npm - @gravity-ui/gateway - Versions diffs - 3.2.0 → 3.2.2-alpha.0 - Mend

@gravity-ui/gateway 3.2.0 → 3.2.2-alpha.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/README.md +8 -1
package/build/components/grpc.d.ts +1 -1
package/build/components/grpc.js +35 -2
package/build/index.js +1 -1
package/build/models/common.d.ts +8 -0
package/build/utils/grpc.js +14 -3
package/package.json +1 -1

package/README.md CHANGED Viewed

@@ -102,9 +102,13 @@ interface GatewayConfig {
   onRequestFailed?: (req: Request, res: Response, error: any) => any;
   // List of paths to the necessary proto files for the gateway.
   includeProtoRoots?: string[];
-  // Configuration of the path to the certificate in gRPC.
+  // Configuration of the path to the CA certificate in gRPC.
   // Set to null to use system certificates by default.
   caCertificatePath?: string | null;
+  // Configuration of the path to the client certificate for mTLS in gRPC.
+  clientCertificatePath?: string | null;
+  // Configuration of the path to the client private key for mTLS in gRPC.
+  clientKeyPath?: string | null;
   // Telemetry sending configuration.
   sendStats?: SendStats;
   // Configuration of headers sent to the API.
@@ -143,6 +147,9 @@ const config = {
   includeProtoRoots: ['...'],
   timeout: 25000, // default 25 seconds
   caCertificatePath: '...',
+  // Optional: paths for mTLS client certificate and key
+  clientCertificatePath: '...',
+  clientKeyPath: '...',
 };
 const {api: gatewayApi} = getGatewayControllers({root: Schema}, config);

package/build/components/grpc.d.ts CHANGED Viewed

@@ -19,6 +19,6 @@ export interface GrpcContext {
     credentials: CredentialsMap;
 }
 export declare function createRoot(includeGrpcPaths?: string[]): protobufjs.Root;
-export declare function getCredentialsMap(caCertificatePath?: string | null): CredentialsMap;
+export declare function getCredentialsMap(caCertificatePath?: string | null, clientCertificatePath?: string | null, clientKeyPath?: string | null): CredentialsMap;
 export default function createGrpcAction<Context extends GatewayContext>({ root, credentials }: GrpcContext, endpoints: EndpointsConfig | undefined, config: ApiServiceGrpcActionConfig<Context, any, any>, serviceKey: string, actionName: string, options: GatewayApiOptions<Context>, ErrorConstructor: AppErrorConstructor): (actionConfig: ApiActionConfig<Context, any, any>) => Promise<import("../models/common").GatewayActionClientStreamResponse<any> | import("../models/common").GatewayActionServerStreamResponse<any> | import("../models/common").GatewayActionDuplexStreamResponse<any> | import("../models/common").GatewayActionUnaryResponse<any>>;
 export {};

package/build/components/grpc.js CHANGED Viewed

@@ -59,13 +59,21 @@ function createRoot(includeGrpcPaths) {
     return root;
 }
 exports.createRoot = createRoot;
-function getCredentialsMap(caCertificatePath) {
+function getCredentialsMap(caCertificatePath, clientCertificatePath, clientKeyPath) {
     let certificate;
+    let clientCertificate;
+    let clientKey;
     if (caCertificatePath && fs_1.default.existsSync(caCertificatePath)) {
         certificate = fs_1.default.readFileSync(caCertificatePath);
     }
+    if (clientCertificatePath && fs_1.default.existsSync(clientCertificatePath)) {
+        clientCertificate = fs_1.default.readFileSync(clientCertificatePath);
+    }
+    if (clientKeyPath && fs_1.default.existsSync(clientKeyPath)) {
+        clientKey = fs_1.default.readFileSync(clientKeyPath);
+    }
     return {
-        secure: grpc.ChannelCredentials.createSsl(certificate),
+        secure: grpc.ChannelCredentials.createSsl(certificate, clientKey, clientCertificate),
         secureWithoutRootCert: grpc.ChannelCredentials.createSsl(),
         insecure: grpc.ChannelCredentials.createInsecure(),
     };
@@ -170,12 +178,37 @@ function clearInstancesCache(service, instancesMap, cachePath, closeTimeout, ctx
 function getChannelCredential(config, endpointData, credentials) {
     let endpointInsecure;
     let endpointSecureWithoutRootCert;
+    let endpointCaCertificatePath;
+    let endpointClientCertificatePath;
+    let endpointClientKeyPath;
     if ((0, common_2.isExtendedGrpcActionEndpoint)(endpointData)) {
         endpointInsecure = endpointData === null || endpointData === void 0 ? void 0 : endpointData.insecure;
         endpointSecureWithoutRootCert = endpointData === null || endpointData === void 0 ? void 0 : endpointData.secureWithoutRootCert;
+        endpointCaCertificatePath = endpointData === null || endpointData === void 0 ? void 0 : endpointData.caCertificatePath;
+        endpointClientCertificatePath = endpointData === null || endpointData === void 0 ? void 0 : endpointData.clientCertificatePath;
+        endpointClientKeyPath = endpointData === null || endpointData === void 0 ? void 0 : endpointData.clientKeyPath;
     }
     const isInsecure = config.insecure || endpointInsecure;
     const isSecureWithoutRootCert = config.secureWithoutRootCert || endpointSecureWithoutRootCert;
+    // If endpoint-specific certificates are provided, create new credentials
+    if (endpointCaCertificatePath || endpointClientCertificatePath || endpointClientKeyPath) {
+        let certificate;
+        let clientCertificate;
+        let clientKey;
+        const caCertPath = endpointCaCertificatePath || config.caCertificatePath;
+        const clientCertPath = endpointClientCertificatePath || config.clientCertificatePath;
+        const clientKeyPath = endpointClientKeyPath || config.clientKeyPath;
+        if (caCertPath && fs_1.default.existsSync(caCertPath)) {
+            certificate = fs_1.default.readFileSync(caCertPath);
+        }
+        if (clientCertPath && fs_1.default.existsSync(clientCertPath)) {
+            clientCertificate = fs_1.default.readFileSync(clientCertPath);
+        }
+        if (clientKeyPath && fs_1.default.existsSync(clientKeyPath)) {
+            clientKey = fs_1.default.readFileSync(clientKeyPath);
+        }
+        return grpc.ChannelCredentials.createSsl(certificate, clientKey, clientCertificate);
+    }
     let creds = credentials.secure;
     if (isInsecure) {
         creds = credentials.insecure;

