Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The big refactor/fix branch #20

Merged
merged 4 commits into from
Sep 4, 2024
Merged

The big refactor/fix branch #20

merged 4 commits into from
Sep 4, 2024

Conversation

miceg
Copy link
Contributor

@miceg miceg commented Sep 4, 2024
edited
Loading

Discussed in #8; this has a bunch of refactoring and fixes that are difficult to untangle.

AppState changes:

  • Construct an "OK" response with x-vercel-verify header on start-up, and store it in the AppState, so it can be cloned as needed.

    This avoids needing an unwrap() in the ingest handler, that could be triggered with a configuration error but only after the first request.

  • Accept vercel_secret as a &[u8], and move all the HMAC handling in there.

Ingest handler:

  • Respond to ingest requests without a signature with HTTP 200 OK and x-vercel-verify header, to match Vercel not sending this header, even when you set a custom secret during setup.

    Added a test case for this and a request with a valid signature but empty payload (in case they fix this).

  • Verify the request payload's HMAC before trying to decode it as UTF-8.

  • Return Unauthorized error whenever x-vercel-signature header is present, and is not in the expected format or doesn't pass HMAC checks, and don't send a x-vercel-verify header in those responses.

  • Avoid copying the payload by using str::from_utf8() on a &[u8], rather than ::to_vec() and passing it into a String.

  • Use IntoResponse::into_response() to construct responses with empty bodies and no special header.

  • Return Unprocessable Entity error whenever it doesn't parse correctly, rather than returning OK.

  • Removed many unwrap() calls which could crash the binary with a crafted request.

  • Added test cases for the expected response codes, and also for some requests that could crash because of unwrap().

Other handlers:

  • Make root() return a StatusCode directly, like health_check().

  • Fix needless-returns.

Tests:

  • Use ? operator rather than unwrap() where possible.

  • Use arrays for constants rather than vec!.

  • Use &str and b"" for constants where possible.

miceg added 2 commits September 4, 2024 16:31
@miceg
Big refactor / cleanups:
1effb29 
AppState changes:

* Construct an "OK" response with `x-vercel-verify` header on start-up, and
  store it in the `AppState`, so it can be cloned as needed.

  This avoids needing an `unwrap()` in the ingest handler, that could be
  triggered with a configuration error but only after the first request.

Ingest handler fixes:

* Respond to ingest requests without a signature with HTTP 200 OK and
  `x-vercel-verify` header, to match Vercel not sending this header, even
  when you set a custom secret during setup.

  Added a test case for this and a request with a valid signature but empty
  payload.

* Verify the request payload before trying to decode it as UTF-8.

* Return Unauthorized error whenever `x-vercel-signature` header is present,
  and is not in the expected format or doesn't pass HMAC checks, and don't
  send a `x-vercel-verify` header in those responses.

* Avoid copying the payload by using `str::from_utf8()` on a `&[u8]`, rather
  than `::to_vec()` and passing it into a `String`.

* Use `IntoResponse::into_response()` to construct responses with empty
  bodies and no special header.

* Return Unprocessable Entity error whenever it doesn't parse correctly,
  rather than returning OK.

* Removed many `unwrap()` calls which could crash the binary with a crafted
  request.

* Added test cases for the expected response codes, and also for some
  requests that could crash because of `unwrap()`.

Other handlers:

* Make `root()` return a `StatusCode` directly, like `health_check()`.

* Fix needless-returns.

Tests:

* Use `?` operator rather than `unwrap()` where possible.

* Use arrays for constants rather than `vec!`.

* Use `&str` and `b""` for constants where possible.
@miceg
Fix clippy lint
d084c35
dacbd
dacbd requested changes Sep 4, 2024
View reviewed changes
src/main.rs Outdated Show resolved Hide resolved
src/handlers.rs Outdated Show resolved Hide resolved
src/handlers.rs Outdated Show resolved Hide resolved
miceg added 2 commits September 4, 2024 17:10
@miceg
Addressing review feedback:
c8f461c 
* Remove comment about signature handling, because that's in the README.

* Add explicit `return` where a function also has a `return` elsewhere.

* Move `hmac::Key` construction into `AppState::new`, which now accepts a
  key as `&[u8]`.

* Add `AppState::sign_request_for_test_only` for signing requests, which is
  only for test cases.

This means that all the HMAC code is in one place.
@miceg
fmt
ac6c1ac
@miceg miceg requested a review from dacbd September 4, 2024 07:17
dacbd
dacbd approved these changes Sep 4, 2024
View reviewed changes
Copy link
Owner

@dacbd dacbd left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is great, Thanks a bunch! If you have some spare time I'd love it if you reached out, I'd like to ask you a few rust questions sometime. (dabarnes2b@gmail.com)

@dacbd dacbd merged commit 7ae41d7 into dacbd:main Sep 4, 2024
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dacbd dacbd dacbd approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@miceg @dacbd