Bump mcdsl to f94c4b1 for $PORT env var support

Update mcdsl from v1.0.0 to the port-env-support branch tip, which adds automatic $PORT environment variable support to the config package. Adapt grpcserver.New call to the updated signature that now accepts an *Options parameter (pass nil for default behavior). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-27 01:07:52 -07:00
parent acc4851549
commit 0838bcbab2
6 changed files with 102 additions and 12 deletions
--- a/vendor/git.wntrmute.dev/kyle/mcdsl/grpcserver/server.go
+++ b/vendor/git.wntrmute.dev/kyle/mcdsl/grpcserver/server.go
@@ -48,21 +48,45 @@ type Server struct {
 	listener net.Listener
 }

+// Options configures optional behavior for the gRPC server.
+type Options struct {
+	// PreInterceptors run before the logging and auth interceptors.
+	// Use for lifecycle gates like seal checks that should reject
+	// requests before any auth validation occurs.
+	PreInterceptors []grpc.UnaryServerInterceptor
+
+	// PostInterceptors run after auth but before the handler.
+	// Use for audit logging, rate limiting, or other cross-cutting
+	// concerns that need access to the authenticated identity.
+	PostInterceptors []grpc.UnaryServerInterceptor
+}
+
 // New creates a gRPC server with TLS (if certFile and keyFile are
-// non-empty) and an interceptor chain: logging → auth → handler.
+// non-empty) and an interceptor chain:
+//
+//	[pre-interceptors] → logging → auth → [post-interceptors] → handler
 //
 // The auth interceptor uses methods to determine the access level for
 // each RPC. Methods not in any map are denied by default.
 //
 // If certFile and keyFile are empty, TLS is skipped (for testing).
-func New(certFile, keyFile string, authenticator *auth.Authenticator, methods MethodMap, logger *slog.Logger) (*Server, error) {
-	chain := grpc.ChainUnaryInterceptor(
+// opts is optional; pass nil for the default chain (logging + auth only).
+func New(certFile, keyFile string, authenticator *auth.Authenticator, methods MethodMap, logger *slog.Logger, opts *Options) (*Server, error) {
+	var interceptors []grpc.UnaryServerInterceptor
+	if opts != nil {
+		interceptors = append(interceptors, opts.PreInterceptors...)
+	}
+	interceptors = append(interceptors,
 		loggingInterceptor(logger),
 		authInterceptor(authenticator, methods),
 	)
+	if opts != nil {
+		interceptors = append(interceptors, opts.PostInterceptors...)
+	}
+	chain := grpc.ChainUnaryInterceptor(interceptors...)

-	var opts []grpc.ServerOption
-	opts = append(opts, chain)
+	var serverOpts []grpc.ServerOption
+	serverOpts = append(serverOpts, chain)

 	if certFile != "" && keyFile != "" {
 		cert, err := tls.LoadX509KeyPair(certFile, keyFile)
@@ -73,11 +97,11 @@ func New(certFile, keyFile string, authenticator *auth.Authenticator, methods Me
 			Certificates: []tls.Certificate{cert},
 			MinVersion:   tls.VersionTLS13,
 		}
-		opts = append(opts, grpc.Creds(credentials.NewTLS(tlsCfg)))
+		serverOpts = append(serverOpts, grpc.Creds(credentials.NewTLS(tlsCfg)))
 	}

 	return &Server{
-		GRPCServer: grpc.NewServer(opts...),
+		GRPCServer: grpc.NewServer(serverOpts...),
 		Logger:     logger,
 	}, nil
 }