package/build/index.js CHANGED Viewed

@@ -244,7 +244,7 @@ function getGatewayControllers(schemasByScope, config) {
             console.warn('Error when parse GATEWAY_ENDPOINTS_OVERRIDES', err);
         }
     }
-    const credentials = (0, grpc_1.getCredentialsMap)(config.caCertificatePath);
+    const credentials = (0, grpc_1.getCredentialsMap)(config.caCertificatePath, config.clientCertificatePath, config.clientKeyPath);
     for (const scope of (0, common_1.getKeys)(schemasByScope)) {
         apiByScope[scope] = generateGatewayApi(schemasByScope[scope], config, { root: (0, grpc_1.createRoot)(config.includeProtoRoots), credentials }, apiByScope);
     }

package/build/models/common.d.ts CHANGED Viewed

@@ -106,6 +106,9 @@ export interface ExtendedBaseActionEndpoint {
 export interface ExtendedGrpcActionEndpoint extends ExtendedBaseActionEndpoint {
     insecure?: boolean;
     secureWithoutRootCert?: boolean;
+    caCertificatePath?: string;
+    clientCertificatePath?: string;
+    clientKeyPath?: string;
     grpcOptions?: object;
 }
 export interface ExtendedRestActionEndpoint extends ExtendedBaseActionEndpoint {
@@ -140,6 +143,9 @@ export interface ApiServiceBaseGrpcActionConfig<Context extends GatewayContext,
     protoKey: string;
     insecure?: boolean;
     secureWithoutRootCert?: boolean;
+    caCertificatePath?: string;
+    clientCertificatePath?: string;
+    clientKeyPath?: string;
     encodedFields?: string[];
     type?: HandlerType;
     decodeAnyMessageProtoLoaderOptions?: protobufjs.IConversionOptions;
@@ -255,6 +261,8 @@ export interface GatewayConfig<Context extends GatewayContext, Req extends Gatew
     sendStats?: SendStats<Context>;
     includeProtoRoots?: string[];
     caCertificatePath: string | null;
+    clientCertificatePath?: string | null;
+    clientKeyPath?: string | null;
     proxyHeaders: ProxyHeaders;
     proxyDebugHeaders?: ProxyHeaders;
     withDebugHeaders?: boolean | ((req: Req, res: Res) => boolean);

package/build/utils/grpc.js CHANGED Viewed

@@ -24,9 +24,20 @@ function decodeAnyMessageRecursively(root, message, decodeAnyMessageProtoLoaderO
         return message;
     }
     const typeName = message.type_url.substring(lastSlashIndex + 1);
-    const type = root.lookupType(typeName);
-    const decodedMessage = type.toObject(type.decode(message.value), Object.assign(Object.assign({}, constants_1.DEFAULT_PROTO_LOADER_OPTIONS), decodeAnyMessageProtoLoaderOptions));
-    return decodeAnyMessageRecursively(root, decodedMessage, decodeAnyMessageProtoLoaderOptions);
+    try {
+        const type = root.lookupType(typeName);
+        const decodedMessage = type.toObject(type.decode(message.value), Object.assign(Object.assign({}, constants_1.DEFAULT_PROTO_LOADER_OPTIONS), decodeAnyMessageProtoLoaderOptions));
+        if (typeof decodedMessage === 'object' &&
+            !Array.isArray(decodedMessage) &&
+            !decodedMessage['@type']) {
+            Object.assign(decodedMessage, { '@type': message.type_url });
+        }
+        return decodeAnyMessageRecursively(root, decodedMessage, decodeAnyMessageProtoLoaderOptions);
+    }
+    catch (error) {
+        console.error(`Failed to lookup ${typeName}`, error);
+        return message;
+    }
 }
 exports.decodeAnyMessageRecursively = decodeAnyMessageRecursively;
 function isRetryableError(error) {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@gravity-ui/gateway",
-  "version": "3.2.0",
+  "version": "3.2.2-alpha.0",
   "description": "",
   "license": "MIT",
   "main": "build/index.js",