From 070994a3a6e7b63a682bcd4d27338d2e0e054c2b Mon Sep 17 00:00:00 2001 From: Michael Lumish Date: Wed, 22 Apr 2020 11:47:48 -0700 Subject: [PATCH 1/2] grpc-js: Fix the final proxy bugs --- packages/grpc-js/src/channel-credentials.ts | 3 ++- packages/grpc-js/src/http_proxy.ts | 30 ++++++++++++++------- packages/grpc-js/src/subchannel.ts | 9 ++++--- 3 files changed, 27 insertions(+), 15 deletions(-) diff --git a/packages/grpc-js/src/channel-credentials.ts b/packages/grpc-js/src/channel-credentials.ts index e5c9bfda7..675e91628 100644 --- a/packages/grpc-js/src/channel-credentials.ts +++ b/packages/grpc-js/src/channel-credentials.ts @@ -211,7 +211,8 @@ class SecureChannelCredentialsImpl extends ChannelCredentials { } _getConnectionOptions(): ConnectionOptions | null { - return this.connectionOptions; + // Copy to prevent callers from mutating this.connectionOptions + return { ...this.connectionOptions }; } _isSecure(): boolean { return true; diff --git a/packages/grpc-js/src/http_proxy.ts b/packages/grpc-js/src/http_proxy.ts index 18c0e115b..df9ea09f2 100644 --- a/packages/grpc-js/src/http_proxy.ts +++ b/packages/grpc-js/src/http_proxy.ts @@ -147,9 +147,9 @@ export function mapProxyName( extraOptions['grpc.http_connect_creds'] = proxyInfo.creds; } return { - target: { + target: { scheme: 'dns', - path: proxyInfo.address + path: proxyInfo.address, }, extraOptions: extraOptions, }; @@ -207,23 +207,33 @@ export function getProxiedConnection( ' through proxy ' + proxyAddressString ); - resolve({ - socket, - realTarget: parsedTarget, - }); if ('secureContext' in connectionOptions) { /* The proxy is connecting to a TLS server, so upgrade this socket * connection to a TLS connection. * This is a workaround for https://github.com/nodejs/node/issues/32922 * See https://github.com/grpc/grpc-node/pull/1369 for more info. */ - const cts = tls.connect({ - ...connectionOptions, - host: getDefaultAuthority(parsedTarget), + const remoteHost = getDefaultAuthority(parsedTarget); + + const cts = tls.connect( + { + host: remoteHost, + servername: remoteHost, socket: socket, - }, () => { + ...connectionOptions, + }, + () => { + trace( + 'Successfully established a TLS connection to ' + + options.path + + ' through proxy ' + + proxyAddressString + ); resolve({ socket: cts, realTarget: parsedTarget }); } ); + cts.on('error', () => { + reject(); + }); } else { resolve({ socket, diff --git a/packages/grpc-js/src/subchannel.ts b/packages/grpc-js/src/subchannel.ts index 1691ffd29..2af7885ec 100644 --- a/packages/grpc-js/src/subchannel.ts +++ b/packages/grpc-js/src/subchannel.ts @@ -322,10 +322,11 @@ export class Subchannel { }; } - connectionOptions = Object.assign( - connectionOptions, - this.subchannelAddress - ); + connectionOptions = { + ...connectionOptions, + ...this.subchannelAddress, + }; + /* http2.connect uses the options here: * https://github.com/nodejs/node/blob/70c32a6d190e2b5d7b9ff9d5b6a459d14e8b7d59/lib/internal/http2/core.js#L3028-L3036 * The spread operator overides earlier values with later ones, so any port From 105e91e2eb38b4d0802029afa5eadf6f3fe205ac Mon Sep 17 00:00:00 2001 From: Michael Lumish Date: Wed, 22 Apr 2020 12:09:34 -0700 Subject: [PATCH 2/2] Bump grpc-js to 1.0.2 --- packages/grpc-js/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/grpc-js/package.json b/packages/grpc-js/package.json index 6a3556359..1b5d2e120 100644 --- a/packages/grpc-js/package.json +++ b/packages/grpc-js/package.json @@ -1,6 +1,6 @@ { "name": "@grpc/grpc-js", - "version": "1.0.1", + "version": "1.0.2", "description": "gRPC Library for Node - pure JS implementation", "homepage": "https://grpc.io/", "repository": "https://github.com/grpc/grpc-node/tree/master/packages/grpc-js",