fix: grpc gateway interceptors (#3767)

2025-08-12 04:37:31 +00:00 · 2022-06-03 14:44:04 +02:00
parent da1f74fde0
commit 3a1569bd94
6 changed files with 51 additions and 24 deletions
--- a/internal/api/grpc/server/gateway.go
+++ b/internal/api/grpc/server/gateway.go
@@ -12,6 +12,7 @@ import (
 	"google.golang.org/protobuf/encoding/protojson"

 	client_middleware "github.com/zitadel/zitadel/internal/api/grpc/client/middleware"
+	"github.com/zitadel/zitadel/internal/api/grpc/server/middleware"
 	http_mw "github.com/zitadel/zitadel/internal/api/http/middleware"
 )

@@ -56,7 +57,7 @@ type Gateway interface {

 type GatewayFunc func(ctx context.Context, mux *runtime.ServeMux, endpoint string, opts []grpc.DialOption) error

-func CreateGateway(ctx context.Context, g Gateway, port uint16) (http.Handler, string, error) {
+func CreateGateway(ctx context.Context, g Gateway, port uint16, http1HostName string) (http.Handler, string, error) {
 	runtimeMux := runtime.NewServeMux(serveMuxOptions...)
 	opts := []grpc.DialOption{
 		grpc.WithTransportCredentials(insecure.NewCredentials()),
@@ -66,11 +67,24 @@ func CreateGateway(ctx context.Context, g Gateway, port uint16) (http.Handler, s
 	if err != nil {
 		return nil, "", fmt.Errorf("failed to register grpc gateway: %w", err)
 	}
-	return addInterceptors(runtimeMux), g.GatewayPathPrefix(), nil
+	return addInterceptors(runtimeMux, http1HostName), g.GatewayPathPrefix(), nil
 }

-func addInterceptors(handler http.Handler) http.Handler {
-	handler = http_mw.DefaultMetricsHandler(handler)
+func addInterceptors(handler http.Handler, http1HostName string) http.Handler {
+	handler = http1Host(handler, http1HostName)
+	handler = http_mw.CORSInterceptor(handler)
 	handler = http_mw.DefaultTelemetryHandler(handler)
-	return http_mw.CORSInterceptor(handler)
+	return http_mw.DefaultMetricsHandler(handler)
+}
+
+func http1Host(next http.Handler, http1HostName string) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		host, err := http_mw.HostFromRequest(r, http1HostName)
+		if err != nil {
+			http.Error(w, err.Error(), http.StatusForbidden)
+			return
+		}
+		r.Header.Set(middleware.HTTP1Host, host)
+		next.ServeHTTP(w, r)
+	})
 }
--- a/internal/api/grpc/server/middleware/instance_interceptor.go
+++ b/internal/api/grpc/server/middleware/instance_interceptor.go
@@ -14,6 +14,10 @@ import (
 	"github.com/zitadel/zitadel/internal/telemetry/tracing"
 )

+const (
+	HTTP1Host = "x-zitadel-http1-host"
+)
+
 type InstanceVerifier interface {
 	GetInstance(ctx context.Context)
 }
@@ -36,7 +40,7 @@ func setInstance(ctx context.Context, req interface{}, info *grpc.UnaryServerInf
 		}
 	}

-	host, err := hostNameFromContext(interceptorCtx, headerName)
+	host, err := hostFromContext(interceptorCtx, headerName)
 	if err != nil {
 		return nil, status.Error(codes.PermissionDenied, err.Error())
 	}
@@ -48,12 +52,19 @@ func setInstance(ctx context.Context, req interface{}, info *grpc.UnaryServerInf
 	return handler(authz.WithInstance(ctx, instance), req)
 }

-func hostNameFromContext(ctx context.Context, headerName string) (string, error) {
+func hostFromContext(ctx context.Context, headerName string) (string, error) {
 	md, ok := metadata.FromIncomingContext(ctx)
 	if !ok {
 		return "", fmt.Errorf("cannot read metadata")
 	}
-	host, ok := md[headerName]
+	host, ok := md[HTTP1Host]
+	if ok && len(host) == 1 {
+		if !isAllowedToSendHTTP1Header(md) {
+			return "", fmt.Errorf("no valid host header")
+		}
+		return host[0], nil
+	}
+	host, ok = md[headerName]
 	if !ok {
 		return "", fmt.Errorf("cannot find header: %v", headerName)
 	}
@@ -62,3 +73,11 @@ func hostNameFromContext(ctx context.Context, headerName string) (string, error)
 	}
 	return host[0], nil
 }
+
+//isAllowedToSendHTTP1Header check if the gRPC call was sent to `localhost`
+//this is only possible when calling the server directly running on localhost
+//or through the gRPC gateway
+func isAllowedToSendHTTP1Header(md metadata.MD) bool {
+	authority, ok := md[":authority"]
+	return ok && len(authority) == 1 && strings.Split(authority[0], ":")[0] == "localhost"
+}
--- a/internal/api/grpc/server/middleware/instance_interceptor_test.go
+++ b/internal/api/grpc/server/middleware/instance_interceptor_test.go
@@ -63,13 +63,13 @@ func Test_hostNameFromContext(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			got, err := hostNameFromContext(tt.args.ctx, tt.args.headerName)
+			got, err := hostFromContext(tt.args.ctx, tt.args.headerName)
 			if (err != nil) != tt.res.err {
-				t.Errorf("hostNameFromContext() error = %v, wantErr %v", err, tt.res.err)
+				t.Errorf("hostFromContext() error = %v, wantErr %v", err, tt.res.err)
 				return
 			}
 			if got != tt.res.want {
-				t.Errorf("hostNameFromContext() got = %v, want %v", got, tt.res.want)
+				t.Errorf("hostFromContext() got = %v, want %v", got, tt.res.want)
 			}
 		})
 	}