Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: fastify auth layer implementation #3465

Draft
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

juanpicado
Copy link
Member

@juanpicado juanpicado commented Oct 31, 2022

One more step for #2623

  • Implement auth token verification
  • User authentication
  • Access control

@@ -0,0 +1,5 @@
export function getVersionFromTarball(name: string): string | void {
const groups = name.match(/.+-(\d.+)\.tgz/);

Check failure

Code scanning / CodeQL

Polynomial regular expression used on uncontrolled data

This [regular expression](1) that depends on [library input](2) may run slow on strings with many repetitions of 'a'. This [regular expression](3) that depends on [library input](2) may run slow on strings starting with 'a-0' and with many repetitions of 'a-0'.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

^.+-(\d.+)\.tgz should avoid this issue

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

:( seems didn't work

@mbtools
Copy link
Collaborator

mbtools commented Nov 6, 2022

good progress. looking forward to taking it out for a test drive

@juanpicado
Copy link
Member Author

juanpicado commented Nov 7, 2022

Thanks :) baby steps for removing express.

@juanpicado juanpicado force-pushed the jota/fastify-migration branch from aa2ce35 to f184e0b Compare November 9, 2022 22:37
@@ -0,0 +1,5 @@
export function getVersionFromTarball(name: string): string | void {
const groups = name.match(/^.+-(\d.+)\.tgz/);

Check failure

Code scanning / CodeQL

Polynomial regular expression used on uncontrolled data

This [regular expression](1) that depends on [library input](2) may run slow on strings starting with 'a-0' and with many repetitions of 'a-0'.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Here's a safe regex (according to recheck) that is also more precise 😃
/-(\d+\.\d+\.\d+)\.tgz$/

@juanpicado juanpicado force-pushed the jota/fastify-migration branch from f184e0b to 46df423 Compare December 10, 2022 13:10
@juanpicado juanpicado force-pushed the jota/fastify-migration branch from 46df423 to 838d676 Compare December 26, 2022 09:38
@juanpicado juanpicado force-pushed the jota/fastify-migration branch from 838d676 to 9bc3232 Compare February 4, 2023 10:35
chore: fastify auth layer implementation
@juanpicado juanpicado force-pushed the jota/fastify-migration branch from 9bc3232 to 513407a Compare March 4, 2023 11:22
@juanpicado juanpicado modified the milestones: v6 release, Next major Aug 20, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants