feat: create client in options, secure server option

sara9i · Jan 1, 2020 · c824d3a · c824d3a
1 parent 687b8bc
commit c824d3a
Show file tree

Hide file tree

Showing 2 changed files with 86 additions and 3 deletions.
diff --git a/django_grpc/management/commands/grpcserver.py b/django_grpc/management/commands/grpcserver.py
@@ -7,7 +7,7 @@
 from concurrent import futures
 from django.utils import autoreload
 
-from django_grpc.utils import add_servicers, extract_handlers, create_server
+from django_grpc.utils import add_servicers, extract_handlers, create_server, create_secure_server
 
 
 class Command(BaseCommand):
@@ -17,9 +17,12 @@ def add_arguments(self, parser):
         parser.add_argument('--max_workers', type=int, help="Number of workers")
         parser.add_argument('--port', type=int, default=50051, help="Port number to listen")
         parser.add_argument('--autoreload', action='store_true', default=False)
+        parser.add_argument('--secure', action='store_true', default=False)
         parser.add_argument('--list-handlers', action='store_true', default=False, help="Print all registered endpoints")
 
     def handle(self, *args, **options):
+        if options['secure'] is True:
+            self.stdout.write("SECURE CHANNEL")
         if options['autoreload'] is True:
             self.stdout.write("ATTENTION! Autoreload is enabled!")
             if hasattr(autoreload, "run_with_reloader"):
@@ -33,9 +36,14 @@ def handle(self, *args, **options):
 
     def _serve(self, max_workers, port, *args, **kwargs):
         autoreload.raise_last_exception()
-        self.stdout.write("Starting server at %s" % datetime.datetime.now())
 
-        server = create_server(max_workers, port)
+        if kwargs['secure'] is True:
+            self.stdout.write("Starting insecure server at %s" % datetime.datetime.now())
+            server = create_secure_server(max_workers, port)
+        else:
+            self.stdout.write("Starting Secure server at %s" % datetime.datetime.now())
+            server = create_server(max_workers, port)
+        self.stdout.write("Starting COREEEE serverrrrrrrrrrrrrrrrrrrrr")
         server.start()
 
         self.stdout.write("Server is listening port %s" % port)

diff --git a/django_grpc/utils.py b/django_grpc/utils.py
@@ -3,6 +3,7 @@
 from concurrent import futures
 
 import grpc
+import os
 from django.utils.module_loading import import_string
 
 
@@ -27,6 +28,33 @@ def create_server(max_workers, port, interceptors=None):
     server.add_insecure_port('[::]:%s' % port)
     return server
 
+def create_secure_server(max_workers, port, interceptors=None):
+    from django.conf import settings
+    config = getattr(settings, 'GRPCSERVER', dict())
+    servicers_list = config.get('servicers', [])  # callbacks to add servicers to the server
+    interceptors = load_interceptors(config.get('interceptors', []))
+    maximum_concurrent_rpcs = config.get('maximum_concurrent_rpcs', None)
+    # ##########################
+    from config.settings.settings import CRT_DIR, KEY_DIR
+    with open(KEY_DIR, 'rb') as f:
+        private_key = f.read()
+    with open(CRT_DIR, 'rb') as f:
+        certificate_chain = f.read()
+
+    server_credentials = grpc.ssl_server_credentials(
+      ((private_key, certificate_chain,),))
+
+    # create a gRPC server
+    server = grpc.server(
+        thread_pool=futures.ThreadPoolExecutor(max_workers=max_workers),
+        # interceptors=interceptors,
+        maximum_concurrent_rpcs=maximum_concurrent_rpcs
+    )
+
+    add_servicers(server, servicers_list)
+    server.add_secure_port('[::]:%s' % port, server_credentials)
+    return server
+
 
 def add_servicers(server, servicers_list):
     """
@@ -71,3 +99,50 @@ def extract_handlers(server):
             params=params,
             abstract=abstract
         )
+
+# def create_client(target):
+#     from config.settings.settings import CRT_DIR
+#     print("HERE, CRT_DIR: ", CRT_DIR)
+#     if CRT_DIR is not None:
+#         try:
+#             with open(CRT_DIR, 'rb') as f:
+#                 f.seek(0) #ensure you're at the start of the file..
+#                 first_char = f.read(1) #get the first character
+#                 if not first_char:
+#                     # empty cert, create insecure client
+#                     print("empty cert, create insecure client")
+#                     return grpc.insecure_channel(target)
+#                 else:
+#                     f.seek(0)
+#                     trusted_certs = f.read()
+#                     print("TRUSTED CERT: ", trusted_certs)
+#                     # grpc.ssl_channel_credentials(root_certificates=None, private_key=None, certificate_chain=None)
+#                     credentials = grpc.ssl_channel_credentials(root_certificates=trusted_certs)
+#                     # grpc.secure_channel(target, credentials, options=None, compression=None)
+#                     return grpc.secure_channel(target, credentials)
+#         except IOError: 
+#             # no cert file, create insecure client
+#             print("no cert file, create insecure client")
+#             return grpc.insecure_channel(target)
+#     else:
+#         # no cert dir, create insecure client
+#         print("no cert dir, create insecure client")
+#         return grpc.insecure_channel(target)
+
+
+def create_client(target):
+    from config.settings.settings import CRT_DIR
+    if CRT_DIR is not None:
+        try:
+            with open(CRT_DIR, 'rb') as f:
+                trusted_certs = f.read()
+                credentials = grpc.ssl_channel_credentials(root_certificates=trusted_certs)
+                return grpc.secure_channel(target, credentials)
+        except IOError: 
+            # no cert file, create insecure client
+            print("cert file not found, create insecure client")
+            return grpc.insecure_channel(target)
+    else:
+        # no cert dir, create insecure client
+        print("cert dir not found, create insecure client")
+        return grpc.insecure_channel(target)