HomePhabricator
Diffusion Comm 56ac25fc5332

[services] Tunnelbroker - Adding of the client authentication by the…
56ac25fc5332
Actions

Description

[services] Tunnelbroker - Adding of the client authentication by the sessionID from metadata

Summary:
This diff introduces using of the metadata to provide the sessionID by the client for the client authentication in the gRPC MessagesStream bidirectional stream.

We are making the following security checks with the sessionID:

  • Check if the sessionID is provided in metadata;
  • Check the sessionID format validity;
  • Check if the sessionID exists in the database session table.

Linear task: ENG-1359

Test Plan:

  • Opening a MessagesStream from the gRPC client without providing the sessionID in metadata results in gRPC invalid argument error.
  • Opening a MessagesStream from the gRPC client providing the sessionID in a wrong format in metadata results in gRPC unauthenticated error.
  • Opening a MessagesStream from the gRPC client providing the unexistent sessionID in metadata results in gRPC unauthenticated error.

Reviewers: jon, marcin, tomek

Reviewed By: jon, tomek

Subscribers: ashoat, tomek, atul, abosh

Differential Revision: https://phab.comm.dev/D5528

Details

Provenance
maxAuthored on Nov 2 2022, 2:48 PM
Reviewer
jon
Differential Revision
D5528: [services] Tunnelbroker - Adding of the client authentication by the `sessionID` from metadata
Parents
rCOMM6c35669e5805: [native] introduce error handling to cover cancelled database tasks
Branches
Unknown
Tags
Unknown

Changes (4)

PathSize
services/
tunnelbroker/
src/
libcpp/
server/

rCOMM56ac25fc5332

View Options

services/tunnelbroker/src/cxx_bridge.rs

Loading...
View Options

services/tunnelbroker/src/libcpp/Tunnelbroker.cpp

Loading...
View Options

services/tunnelbroker/src/libcpp/Tunnelbroker.h

Loading...
View Options

services/tunnelbroker/src/server/mod.rs

Loading...