npm - @gravity-ui/gateway - Versions diffs - 4.8.0 → 4.10.0 - Mend

@gravity-ui/gateway 4.8.0 → 4.10.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/README.md +15 -3
package/build/components/grpc.d.ts +1 -1
package/build/components/grpc.js +39 -3
package/build/components/rest.js +4 -1
package/build/index.js +1 -1
package/build/models/common.d.ts +8 -0
package/package.json +1 -1

package/README.md CHANGED Viewed

@@ -7,6 +7,7 @@ A flexible and powerful Express controller for working with REST and gRPC APIs i
 - [Installation](#installation)
 - [Basic Usage](#basic-usage)
 - [Configuration](#configuration)
+  - [`proxyHeaders`](#proxyheaders)
   - [Validation Schema](#validation-schema)
   - [Using the API in Node.js](#using-the-api-in-nodejs)
   - [Schema Scopes](#schema-scopes)
@@ -14,13 +15,16 @@ A flexible and powerful Express controller for working with REST and gRPC APIs i
   - [Overriding Endpoints](#overriding-endpoints)
   - [Authentication](#authentication)
   - [Error Handling](#error-handling)
-  - [gRPC Reflection](#grpc-reflection-for-grpc-actions)
   - [Retryable Errors](#retryable-errors)
+    - [REST-actions](#rest-actions)
+    - [gRPC-actions](#grpc-actions)
   - [Request Cancellation](#request-cancellation)
   - [Response Content Type Validation](#response-content-type-validation)
+  - [gRPC Reflection for gRPC Actions](#grpc-reflection-for-grpc-actions)
 - [Development](#development)
   - [Running Tests](#running-tests)
   - [Contributing](#contributing)
+- [License](#license)
 ## Installation
@@ -173,10 +177,13 @@ interface GatewayConfig {
   // List of paths to the necessary proto files for the gateway.
   includeProtoRoots?: string[];
-  // Configuration of the path to the certificate in gRPC.
+  // Configuration of the path to the CA certificate in gRPC.
   // Set to null to use system certificates by default.
   caCertificatePath?: string | null;
+  // Configuration of the path to the client certificate for mTLS in gRPC.
+  clientCertificatePath?: string | null;
+  // Configuration of the path to the client private key for mTLS in gRPC.
+  clientKeyPath?: string | null;
   // Telemetry sending configuration.
   sendStats?: SendStats;
@@ -250,6 +257,8 @@ The `extra` parameter contains additional information about the request:
 - `protopath`: The proto path (for gRPC actions)
 - `protokey`: The proto key (for gRPC actions)
+When accessing headers, the gateway first tries to get the header with the exact case provided by the user. If the header doesn't exist with that exact case, it falls back to looking for the same header name in lowercase. This behavior ensures compatibility with various HTTP clients that might send headers with different casing.
