Allow setting Hasura actions bind address / host #490
Assignees
Comments
makew0rld
changed the title
This was referenced Aug 9, 2022
|
I honestly have a hard time understanding what's the problem here. Hasura actions are started listening to the url |
|
Yes, a firewall can be used. But it's pretty standard to have a host option as well, and makes it easy to protect the service. Just my 2 cents. |
|
@makeworld-the-better-one Ok, I see your point. I will move this to Juno since it might be even more useful there. Do you think you can open a PR for this? |
|
I'm no longer working on this project, and I'm also not familiar with the Juno codebase. So unfortunately I can't provide a PR at this time. |
16 tasks
mergify bot
pushed a commit
that referenced
this issue
Oct 31, 2022
## Description Fixes #490 --- ### Author Checklist *All items are required. Please add a note to the item if the item is not applicable and please add links to any relevant follow up issues.* I have... - [x] included the correct [type prefix](https://github.com/commitizen/conventional-commit-types/blob/v3.0.0/index.json) in the PR title - [ ] added `!` to the type prefix if API or client breaking change - [x] targeted the correct branch - [x] provided a link to the relevant issue or specification - [x] added a changelog entry to `CHANGELOG.md` - [ ] included comments for [documenting Go code](https://blog.golang.org/godoc) - [ ] updated the relevant documentation or specification - [x] reviewed "Files changed" and left comments if necessary - [x] confirmed all CI checks have passed ### Reviewers Checklist *All items are required. Please add a note if the item is not applicable and please add your handle next to the items reviewed if you only reviewed selected items.* I have... - [ ] confirmed the correct [type prefix](https://github.com/commitizen/conventional-commit-types/blob/v3.0.0/index.json) in the PR title - [ ] confirmed `!` in the type prefix if API or client breaking change - [ ] confirmed all author checklist items have been addressed - [ ] reviewed API design and naming - [ ] reviewed documentation is accurate - [ ] reviewed tests and test coverage - [ ] manually tested (if applicable)
ankurdotb
pushed a commit
to cheqd/bdjuno
that referenced
this issue
Nov 1, 2022
Fixes forbole#490 --- *All items are required. Please add a note to the item if the item is not applicable and please add links to any relevant follow up issues.* I have... - [x] included the correct [type prefix](https://github.com/commitizen/conventional-commit-types/blob/v3.0.0/index.json) in the PR title - [ ] added `!` to the type prefix if API or client breaking change - [x] targeted the correct branch - [x] provided a link to the relevant issue or specification - [x] added a changelog entry to `CHANGELOG.md` - [ ] included comments for [documenting Go code](https://blog.golang.org/godoc) - [ ] updated the relevant documentation or specification - [x] reviewed "Files changed" and left comments if necessary - [x] confirmed all CI checks have passed *All items are required. Please add a note if the item is not applicable and please add your handle next to the items reviewed if you only reviewed selected items.* I have... - [ ] confirmed the correct [type prefix](https://github.com/commitizen/conventional-commit-types/blob/v3.0.0/index.json) in the PR title - [ ] confirmed `!` in the type prefix if API or client breaking change - [ ] confirmed all author checklist items have been addressed - [ ] reviewed API design and naming - [ ] reviewed documentation is accurate - [ ] reviewed tests and test coverage - [ ] manually tested (if applicable)
ankurdotb
added a commit
to cheqd/bdjuno
that referenced
this issue
Nov 1, 2022
* build(deps): bump github.com/spf13/cobra from 1.6.0 to 1.6.1 (forbole#488) Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.6.0 to 1.6.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/spf13/cobra/releases">github.com/spf13/cobra's releases</a>.</em></p> <blockquote> <h2>v1.6.1</h2> <h3>Bug fixes 🐛</h3> <ul> <li>Fixes a panic when <code>AddGroup</code> isn't called before <code>AddCommand(my-sub-command)</code> is executed. This can happen within more complex cobra file structures that have many different <code>init</code>s to be executed. Now, the check for groups has been moved to <code>ExecuteC</code> and provides more flexibility when working with grouped commands - <a href="https://github.com/marckhouzam"><code>@marckhouzam</code></a> (and shout out to <a href="https://github.com/aawsome"><code>@aawsome</code></a>, <a href="https://github.com/andig"><code>@andig</code></a> and <a href="https://github.com/KINGSABRI"><code>@KINGSABRI</code></a> for a deep investigation into this! 👏🏼)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/spf13/cobra/commit/b43be995ebb4bee335a787bd44498b91aef7619c"><code>b43be99</code></a> Check for group presence after full initialization (<a href="https://github-redirect.dependabot.com/spf13/cobra/issues/1839">#1839</a>) (<a href="https://github-redirect.dependabot.com/spf13/cobra/issues/1841">#1841</a>)</li> <li>See full diff in <a href="https://github.com/spf13/cobra/compare/v1.6.0...v1.6.1">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> * fix: improve Hasura permissions (forbole#473) Closes: #XXXX --- *All items are required. Please add a note to the item if the item is not applicable and please add links to any relevant follow up issues.