diff options
author | 2015-07-27 16:13:28 -0700 | |
---|---|---|
committer | 2015-07-27 16:13:28 -0700 | |
commit | 1a7dcac038dfb64ca499847b42f1ccb03849211f (patch) | |
tree | 614542fa24bdb718815e90034219a904e0623b50 | |
parent | 2aff2b449f22e0eb7995d31a6c137e6a5951d6c6 (diff) |
Made binding a server to a port insecurely explicit
-rw-r--r-- | src/node/examples/math_server.js | 2 | ||||
-rw-r--r-- | src/node/examples/route_guide_server.js | 2 | ||||
-rw-r--r-- | src/node/examples/stock_server.js | 2 | ||||
-rw-r--r-- | src/node/ext/server.cc | 44 | ||||
-rw-r--r-- | src/node/ext/server.h | 1 | ||||
-rw-r--r-- | src/node/ext/server_credentials.cc | 18 | ||||
-rw-r--r-- | src/node/ext/server_credentials.h | 1 | ||||
-rw-r--r-- | src/node/interop/interop_server.js | 4 | ||||
-rw-r--r-- | src/node/src/server.js | 6 | ||||
-rw-r--r-- | src/node/test/call_test.js | 3 | ||||
-rw-r--r-- | src/node/test/end_to_end_test.js | 3 | ||||
-rw-r--r-- | src/node/test/health_test.js | 3 | ||||
-rw-r--r-- | src/node/test/math_client_test.js | 3 | ||||
-rw-r--r-- | src/node/test/server_test.js | 19 | ||||
-rw-r--r-- | src/node/test/surface_test.js | 12 |
15 files changed, 62 insertions, 61 deletions
diff --git a/src/node/examples/math_server.js b/src/node/examples/math_server.js index b1f8a6323f..31892c65df 100644 --- a/src/node/examples/math_server.js +++ b/src/node/examples/math_server.js @@ -115,7 +115,7 @@ server.addProtoService(math.Math.service, { }); if (require.main === module) { - server.bind('0.0.0.0:50051'); + server.bind('0.0.0.0:50051', grpc.ServerCredentials.createInsecure()); server.start(); } diff --git a/src/node/examples/route_guide_server.js b/src/node/examples/route_guide_server.js index 70044a322c..bb8e79b5bd 100644 --- a/src/node/examples/route_guide_server.js +++ b/src/node/examples/route_guide_server.js @@ -239,7 +239,7 @@ function getServer() { if (require.main === module) { // If this is run as a script, start a server on an unused port var routeServer = getServer(); - routeServer.bind('0.0.0.0:50051'); + routeServer.bind('0.0.0.0:50051', grpc.ServerCredentials.createInsecure()); var argv = parseArgs(process.argv, { string: 'db_path' }); diff --git a/src/node/examples/stock_server.js b/src/node/examples/stock_server.js index f2eb6ad4ab..dfcfe30eb4 100644 --- a/src/node/examples/stock_server.js +++ b/src/node/examples/stock_server.js @@ -80,7 +80,7 @@ stockServer.addProtoService(examples.Stock.service, { }); if (require.main === module) { - stockServer.bind('0.0.0.0:50051'); + stockServer.bind('0.0.0.0:50051', grpc.ServerCredentials.createInsecure()); stockServer.listen(); } diff --git a/src/node/ext/server.cc b/src/node/ext/server.cc index 8554fce777..04fabc871d 100644 --- a/src/node/ext/server.cc +++ b/src/node/ext/server.cc @@ -136,10 +136,6 @@ void Server::Init(Handle<Object> exports) { tpl, "addHttp2Port", NanNew<FunctionTemplate>(AddHttp2Port)->GetFunction()); - NanSetPrototypeTemplate( - tpl, "addSecureHttp2Port", - NanNew<FunctionTemplate>(AddSecureHttp2Port)->GetFunction()); - NanSetPrototypeTemplate(tpl, "start", NanNew<FunctionTemplate>(Start)->GetFunction()); @@ -248,43 +244,35 @@ NAN_METHOD(Server::RequestCall) { NAN_METHOD(Server::AddHttp2Port) { NanScope(); if (!HasInstance(args.This())) { - return NanThrowTypeError("addHttp2Port can only be called on a Server"); - } - if (!args[0]->IsString()) { - return NanThrowTypeError("addHttp2Port's argument must be a String"); - } - Server *server = ObjectWrap::Unwrap<Server>(args.This()); - if (server->wrapped_server == NULL) { - return NanThrowError("addHttp2Port cannot be called on a shut down