 You can set headers for a specific action using `ApiServiceBaseActionConfig.proxyHeaders`:
 ```javascript
@@ -312,6 +321,9 @@ const config = {
   includeProtoRoots: ['...'],
   timeout: 25000, // default 25 seconds
   caCertificatePath: '...',
+  // Optional: paths for mTLS client certificate and key
+  clientCertificatePath: '...',
+  clientKeyPath: '...',
 };
 const {api: gatewayApi} = getGatewayControllers({root: Schema}, config);

package/build/components/grpc.d.ts CHANGED Viewed

@@ -19,6 +19,6 @@ export interface GrpcContext {
     credentials: CredentialsMap;
 }
 export declare function createRoot(includeGrpcPaths?: string[]): protobufjs.Root;
-export declare function getCredentialsMap(caCertificatePath?: string | null): CredentialsMap;
+export declare function getCredentialsMap(caCertificatePath?: string | null, clientCertificatePath?: string | null, clientKeyPath?: string | null): CredentialsMap;
 export default function createGrpcAction<Context extends GatewayContext>({ root, credentials }: GrpcContext, endpoints: EndpointsConfig | undefined, config: ApiServiceGrpcActionConfig<Context, any, any>, serviceKey: string, actionName: string, options: GatewayApiOptions<Context>, ErrorConstructor: AppErrorConstructor, serviceSchema?: Pick<BaseSchema[string], 'getAuthHeaders'>): (actionConfig: ApiActionConfig<Context, any, any>) => Promise<import("../models/common").GatewayActionClientStreamResponse<any> | import("../models/common").GatewayActionServerStreamResponse<any> | import("../models/common").GatewayActionDuplexStreamResponse<any> | import("../models/common").GatewayActionUnaryResponse<any>>;
 export {};

package/build/components/grpc.js CHANGED Viewed

@@ -59,13 +59,21 @@ function createRoot(includeGrpcPaths) {
     return root;
 }
 exports.createRoot = createRoot;
-function getCredentialsMap(caCertificatePath) {
+function getCredentialsMap(caCertificatePath, clientCertificatePath, clientKeyPath) {
     let certificate;
+    let clientCertificate;
+    let clientKey;
     if (caCertificatePath && fs_1.default.existsSync(caCertificatePath)) {
         certificate = fs_1.default.readFileSync(caCertificatePath);
     }
+    if (clientCertificatePath && fs_1.default.existsSync(clientCertificatePath)) {
+        clientCertificate = fs_1.default.readFileSync(clientCertificatePath);
+    }
+    if (clientKeyPath && fs_1.default.existsSync(clientKeyPath)) {
+        clientKey = fs_1.default.readFileSync(clientKeyPath);
+    }
     return {
-        secure: grpc.ChannelCredentials.createSsl(certificate),
+        secure: grpc.ChannelCredentials.createSsl(certificate, clientKey, clientCertificate),
         secureWithoutRootCert: grpc.ChannelCredentials.createSsl(),
         insecure: grpc.ChannelCredentials.createInsecure(),
     };
@@ -108,7 +116,10 @@ function createMetadata({ options, actionConfig, config, params, serviceName, pr
     }
     for (const headerName of proxyHeaders) {
         if (metadata[headerName] === undefined) {
-            metadata[headerName] = headers[headerName];
+            metadata[headerName] =
+                headers[headerName] !== undefined
+                    ? headers[headerName]
+                    : headers[headerName.toLowerCase()];
         }
     }
     const authHeaders = ((_b = (_a = config.getAuthHeaders) !== null && _a !== void 0 ? _a : serviceSchema === null || serviceSchema === void 0 ? void 0 : serviceSchema.getAuthHeaders) !== null && _b !== void 0 ? _b : options.getAuthHeaders)({
@@ -170,12 +181,37 @@ function clearInstancesCache(service, instancesMap, cachePath, closeTimeout, ctx
 function getChannelCredential(config, endpointData, credentials) {
     let endpointInsecure;
     let endpointSecureWithoutRootCert;
+    let endpointCaCertificatePath;
+    let endpointClientCertificatePath;
+    let endpointClientKeyPath;
     if ((0, common_2.isExtendedGrpcActionEndpoint)(endpointData)) {
         endpointInsecure = endpointData === null || endpointData === void 0 ? void 0 : endpointData.insecure;
         endpointSecureWithoutRootCert = endpointData === null || endpointData === void 0 ? void 0 : endpointData.secureWithoutRootCert;
+        endpointCaCertificatePath = endpointData === null || endpointData === void 0 ? void 0 : endpointData.caCertificatePath;
