Thanks to visit codestin.com
Credit goes to github.com

Skip to content

eyre: do not store localhost as eauth-url #6929

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
pkova merged 3 commits into from
Mar 21, 2024
Merged

eyre: do not store localhost as eauth-url #6929

pkova merged 3 commits into from
Mar 21, 2024

Conversation

@pkova
Copy link
Collaborator

@pkova pkova commented Mar 5, 2024

Tlon hosting has a login health check that regularly logs into the ship using the +code. This login happens from a sidecar and therefore thrashes the eauth-url with localhost constantly. This causes ships on Tlon hosting to have unreliable eauth currently.

Disallowing localhost as the eauth-url seems like the simplest solution to me.

@pkova pkova requested a review from Fang- March 5, 2024 16:33
@pkova pkova force-pushed the pkova/eauth-localhost branch from 9049278 to 26bc23a Compare March 5, 2024 17:36
@pkova pkova force-pushed the pkova/eauth-localhost branch from 26bc23a to 630d5d0 Compare March 5, 2024 18:54
@tinnus-napbus
Copy link
Contributor

tinnus-napbus commented Mar 9, 2024
edited
Loading

imo this logic should only be applied if auth.endpoint.auth.state is non-null cos you still wanna be able to test eauth locally.

Also it should probably short-circuit on a True equality check between (cat 3 ?:(secure 'https://' 'http://') u.host) and u.auth.endpoint.auth.state cos parsers are slow & this will be run on every request despite 99.9% of them having the same host

Fang-
Fang- reviewed Mar 21, 2024
View reviewed changes
Copy link
Collaborator

@Fang- Fang- left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also it should probably short-circuit on a True equality check between (cat 3 ?:(secure 'https://' 'http://') u.host) and u.auth.endpoint.auth.state cos parsers are slow & this will be run on every request despite 99.9% of them having the same host

Except the code here only runs for every login attempt, not every request in general. It's fine.

I do agree that we should be more "eager" in cases where we don't yet have a known public url yet at all. Even in cases where this is undesired, at least it'll be clearly wrong ("i got redirected to localhost!") instead of subtly wrong ("it didn't redirect me at all!").

(This eagerness is probably redundant in practice, considering we already eagerly accept the endpoint from any authenticated request in that scenario, but sharing that intent/behavior here is more consistent.)

Matching suggestion below.

@pkova pkova force-pushed the pkova/eauth-localhost branch from 3a65abb to 0950389 Compare March 21, 2024 12:35
@pkova pkova force-pushed the pkova/eauth-localhost branch from 0950389 to bf60b47 Compare March 21, 2024 12:36
Fang-
Fang- approved these changes Mar 21, 2024
View reviewed changes
Copy link
Collaborator

@Fang- Fang- left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should be good!

@pkova pkova merged commit 2c27b7a into develop Mar 21, 2024
@pkova pkova deleted the pkova/eauth-localhost branch March 21, 2024 15:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Fang- Fang- Fang- approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@pkova @tinnus-napbus @Fang-