@@ -32,7 +32,6 @@ use crate::{
3232
3333// connected clients
3434type ClientMap = HashMap < SocketAddr , mpsc:: UnboundedSender < Result < CoreRequest , Status > > > ;
35- static COOKIE_KEY_HEADER : & str = "dg-cookie-key-bin" ;
3635
3736#[ derive( Debug , Clone , Default ) ]
3837pub ( crate ) struct Configuration {
@@ -232,28 +231,6 @@ impl proxy_server::Proxy for ProxyServer {
232231 let _guard = span. enter ( ) ;
233232
234233 info ! ( "Defguard Core gRPC client connected from: {address}" ) ;
235-
236- // Retrieve private cookies key from the header.
237- let cookie_key = request. metadata ( ) . get_bin ( COOKIE_KEY_HEADER ) ;
238- let key = match cookie_key {
239- Some ( key) => Key :: from ( & key. to_bytes ( ) . map_err ( |err| {
240- error ! ( "Failed to decode private cookie key: {err:?}" ) ;
241- Status :: internal ( "Failed to decode private cookie key" )
242- } ) ?) ,
243- // If the header is missing, fall back to generating a local key.
244- // This preserves compatibility with older Core versions that did not
245- // provide a shared cookie key. In this mode, cookie-based sessions will
246- // not be shared across proxy instances and HA won't work.
247- None => {
248- warn ! (
249- "Private cookie key not provided by Core; falling back to a locally generated key. \
250-
251- ) ;
252- Key :: generate ( )
253- }
254- } ;
255- * self . cookie_key . write ( ) . unwrap ( ) = Some ( key) ;
256-
257234 let ( tx, rx) = mpsc:: unbounded_channel ( ) ;
258235 self . clients
259236 . lock ( )
@@ -266,22 +243,32 @@ impl proxy_server::Proxy for ProxyServer {
266243 let clients = Arc :: clone ( & self . clients ) ;
267244 let results = Arc :: clone ( & self . results ) ;
268245 let connected = Arc :: clone ( & self . connected ) ;
269- let mut stream = request . into_inner ( ) ;
246+ let cookie_key = Arc :: clone ( & self . cookie_key ) ;
270247 tokio:: spawn (
271248 async move {
249+ let mut stream = request. into_inner ( ) ;
272250 loop {
273251 match stream. message ( ) . await {
274252 Ok ( Some ( response) ) => {
275253 debug ! ( "Received message from Defguard Core ID={}" , response. id) ;
276254 connected. store ( true , Ordering :: Relaxed ) ;
277255 if let Some ( payload) = response. payload {
278- let maybe_rx = results. lock ( ) . expect ( "Failed to acquire lock on results hashmap when processing response" ) . remove ( & response. id ) ;
279- if let Some ( rx) = maybe_rx {
280- if let Err ( err) = rx. send ( payload) {
281- error ! ( "Failed to send message to rx {:?}" , err. type_id( ) ) ;
256+ match payload {
257+ core_response:: Payload :: InitialInfo ( payload) => {
258+ info ! ( "Received private cookies key" ) ;
259+ let key = Key :: from ( & payload. private_cookies_key ) ;
260+ * cookie_key. write ( ) . unwrap ( ) = Some ( key) ;
261+ } ,
262+ _ => {
263+ let maybe_rx = results. lock ( ) . expect ( "Failed to acquire lock on results hashmap when processing response" ) . remove ( & response. id ) ;
264+ if let Some ( rx) = maybe_rx {
265+ if let Err ( err) = rx. send ( payload) {
266+ error ! ( "Failed to send message to rx {:?}" , err. type_id( ) ) ;
267+ }
268+ } else {
269+ error ! ( "Missing receiver for response #{}" , response. id) ;
270+ }
282271 }
283- } else {
284- error ! ( "Missing receiver for response #{}" , response. id) ;
285272 }
286273 }
287274 }
0 commit comments