
+
 ## Features
 
 - Automatic parsing of proto definitions to render services and input messages
 - `.proto` file discovery
 - Selection of multiple services and methods
 - Configuration of TLS, including disabling TLS (plain text)
+- Authentication: Basic, Bearer Token, JWT, GCE 
 - Input generation for all scalar types
 - Input generation for nested and looped messages 
 - Input generation for enums, including nested

adapter/grpc/auth.go

@@ -0,0 +1,120 @@
+package grpc
+
+import (
+	"context"
+	"encoding/base64"
+	"fmt"
+
+	"github.com/dgrijalva/jwt-go"
+	"golang.org/x/oauth2"
+	"google.golang.org/grpc"
+	"google.golang.org/grpc/credentials/oauth"
+
+	"github.com/forest33/warthog/business/entity"
+)
+
+type basicAuth struct {
+	login    string
+	password string
+}
+
+var symmetricAlgorithms = map[string]struct{}{
+	"HS256": {},
+	"HS384": {},
+	"HS512": {},
+}
+
+func (c *Client) getAuth(auth *entity.Auth) (grpc.DialOption, error) {
+	if auth == nil || auth.Type == entity.AuthTypeNone {
+		return nil, nil
+	}
+
+	switch auth.Type {
+	case entity.AuthTypeBasic:
+		return c.authBasic(auth)
+	case entity.AuthTypeBearer:
+		return c.authBearer(auth)
+	case entity.AuthTypeJWT:
+		return c.authJWT(auth)
+	case entity.AuthTypeGCE:
+		return c.authGCE(auth)
+	}
+
+	return nil, nil
+}
+
+func (c *Client) authBasic(auth *entity.Auth) (grpc.DialOption, error) {
+	return grpc.WithPerRPCCredentials(basicAuth{
+		login:    auth.Login,
+		password: auth.Password,
+	}), nil
+}
+
+func (c *Client) authBearer(auth *entity.Auth) (grpc.DialOption, error) {
+	token := &oauth2.Token{
+		AccessToken: auth.Token,
+	}
+	token.TokenType = auth.HeaderPrefix
+
+	return grpc.WithPerRPCCredentials(
+		oauth.NewOauthAccess(token),
+	), nil
+}
+
+func (c *Client) authJWT(auth *entity.Auth) (grpc.DialOption, error) {
+	signingMethod := jwt.GetSigningMethod(auth.Algorithm)
+	if signingMethod == nil {
+		return nil, fmt.Errorf("unknown signing algorithm: %s", auth.Algorithm)
+	}
+
+	var (
+		secret interface{}
+		err    error
+	)
+
+	if _, ok := symmetricAlgorithms[auth.Algorithm]; ok {
+		secret = []byte(auth.Secret)
+		if auth.SecretBase64 {
+			secret, err = base64.StdEncoding.DecodeString(auth.Secret)
+			if err != nil {
+				return nil, err
+			}
+		}
+	} else {
+		secret, err = jwt.ParseRSAPrivateKeyFromPEM([]byte(auth.PrivateKey))
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	jwtToken := jwt.NewWithClaims(signingMethod, jwt.MapClaims(auth.Payload))
+	token, err := jwtToken.SignedString(secret)
+	if err != nil {
+		return nil, err
+	}
+
+	return c.authBearer(&entity.Auth{
+		Token:        token,
+		HeaderPrefix: auth.HeaderPrefix,
+	})
+}
+
+func (c *Client) authGCE(auth *entity.Auth) (grpc.DialOption, error) {
+	perRPC, err := oauth.NewServiceAccountFromKey([]byte(auth.GoogleToken), auth.GoogleScopes...)
+	if err != nil {
+		return nil, err
+	}
+	return grpc.WithPerRPCCredentials(perRPC), nil
+}
+
+func (b basicAuth) GetRequestMetadata(ctx context.Context, _ ...string) (map[string]string, error) {
+	auth := b.login + ":" + b.password
+	enc := base64.StdEncoding.EncodeToString([]byte(auth))
+	return map[string]string{
+		"authorization": "Basic " + enc,
+	}, nil
+}
+
+func (b basicAuth) RequireTransportSecurity() bool {
+	return true
+}

adapter/grpc/client.go

@@ -61,7 +61,7 @@ func (c *Client) SetSettings(cfg *entity.Settings) {
 }
 
 // Connect connecting to gRPC server
-func (c *Client) Connect(addr string, opts ...ClientOpt) error {
+func (c *Client) Connect(addr string, auth *entity.Auth, opts ...ClientOpt) error {
 	if defaultOptions != nil {
 		c.opts = *defaultOptions
 	}
@@ -78,6 +78,12 @@ func (c *Client) Connect(addr string, opts ...ClientOpt) error {
 		return err
 	}
 
+	if opt, err := c.getAuth(auth); err != nil {
+		return err
+	} else if opt != nil {
+		dialOptions = append(dialOptions, opt)
+	}
+
 	ctx := c.ctx
 	if !*c.cfg.NonBlockingConnection {
 		var cancel context.CancelFunc
@@ -115,17 +121,19 @@ func (c *Client) loadTLSCredentials() (credentials.TransportCredentials, error)
 		return nil, fmt.Errorf("failed to add server CA's certificate")
 	}
 
