Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feat: securing gRPC HTTP connections #20

Closed
D4ryl00 opened this issue Sep 25, 2023 · 2 comments · Fixed by #113
Closed

Feat: securing gRPC HTTP connections #20

D4ryl00 opened this issue Sep 25, 2023 · 2 comments · Fixed by #113
Assignees
@D4ryl00
Labels
✅ Approved Feature request has been approved 🚀 feature-request

Comments

@D4ryl00
Copy link
Contributor

D4ryl00 commented Sep 25, 2023
edited
Loading

We want to provide a gRPC client to React-Native to communicate with the Gnomobile service, which implements the gRPC server.
We have two choices:

  1. Because we cannot directly support stream calls from React-Native to Go, we have to convert streams to unary calls. So we can write an RPC object in Typescript, named bridge, which converts stream calls to unary calls so we will be able to pass them in the native and Go parts. It looks like Berty does with the Bridge Service Client: berty bridge.
    This works fine but in a hacky way for mobile. In the future, we want to port the React-Native client to the desktop, so without native parts (Java, Swift), which will add some additional work to make it compatible.
  2. We can use the new gRPC Web client that supports unary and stream calls natively. But the client works through HTTP connection, and our Go gRPC server doesn't implement a secure HTTP authentication.
    A solution is to determine if we can create a new transport that allows us to perform native binding still using that gRPC web client.

Because number 2 is a cleaner and future-proof way, we could implement a secure authentication to our Go gRPC server to enable us to use standard gRPC clients through HTTP connections, without the need of creating hacky transports for the clients.
@D4ryl00 D4ryl00 self-assigned this Sep 25, 2023
@D4ryl00
Copy link
Contributor Author

D4ryl00 commented Sep 26, 2023

After further research, connect-web cannot use the default transport in react-native because Fetch API is not fully supported: https://github.com/connectrpc/examples-es/tree/main/react-native

The XHR replacement transport for react-native doesn't implement streams yet: https://github.com/connectrpc/examples-es/blob/main/react-native/custom-transport.ts

Also, connect-web seems to accept only TLS authentication, which is not the best for our use case: https://github.com/connectrpc/connect-es/blob/main/packages/connect-web/src/grpc-web-transport.ts#L88

@jefft0 jefft0 mentioned this issue Sep 27, 2023
Open
@jefft0 jefft0 added ✅ Approved Feature request has been approved 🚀 feature-request labels Sep 29, 2023
@D4ryl00
Copy link
Contributor Author

D4ryl00 commented Nov 3, 2023
edited
Loading

Using the Berty's handshake protocol for gRPC authentication checks all the boxes:

  • The client must know the server's public key before the handshake. That could be returned by the initBridge function.
  • This protocol protects from the man-in-the-middle over insecure channel.
  • It generates secrets to crypt communications.

@jefft0 jefft0 mentioned this issue Feb 21, 2024
Merged
D4ryl00 added a commit that referenced this issue Feb 21, 2024
@D4ryl00
feat: Secure React Native gRPC connections (#113)
f16871c 
To secure the React Native gRPC connection, we implement a transport
that uses native calls to make the gRPC calls instead of a TCP
connection.
Only the server streaming is implemented in this PR (we don't need the
client streaming).

Flow:
React-Native gRPC client <-> native (Android/iOS) <-> golang gRPC client
(UDS) <-> golang gRPC server

fixes #20

---------

Signed-off-by: D4ryl00 <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@D4ryl00 D4ryl00

Labels
✅ Approved Feature request has been approved 🚀 feature-request
Projects
🤝🏻 Partner: Berty
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: Secure React Native gRPC connections D4ryl00/gnonative
2 participants
@jefft0 @D4ryl00