From 559932bea756ca6dcbf9c80629177789d2b4a044 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Florentin=20/=20=E7=8F=9E=E8=BE=B0?= Date: Thu, 23 Mar 2023 17:35:37 +0100 Subject: [PATCH] chore: prevent leaking source code in examples (#90) * `4.0.0.beta.3` * fix examples to not leak source code --- Cargo.lock | 70 ++++++++++++++++++++++++++++++--- Cargo.toml | 11 +----- examples/cron/Cargo.toml | 4 +- examples/cron/api/cron.rs | 15 ++++++- examples/cron/public/.gitkeep | 0 examples/cron/vercel.json | 3 +- examples/nextjs/Cargo.toml | 3 +- examples/nextjs/package.json | 3 ++ examples/simple/Cargo.toml | 3 +- examples/simple/public/.gitkeep | 0 examples/simple/vercel.json | 1 + 11 files changed, 91 insertions(+), 22 deletions(-) create mode 100644 examples/cron/public/.gitkeep create mode 100644 examples/simple/public/.gitkeep diff --git a/Cargo.lock b/Cargo.lock index 8111b07..e93fc32 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2,6 +2,15 @@ # It is not intended for manual editing. version = 3 +[[package]] +name = "aho-corasick" +version = "0.7.20" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cc936419f96fa211c1b9166887b38e5e40b19958e5b895be7c1f93adec7071ac" +dependencies = [ + "memchr", +] + [[package]] name = "android_system_properties" version = "0.1.5" @@ -202,7 +211,8 @@ dependencies = [ "tokio", "tracing", "tracing-subscriber", - "vercel_runtime 0.2.1 (registry+https://github.com/rust-lang/crates.io-index)", + "url", + "vercel_runtime 0.3.4", ] [[package]] @@ -449,6 +459,12 @@ dependencies = [ "wasi 0.11.0+wasi-snapshot-preview1", ] +[[package]] +name = "glob" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d2fabcfbdc87f4758337ca535fb41a6d701b65693ce38287d856d1674551ec9b" + [[package]] name = "h2" version = "0.3.16" @@ -763,7 +779,7 @@ dependencies = [ "tokio", "tracing", "tracing-subscriber", - "vercel_runtime 0.2.1 (registry+https://github.com/rust-lang/crates.io-index)", + "vercel_runtime 0.3.4", ] [[package]] @@ -916,6 +932,23 @@ dependencies = [ "getrandom", ] +[[package]] +name = "regex" +version = "1.7.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cce168fea28d3e05f158bda4576cf0c844d5045bc2cc3620fa0292ed5bb5814c" +dependencies = [ + "aho-corasick", + "memchr", + "regex-syntax", +] + +[[package]] +name = "regex-syntax" +version = "0.6.29" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f162c6dd7b008981e4d40210aca20b4bd0f9b60ca9271061b07f78537722f2e1" + [[package]] name = "ring" version = "0.16.20" @@ -1179,7 +1212,7 @@ dependencies = [ "tracing", "tracing-subscriber", "url", - "vercel_runtime 0.2.1 (registry+https://github.com/rust-lang/crates.io-index)", + "vercel_runtime 0.3.4", ] [[package]] @@ -1602,9 +1635,9 @@ dependencies = [ [[package]] name = "vercel_runtime" -version = "0.2.1" +version = "0.3.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d8a4b8e56e8d1c57cf39948f5c94e47541561c06a67f823d28bca959aa51851a" +checksum = "253a4515eff6ab36c5e21c6ac1a575daaecd8b9ccc1db1555df13902491c40c5" dependencies = [ "async-trait", "base64 0.21.0", @@ -1619,6 +1652,33 @@ dependencies = [ "tower-service", "tracing", "tracing-subscriber", + "vercel_runtime_macro", + "vercel_runtime_router", +] + +[[package]] +name = "vercel_runtime_macro" +version = "0.3.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9da25a605882bd945e8b4d58e90c4d24fcc0484c7821d82a9cda75c8de6fcf6f" +dependencies = [ + "glob", + "quote", + "syn", + "vercel_runtime_router", +] + +[[package]] +name = "vercel_runtime_router" +version = "0.3.