search

tus / tusd

Reference server implementation in Go of tus: the open protocol for resumable file uploads
https://tus.github.io/tusd
MIT License
2.92k stars 465 forks source link

Send Authorization Header to gRPC endpoint, adds gRPC mTLS support #1114

Open TaridaGeorge opened 2 months ago

TaridaGeorge commented 2 months ago

This PR adds the following things:

  1. Add the Authorization Header to the gRPC OutgoingContext in order to make use of it directly from the gRPC headers.
  2. adds mTLS support for gRPC hook. grpc hook now have a hooks-grpc-secure flag 
    --hooks-grpc-secure=true
--hooks-grpc-server-tls-certificate=/home/user/tls.pem
--hooks-grpc-client-tls-certificate=/home/user/client.pem
--hooks-grpc-client-tls-key=/home/user/client_key.pem
Acconut commented 2 months ago

Thank you for the PR! These two changes should probably go into two separate PRs as they are distinct from each other.

  1. Add the Authorization Header to the gRPC OutgoingContext in order to make use of it directly from the gRPC headers.

This should not be enabled by default as it allows a user to smuggle an arbitrary header value to the gRPC backend, which can have unintended consequences. Header forwarding should be an opt-in feature and even then be customizable to allow the administrator to select headers to be forwarded. Overall, I am thinking about an option that is similar to the -hooks-http-forward-headers flag that exists for HTTP hooks.