phase 4: connectrpc on the gateway authenticated edge
Replace the native-gRPC server bootstrap with a single `connectrpc.com/connect` HTTP/h2c listener. Connect-Go natively serves Connect, gRPC, and gRPC-Web on the same port, so browsers can now reach the authenticated surface without giving up the gRPC framing native and desktop clients may use later. The decorator stack (envelope → session → payload-hash → signature → freshness/replay → rate-limit → routing/push) is reused unchanged behind a small Connect → gRPC adapter and a `grpc.ServerStream` shim around `*connect.ServerStream`. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
Ilia Denisov
@@ -531,6 +531,15 @@ This section describes the secure exchange model between client and
|
||||
gateway. It applies at the public boundary and does not rely on backend
|
||||
behaviour for any of its guarantees.
|
||||
|
||||
The authenticated edge listener is built on `connectrpc.com/connect` and
|
||||
natively serves the Connect, gRPC, and gRPC-Web protocols on a single
|
||||
HTTP/2 cleartext (`h2c`) port. Browser clients use Connect via
|
||||
`@connectrpc/connect-web`; native iOS / Android / desktop clients can
|
||||
use either Connect or raw gRPC framing against the same listener.
|
||||
Envelope, signature, freshness, and anti-replay rules below are
|
||||
protocol-agnostic — they apply identically to every supported wire
|
||||
framing.
|
||||
|
||||
### Principles
|
||||
|
||||
- No browser cookies.
|
||||
|
||||
Reference in New Issue
Block a user