Await signature verification function in backend #3174

mkurapov · 2024-12-11T12:16:51Z

Context

We are currently not awaiting the verifyApiSignature function in the Admin API middleware:

Lines 386 to 393 in b83ac58

    
           if (this.config.adminApiSecret) { 
        
             koa.use(async (ctx, next: Koa.Next): Promise<void> => { 
        
               if (!verifyApiSignature(ctx, this.config)) { 
        
                 ctx.throw(401, 'Unauthorized') 
        
               } 
        
               return next() 
        
             }) 
        
           }

Since the function always returns a Promise instead of a bool, it effectively allows us to pass signature validation no matter the result of the function itself.

Todo

Await signature verification in backend

The text was updated successfully, but these errors were encountered:

mkurapov added the type: bug Something isn't working label Dec 11, 2024

github-project-automation bot added this to Rafiki Dec 11, 2024

github-project-automation bot moved this to Backlog in Rafiki Dec 11, 2024

mkurapov added the pkg: backend Changes in the backend package. label Dec 11, 2024

mkurapov self-assigned this Dec 11, 2024

mkurapov moved this from Backlog to In Progress in Rafiki Dec 11, 2024

mkurapov mentioned this issue Dec 11, 2024

fix(backend): await signature verification #3175

Merged

6 tasks

mkurapov closed this as completed in #3175 Dec 11, 2024

github-project-automation bot moved this from In Progress to Done in Rafiki Dec 11, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Await signature verification function in backend #3174

Await signature verification function in backend #3174

mkurapov commented Dec 11, 2024

Await signature verification function in backend #3174

Await signature verification function in backend #3174

Comments

mkurapov commented Dec 11, 2024

Context

Todo