(ctx context.Context, s *Service)
| 16 | ) |
| 17 | |
| 18 | func validateApiKey(ctx context.Context, s *Service) error { |
| 19 | // Extract metadata |
| 20 | md, ok := metadata.FromIncomingContext(ctx) |
| 21 | if !ok { |
| 22 | return status.Errorf(codes.Unauthenticated, "missing metadata") |
| 23 | } |
| 24 | |
| 25 | // Extract x-api-key header |
| 26 | apiKeys, ok := md["x-api-key"] |
| 27 | if !ok || len(apiKeys) == 0 { |
| 28 | return status.Errorf(codes.Unauthenticated, "missing x-api-key header") |
| 29 | } |
| 30 | |
| 31 | // Get the first key (there should typically be only one) |
| 32 | apiKeyHeader := apiKeys[0] |
| 33 | |
| 34 | apiKey := s.ApiKey() |
| 35 | key, err := uuid.Parse(apiKeyHeader) |
| 36 | switch { |
| 37 | case err != nil: |
| 38 | return status.Errorf(codes.InvalidArgument, "invalid api key format: must be a valid UUID") |
| 39 | case key != apiKey: |
| 40 | return status.Errorf(codes.PermissionDenied, "api key mismatch") |
| 41 | } |
| 42 | |
| 43 | return nil |
| 44 | } |
| 45 | |
| 46 | func validateApiKeyMiddleware(s *Service) grpc.UnaryServerInterceptor { |
| 47 | return func( |
no test coverage detected