* I have... - [ ] included the correct [type prefix](https://github.com/commitizen/conventional-commit-types/blob/v3.0.0/index.json) in the PR title - [ ] added `!` to the type prefix if API or client breaking change - [ ] targeted the correct branch - [ ] provided a link to the relevant issue or specification - [ ] added a changelog entry to `CHANGELOG.md` - [ ] included comments for [documenting Go code](https://blog.golang.org/godoc) - [ ] updated the relevant documentation or specification - [ ] reviewed "Files changed" and left comments if necessary - [ ] confirmed all CI checks have passed *All items are required. Please add a note if the item is not applicable and please add your handle next to the items reviewed if you only reviewed selected items.* I have... - [ ] confirmed the correct [type prefix](https://github.com/commitizen/conventional-commit-types/blob/v3.0.0/index.json) in the PR title - [ ] confirmed `!` in the type prefix if API or client breaking change - [ ] confirmed all author checklist items have been addressed - [ ] reviewed API design and naming - [ ] reviewed documentation is accurate - [ ] reviewed tests and test coverage - [ ] manually tested (if applicable) * feat: remove block height foreign key from propoval vote and deposit, add timestamp column (forbole#489) block height foreign key on `proposal_vote` and `proposal_deposit` tables is getting `parse genesis-file` errors because the block table could be empty at the time of parsing genesis. It results in the error like `pq: insert or update on table "proposal_deposit" violates foreign key constraint "proposal_deposit_height_fkey"` Add `timestamp` column so frontend can access this data. --- *All items are required. Please add a note to the item if the item is not applicable and please add links to any relevant follow up issues.* I have... - [x] included the correct [type prefix](https://github.com/commitizen/conventional-commit-types/blob/v3.0.0/index.json) in the PR title - [ ] added `!` to the type prefix if API or client breaking change - [x] targeted the correct branch - [ ] provided a link to the relevant issue or specification - [x] added a changelog entry to `CHANGELOG.md` - [ ] included comments for [documenting Go code](https://blog.golang.org/godoc) - [ ] updated the relevant documentation or specification - [x] reviewed "Files changed" and left comments if necessary - [x] confirmed all CI checks have passed *All items are required. Please add a note if the item is not applicable and please add your handle next to the items reviewed if you only reviewed selected items.* I have... - [ ] confirmed the correct [type prefix](https://github.com/commitizen/conventional-commit-types/blob/v3.0.0/index.json) in the PR title - [ ] confirmed `!` in the type prefix if API or client breaking change - [ ] confirmed all author checklist items have been addressed - [ ] reviewed API design and naming - [ ] reviewed documentation is accurate - [ ] reviewed tests and test coverage - [ ] manually tested (if applicable) * feat: add host address to hasura actions (forbole#491) Fixes forbole#490 --- *All items are required. Please add a note to the item if the item is not applicable and please add links to any relevant follow up issues.* I have... - [x] included the correct [type prefix](https://github.com/commitizen/conventional-commit-types/blob/v3.0.0/index.json) in the PR title - [ ] added `!` to the type prefix if API or client breaking change - [x] targeted the correct branch - [x] provided a link to the relevant issue or specification - [x] added a changelog entry to `CHANGELOG.md` - [ ] included comments for [documenting Go code](https://blog.golang.org/godoc) - [ ] updated the relevant documentation or specification - [x] reviewed "Files changed" and left comments if necessary - [x] confirmed all CI checks have passed *All items are required. Please add a note if the item is not applicable and please add your handle next to the items reviewed if you only reviewed selected items.* I have... - [ ] confirmed the correct [type prefix](https://github.com/commitizen/conventional-commit-types/blob/v3.0.0/index.json) in the PR title - [ ] confirmed `!` in the type prefix if API or client breaking change - [ ] confirmed all author checklist items have been addressed - [ ] reviewed API design and naming - [ ] reviewed documentation is accurate - [ ] reviewed tests and test coverage - [ ] manually tested (if applicable) * Fix merge conflicts * fix: Linting * Switch struct order in gov database types * Switch Config struct * Update gov.go * Update .golangci.yaml * Sync linter with upstream Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Magic Cat <37407870+MonikaCat@users.noreply.github.com> Co-authored-by: Aaron <76254323+huichiaotsou@users.noreply.github.com> Co-authored-by: jay-dee7 <jasdeepsingh.uppal@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Problem description
Right now the only configuration option for hasura actions with bdjuno is the port:
This means that on my server the Hasura actions port is publicly exposed. I'm not sure if this is a security issue or not (is it?), but in any case ports should be closed unless needed.
Implementation proposal
A bind address or host option could be added, so that the hasura actions service was only available on localhost, for example:
or
The text was updated successfully, but these errors were encountered: