kyle/eng-pad-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix gRPC auth metadata keys, allow TLS 1.2 for Android clients

Browse Source 
- Read x-engpad-username/x-engpad-password from gRPC metadata
  (matching what the Android client sends)
- Allow TLS 1.2 on gRPC port — Android's BoringSSL/OkHttp transport
  does not negotiate TLS 1.3 without Conscrypt

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Kyle Isom
2026-03-25 09:08:24 -07:00
parent 691301dade
commit ab2884a8e9
2 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
internal/grpcserver/interceptors.go
View File

@@ -29,8 +29,8 @@ func AuthInterceptor(database *sql.DB) grpc.UnaryServerInterceptor {
return nil, status.Error(codes.Unauthenticated, "missing metadata") return nil, status.Error(codes.Unauthenticated, "missing metadata")
} }
usernames := md.Get("username") usernames := md.Get("x-engpad-username")
passwords := md.Get("password") passwords := md.Get("x-engpad-password")
if len(usernames) == 0 || len(passwords) == 0 { if len(usernames) == 0 || len(passwords) == 0 {
return nil, status.Error(codes.Unauthenticated, "missing credentials") return nil, status.Error(codes.Unauthenticated, "missing credentials")
} }

2
internal/grpcserver/server.go
View File

@@ -32,7 +32,7 @@ func Start(cfg Config) (*grpc.Server, error) {
tlsConfig := &tls.Config{ tlsConfig := &tls.Config{
Certificates: []tls.Certificate{cert}, Certificates: []tls.Certificate{cert},
MinVersion: tls.VersionTLS13, MinVersion: tls.VersionTLS12,
} }
lis, err := net.Listen("tcp", cfg.Addr) lis, err := net.Listen("tcp", cfg.Addr)