Validate request protocol (#475)

Author: JamesNK

src/Grpc.AspNetCore.Server/Internal/CallHandlers/ServerCallHandlerBase.cs

@@ -23,6 +23,7 @@
 using Microsoft.AspNetCore.Http.Features;
 using Microsoft.AspNetCore.Server.Kestrel.Core.Features;
 using Microsoft.Extensions.Logging;
+using Microsoft.Net.Http.Headers;
 
 namespace Grpc.AspNetCore.Server.Internal.CallHandlers
 {
@@ -55,7 +56,14 @@ public Task HandleCallAsync(HttpContext httpContext)
         {
             if (GrpcProtocolHelpers.IsInvalidContentType(httpContext, out var error))
             {
-                GrpcProtocolHelpers.SendHttpError(httpContext.Response, StatusCodes.Status415UnsupportedMediaType, StatusCode.Internal, error!);
+                GrpcProtocolHelpers.SendHttpError(httpContext.Response, StatusCodes.Status415UnsupportedMediaType, StatusCode.Internal, error);
+                return Task.CompletedTask;
+            }
+            if (httpContext.Request.Protocol != GrpcProtocolConstants.Http2Protocol)
+            {
+                var protocolError = $"Request protocol '{httpContext.Request.Protocol}' is not supported.";
+                GrpcProtocolHelpers.SendHttpError(httpContext.Response, StatusCodes.Status426UpgradeRequired, StatusCode.Internal, protocolError);
+                httpContext.Response.Headers[HeaderNames.Upgrade] = GrpcProtocolConstants.Http2Protocol;
                 return Task.CompletedTask;
             }
 

src/Grpc.AspNetCore.Server/Internal/GrpcProtocolConstants.cs

@@ -25,6 +25,7 @@ namespace Grpc.AspNetCore.Server.Internal
     internal static class GrpcProtocolConstants
     {
         internal const string GrpcContentType = "application/grpc";
+        internal const string Http2Protocol = "HTTP/2";
 
         internal const string TimeoutHeader = "grpc-timeout";
         internal const string MessageEncodingHeader = "grpc-encoding";

test/FunctionalTests/Client/CompressionTests.cs

@@ -41,7 +41,7 @@ public async Task SendCompressedMessage_ServiceCompressionConfigured_ResponseGzi
 
             string? requestMessageEncoding = null;
             string? responseMessageEncoding = null;
-            using var httpClient = Fixture.CreateClient(new TestDelegateHandler(
+            using var httpClient = Fixture.CreateClient(messageHandler: new TestDelegateHandler(
                 r =>
                 {
                     requestMessageEncoding = r.Headers.GetValues(GrpcProtocolConstants.MessageEncodingHeader).Single();

test/FunctionalTests/Infrastructure/GrpcTestFixture.cs

@@ -19,6 +19,7 @@
 using System;
 using System.Net.Http;
 using Grpc.Net.Client;
+using Microsoft.AspNetCore.Server.Kestrel.Core;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Logging;
 
@@ -58,7 +59,7 @@ public GrpcTestFixture(Action<IServiceCollection>? initialConfigureServices = nu
 
         public HttpClient Client { get; }
 
-        public HttpClient CreateClient(DelegatingHandler? messageHandler = null)
+        public HttpClient CreateClient(HttpProtocols? httpProtocol = null, DelegatingHandler? messageHandler = null)
         {
             HttpClient client;
             if (messageHandler != null)
@@ -71,8 +72,18 @@ public HttpClient CreateClient(DelegatingHandler? messageHandler = null)
                 client = new HttpClient();
             }
 
-            client.DefaultRequestVersion = new Version(2, 0);
-            client.BaseAddress = new Uri(_server.Url!);
+            switch (httpProtocol ?? HttpProtocols.Http2)
+            {
+                case HttpProtocols.Http1:
+                    client.BaseAddress = new Uri(_server.GetUrl(HttpProtocols.Http1));
+                    break;
+                case HttpProtocols.Http2:
+                    client.DefaultRequestVersion = new Version(2, 0);
+                    client.BaseAddress = new Uri(_server.GetUrl(HttpProtocols.Http2));
+                    break;
+                default:
+                    throw new ArgumentException("Unexpected value.", nameof(httpProtocol));
+            }
 
             return client;
         }

test/FunctionalTests/Infrastructure/InProcessTestServer.cs

@@ -19,11 +19,9 @@
 using System;
 using System.Collections.Generic;
 using System.IO;
-using System.Linq;
 using System.Text;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Hosting;
-using Microsoft.AspNetCore.Hosting.Server.Features;
 using Microsoft.AspNetCore.Server.Kestrel.Core;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Hosting;
@@ -35,7 +33,7 @@ public abstract class InProcessTestServer : IDisposable
     {
         internal abstract event Action<LogRecord> ServerLogged;
 
