test grpc basic auth propagation

Raezil · Raezil · commit c1255ada239a · 2025-08-17T09:55:38.000+02:00
diff --git a/src/transports/grpc/grpc_transport.go b/src/transports/grpc/grpc_transport.go
@@ -2,6 +2,7 @@ package grpc
 
 import (
 	"context"
+	"encoding/base64"
 	"errors"
 	"fmt"
 	"io"
@@ -21,9 +22,22 @@ import (
 	. "github.com/universal-tool-calling-protocol/go-utcp/src/providers/grpc"
 	"github.com/universal-tool-calling-protocol/go-utcp/src/transports"
 
+	. "github.com/universal-tool-calling-protocol/go-utcp/src/auth"
 	. "github.com/universal-tool-calling-protocol/go-utcp/src/tools"
 )
 
+type basicAuthCreds struct {
+	username string
+	password string
+}
+
+func (b *basicAuthCreds) GetRequestMetadata(ctx context.Context, uri ...string) (map[string]string, error) {
+	token := base64.StdEncoding.EncodeToString([]byte(b.username + ":" + b.password))
+	return map[string]string{"authorization": "Basic " + token}, nil
+}
+
+func (b *basicAuthCreds) RequireTransportSecurity() bool { return false }
+
 // GRPCClientTransport implements ClientTransport over gRPC using the UTCPService.
 // It expects the remote server to implement the grpcpb.UTCPService service.
 type GRPCClientTransport struct {
@@ -60,6 +74,14 @@ func (t *GRPCClientTransport) dial(ctx context.Context, prov *GRPCProvider) (*gr
 		t.logger("Using target '%s' as gRPC authority", prov.Target)
 	}
 
+	if prov.Auth != nil {
+		authIfc := *prov.Auth
+		switch a := authIfc.(type) {
+		case *BasicAuth:
+			opts = append(opts, grpc.WithPerRPCCredentials(&basicAuthCreds{username: a.Username, password: a.Password}))
+		}
+	}
+
 	if prov.UseSSL {
 		// In this example we just use insecure when UseSSL is false.
 		// Real implementation would configure TLS credentials.
diff --git a/src/transports/grpc/grpc_transport_auth_test.go b/src/transports/grpc/grpc_transport_auth_test.go
@@ -0,0 +1,63 @@
+package grpc
+
+import (
+	"context"
+	"encoding/base64"
+	"net"
+	"testing"
+
+	. "github.com/universal-tool-calling-protocol/go-utcp/src/auth"
+	"github.com/universal-tool-calling-protocol/go-utcp/src/grpcpb"
+	. "github.com/universal-tool-calling-protocol/go-utcp/src/providers/base"
+	. "github.com/universal-tool-calling-protocol/go-utcp/src/providers/grpc"
+
+	"google.golang.org/grpc"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/metadata"
+	"google.golang.org/grpc/status"
+)
+
+type authServer struct {
+	grpcpb.UnimplementedUTCPServiceServer
+}
+
+func (s *authServer) GetManual(ctx context.Context, _ *grpcpb.Empty) (*grpcpb.Manual, error) {
+	return &grpcpb.Manual{}, nil
+}
+
+func TestGRPCClientTransport_BasicAuth(t *testing.T) {
+	const user = "u"
+	const pass = "p"
+	expected := "Basic " + base64.StdEncoding.EncodeToString([]byte(user+":"+pass))
+
+	interceptor := func(ctx context.Context, req any, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (any, error) {
+		md, _ := metadata.FromIncomingContext(ctx)
+		if md == nil {
+			return nil, status.Error(codes.Unauthenticated, "missing metadata")
+		}
+		auths := md.Get("authorization")
+		if len(auths) == 0 || auths[0] != expected {
+			return nil, status.Error(codes.Unauthenticated, "bad creds")
+		}
+		return handler(ctx, req)
+	}
+
+	lis, err := net.Listen("tcp", "127.0.0.1:0")
+	if err != nil {
+		t.Fatalf("listen err: %v", err)
+	}
+	srv := grpc.NewServer(grpc.UnaryInterceptor(interceptor))
+	grpcpb.RegisterUTCPServiceServer(srv, &authServer{})
+	go srv.Serve(lis)
+	defer srv.Stop()
+
+	port := lis.Addr().(*net.TCPAddr).Port
+	ba := &BasicAuth{AuthType: BasicType, Username: user, Password: pass}
+	var a Auth = ba
+	prov := &GRPCProvider{BaseProvider: BaseProvider{Name: "g", ProviderType: ProviderGRPC}, Host: "127.0.0.1", Port: port, Auth: &a}
+
+	tr := NewGRPCClientTransport(nil)
+	if _, err := tr.RegisterToolProvider(context.Background(), prov); err != nil {
+		t.Fatalf("RegisterToolProvider err: %v", err)
+	}
+}
