From 8c9ad4f453db6fd56e91a587f3b898c67a08b4c7 Mon Sep 17 00:00:00 2001
From: Bryan Stitt <bryan@stitthappens.com>
Date: Fri, 23 Dec 2022 19:03:30 -0800
Subject: [PATCH] trim whitespace on authorization checks

---
 TODO.md                                  | 1 +
 web3_proxy/src/frontend/authorization.rs | 8 ++++----
 web3_proxy/src/frontend/users.rs         | 8 ++++----
 3 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/TODO.md b/TODO.md
index 883282f3..4b6824c6 100644
--- a/TODO.md
+++ b/TODO.md
@@ -290,6 +290,7 @@ These are not yet ordered. There might be duplicates. We might not actually need
 - [x] BUG! if sending transactions gets "INTERNAL_ERROR: existing tx with same hash", create a success message
   - we just want to be sure that the server has our tx and in this case, it does.
   - ERROR http_request:request:try_send_all_upstream_servers: web3_proxy::rpcs::request: bad response! err=JsonRpcClientError(JsonRpcError(JsonRpcError { code: -32000, message: "INTERNAL_ERROR: existing tx with same hash", data: None })) method=eth_sendRawTransaction rpc=local_erigon_alpha_archive id=01GF4HV03Y4ZNKQV8DW5NDQ5CG method=POST authorized_request=User(Some(SqlxMySqlPoolConnection), AuthorizedKey { ip: 10.11.12.15, origin: None, user_key_id: 4, log_revert_chance: 0.0000 }) self=Web3Connections { conns: {"local_erigon_alpha_archive_ws": Web3Connection { name: "local_erigon_alpha_archive_ws", blocks: "all", .. }, "local_geth_ws": Web3Connection { name: "local_geth_ws", blocks: 64, .. }, "local_erigon_alpha_archive": Web3Connection { name: "local_erigon_alpha_archive", blocks: "all", .. }}, .. } authorized_request=Some(User(Some(SqlxMySqlPoolConnection), AuthorizedKey { ip: 10.11.12.15, origin: None, user_key_id: 4, log_revert_chance: 0.0000 })) request=JsonRpcRequest { id: RawValue(39), method: "eth_sendRawTransaction", .. } request_metadata=Some(RequestMetadata { datetime: 2022-10-11T22:14:57.406829095Z, period_seconds: 60, request_bytes: 633, backend_requests: 0, no_servers: 0, error_response: false, response_bytes: 0, response_millis: 0 }) block_needed=None
+- [-] fix multiple origin and referer checks
 - [-] let users choose a % to log (or maybe x/second). someone like curve logging all reverts will be a BIG database very quickly
   - this must be opt-in or spawned since it will slow things down and will make their calls less private
   - [ ] automatic pruning of old revert logs once too many are collected
diff --git a/web3_proxy/src/frontend/authorization.rs b/web3_proxy/src/frontend/authorization.rs
index c102c5e9..22f1c9dc 100644
--- a/web3_proxy/src/frontend/authorization.rs
+++ b/web3_proxy/src/frontend/authorization.rs
@@ -609,7 +609,7 @@ impl Web3ProxyApp {
                             if let Some(allowed_ips) = rpc_key_model.allowed_ips {
                                 let x = allowed_ips
                                     .split(',')
-                                    .map(|x| x.parse::<IpNet>())
+                                    .map(|x| x.trim().parse::<IpNet>())
                                     .collect::<Result<Vec<_>, _>>()?;
                                 Some(x)
                             } else {
@@ -621,7 +621,7 @@ impl Web3ProxyApp {
                                 // TODO: do this without collecting twice?
                                 let x = allowed_origins
                                     .split(',')
-                                    .map(HeaderValue::from_str)
+                                    .map(|x| HeaderValue::from_str(x.trim()))
                                     .collect::<Result<Vec<_>, _>>()?
                                     .into_iter()
                                     .map(|x| Origin::decode(&mut [x].iter()))
@@ -636,7 +636,7 @@ impl Web3ProxyApp {
                             if let Some(allowed_referers) = rpc_key_model.allowed_referers {
                                 let x = allowed_referers
                                     .split(',')
-                                    .map(|x| x.parse::<Referer>())
+                                    .map(|x| x.trim().parse::<Referer>())
                                     .collect::<Result<Vec<_>, _>>()?;
 
                                 Some(x)
@@ -648,7 +648,7 @@ impl Web3ProxyApp {
                             if let Some(allowed_user_agents) = rpc_key_model.allowed_user_agents {
                                 let x: Result<Vec<_>, _> = allowed_user_agents
                                     .split(',')
-                                    .map(|x| x.parse::<UserAgent>())
+                                    .map(|x| x.trim().parse::<UserAgent>())
                                     .collect();
 
                                 Some(x?)
diff --git a/web3_proxy/src/frontend/users.rs b/web3_proxy/src/frontend/users.rs
index aa2c4865..44d066ba 100644
--- a/web3_proxy/src/frontend/users.rs
+++ b/web3_proxy/src/frontend/users.rs
@@ -645,7 +645,7 @@ pub async fn rpc_keys_management(
             // split allowed ips on ',' and try to parse them all. error on invalid input
             let allowed_ips = allowed_ips
                 .split(',')
-                .map(|x| x.parse::<IpNet>())
+                .map(|x| x.trim().parse::<IpNet>())
                 .collect::<Result<Vec<_>, _>>()?
                 // parse worked. convert back to Strings
                 .into_iter()
@@ -667,7 +667,7 @@ pub async fn rpc_keys_management(
             // split allowed_origins on ',' and try to parse them all. error on invalid input
             let allowed_origins = allowed_origins
                 .split(',')
-                .map(HeaderValue::from_str)
+                .map(|x| HeaderValue::from_str(x.trim()))
                 .collect::<Result<Vec<_>, _>>()?
                 .into_iter()
                 .map(|x| Origin::decode(&mut [x].iter()))
@@ -691,7 +691,7 @@ pub async fn rpc_keys_management(
             // split allowed ips on ',' and try to parse them all. error on invalid input
             let allowed_referers = allowed_referers
                 .split(',')
-                .map(HeaderValue::from_str)
+                .map(|x| HeaderValue::from_str(x.trim()))
                 .collect::<Result<Vec<_>, _>>()?
                 .into_iter()
                 .map(|x| Referer::decode(&mut [x].iter()))
@@ -727,7 +727,7 @@ pub async fn rpc_keys_management(
             // split allowed_user_agents on ',' and try to parse them all. error on invalid input
             let allowed_user_agents = allowed_user_agents
                 .split(',')
-                .filter_map(|x| x.parse::<UserAgent>().ok())
+                .filter_map(|x| x.trim().parse::<UserAgent>().ok())
                 // parse worked. convert back to String
                 .map(|x| x.to_string());