Server"); - } - NanReturnValue(NanNew<Number>(grpc_server_add_http2_port( - server->wrapped_server, *NanUtf8String(args[0])))); -} - -NAN_METHOD(Server::AddSecureHttp2Port) { - NanScope(); - if (!HasInstance(args.This())) { return NanThrowTypeError( - "addSecureHttp2Port can only be called on a Server"); + "addHttp2Port can only be called on a Server"); } if (!args[0]->IsString()) { return NanThrowTypeError( - "addSecureHttp2Port's first argument must be a String"); + "addHttp2Port's first argument must be a String"); } if (!ServerCredentials::HasInstance(args[1])) { return NanThrowTypeError( - "addSecureHttp2Port's second argument must be ServerCredentials"); + "addHttp2Port's second argument must be ServerCredentials"); } Server *server = ObjectWrap::Unwrap<Server>(args.This()); if (server->wrapped_server == NULL) { return NanThrowError( - "addSecureHttp2Port cannot be called on a shut down Server"); + "addHttp2Port cannot be called on a shut down Server"); } - ServerCredentials *creds = ObjectWrap::Unwrap<ServerCredentials>( + ServerCredentials *creds_object = ObjectWrap::Unwrap<ServerCredentials>( args[1]->ToObject()); - NanReturnValue(NanNew<Number>(grpc_server_add_secure_http2_port( - server->wrapped_server, *NanUtf8String(args[0]), - creds->GetWrappedServerCredentials()))); + grpc_server_credentials *creds = creds_object->GetWrappedServerCredentials(); + int port; + if (creds == NULL) { + port = grpc_server_add_http2_port(server->wrapped_server, + *NanUtf8String(args[0])); + } else { + port = grpc_server_add_secure_http2_port(server->wrapped_server, + *NanUtf8String(args[0]), + creds); + } + NanReturnValue(NanNew<Number>(port)); } NAN_METHOD(Server::Start) { diff --git a/src/node/ext/server.h b/src/node/ext/server.h index 5b4b18a0e0..faab7e3418 100644 --- a/src/node/ext/server.h +++ b/src/node/ext/server.h @@ -66,7 +66,6 @@ class Server : public ::node::ObjectWrap { static NAN_METHOD(New); static NAN_METHOD(RequestCall); static NAN_METHOD(AddHttp2Port); - static NAN_METHOD(AddSecureHttp2Port); static NAN_METHOD(Start); static NAN_METHOD(Shutdown); static NanCallback *constructor; diff --git a/src/node/ext/server_credentials.cc b/src/node/ext/server_credentials.cc index 66aaa3300f..51cdbcde5d 100644 --- a/src/node/ext/server_credentials.cc +++ b/src/node/ext/server_credentials.cc @@ -73,6 +73,8 @@ void ServerCredentials::Init(Handle<Object> exports) { Handle<Function> ctr = tpl->GetFunction(); ctr->Set(NanNew("createSsl"), NanNew<FunctionTemplate>(CreateSsl)->GetFunction()); + ctr->Set(NanNew("createInsecure"), + NanNew<FunctionTemplate>(CreateInsecure)->GetFunction()); constructor = new NanCallback(ctr); exports->Set(NanNew("ServerCredentials"), ctr); } @@ -85,9 +87,6 @@ bool ServerCredentials::HasInstance(Handle<Value> val) { Handle<Value> ServerCredentials::WrapStruct( grpc_server_credentials *credentials) { NanEscapableScope(); - if (credentials == NULL) { - return NanEscapeScope(NanNull()); - } const int argc = 1; Handle<Value> argv[argc] = { NanNew<External>(reinterpret_cast<void *>(credentials))}; @@ -138,8 +137,17 @@ NAN_METHOD(ServerCredentials::CreateSsl) { return NanThrowTypeError("createSsl's third argument must be a Buffer"); } key_cert_pair.cert_chain = ::node::Buffer::Data(args[2]); - NanReturnValue(WrapStruct( - grpc_ssl_server_credentials_create(root_certs, &key_cert_pair, 1))); + grpc_server_credentials *creds = + grpc_ssl_server_credentials_create(root_certs, &key_cert_pair, 1); + if (creds == NULL) { + NanReturnNull(); + } + NanReturnValue(WrapStruct(creds)); +} + +NAN_METHOD(ServerCredentials::CreateInsecure) { + NanScope(); + NanReturnValue(WrapStruct(NULL)); } } // namespace node diff --git a/src/node/ext/server_credentials.h b/src/node/ext/server_credentials.h index 80747504a1..63903f663c 