From ab2884a8e93bbe378a50b8f73d132789f58048e1 Mon Sep 17 00:00:00 2001 From: Kyle Isom Date: Wed, 25 Mar 2026 09:08:24 -0700 Subject: [PATCH] Fix gRPC auth metadata keys, allow TLS 1.2 for Android clients MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Read x-engpad-username/x-engpad-password from gRPC metadata (matching what the Android client sends) - Allow TLS 1.2 on gRPC port — Android's BoringSSL/OkHttp transport does not negotiate TLS 1.3 without Conscrypt Co-Authored-By: Claude Opus 4.6 (1M context) --- internal/grpcserver/interceptors.go | 4 ++-- internal/grpcserver/server.go | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/internal/grpcserver/interceptors.go b/internal/grpcserver/interceptors.go index f076b2c..fb11732 100644 --- a/internal/grpcserver/interceptors.go +++ b/internal/grpcserver/interceptors.go @@ -29,8 +29,8 @@ func AuthInterceptor(database *sql.DB) grpc.UnaryServerInterceptor { return nil, status.Error(codes.Unauthenticated, "missing metadata") } - usernames := md.Get("username") - passwords := md.Get("password") + usernames := md.Get("x-engpad-username") + passwords := md.Get("x-engpad-password") if len(usernames) == 0 || len(passwords) == 0 { return nil, status.Error(codes.Unauthenticated, "missing credentials") } diff --git a/internal/grpcserver/server.go b/internal/grpcserver/server.go index d38f6ce..4e35f5b 100644 --- a/internal/grpcserver/server.go +++ b/internal/grpcserver/server.go @@ -32,7 +32,7 @@ func Start(cfg Config) (*grpc.Server, error) { tlsConfig := &tls.Config{ Certificates: []tls.Certificate{cert}, - MinVersion: tls.VersionTLS13, + MinVersion: tls.VersionTLS12, } lis, err := net.Listen("tcp", cfg.Addr)