+        endpointClientCertificatePath = endpointData === null || endpointData === void 0 ? void 0 : endpointData.clientCertificatePath;
+        endpointClientKeyPath = endpointData === null || endpointData === void 0 ? void 0 : endpointData.clientKeyPath;
     }
     const isInsecure = config.insecure || endpointInsecure;
     const isSecureWithoutRootCert = config.secureWithoutRootCert || endpointSecureWithoutRootCert;
+    // If endpoint-specific certificates are provided, create new credentials
+    if (endpointCaCertificatePath || endpointClientCertificatePath || endpointClientKeyPath) {
+        let certificate;
+        let clientCertificate;
+        let clientKey;
+        const caCertPath = endpointCaCertificatePath || config.caCertificatePath;
+        const clientCertPath = endpointClientCertificatePath || config.clientCertificatePath;
+        const clientKeyPath = endpointClientKeyPath || config.clientKeyPath;
+        if (caCertPath && fs_1.default.existsSync(caCertPath)) {
+            certificate = fs_1.default.readFileSync(caCertPath);
+        }
+        if (clientCertPath && fs_1.default.existsSync(clientCertPath)) {
+            clientCertificate = fs_1.default.readFileSync(clientCertPath);
+        }
+        if (clientKeyPath && fs_1.default.existsSync(clientKeyPath)) {
+            clientKey = fs_1.default.readFileSync(clientKeyPath);
+        }
+        return grpc.ChannelCredentials.createSsl(certificate, clientKey, clientCertificate);
+    }
     let creds = credentials.secure;
     if (isInsecure) {
         creds = credentials.insecure;

package/build/components/rest.js CHANGED Viewed

@@ -133,7 +133,10 @@ function createRestAction(endpoints, config, serviceKey, actionName, options, Er
         }
         for (const headerName of proxyHeaders) {
             if (actionHeaders[headerName] === undefined) {
-                actionHeaders[headerName] = requestHeaders[headerName];
+                actionHeaders[headerName] =
+                    requestHeaders[headerName] !== undefined
+                        ? requestHeaders[headerName]
+                        : requestHeaders[headerName.toLowerCase()];
             }
         }
         if (requestId) {

package/build/index.js CHANGED Viewed

@@ -259,7 +259,7 @@ function getGatewayControllers(schemasByScope, config) {
             console.warn('Error when parse GATEWAY_ENDPOINTS_OVERRIDES', err);
         }
     }
-    const credentials = (0, grpc_1.getCredentialsMap)(config.caCertificatePath);
+    const credentials = (0, grpc_1.getCredentialsMap)(config.caCertificatePath, config.clientCertificatePath, config.clientKeyPath);
     for (const scope of (0, common_1.getKeys)(schemasByScope)) {
         apiByScope[scope] = generateGatewayApi(schemasByScope[scope], config, { root: (0, grpc_1.createRoot)(config.includeProtoRoots), credentials }, apiByScope);
     }

package/build/models/common.d.ts CHANGED Viewed

@@ -118,6 +118,9 @@ export interface ExtendedBaseActionEndpoint {
 export interface ExtendedGrpcActionEndpoint extends ExtendedBaseActionEndpoint {
     insecure?: boolean;
     secureWithoutRootCert?: boolean;
+    caCertificatePath?: string;
+    clientCertificatePath?: string;
+    clientKeyPath?: string;
     grpcOptions?: object;
 }
 export interface ExtendedRestActionEndpoint extends ExtendedBaseActionEndpoint {
@@ -154,6 +157,9 @@ export interface ApiServiceBaseGrpcActionConfig<Context extends GatewayContext,
     protoKey: string;
     insecure?: boolean;
     secureWithoutRootCert?: boolean;
+    caCertificatePath?: string;
+    clientCertificatePath?: string;
+    clientKeyPath?: string;
     encodedFields?: string[];
     type?: HandlerType;
     decodeAnyMessageProtoLoaderOptions?: protobufjs.IConversionOptions;
@@ -274,6 +280,8 @@ export interface GatewayConfig<Context extends GatewayContext, Req extends Gatew
     sendStats?: SendStats<Context>;
     includeProtoRoots?: string[];
     caCertificatePath: string | null;
+    clientCertificatePath?: string | null;
+    clientKeyPath?: string | null;
     proxyHeaders: ProxyHeaders;
     proxyDebugHeaders?: ProxyHeaders;
     withDebugHeaders?: boolean | ((req: Req, res: Res) => boolean);

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@gravity-ui/gateway",
-  "version": "4.8.0",
+  "version": "4.10.0",
   "description": "",
   "license": "MIT",
   "main": "build/index.js",