100644 --- a/src/node/ext/server_credentials.h +++ b/src/node/ext/server_credentials.h @@ -63,6 +63,7 @@ class ServerCredentials : public ::node::ObjectWrap { static NAN_METHOD(New); static NAN_METHOD(CreateSsl); + static NAN_METHOD(CreateInsecure); static NanCallback *constructor; // Used for typechecking instances of this javascript class static v8::Persistent<v8::FunctionTemplate> fun_tpl; diff --git a/src/node/interop/interop_server.js b/src/node/interop/interop_server.js index 505c6bb537..ece22cce31 100644 --- a/src/node/interop/interop_server.js +++ b/src/node/interop/interop_server.js @@ -161,7 +161,7 @@ function handleHalfDuplex(call) { function getServer(port, tls) { // TODO(mlumish): enable TLS functionality var options = {}; - var server_creds = null; + var server_creds; if (tls) { var key_path = path.join(__dirname, '../test/data/server1.key'); var pem_path = path.join(__dirname, '../test/data/server1.pem'); @@ -171,6 +171,8 @@ function getServer(port, tls) { server_creds = grpc.ServerCredentials.createSsl(null, key_data, pem_data); + } else { + server_creds = grpc.ServerCredentials.createInsecure(); } var server = new grpc.Server(options); server.addProtoService(testProto.TestService.service, { diff --git a/src/node/src/server.js b/src/node/src/server.js index e876313d96..fac013f44b 100644 --- a/src/node/src/server.js +++ b/src/node/src/server.js @@ -673,11 +673,7 @@ Server.prototype.bind = function(port, creds) { if (this.started) { throw new Error('Can\'t bind an already running server to an address'); } - if (creds) { - return this._server.addSecureHttp2Port(port, creds); - } else { - return this._server.addHttp2Port(port); - } + return this._server.addHttp2Port(port, creds); }; /** diff --git a/src/node/test/call_test.js b/src/node/test/call_test.js index 942c31ac68..4f18394964 100644 --- a/src/node/test/call_test.js +++ b/src/node/test/call_test.js @@ -53,7 +53,8 @@ describe('call', function() { var server; before(function() { server = new grpc.Server(); - var port = server.addHttp2Port('localhost:0'); + var port = server.addHttp2Port('localhost:0', + grpc.ServerCredentials.createInsecure()); server.start(); channel = new grpc.Channel('localhost:' + port); }); diff --git a/src/node/test/end_to_end_test.js b/src/node/test/end_to_end_test.js index 5d3baf823d..bb8ad62578 100644 --- a/src/node/test/end_to_end_test.js +++ b/src/node/test/end_to_end_test.js @@ -62,7 +62,8 @@ describe('end-to-end', function() { var channel; before(function() { server = new grpc.Server(); - var port_num = server.addHttp2Port('0.0.0.0:0'); + var port_num = server.addHttp2Port('0.0.0.0:0', + grpc.ServerCredentials.createInsecure()); server.start(); channel = new grpc.Channel('localhost:' + port_num); }); diff --git a/src/node/test/health_test.js b/src/node/test/health_test.js index bb700cc46c..fa23dc3ed8 100644 --- a/src/node/test/health_test.js +++ b/src/node/test/health_test.js @@ -54,7 +54,8 @@ describe('Health Checking', function() { new health.Implementation(statusMap)); var healthClient; before(function() { - var port_num = healthServer.bind('0.0.0.0:0'); + var port_num = healthServer.bind('0.0.0.0:0', + grpc.ServerCredentials.createInsecure()); healthServer.start(); healthClient = new health.Client('localhost:' + port_num); }); diff --git a/src/node/test/math_client_test.js b/src/node/test/math_client_test.js index f2751857ff..567faf9c98 100644 --- a/src/node/test/math_client_test.js +++ b/src/node/test/math_client_test.js @@ -51,7 +51,8 @@ var server = require('../examples/math_server.js'); describe('Math client', function() { before(function(done) { - var port_num = server.bind('0.0.0.0:0'); + var port_num = server.bind('0.0.0.0:0', + grpc.ServerCredentials.createInsecure()); server.start(); math_client = new math.Math('localhost:' + port_num); done(); diff --git a/src/node/test/server_test.js b/src/node/test/server_test.js index 9c7bb465aa..a9df43909e 100644 --- a/src/node/test/server_test.js +++ b/src/node/test/server_test.js @@ -59,16 +59,11 @@ describe('server', function() { it('should bind to an unused port', function() { var port; assert.doesNotThrow(function() { - port = server.addHttp2Port('0.0.0.0:0'); + port = server.addHttp2Port('0.0.0.0:0', + grpc.ServerCredentials.createInsecure()); }); assert(port > 0); }); - }); - describe('addSecureHttp2Port', function() { - var server; - before(function() { - server = new grpc.Server(); - }); it('should bind to an unused port with ssl credentials', function() { var port; var key_path = path.join(__dirname, '../test/data/server1.key'); @@ -77,16 +72,22 @@ describe('server', function() { var pem_data = fs.readFileSync(pem_path); var creds = grpc.ServerCredentials.createSsl(null, key_data, pem_data); assert.doesNotThrow(function() { - port = server.addSecureHttp2Port('0.0.0.0:0', creds); + port = server.addHttp2Port('0.0.0.0:0', creds); }); assert(port > 0); }); }); + describe('addSecureHttp2Port', function() { + var server; + before(function() { + server = new grpc.Server(); + }); + }); describe('listen', function() { var server; before(function() { server = new grpc.Server(); - server.addHttp2Port('0.0.0.0:0'); + server.addHttp2Port('0.0.0.0:0', grpc.ServerCredentials.createInsecure()); }); after(function() { server.shutdown(); diff --git a/src/node/test/surface_test.js b/src/node/test/surface_test.js index 9005cbd505..fd326e44eb 100644 --- a/src/node/test/surface_test.js +++ b/src/node/test/surface_test.js @@ -47,6 +47,8 @@ var mathService = math_proto.lookup('math.Math'); var _ = require('lodash'); +var server_insecure_creds = grpc.ServerCredentials.createInsecure(); + describe('File loader', function() { it('Should load a proto file by default', function() { assert.doesNotThrow(function() { @@ -122,7 +124,7 @@ describe('Echo service', function() { callback(null, call.request); } }); - var port = server.bind('localhost:0'); + var port = server.bind('localhost:0', server_insecure_creds); var Client = surface_client.makeProtobufClientConstructor(echo_service); client = new Client('localhost:' + port); server.start(); @@ -166,7 +168,7 @@ describe('Generic client and server', function() { callback(null, _.capitalize(call.request)); } }); - var port = server.bind('localhost:0'); + var port = server.bind('localhost:0', server_insecure_creds); server.start(); var Client = grpc.makeGenericClientConstructor(string_service_attrs); client = new Client('localhost:' + port); @@ -214,7 +216,7 @@ describe('Echo metadata', function() { }); } }); - var port = server.bind('localhost:0'); + var port = server.bind('localhost:0', server_insecure_creds); var Client = surface_client.makeProtobufClientConstructor(test_service); client = new Client('localhost:' + port); server.start(); @@ -336,7 +338,7 @@ describe('Other conditions', function() { }); } }); - port = server.bind('localhost:0'); + port = server.bind('localhost:0', server_insecure_creds); var Client = surface_client.makeProtobufClientConstructor(test_service); client = new Client('localhost:' + port); server.start(); @@ -601,7 +603,7 @@ describe('Cancelling surface client', function() { 'fib': function(stream) {}, 'sum': function(stream) {} }); - var port = server.bind('localhost:0'); + var port = server.bind('localhost:0', server_insecure_creds); var Client = surface_client.makeProtobufClientConstructor(mathService); client = new Client('localhost:' + port); server.start(); |