@gravity-ui/gateway 3.2.2-alpha.0 → 3.2.3

package/README.md

@@ -1,6 +1,6 @@
 # @gravity-ui/gateway · [![npm package](https://img.shields.io/npm/v/@gravity-ui/gateway)](https://www.npmjs.com/package/@gravity-ui/gateway) [![CI](https://img.shields.io/github/actions/workflow/status/gravity-ui/gateway/.github/workflows/ci.yml?label=CI&logo=github)](https://github.com/gravity-ui/gateway/actions/workflows/ci.yml?query=branch:main)
 
-Express controller for working with REST/GRPC APIs.
+Express controller for working with REST and GRPC APIs.
 
 ## Install
 
@@ -102,13 +102,9 @@ interface GatewayConfig {
   onRequestFailed?: (req: Request, res: Response, error: any) => any;
   // List of paths to the necessary proto files for the gateway.
   includeProtoRoots?: string[];
-  // Configuration of the path to the CA certificate in gRPC.
+  // Configuration of the path to the certificate in gRPC.
   // Set to null to use system certificates by default.
   caCertificatePath?: string | null;
-  // Configuration of the path to the client certificate for mTLS in gRPC.
-  clientCertificatePath?: string | null;
-  // Configuration of the path to the client private key for mTLS in gRPC.
-  clientKeyPath?: string | null;
   // Telemetry sending configuration.
   sendStats?: SendStats;
   // Configuration of headers sent to the API.
@@ -147,9 +143,6 @@ const config = {
   includeProtoRoots: ['...'],
   timeout: 25000, // default 25 seconds
   caCertificatePath: '...',
-  // Optional: paths for mTLS client certificate and key
-  clientCertificatePath: '...',
-  clientKeyPath: '...',
 };
 
 const {api: gatewayApi} = getGatewayControllers({root: Schema}, config);

package/build/components/grpc.d.ts

@@ -19,6 +19,6 @@ export interface GrpcContext {
     credentials: CredentialsMap;
 }
 export declare function createRoot(includeGrpcPaths?: string[]): protobufjs.Root;
-export declare function getCredentialsMap(caCertificatePath?: string | null, clientCertificatePath?: string | null, clientKeyPath?: string | null): CredentialsMap;
+export declare function getCredentialsMap(caCertificatePath?: string | null): CredentialsMap;
 export default function createGrpcAction<Context extends GatewayContext>({ root, credentials }: GrpcContext, endpoints: EndpointsConfig | undefined, config: ApiServiceGrpcActionConfig<Context, any, any>, serviceKey: string, actionName: string, options: GatewayApiOptions<Context>, ErrorConstructor: AppErrorConstructor): (actionConfig: ApiActionConfig<Context, any, any>) => Promise<import("../models/common").GatewayActionClientStreamResponse<any> | import("../models/common").GatewayActionServerStreamResponse<any> | import("../models/common").GatewayActionDuplexStreamResponse<any> | import("../models/common").GatewayActionUnaryResponse<any>>;
 export {};

