package gitalyauth import ( "context" "fmt" "strconv" "time" "google.golang.org/grpc/credentials" ) // RPCCredentialsV2 can be used with grpc.WithPerRPCCredentials to create // a grpc.DialOption that inserts an V2 (HMAC) token with the current // timestamp for authentication with a Gitaly server. The shared secret // must match the one used on the Gitaly server. func RPCCredentialsV2(sharedSecret string) credentials.PerRPCCredentials { return &rpcCredentialsV2{sharedSecret: sharedSecret} } type rpcCredentialsV2 struct { sharedSecret string } func (*rpcCredentialsV2) RequireTransportSecurity() bool { return false } func (rc2 *rpcCredentialsV2) GetRequestMetadata(context.Context, ...string) (map[string]string, error) { message := strconv.FormatInt(time.Now().Unix(), 10) signature := hmacSign([]byte(rc2.sharedSecret), message) return map[string]string{ "authorization": "Bearer " + fmt.Sprintf("v2.%x.%s", signature, message), }, nil }