-
Notifications
You must be signed in to change notification settings - Fork 31
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix returning S3 credentials from /api/transcode #1574
Conversation
The latest updates on your projects. Learn more about Vercel for Git ↗︎
|
Codecov Report
@@ Coverage Diff @@
## master #1574 +/- ##
=============================================
Coverage 53.70410% 53.70410%
=============================================
Files 70 70
Lines 4657 4657
Branches 884 884
=============================================
Hits 2501 2501
Misses 1838 1838
Partials 318 318
Continue to review full report at Codecov.
|
@@ -44,7 +48,7 @@ app.post( | |||
null, | |||
req.user.id | |||
); | |||
res.json(task); | |||
res.json(taskWithoutCredentials(task)); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The pattern that we have established on the API is to just delete the "write-only" fields from responses. This should be done by:
- Tagging the field
writeOnly
in the schema: https://github.com/livepeer/livepeer-com/blob/3171e199ee4887ed5c80943a48162ba2bc70b19b/packages/api/src/schema/schema.yaml#L948 - Call
db.<table>.cleanWriteOnlyResponse
on the object: https://github.com/livepeer/livepeer-com/blob/3171e199ee4887ed5c80943a48162ba2bc70b19b/packages/api/src/controllers/task.ts#L105
Notice that we use the mung
middleware above so we don't have to repeat the clean-up logic on every API handler. Feel free to just inline a call to db.tas.cleanWriteOnlyResponse
here though.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As this is not a behavioral regression tho, the same helper used before was just moved to being used here as well, I think it's fine as is if you prefer the current way. Would be good to have the consistency across APIs tho.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think the writeOnly
pattern is not applicable here, since we actually do want to return the url
field (just without credentials). We could introduce a new label in the schema (like redact
or containsPassword
), but I believe it's too much overhead right now, so I'm merging it as it is.
Saying that, we can think about some more global redact mechanism for studio. It's actually related to the credentials issue I described here (and would love to get your feedback on it as well): https://www.notion.so/livepeer/S3-Credentials-in-logs-0f038d4ea5a54d24b65634fa6dd10267
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think overall it's not that important from an interface perspective to return the URL field, as the user has just made a request with that as the input, so they have all the data necessary for the URL, and they are not going to use the internal Object Store URL for anything anyway (we even abstracted it on their input). In fact, we do not want users depending on this URLs publicly or we'll lose the ability to iterate on them freely as an internal abstraction.
This is also almost the exact same case as the other places where we do write-only filtering, where it could even be useful to return a part of the data to the user (e.g. return the multistream URLs only removing the secret stream key), but we opt for a simple but consistent approach of removing those fields from the response instead. So a write-only field does seem appropriate to me here as a similar use case to the others we already have. I do agree that a "redact/containsPassword" special element would be overkill though, especially as there's no universal way of determining where the secrets would be in the URLs, so makes sense to keep this ad-hoc implementations instead.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Seems like a less important filtering since we were only returning the credentials as a response to the same request that created the task with the same credentials (right?).
Either way LGTM.
@@ -44,7 +48,7 @@ app.post( | |||
null, | |||
req.user.id | |||
); | |||
res.json(task); | |||
res.json(taskWithoutCredentials(task)); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As this is not a behavioral regression tho, the same helper used before was just moved to being used here as well, I think it's fine as is if you prefer the current way. Would be good to have the consistency across APIs tho.
* Add /api/transcode API (#1548) * Fix returning S3 credentials from /api/transcode (#1574) * api: Upgrade tus-node-server from 0.6.0 to 0.9.0 (#1576) * api: Upgrade tus-node-server from 0.6.0 to 0.9.0 * api: Fix build for new tus lib * chore(release): publish v0.12.0 * graphql to groq (#1573) * feat: switch graphql to groq * chore: * bug: sanity client refactor * bug: client import fix * www: Fix asset details not showing on asset page (#1581) Only missed a details=1 on the requests. * bug: portable text disappered fix (#1589) * Fix all the Next.js warning and errors in the console (#1594) * Fixed the Stripe initialisation * Fixed the payment popup which was throwing an error * Fixed the logo svg width error * Fixed the error with the mobile menu where auth buttons where rendered differently on server and client * Fixed the inclusion of two scripts in the Head that were throwing a warnings * Refactored the Document component to a function component for future work * Fixed the not-unique key in admin table * Fixed the non unique key in admin usage table * Optimised the strip initialisation with useMemo * Enabling SWC and fixing Admin tables (#1595) * Fixed the Stripe initialisation * Fixed the payment popup which was throwing an error * Fixed the logo svg width error * Fixed the error with the mobile menu where auth buttons where rendered differently on server and client * Fixed the inclusion of two scripts in the Head that were throwing a warnings * Refactored the Document component to a function component for future work * Fixed the not-unique key in admin table * Fixed the non unique key in admin usage table * Enabled SWC for the project Fixed the Admin table error * Optimised the strip initialisation with useMemo * Link resolver (#1556) * Test bump * Hotfix: Cleaning up campaign page * feat: custom link resolver * chore: target link * Ran a build, bump * bump: yarn lock * bump: removed token from sanity client Co-authored-by: Jonathan Alford <jono@roboto.studio> * packages/api: Add version information to prometheus metrics (#1597) * Pricing page (#1596) * Test bump * Hotfix: Cleaning up campaign page * Added components * Started to wire components up * feat: image on social proof * Cleaned up 2 sections * Pricing cards nearly there * Cleaned up pricing card grid sizing and close to finish * Fixed spacing * Also cleared all console log errors Co-authored-by: hrithikroboto <hrithik@roboto.studio> Co-authored-by: Rafał Leszko <rafal@livepeer.org> Co-authored-by: Victor Elias <victorgelias@gmail.com> Co-authored-by: hrithikroboto <114240510+hrithikroboto@users.noreply.github.com> Co-authored-by: clacla <claudio@livepeer.org> Co-authored-by: hjpotter92 <hjpotter92@users.noreply.github.com> Co-authored-by: hrithikroboto <hrithik@roboto.studio>
Redact S3 credentials while calling
/api/transcode
.