-        public abstract string? Url { get; }
+        public abstract string GetUrl(HttpProtocols httpProtocol);
 
         public abstract IWebHost? Host { get; }
 
@@ -53,15 +51,23 @@ public class InProcessTestServer<TStartup> : InProcessTestServer
         private readonly Action<IServiceCollection>? _initialConfigureServices;
         private IWebHost? _host;
         private IHostApplicationLifetime? _lifetime;
-        private string? _url;
+        private Dictionary<HttpProtocols, string>? _urls;
 
         internal override event Action<LogRecord> ServerLogged
         {
             add => _logSinkProvider.RecordLogged += value;
             remove => _logSinkProvider.RecordLogged -= value;
         }
 
-        public override string? Url => _url;
+        public override string GetUrl(HttpProtocols httpProtocol)
+        {
+            if (_urls == null)
+            {
+                throw new InvalidOperationException();
+            }
+
+            return _urls[httpProtocol];
+        }
 
         public override IWebHost? Host => _host;
 
@@ -78,7 +84,7 @@ public InProcessTestServer(Action<IServiceCollection>? initialConfigureServices)
         public override void StartServer()
         {
             // We're using 127.0.0.1 instead of localhost to ensure that we use IPV4 across different OSes
-            var url = "http://127.0.0.1:50050";
+            var url = "http://127.0.0.1";
 
             _host = new WebHostBuilder()
                 .ConfigureLogging(builder => builder
@@ -95,6 +101,10 @@ public override void StartServer()
                     {
                         listenOptions.Protocols = HttpProtocols.Http2;
                     });
+                    options.ListenLocalhost(50040, listenOptions =>
+                    {
+                        listenOptions.Protocols = HttpProtocols.Http1;
+                    });
                 })
                 .UseUrls(url)
                 .UseContentRoot(Directory.GetCurrentDirectory())
@@ -119,7 +129,11 @@ public override void StartServer()
             _logger.LogInformation("Test Server started");
 
             // Get the URL from the server
-            _url = _host.ServerFeatures.Get<IServerAddressesFeature>().Addresses.Single();
+            _urls = new Dictionary<HttpProtocols, string>
+            {
+                [HttpProtocols.Http2] = url + ":50050",
+                [HttpProtocols.Http1] = url + ":50040"
+            };
 
             _lifetime.ApplicationStopped.Register(() =>
             {

test/FunctionalTests/Server/UnaryMethodTests.cs

@@ -397,6 +397,37 @@ public async Task InvalidContentType_Return415Response(string contentType, strin
             response.AssertTrailerStatus(StatusCode.Internal, responseMessage);
         }
 
+        [Test]
+        public async Task InvalidProtocol_Return426Response()
+        {
+            // Arrange
+            var requestMessage = new HelloRequest
+            {
+                Name = "World"
+            };
+
+            var ms = new MemoryStream();
+            MessageHelpers.WriteMessage(ms, requestMessage);
+            var streamContent = new StreamContent(ms);
+            streamContent.Headers.ContentType = new MediaTypeHeaderValue("application/grpc");
+
+            var client = Fixture.CreateClient(Microsoft.AspNetCore.Server.Kestrel.Core.HttpProtocols.Http1);
+
+            // Act
+            var response = await client.PostAsync(
+                "Greet.Greeter/SayHello",
+                streamContent).DefaultTimeout();
+
+            // Assert
+            Assert.AreEqual(HttpStatusCode.UpgradeRequired, response.StatusCode);
+
+            var upgradeValue = response.Headers.Upgrade.Single();
+            Assert.AreEqual("HTTP", upgradeValue.Name);
+            Assert.AreEqual("2", upgradeValue.Version);
+
+            response.AssertTrailerStatus(StatusCode.Internal, "Request protocol 'HTTP/1.1' is not supported.");
+        }
+
         [TestCase("application/grpc")]
         [TestCase("APPLICATION/GRPC")]
         [TestCase("application/grpc+proto")]

test/Grpc.AspNetCore.Server.Tests/CallHandlerTests.cs

@@ -136,7 +136,8 @@ private static ServerCallHandlerBase<TestService, TestMessage, TestMessage> Crea
         private static HttpContext CreateContext(bool isMaxRequestBodySizeFeatureReadOnly = false)
         {
             var httpContext = new DefaultHttpContext();
-            httpContext.Request.ContentType = "application/grpc";
+            httpContext.Request.Protocol = GrpcProtocolConstants.Http2Protocol;
+            httpContext.Request.ContentType = GrpcProtocolConstants.GrpcContentType;
             httpContext.Features.Set<IHttpMinRequestBodyDataRateFeature>(new TestMinRequestBodyDataRateFeature());
             httpContext.Features.Set<IHttpMaxRequestBodySizeFeature>(new TestMaxRequestBodySizeFeature(isMaxRequestBodySizeFeatureReadOnly, 100));