search

nestjs / nest

A progressive Node.js framework for building efficient, scalable, and enterprise-grade server-side applications with TypeScript/JavaScript 🚀
https://nestjs.com
MIT License
67.29k stars 7.59k forks source link

Doc for gRPC options is misleading #7506

Closed archana-elrod closed 3 years ago

archana-elrod commented 3 years ago

Advance apology, if implementation at my end is causing issue!!!

Bug Report

"credentials" in gRPC options points to GRPC.ServerCredentials, which throws TypeError with message "Channel credentials must be a ChannelCredentials object" error, however, if used GRPC.credentials then throws TypeError with message "creds._getSettings is not a function".

Current behavior

gRPC Doc provides neither good documentation on credentials nor working example.

Input Code

grpc-mtls

export const grpcClientOptions: ClientOptions = {
  transport: Transport.GRPC,
  options: {
    package: 'hero',
    protoPath: join(__dirname, './hero/hero.proto'),
    credentials: credentials.createSsl(
      fs.readFileSync(join(process.cwd(), "certificates", "ca-cert.pem")), 
      fs.readFileSync(join(process.cwd(), "certificates", "server-key.pem")), 
      fs.readFileSync(join(process.cwd(), "certificates", "server-cert.pem")))
    // credentials: ServerCredentials.createSsl(
    //     fs.readFileSync(join(process.cwd(), 'certificates', 'ca-cert.pem')),
    //     [
    //       {
    //         private_key: fs.readFileSync(
    //           join(process.cwd(), 'certificates', 'server-key.pem'),
    //         ),
    //         cert_chain: fs.readFileSync(
    //           join(process.cwd(), 'certificates', 'server-cert.pem'),
    //         ),
    //       },
    //     ],
    //     true,
    //   )
  },
};

Expected behavior

Should provide good documentation on credentials options or a good example, or resolve aforementioned TypeError.

Environment


Nest version: 8.0.0


For Tooling issues:
- Node version: 14.16.1  
- Platform: Mac 

Others:
- Visual Studio Code: 1.57.1
- Yarn: 1.22.10
- macOS Big Sur: 11.4
raza-basit commented 3 years ago

https://github.com/archana-maharjan/grpc-mtls Sample code repository is not available.

kamilmysliwiec commented 3 years ago

Please, make the repository publicly available

archana-elrod commented 3 years ago

@geek96 , @kamilmysliwiec repo is public!

archana-elrod commented 3 years ago

@kamilmysliwiec @geek96 repo's public, and I wonder what other information you require to take a look at the issue. Just in case if you're looking for certificates, then please create "certificates at the root folder and add certificates that is generated using following commands or your own.

  1. Generate CA's private key and self-signed certificate openssl req -x509 -newkey rsa:4095 -days 365 -nodes -keyout ca-key.pem -out ca-cert.pem
    1. Generate web server's private key and certificate signing request (CSR) openssl req -newkey rsa:4096 -nodes -keyout server-key.pem -out server-req.pem
  2. Create server-ext.cnf file and add following content in the file subjectAltName=DNS:.domainName.com,DNS:.domainName.org,IP:0.0.0.0
  3. Use CA's private key to sign web server's CSR and get back the signed certificate openssl x509 -req -in server-req.pem -days 60 -CA ca-cert.pem -CAkey ca-key.pem -CAcreateserial -out server-cert.pem -extfile server-ext.cnf

Or else you can also generate certificates other way as follow: Note: Please replace Your Country, Your State, Your Organization with appropriate values. // Create certificates.conf file and add following contents in it. [req] default_bits = 4096 prompt = no default_md = sha256 req_extensions = req_ext distinguished_name = dn [dn] C = Your Country ST = Your State O = Your Organization CN = localhost [req_ext] subjectAltName = @alt_names [alt_names] DNS.1 = localhost IP.1 = ::1 IP.2 = 127.0.0.1 // Create Root signing Key -- openssl genrsa -out ca.key 4096 // Generate self-signed Root certificate -- openssl req -new -x509 -key ca.key -sha256 -subj "/C=Your Country/ST=Your State/O=Your Organization" -days 365 -out ca.cert // Create a Key certificate for the Server -- openssl genrsa -out service.key 4096 // Create a signing CSR, note create conf file with -- openssl req -new -key service.key -out service.csr -config certificates.conf // Generate a certificate for the Server -- openssl x509 -req -in service.csr -CA ca.cert -CAkey ca.key -CAcreateserial -out service.pem -days 365 -sha256 -extfile certificates.conf -extensions req_ext

Please let me know if you need more info?

kamilmysliwiec commented 3 years ago

I checked out your repository and it seems that this issue is unrelated to NestJS but rather to the underlying @grpc/grpc-js package. Please, report this issue in their repository https://github.com/grpc/grpc-node

archana-elrod commented 3 years ago

Thank you!!!