aboutsummaryrefslogtreecommitdiffstats
path: root/yt/yt/core/rpc/authenticator.cpp
blob: 95a732011ea4fa5f2df42bb1fd1b134b21719c6d (plain) (blame) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91

#include "authenticator.h"

#include <yt/yt/core/misc/protobuf_helpers.h>

#include <yt/yt_proto/yt/core/rpc/proto/rpc.pb.h>

namespace NYT::NRpc {

////////////////////////////////////////////////////////////////////////////////

class TCompositeAuthenticator
    : public IAuthenticator
{
public:
    explicit TCompositeAuthenticator(std::vector<IAuthenticatorPtr> authenticators)
        : Authenticators_(std::move(authenticators))
    { }

    bool CanAuthenticate(const TAuthenticationContext& context) override
    {
        for (const auto& authenticator : Authenticators_) {
            if (authenticator->CanAuthenticate(context)) {
                return true;
            }
        }
        return false;
    }

    TFuture<TAuthenticationResult> AsyncAuthenticate(
        const TAuthenticationContext& context) override
    {
        for (const auto& authenticator : Authenticators_) {
            if (authenticator->CanAuthenticate(context)) {
                return authenticator->AsyncAuthenticate(context);
            }
        }
        // Hypothetically some authenticator may change its opinion on whether it can authenticate request (e.g.
        // due to dynamic configuration change), so we report an error instead of crashing.
        return MakeFuture<TAuthenticationResult>(TError(
            NYT::NRpc::EErrorCode::AuthenticationError,
            "Request is missing credentials"));
    }

private:
    const std::vector<IAuthenticatorPtr> Authenticators_;
};

////////////////////////////////////////////////////////////////////////////////

IAuthenticatorPtr CreateCompositeAuthenticator(
    std::vector<IAuthenticatorPtr> authenticators)
{
    return New<TCompositeAuthenticator>(std::move(authenticators));
}

////////////////////////////////////////////////////////////////////////////////

class TNoopAuthenticator
    : public IAuthenticator
{
public:
    bool CanAuthenticate(const TAuthenticationContext& /*context*/) override
    {
        return true;
    }

    TFuture<TAuthenticationResult> AsyncAuthenticate(
        const TAuthenticationContext& context) override
    {
        static const auto Realm = TString("noop");
        static const auto UserTicket = TString();
        TAuthenticationResult result{
            context.Header->has_user() ? FromProto<std::string>(context.Header->user()) : RootUserName,
            Realm,
            UserTicket,
        };
        return MakeFuture<TAuthenticationResult>(result);
    }
};

////////////////////////////////////////////////////////////////////////////////

IAuthenticatorPtr CreateNoopAuthenticator()
{
    return New<TNoopAuthenticator>();
}

////////////////////////////////////////////////////////////////////////////////

} // namespace NYT::NRpc
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-18 08:50:49 +0000