Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove prod check to enable integration tests with dev server #424

Closed
wants to merge 1 commit into from
Closed

Remove prod check to enable integration tests with dev server #424

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
44 changes: 27 additions & 17 deletions packages/inngest/src/components/InngestCommHandler.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1101,31 +1101,41 @@ export class InngestCommHandler<
}

protected validateSignature(sig: string | undefined, body: unknown) {
// Never validate signatures in development.
if (!this.isProd) {
const isSigned = !!sig;
const hasSigningKey = !!this.signingKey;

// If the request is signed, and we have a signing key, verify the signature
if (isSigned && this.signingKey) {
new RequestSignature(sig).verifySignature({
body,
allowExpiredSignatures: this.allowExpiredSignatures,
signingKey: this.signingKey,
});
return;
}

// If we're here, we're in production; lack of a signing key is an error.
if (!this.signingKey) {
// TODO PrettyError
// If the request is not signed, and we don't have a signing key ignore this
if (!isSigned && !hasSigningKey) {
return;
}

// If the request is signed, but we don't have a signing key, we deem it insecure
if (isSigned && !hasSigningKey) {
throw new Error(
`No signing key found in client options or ${envKeys.InngestSigningKey} env var. Find your keys at https://app.inngest.com/secrets`
`Failed to verify request signature. Please provide a signing key via options or ${envKeys.InngestSigningKey} env var.`
);
}

// If we're here, we're in production; lack of a req signature is an error.
if (!sig) {
// TODO PrettyError
throw new Error(`No ${headerKeys.Signature} provided`);
// If we have a signing key and the request is not signed, we deem it insecure
if (!isSigned && hasSigningKey) {
if (this.isProd) {
throw new Error(`Unsigned request received.`);
} else {
throw new Error(
`Unsigned request received. In development, a signing key is not required.`
);
}
}

// Validate the signature
new RequestSignature(sig).verifySignature({
body,
allowExpiredSignatures: this.allowExpiredSignatures,
signingKey: this.signingKey,
});
}

protected signResponse(): string {
Expand Down
Loading