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "03e6954a9cff6b574807a036d53f0afc6de16e8a9797db321992847788082bbe" +dependencies = [ + "glob", + "lazy_static", + "quote", + "regex", + "syn", ] [[package]] diff --git a/Cargo.toml b/Cargo.toml index ffd2624..f88db3d 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -2,16 +2,9 @@ members = [ "vercel_runtime", - "examples/cron", - "examples/nextjs", - "examples/simple", + "examples/*", ] exclude = [ - "test/fixtures/01-include-files", - "test/fixtures/02-with-utility", - "test/fixtures/03-with-function", - "test/fixtures/04-with-parameter", - "test/fixtures/05-with-similar-entrypaths", - "test/fixtures/06-with-toolchain-override" + "test/*", ] diff --git a/examples/cron/Cargo.toml b/examples/cron/Cargo.toml index 8e7f39e..da83dd1 100644 --- a/examples/cron/Cargo.toml +++ b/examples/cron/Cargo.toml @@ -13,8 +13,8 @@ serde_json = { version = "1.0.86", features = ["raw_value"] } serde_derive = "1.0.9" rand = "0.8.5" slack-morphism = { version = "1.2.2", features = ["hyper"] } -vercel_runtime = "0.2.1" -# vercel_runtime = { version = "0.2.1", path = "../../vercel_runtime" } +url = "2.3.1" +vercel_runtime = "0.3.4" [[bin]] name = "cron" diff --git a/examples/cron/api/cron.rs b/examples/cron/api/cron.rs index 55234cf..b32a02e 100644 --- a/examples/cron/api/cron.rs +++ b/examples/cron/api/cron.rs @@ -1,4 +1,6 @@ use slack_morphism::{errors::SlackClientError, prelude::*}; +use std::collections::HashMap; +use url::Url; use vercel_runtime::{run, Body, Error, Request, Response, StatusCode}; #[derive(Debug, Clone)] @@ -28,7 +30,18 @@ impl Lambda<'_, T> { self.slack.chat_post_message(&post_chat_req).await } - pub async fn handler(&self, _req: Request) -> Result, Error> { + pub async fn handler(&self, req: Request) -> Result, Error> { + let parsed_url = Url::parse(&req.uri().to_string()).unwrap(); + let hash_query: HashMap = parsed_url.query_pairs().into_owned().collect(); + let secret = hash_query.get("secret").map(|x| &**x); + + // https://vercel.com/docs/cron-jobs#how-to-secure-cron-jobs + if secret != Some("geheim") { + return Ok(Response::builder() + .status(StatusCode::NOT_FOUND) + .body(().into())?); + } + let message = SlackMessage {}; self.post_message(&message, "#general").await?; diff --git a/examples/cron/public/.gitkeep b/examples/cron/public/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/examples/cron/vercel.json b/examples/cron/vercel.json index f395050..7dd9bc0 100644 --- a/examples/cron/vercel.json +++ b/examples/cron/vercel.json @@ -1,4 +1,5 @@ { + "outputDirectory": "public", "functions": { "api/**/*.rs": { "runtime": "vercel-rust@4.0.0-beta.3" @@ -6,7 +7,7 @@ }, "crons": [ { - "path": "/api/cron", + "path": "/api/cron?secret=geheim", "schedule": "30 9 * * *" } ] diff --git a/examples/nextjs/Cargo.toml b/examples/nextjs/Cargo.toml index 8c1aaa4..78448d4 100644 --- a/examples/nextjs/Cargo.toml +++ b/examples/nextjs/Cargo.toml @@ -13,8 +13,7 @@ serde_json = { version = "1.0.86", features = ["raw_value"] } serde_derive = "1.0.9" rand = "0.8.5" oorandom = "11.1.3" -vercel_runtime = "0.2.1" -# vercel_runtime = { version = "0.2.1", path = "../../vercel_runtime" } +vercel_runtime = "0.3.4" [[bin]] name = "rust" diff --git a/examples/nextjs/package.json b/examples/nextjs/package.json index b31eae4..148d7d8 100644 --- a/examples/nextjs/package.json +++ b/examples/nextjs/package.json @@ -30,5 +30,8 @@ "postcss": "^8.4.21", "tailwindcss": "^3.2.7", "tailwindcss-radix": "^2.8.0" + }, + "engines": { + "node": ">=16 <18" } } diff --git a/examples/simple/Cargo.toml b/examples/simple/Cargo.toml index ea69143..496666a 100644 --- a/examples/simple/Cargo.toml +++ b/examples/simple/Cargo.toml @@ -12,8 +12,7 @@ serde_json = { version = "1.0.86", features = ["raw_value"] } serde_derive = "1.0.9" rand = "0.8.5" url = "2.3.1" -vercel_runtime = "0.2.1" -# vercel_runtime = { version = "0.2.1", path = "../../vercel_runtime" } +vercel_runtime = "0.3.4" [lib] path = "src-rs/lib.rs" diff --git a/examples/simple/public/.gitkeep b/examples/simple/public/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/examples/simple/vercel.json b/examples/simple/vercel.json index 448952f..868fbf1 100644 --- a/examples/simple/vercel.json +++ b/examples/simple/vercel.json @@ -1,4 +1,5 @@ { + "outputDirectory": "public", "functions": { "api/**/*.rs": { "runtime": "vercel-rust@4.0.0-beta.3"