Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

api/cannon: Re-fix local IP check with better error handling #2124

Merged
merged 13 commits into from May 7, 2024
Merged

api/cannon: Re-fix local IP check with better error handling #2124

merged 13 commits into from May 7, 2024

Conversation

victorges
Copy link
Member

@victorges victorges commented Apr 4, 2024
edited

What does this pull request do? Explain your changes. (required)
This brings back the fix from #2118, reverted by #2123, adding proper error checking
when a given domain has no IPs configured (likely for v4 or v6 only).

This also makes the resolution errors non-fatal, so we default to trust the domains
in case we have a problem with the local IP check. This is less secure but avoids
surprises in case this breaks again. We should also add an alert when there are failures
in resolving the domain (from that log inside the catch).

Specific updates (required)

  • Re-apply the original commit
  • Handle DNS errors when resolving v4/v6 (moved to helper func here)
  • Make local IP check error non fatal

How did you test each of these updates (required)

  • yarn test
  • ✅ call IPv4-only webhooks and make sure they work
  • ✅ call IPv6-only (if it exists) and make sure they work
  • ✅ call webhook with an IP in the host (private or public) and check it works/doesnt as expected
  • ✅ try localhost or private IP webhooks and make sure they don't work

Does this pull request close any open issues?

Informal on discord.

Checklist

  • I have read the CONTRIBUTING document.
  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.
  • I have added tests to cover my changes.

@victorges victorges requested a review from a team as a code owner April 4, 2024 13:49
@vercel Vercel
Copy link

vercel bot commented Apr 4, 2024
edited

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
livepeer-studio ✅ Ready (Inspect) Visit Preview 💬 Add feedback May 7, 2024 11:26am

@victorges
api/store: Fix updateStatus query
feb1bb0 
Can't parametrize table name
@victorges victorges enabled auto-merge (squash) April 23, 2024 19:29
@victorges victorges disabled auto-merge April 23, 2024 19:34
@emranemran
Copy link
Contributor

LGTM but see discord thread on internal discussion.

leszko
leszko approved these changes Apr 24, 2024
View reviewed changes
packages/api/src/store/webhook-table.ts
} SET data = jsonb_set(data, '{status}', case when data->'status' is null then '{}' else data->'status' end || '${JSON.stringify(
status
)}') WHERE id = '${id}'`
sql``
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this change related to the local IP change? Or is it just refactor? Both are fine, I'm just trying to connect the dots.

Copy link
Member Author

@victorges victorges Apr 24, 2024
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is not related, it is a fix to use proper SQL parameters in the query instead of raw string interpolation. As I was testing this there were some errors that contained ' and the query failed, so we need to use proper sql strings here. I can move this to a separate PR if you think it's necessary.

packages/api/src/webhooks/cannon.ts Outdated Show resolved Hide resolved
@victorges victorges merged commit c1e63fd into master May 7, 2024
8 checks passed
@victorges victorges deleted the vg/fix/is-local-ip-check branch May 7, 2024 11:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@leszko leszko leszko approved these changes

@emranemran emranemran Awaiting requested review from emranemran

@gioelecerati gioelecerati Awaiting requested review from gioelecerati

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@victorges @emranemran @leszko