-	clientCert, err := tls.X509KeyPair([]byte(c.opts.clientCertificate), []byte(c.opts.clientKey))
-	if err != nil {
-		return nil, err
-	}
-
 	cfg := &tls.Config{
-		Certificates:       []tls.Certificate{clientCert},
 		RootCAs:            pool,
 		InsecureSkipVerify: c.opts.insecureSkipVerify,
 	}
 
+	if c.opts.clientCertificate != "" && c.opts.clientKey != "" {
+		certificates, err := tls.X509KeyPair([]byte(c.opts.clientCertificate), []byte(c.opts.clientKey))
+		if err != nil {
+			return nil, err
+		}
+		cfg.Certificates = []tls.Certificate{certificates}
+	}
+
 	return credentials.NewTLS(cfg), nil
 }
 

bin/version

@@ -1 +1 @@
-0.3.16
+0.4.0

business/entity/auth.go

@@ -0,0 +1,9 @@
+package entity
+
+const (
+	AuthTypeNone   = "none"
+	AuthTypeBasic  = "basic"
+	AuthTypeBearer = "bearer"
+	AuthTypeJWT    = "jwt"
+	AuthTypeGCE    = "google"
+)

business/entity/query.go

@@ -37,6 +37,7 @@ type Query struct {
 	Method   string
 	Data     map[string]interface{}
 	Metadata []string
+	Auth     *Auth
 }
 
 // QueryResponse gRPC response
@@ -75,6 +76,12 @@ func (r *Query) Model(server map[string]interface{}) error {
 			r.Metadata = append(r.Metadata, k, v.(string))
 		}
 	}
+	if v, ok := server["auth"]; ok {
+		r.Auth = &Auth{}
+		if err := r.Auth.Model(v.(map[string]interface{})); err != nil {
+			return err
+		}
+	}
 
 	return nil
 }

business/entity/workspace.server.go

@@ -2,7 +2,9 @@
 package entity
 
 import (
+	"encoding/json"
 	"errors"
+	"strings"
 
 	"github.com/forest33/warthog/pkg/structs"
 )
@@ -42,6 +44,23 @@ type WorkspaceItemServer struct {
 	ClientCertificate string                            `json:"client_certificate,omitempty"`
 	ClientKey         string                            `json:"client_key,omitempty"`
 	Request           map[string]map[string]*SavedQuery `json:"request"`
+	Auth              *Auth                             `json:"auth"`
+}
+
+// Auth authentication data
+type Auth struct {
+	Type         string                 `json:"type,omitempty"`
+	Login        string                 `json:"login,omitempty"`
+	Password     string                 `json:"password,omitempty"`
+	Token        string                 `json:"token,omitempty"`
+	Algorithm    string                 `json:"algorithm,omitempty"`
+	Secret       string                 `json:"secret,omitempty"`
+	PrivateKey   string                 `json:"private_key,omitempty"`
+	SecretBase64 bool                   `json:"secret_base64,omitempty"`
+	HeaderPrefix string                 `json:"header_prefix,omitempty"`
+	Payload      map[string]interface{} `json:"payload,omitempty"`
+	GoogleScopes []string               `json:"google_scopes,omitempty"`
+	GoogleToken  string                 `json:"google_token,omitempty"`
 }
 
 // Model creates ServerRequest from UI request
@@ -122,6 +141,62 @@ func (s *WorkspaceItemServer) Model(server map[string]interface{}) error {
 	if v, ok := server["client_key"]; ok && v != nil {
 		s.ClientKey = v.(string)
 	}
+	if v, ok := server["auth"]; ok && v != nil {
+		s.Auth = &Auth{}
+		if err := s.Auth.Model(v.(map[string]interface{})); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+// Model creates Auth from UI request
+func (s *Auth) Model(auth map[string]interface{}) error {
+	authType, ok := auth["type"]
+	if !ok || authType == AuthTypeNone {
+		s.Type = AuthTypeNone
+		return nil
+	}
+
+	s.Type = authType.(string)
+
+	if v, ok := auth["login"]; ok {
+		s.Login = v.(string)
+	}
+	if v, ok := auth["password"]; ok {
+		s.Password = v.(string)
+	}
+	if v, ok := auth["token"]; ok {
+		s.Token = v.(string)
+	}
+	if v, ok := auth["algorithm"]; ok {
+		s.Algorithm = v.(string)
+	}
+	if v, ok := auth["secret"]; ok {
+		s.Secret = v.(string)
+	}
+	if v, ok := auth["private_key"]; ok {
+		s.PrivateKey = v.(string)
+	}
+	if v, ok := auth["secret_base64"]; ok {
+		s.SecretBase64 = v.(bool)
+	}
+	if v, ok := auth["header_prefix"]; ok {
+		s.HeaderPrefix = strings.TrimSpace(v.(string))
+	}
+	if v, ok := auth["payload"]; ok {
+		s.Payload = map[string]interface{}{}
+		if err := json.Unmarshal([]byte(v.(string)), &s.Payload); err != nil {
+			return err
+		}
+	}
+	if v, ok := auth["google_token"]; ok {
+		s.GoogleToken = v.(string)
+	}
+	if v, ok := auth["google_scopes"]; ok {
+		s.GoogleScopes = strings.Split(v.(string), ",")
+	}
 
 	return nil
 }