Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(microservice): add TLS over TCP support #7516

Closed
wants to merge 11 commits into from
Closed

feat(microservice): add TLS over TCP support #7516

wants to merge 11 commits into from

Conversation

Flusinerd
Copy link
Contributor

@Flusinerd Flusinerd commented Jul 11, 2021
edited

PR Checklist

Please check if your PR fulfills the following requirements:

PR Type

What kind of change does this PR introduce?
Adds an additional property useTls?: boolean to the options for client and server. If useTls is set, it intersects the Nodes tls server / client options with the nest server/client options.

If useTls is set to true, it uses node's tls module instead of net to allow TCP over TLS support

[ ] Bugfix
[ X ] Feature
[ ] Code style update (formatting, local variables)
[ ] Refactoring (no functional changes, no api changes)
[ ] Build related changes
[ ] CI related changes
[ ] Other... Please describe:

What is the current behavior?

Issue Number: #6745

What is the new behavior?

If useTls === true then it will use tls instead of net to create the server / client and intersect the appropriate options with the nest options

Does this PR introduce a breaking change?

[ ] Yes
[ X ] No

Other information

@Flusinerd
feat(microservice): add tcp over tls support
8bbf128 
add tcp tls client options
add tcp tls server options
add tcp over tls support
@Flusinerd
feat(microservice): add tcp over tls support
567c902 
add tcp tls client options
add tcp tls server options
add tcp over tls support
@Flusinerd
Merge branch 'feat/microservice-tcp-tls' of github.com:Flusinerd/nest…
b2883c7 
… into feat/microservice-tcp-tls
@Flusinerd
feat(microservice): add tcp over tls support
ae124a9 
fix client-tcp not beeing able to handle empty options
@Flusinerd
feat(microservice): add tcp over tls support
0cf63a3 
fix isCustomClientOptions type-guard not beeing able to handle undefined
@Flusinerd
Copy link
Contributor Author

Flusinerd commented Jul 11, 2021
edited

For docs, should I update the docs in nestjs/docs.nestjs.com?

I think we could either add another section in:
https://docs.nestjs.com/microservices/basics#client

Or make an own page for TCP Client or TCP TLS Client

@coveralls
Copy link

coveralls commented Jul 11, 2021
edited

Pull Request Test Coverage Report for Build a18b5f60-086f-4c47-a111-2d294565e81c

  • 25 of 33 (75.76%) changed or added relevant lines in 4 files are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage decreased (-0.03%) to 94.103%
Changes Missing Coverage Covered Lines Changed/Added Lines %
packages/microservices/client/client-tcp.ts 15 23 65.22%
Totals Coverage Status
Change from base Build 38eae0db-18bc-4193-8057-69d114a8416f: -0.03%
Covered Lines: 5713
Relevant Lines: 6071
💛 - Coveralls

@Flusinerd
feat(microservice): add tcp over tls support
18896a5 
add TcpTlsOptions to MicroserviceOptions type
@kamilmysliwiec
Copy link
Member

For docs, should I update the docs in nestjs/docs.nestjs.com?

Correct

I think we could either add another section in:

Let's add a new section in the TCP chapter

@Flusinerd
feat(microservice): add tcp over tls support
18eb60d 
fix client not connecting when using tls
@Flusinerd Flusinerd mentioned this pull request Jul 12, 2021
Open
10 tasks
@Flusinerd
Copy link
Contributor Author

Docs have been updated as well, the PR is linked above

@Flusinerd
Copy link
Contributor Author

I can add a sample later that I used for testing, should I include a self-signed certificate in the sample?
I'm waiting for #7486 to merged, since this includes support for multi-application samples.

@Flusinerd Flusinerd changed the title feat(microservice): add TCP over TLS support feat(microservice): add TLS over TCP support Jul 17, 2021
@kamilmysliwiec kamilmysliwiec mentioned this pull request Jul 27, 2021
Closed
kamilmysliwiec
kamilmysliwiec reviewed Jul 27, 2021
View reviewed changes
packages/microservices/client/client-proxy-factory.ts Outdated
Comment on lines 59 to 70
return new ClientTCP(options as TcpClientOptions['options']);
const uncheckedOptions = options as
| TcpClientOptions['options']
| TcpTlsClientOptions['options']
| undefined;
if (uncheckedOptions && uncheckedOptions.useTls === true) {
return new ClientTCP(options as TcpTlsClientOptions['options']);
} else {
return new ClientTCP(
options as TcpClientOptions['options'] | undefined,
);
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As this condition seems to be used only for type-checking purposes, can we just force cast options to the appropriate type and remove this if?

