From 0e13a40cb01fcf08fe832b074d0f93ff65110745 Mon Sep 17 00:00:00 2001 From: Bryan Stitt Date: Sun, 27 Nov 2022 19:49:32 +0000 Subject: [PATCH] error for unauthenticated user queries --- TODO.md | 2 +- web3_proxy/src/user_queries.rs | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/TODO.md b/TODO.md index ffc582ec..585d621f 100644 --- a/TODO.md +++ b/TODO.md @@ -253,7 +253,6 @@ These are roughly in order of completition - one option: we need the insert to be an upsert, but how do we merge historgrams? - [ ] add block timestamp to the /status page - [ ] be sure to save the timestamp in a way that our request routing logic can make use of it -- [ ] change invite codes to set the user_tier - [ ] if a websocket connection hasn't received a new block in a while, do a reconnect or just query the block. its possible that the node was syncing when the proxy started - [ ] actually block unauthenticated requests instead of emitting warning of "allowing without auth during development!" @@ -551,3 +550,4 @@ in another repo: event subscriber - [ ] if --address not given, use the --description - [ ] if it is too long, (the last 4 bytes must be zero), give an error so descriptions like this stand out - [ ] we need to use docker-compose's proper environment variable handling. because now if someone tries to start dev containers in their prod, remove orphans stops and removes them +- [ ] change invite codes to set the user_tier diff --git a/web3_proxy/src/user_queries.rs b/web3_proxy/src/user_queries.rs index 8680183a..a59a8dd2 100644 --- a/web3_proxy/src/user_queries.rs +++ b/web3_proxy/src/user_queries.rs @@ -52,14 +52,14 @@ pub async fn get_user_id_from_params( } (None, Some(x)) => { // they do not have a bearer token, but requested a specific id. block - // TODO: proper error code + // TODO: proper error code from a useful error code // TODO: maybe instead of this sharp edged warn, we have a config value? // TODO: check config for if we should deny or allow this - // Err(anyhow::anyhow!("permission denied")) + Err(anyhow::anyhow!("permission denied")) - // TODO: make this a flag - warn!("allowing without auth during development!"); - Ok(x.parse()?) + // // TODO: make this a flag + // warn!("allowing without auth during development!"); + // Ok(x.parse()?) } } }