Migrate gRPC server to mcdsl grpcserver package

Replace metacrypt's hand-rolled gRPC interceptor chain with the mcdsl grpcserver package, which provides TLS setup, logging, and method-map auth (public/auth-required/admin-required) out of the box. Metacrypt-specific interceptors are preserved as hooks: - sealInterceptor runs as a PreInterceptor (before logging/auth) - auditInterceptor runs as a PostInterceptor (after auth) The three legacy method maps (seal/auth/admin) are restructured into mcdsl's MethodMap (Public/AuthRequired/AdminRequired) plus a separate seal-required map for the PreInterceptor. Token context is now stored via mcdsl/auth.ContextWithTokenInfo instead of a package-local key. Bumps mcdsl from v1.0.0 to v1.0.1 (adds PreInterceptors/PostInterceptors to grpcserver.Options). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-26 14:42:41 -07:00
parent d308db8598
commit 310ed83f28
12 changed files with 264 additions and 378 deletions
--- a/internal/grpcserver/auth.go
+++ b/internal/grpcserver/auth.go
@@ -37,7 +37,7 @@ func (as *authServer) Logout(ctx context.Context, _ *pb.LogoutRequest) (*pb.Logo
 }

 func (as *authServer) TokenInfo(ctx context.Context, _ *pb.TokenInfoRequest) (*pb.TokenInfoResponse, error) {
-	ti := tokenInfoFromContext(ctx)
+	ti := auth.TokenInfoFromContext(ctx)
 	if ti == nil {
 		// Shouldn't happen — authInterceptor runs first — but guard anyway.
 		token := extractToken(ctx)