gRPC unary interceptor for auth and timing logs

                  package grpcmw

import (
  "context"
  "time"

  "go.uber.org/zap"
  "google.golang.org/grpc"
  "google.golang.org/grpc/codes"
  "google.golang.org/grpc/metadata"
  "google.golang.org/grpc/status"
)

type ctxKey string

const principalKey ctxKey = "principal"

func Principal(ctx context.Context) (string, bool) {
  v := ctx.Value(principalKey)
  s, ok := v.(string)
  return s, ok
}

func UnaryAuth(log *zap.Logger, validate func(token string) (string, error)) grpc.UnaryServerInterceptor {
  return func(ctx context.Context, req any, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (any, error) {
    start := time.Now()
    md, _ := metadata.FromIncomingContext(ctx)
    token := ""
    if vals := md.Get("authorization"); len(vals) > 0 {
      token = vals[0]
    }

    principal, err := validate(token)
    if err != nil {
      return nil, status.Error(codes.Unauthenticated, "unauthenticated")
    }
    ctx = context.WithValue(ctx, principalKey, principal)

    resp, hErr := handler(ctx, req)
    log.Info("grpc.unary", zap.String("method", info.FullMethod), zap.Duration("duration", time.Since(start)), zap.Error(hErr))
    return resp, hErr
  }
}