kamilmysliwiec
kamilmysliwiec reviewed Jul 27, 2021
View reviewed changes
packages/microservices/client/client-tcp.ts Outdated
Comment on lines 47 to 49
if (options === undefined) {
this.options = {};
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What's the reason for this change?

kamilmysliwiec
kamilmysliwiec reviewed Jul 27, 2021
View reviewed changes
packages/microservices/test/client/client-tcp.spec.ts Outdated
Comment on lines 202 to 212

// describe('tls', () => {
// it('should upgrade to TLS', () => {
// const jsonSocket = new ClientTCP({ useTls: true }).createSocket();
// expect(jsonSocket.socket).instanceOf(TLSSocket);
// });
// it('should not upgrade to TLS, if not requested', () => {
// const jsonSocket = new ClientTCP({ useTls: false }).createSocket();
// expect(jsonSocket.socket).instanceOf(NetSocket);
// });
// });
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this intentionally commented out?

@kamilmysliwiec
Copy link
Member

I left a few comments. Can we also add an integration test?

@Flusinerd
Copy link
Contributor Author

Hi, ty for the the feedback I'll try work on this this weekend.

AnisJS09
AnisJS09 reviewed Aug 7, 2021
View reviewed changes
packages/microservices/client/client-proxy.ts Outdated
| KafkaOptions['options']).serializer) ||
(
options as
| RedisOptions['options']
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what do you think about extracting these types into a Union type declared, something like :

Suggested change
| RedisOptions['options']
const type Options = NatsOptions['options']
| MqttOptions['options']
| TcpClientOptions['options']
| TcpTlsClientOptions['options']
| RmqOptions['options']
| KafkaOptions['options'];

@Flusinerd
Copy link
Contributor Author

Currently I dont have that much time to work on this @AnisJS09 Do you want to continue?

@Flusinerd
Copy link
Contributor Author

Okay, I managed to get some time to continue working on this.
I worked on the review from @kamilmysliwiec and think I got it sorted.

Looking into integration testing right now. It seems like there are no e2e tests for TCP implemented atm.
So what do you want to be covered for TCP clients?
Just a simple addition using sync / async / rxjs of and rxjs from + exception and pub / sub.
Similar to how its done in the nats example?

@kamilmysliwiec
Copy link
Member

TCP tests https://github.com/nestjs/nest/blob/master/integration/microservices/e2e/sum-rpc.spec.ts

@Flusinerd
Copy link
Contributor Author

Ahh alright. I completely missed that. Will work on this later then and finish this feature request.

@Flusinerd
Copy link
Contributor Author

Okay, I added the e2e tests.
I included a self signed certificate.

kamilmysliwiec
kamilmysliwiec reviewed Mar 1, 2022
View reviewed changes
packages/microservices/client/client-tcp.ts
Comment on lines +71 to +97
if (this.useTls) {
this.netSocket.connect(this.port, this.host);
source$ = this.connect$(
this.socket.netSocket,
ERROR_EVENT,
TLS_CONNECT_EVENT,
).pipe(
tap(() => {
this.isConnected = true;
this.socket.on(MESSAGE_EVENT, (buffer: WritePacket & PacketId) =>
this.handleResponse(buffer),
);
}),
share(),
);
} else {
source$ = this.connect$(this.socket.netSocket).pipe(
tap(() => {
this.isConnected = true;
this.socket.on(MESSAGE_EVENT, (buffer: WritePacket & PacketId) =>
this.handleResponse(buffer),
);
}),
share(),
);
this.socket.connect(this.port, this.host);
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If the only difference here is whether to use netSocket or socket (depending on whether TLS is on) we should probably refactor this logic to avoid repetitiveness.

@nomaxg
Copy link
Contributor

nomaxg commented Oct 28, 2022

@Flusinerd @kamilmysliwiec is this actively being worked on? I would be happy to pick it up

@Flusinerd
Copy link
Contributor Author

Hi. I don't think so. Feel free to continue

@kamilmysliwiec
Copy link
Member

Moving onto this PR #10628

@Flusinerd Flusinerd deleted the feat/microservice-tcp-tls branch July 3, 2023 16:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kamilmysliwiec kamilmysliwiec kamilmysliwiec left review comments

@AnisJS09 AnisJS09 AnisJS09 left review comments

Assignees
No one assigned
Labels
scope: microservices status: wip ⚡️ type: feature 🎉
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@Flusinerd @coveralls @kamilmysliwiec @nomaxg @AnisJS09