package/build/components/grpc.js

@@ -59,21 +59,13 @@ function createRoot(includeGrpcPaths) {
     return root;
 }
 exports.createRoot = createRoot;
-function getCredentialsMap(caCertificatePath, clientCertificatePath, clientKeyPath) {
+function getCredentialsMap(caCertificatePath) {
     let certificate;
-    let clientCertificate;
-    let clientKey;
     if (caCertificatePath && fs_1.default.existsSync(caCertificatePath)) {
         certificate = fs_1.default.readFileSync(caCertificatePath);
     }
-    if (clientCertificatePath && fs_1.default.existsSync(clientCertificatePath)) {
-        clientCertificate = fs_1.default.readFileSync(clientCertificatePath);
-    }
-    if (clientKeyPath && fs_1.default.existsSync(clientKeyPath)) {
-        clientKey = fs_1.default.readFileSync(clientKeyPath);
-    }
     return {
-        secure: grpc.ChannelCredentials.createSsl(certificate, clientKey, clientCertificate),
+        secure: grpc.ChannelCredentials.createSsl(certificate),
         secureWithoutRootCert: grpc.ChannelCredentials.createSsl(),
         insecure: grpc.ChannelCredentials.createInsecure(),
     };
@@ -154,6 +146,7 @@ const reflectionServiceInstancesMap = {};
 function clearInstancesCache(service, instancesMap, cachePath, closeTimeout, ctx) {
     const cachedService = lodash_1.default.get(instancesMap, cachePath);
     if (cachedService !== service) {
+        ctx.log(`Service client not matched cached service for cachePath '${cachePath}'`);
         return;
     }
     // Remove cached service instance
@@ -178,37 +171,12 @@ function clearInstancesCache(service, instancesMap, cachePath, closeTimeout, ctx
 function getChannelCredential(config, endpointData, credentials) {
     let endpointInsecure;
     let endpointSecureWithoutRootCert;
-    let endpointCaCertificatePath;
-    let endpointClientCertificatePath;
-    let endpointClientKeyPath;
     if ((0, common_2.isExtendedGrpcActionEndpoint)(endpointData)) {
         endpointInsecure = endpointData === null || endpointData === void 0 ? void 0 : endpointData.insecure;
         endpointSecureWithoutRootCert = endpointData === null || endpointData === void 0 ? void 0 : endpointData.secureWithoutRootCert;
-        endpointCaCertificatePath = endpointData === null || endpointData === void 0 ? void 0 : endpointData.caCertificatePath;
-        endpointClientCertificatePath = endpointData === null || endpointData === void 0 ? void 0 : endpointData.clientCertificatePath;
-        endpointClientKeyPath = endpointData === null || endpointData === void 0 ? void 0 : endpointData.clientKeyPath;
     }
     const isInsecure = config.insecure || endpointInsecure;
     const isSecureWithoutRootCert = config.secureWithoutRootCert || endpointSecureWithoutRootCert;
-    // If endpoint-specific certificates are provided, create new credentials
-    if (endpointCaCertificatePath || endpointClientCertificatePath || endpointClientKeyPath) {
-        let certificate;
-        let clientCertificate;
-        let clientKey;
-        const caCertPath = endpointCaCertificatePath || config.caCertificatePath;
-        const clientCertPath = endpointClientCertificatePath || config.clientCertificatePath;
-        const clientKeyPath = endpointClientKeyPath || config.clientKeyPath;
-        if (caCertPath && fs_1.default.existsSync(caCertPath)) {
-            certificate = fs_1.default.readFileSync(caCertPath);
-        }
-        if (clientCertPath && fs_1.default.existsSync(clientCertPath)) {
-            clientCertificate = fs_1.default.readFileSync(clientCertPath);
-        }
-        if (clientKeyPath && fs_1.default.existsSync(clientKeyPath)) {
-            clientKey = fs_1.default.readFileSync(clientKeyPath);
-        }
-        return grpc.ChannelCredentials.createSsl(certificate, clientKey, clientCertificate);
-    }
     let creds = credentials.secure;
     if (isInsecure) {
         creds = credentials.insecure;
@@ -633,7 +601,7 @@ function createGrpcAction({ root, credentials }, endpoints, config, serviceKey,
                             const shouldRetry = error && retries && (0, grpc_1.isRetryableError)(error);
                             if (shouldRecreateService) {
                                 ctx.log(`Service client for ${config.protoKey} is going to be re-created`);
-                                recreateService(service, timeout * 1.5, ctx, args);
+                                recreateService(service, 5000, ctx, args);
                             }
                             if (shouldRetry) {
                                 ctx.logError(`Request failed, retrying ${retries--} more times`);

package/build/index.js

@@ -244,7 +244,7 @@ function getGatewayControllers(schemasByScope, config) {
             console.warn('Error when parse GATEWAY_ENDPOINTS_OVERRIDES', err);
         }
     }
-    const credentials = (0, grpc_1.getCredentialsMap)(config.caCertificatePath, config.clientCertificatePath, config.clientKeyPath);
+    const credentials = (0, grpc_1.getCredentialsMap)(config.caCertificatePath);
     for (const scope of (0, common_1.getKeys)(schemasByScope)) {
         apiByScope[scope] = generateGatewayApi(schemasByScope[scope], config, { root: (0, grpc_1.createRoot)(config.includeProtoRoots), credentials }, apiByScope);
     }

package/build/models/common.d.ts

@@ -106,9 +106,6 @@ export interface ExtendedBaseActionEndpoint {
 export interface ExtendedGrpcActionEndpoint extends ExtendedBaseActionEndpoint {
     insecure?: boolean;
     secureWithoutRootCert?: boolean;
-    caCertificatePath?: string;
-    clientCertificatePath?: string;
-    clientKeyPath?: string;
     grpcOptions?: object;
 }
 export interface ExtendedRestActionEndpoint extends ExtendedBaseActionEndpoint {
@@ -143,9 +140,6 @@ export interface ApiServiceBaseGrpcActionConfig<Context extends GatewayContext,
     protoKey: string;
     insecure?: boolean;
     secureWithoutRootCert?: boolean;
-    caCertificatePath?: string;
-    clientCertificatePath?: string;
-    clientKeyPath?: string;
     encodedFields?: string[];
     type?: HandlerType;
     decodeAnyMessageProtoLoaderOptions?: protobufjs.IConversionOptions;
@@ -261,8 +255,6 @@ export interface GatewayConfig<Context extends GatewayContext, Req extends Gatew
     sendStats?: SendStats<Context>;
     includeProtoRoots?: string[];
     caCertificatePath: string | null;
-    clientCertificatePath?: string | null;
-    clientKeyPath?: string | null;
     proxyHeaders: ProxyHeaders;
     proxyDebugHeaders?: ProxyHeaders;
     withDebugHeaders?: boolean | ((req: Req, res: Res) => boolean);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@gravity-ui/gateway",
-  "version": "3.2.2-alpha.0",
+  "version": "3.2.3",
   "description": "",
   "license": "MIT",
   "main": "build/index.js",