Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: fastify auth layer implementation #3465

Draft
wants to merge 1 commit into
base: master
Choose a base branch
from
Draft

chore: fastify auth layer implementation #3465

wants to merge 1 commit into from

Conversation

juanpicado
Copy link
Member

@juanpicado juanpicado commented Oct 31, 2022
edited
Loading

One more step for #2623

  • Implement auth token verification
  • User authentication
  • Access control

@juanpicado juanpicado added this to the v6 release milestone Oct 31, 2022
@juanpicado juanpicado mentioned this pull request Oct 31, 2022
Open
16 tasks
github-advanced-security[bot]
github-advanced-security bot found potential problems Oct 31, 2022
View reviewed changes
packages/core/tarball/src/utils.ts
@@ -0,0 +1,5 @@
export function getVersionFromTarball(name: string): string | void {
const groups = name.match(/.+-(\d.+)\.tgz/);

Check failure

Code scanning / CodeQL

Polynomial regular expression used on uncontrolled data

This [regular expression](1) that depends on [library input](2) may run slow on strings with many repetitions of 'a'. This [regular expression](3) that depends on [library input](2) may run slow on strings starting with 'a-0' and with many repetitions of 'a-0'.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

^.+-(\d.+)\.tgz should avoid this issue

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

:( seems didn't work

@mbtools
Copy link
Collaborator

mbtools commented Nov 6, 2022

good progress. looking forward to taking it out for a test drive

@juanpicado
Copy link
Member Author

juanpicado commented Nov 7, 2022
edited
Loading

Thanks :) baby steps for removing express.

github-advanced-security[bot]
github-advanced-security bot found potential problems Nov 9, 2022
View reviewed changes
packages/core/tarball/src/utils.ts Fixed
@@ -0,0 +1,5 @@
export function getVersionFromTarball(name: string): string | void {
const groups = name.match(/^.+-(\d.+)\.tgz/);

Check failure

Code scanning / CodeQL

Polynomial regular expression used on uncontrolled data

This [regular expression](1) that depends on [library input](2) may run slow on strings starting with 'a-0' and with many repetitions of 'a-0'.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Here's a safe regex (according to recheck) that is also more precise 😃
/-(\d+\.\d+\.\d+)\.tgz$/

@juanpicado
chore: fastify auth layer implementation
513407a 
chore: fastify auth layer implementation
@juanpicado juanpicado modified the milestones: v6 release, Next major Aug 20, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mbtools mbtools mbtools left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
fastify migration
Projects
None yet
Milestone
Next
Development

Successfully merging this pull request may close these issues.
2 participants
@juanpicado @mbtools