Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use SafeRoundtripper to fetch templates #4

Merged
merged 7 commits into from
Apr 8, 2020
Merged

Use SafeRoundtripper to fetch templates #4

merged 7 commits into from
Apr 8, 2020

Conversation

vbrown608
Copy link
Contributor

Updates template fetch to make use of netlify/netlify-commons#82

@vbrown608 vbrown608 changed the title Use SafeRoundtripper to fetch templates templates Use SafeRoundtripper to fetch templates Feb 4, 2020
mraerino
mraerino reviewed Feb 5, 2020
View reviewed changes
Copy link
Member

@mraerino mraerino left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the best way to solve the log situation is to accept a logger in the constructor of the mailer and just pass it on

mailme.go Outdated
@@ -111,20 +112,20 @@ func (t *TemplateCache) Set(key, value string, expirationTime time.Duration) (*t
}

func (t *TemplateCache) fetchTemplate(url string, triesLeft int) (string, error) {
client := http.Client{
client := &http.Client{
Transport: &http.Transport{
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

no need to set the transport. it's going to be replaced in the safehttp call anyways

Copy link
Contributor Author

@vbrown608 vbrown608 Apr 8, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The original transport gets wrapped by the new one. It's stored as noLocalTransport.inner.

However, Go's DefaultTransport is identical to the one defined here, except that the default has ForceAttemptHTTP2: true. Any idea if that's deliberate?

If it's not, we can just use the DefaultTransport. If it is, I think we should still start with the default and just update that one setting to make it explicit.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

agree on using DefaultTransport 👍

mailme.go Outdated Show resolved Hide resolved
@vbrown608 vbrown608 requested a review from a team April 8, 2020 00:27
mraerino
mraerino reviewed Apr 8, 2020
View reviewed changes
Copy link
Member

@mraerino mraerino left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

makes me wonder if we could just scrub the whole custom client creation and just pass the default http client into SafeHTTPClient?

@vbrown608
Copy link
Contributor Author

Yep if we're going with the DefaultTransport I think we can definitely do that :)

@vbrown608
Copy link
Contributor Author

vbrown608 commented Apr 8, 2020
edited
Loading

Actually, we may want to specify a timeout on the default http client, like

http.Client{
  Timeout: time.Second * defaultTimeout,
}

Otherwise a malicious template URL could make us try to read the body forever.

@mraerino
Copy link
Member

mraerino commented Apr 8, 2020

Otherwise a malicious template URL could make us try to read the body forever, similar to the issue we had with accidentally-malicious humio in the analytics service.

this is actual a very limited attack vector because people could only provoke that for their own site and we don't care if people deliberately break it. i think we can ignore for now.

a timeout might even be weird for customers because they might have apis that take a long time to provide the template and since mailing is never in the hot path it would not influence latency of a service.

mraerino
mraerino approved these changes Apr 8, 2020
View reviewed changes
Copy link
Member

@mraerino mraerino left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Awesome 🚀

@vbrown608 vbrown608 merged commit 4764a7f into master Apr 8, 2020
@vbrown608 vbrown608 deleted the safe-roundtripper branch April 8, 2020 01:26
rybit
rybit reviewed Apr 8, 2020
View reviewed changes
mailme.go
},
}

client := nfhttp.SafeHTTPClient(http.DefaultClient, t.logger)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The problem with the default client is that it doesn't have any concepts of timeouts. I don't think it is a huge issue but something to be aware of.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See above comments ☝️

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rybit rybit rybit left review comments

@mraerino mraerino mraerino approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@vbrown608 @mraerino @rybit