Implement Phase 7: gRPC dual-stack interface
- proto/mcias/v1/: AdminService, AuthService, TokenService, AccountService, CredentialService; generated Go stubs in gen/ - internal/grpcserver: full handler implementations sharing all business logic (auth, token, db, crypto) with REST server; interceptor chain: logging -> auth (JWT alg-first + revocation) -> rate-limit (token bucket, 10 req/s, burst 10, per-IP) - internal/config: optional grpc_addr field in [server] section - cmd/mciassrv: dual-stack startup; gRPC/TLS listener on grpc_addr when configured; graceful shutdown of both servers in 15s window - cmd/mciasgrpcctl: companion gRPC CLI mirroring mciasctl commands (health, pubkey, account, role, token, pgcreds) using TLS with optional custom CA cert - internal/grpcserver/grpcserver_test.go: 20 tests via bufconn covering public RPCs, auth interceptor (no token, invalid, revoked -> 401), non-admin -> 403, Login/Logout/RenewToken/ValidateToken flows, AccountService CRUD, SetPGCreds/GetPGCreds AES-GCM round-trip, credential fields absent from all responses Security: JWT validation path identical to REST: alg header checked before signature, alg:none rejected, revocation table checked after sig. Authorization metadata value never logged by any interceptor. Credential fields (PasswordHash, TOTPSecret*, PGPassword) absent from all proto response messages — enforced by proto design and confirmed by test TestCredentialFieldsAbsentFromAccountResponse. Login dummy-Argon2 timing guard preserves timing uniformity for unknown users (same as REST handleLogin). TLS required at listener level; cmd/mciassrv uses credentials.NewServerTLSFromFile; no h2c offered. 137 tests pass, zero race conditions (go test -race ./...)
This commit is contained in:
41
internal/grpcserver/admin.go
Normal file
41
internal/grpcserver/admin.go
Normal file
@@ -0,0 +1,41 @@
|
||||
// adminServiceServer implements mciasv1.AdminServiceServer.
|
||||
// Health and GetPublicKey are public RPCs that bypass auth.
|
||||
package grpcserver
|
||||
|
||||
import (
|
||||
"context"
|
||||
"encoding/base64"
|
||||
|
||||
"google.golang.org/grpc/codes"
|
||||
"google.golang.org/grpc/status"
|
||||
|
||||
mciasv1 "git.wntrmute.dev/kyle/mcias/gen/mcias/v1"
|
||||
)
|
||||
|
||||
type adminServiceServer struct {
|
||||
mciasv1.UnimplementedAdminServiceServer
|
||||
s *Server
|
||||
}
|
||||
|
||||
// Health returns {"status":"ok"} to signal the server is operational.
|
||||
func (a *adminServiceServer) Health(_ context.Context, _ *mciasv1.HealthRequest) (*mciasv1.HealthResponse, error) {
|
||||
return &mciasv1.HealthResponse{Status: "ok"}, nil
|
||||
}
|
||||
|
||||
// GetPublicKey returns the Ed25519 public key as JWK field values.
|
||||
// The "x" field is the raw 32-byte public key base64url-encoded without padding,
|
||||
// matching the REST /v1/keys/public response format.
|
||||
func (a *adminServiceServer) GetPublicKey(_ context.Context, _ *mciasv1.GetPublicKeyRequest) (*mciasv1.GetPublicKeyResponse, error) {
|
||||
if len(a.s.pubKey) == 0 {
|
||||
return nil, status.Error(codes.Internal, "public key not available")
|
||||
}
|
||||
// Encode as base64url without padding — identical to the REST handler.
|
||||
x := base64.RawURLEncoding.EncodeToString(a.s.pubKey)
|
||||
return &mciasv1.GetPublicKeyResponse{
|
||||
Kty: "OKP",
|
||||
Crv: "Ed25519",
|
||||
Use: "sig",
|
||||
Alg: "EdDSA",
|
||||
X: x,
|
||||
}, nil
|
||||
}
|
||||
Reference in New Issue
Block a user