~sircmpwn/sr.ht-dev

This thread contains a patchset. You're looking at the original emails, but you may wish to use the patch review UI. Review patch
2 2

[PATCH core-go] webhooks: skip webhooks with expired credentials

Details
Message ID
<20231204201921.114339-1-ch@bitfehler.net>
DKIM signature
missing
Download raw message
Patch: +3 -1
The documentation states [1]:

> When the original authentication method becomes invalid (such as the
> expiration of or revocation of an OAuth 2.0 bearer token), the
> webhook is disabled.

However, this is currently not the case. Expired webhooks are indeed
filtered out in virtually all GraphQL queries (by means of core-go's
FilterWebhooks [2]), so users cannot see or delete them. They are _not_
filtered out upon scheduling, however. This commit fixes that.

The symptoms of this are that active webhooks may simply not be run - if
a user has both an expired and a valid, active webhook for some event,
the scheduling will retrieve both, fail on the expired one, and stop
processing, without any feedback to the user who scheduled the hooks.

This is a problem across all services, so core-go seems like the best
place to fix this.

[1]: https://man.sr.ht/graphql.md#webhook-authentication
[2]: https://git.sr.ht/~sircmpwn/core-go/tree/master/item/webhooks/config.go#L74,81
---
There is more to this that needs to be fixed to make the design
coherent, and I will start a discussion thread with all the details, but
this should at least un-break webhooks for those who have expired ones
lurking in the database.

 webhooks/queue.go | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/webhooks/queue.go b/webhooks/queue.go
index ac8107f..5cfcc67 100644
--- a/webhooks/queue.go
+++ b/webhooks/queue.go
@@ -152,7 +152,9 @@ func (queue *WebhookQueue) fetchSubscriptions(ctx context.Context,
				&sub.NodeID); err != nil {
				panic(err)
			}
			subs = append(subs, &sub)
			if sub.Expires.After(time.Now()) {
				subs = append(subs, &sub)
			}
		}

		return nil
-- 
2.43.0

[core-go/patches/alpine.yml] build failed

builds.sr.ht <builds@sr.ht>
Details
Message ID
<CXFTTJPTI9AJ.20QCKH4ALOKCZ@cirno2>
In-Reply-To
<20231204201921.114339-1-ch@bitfehler.net> (view parent)
DKIM signature
missing
Download raw message
core-go/patches/alpine.yml: FAILED in 35s

[webhooks: skip webhooks with expired credentials][0] from [Conrad Hoffmann][1]

[0]: https://lists.sr.ht/~sircmpwn/sr.ht-dev/patches/47374
[1]: ch@bitfehler.net

✗ #1107620 FAILED core-go/patches/alpine.yml https://builds.sr.ht/~sircmpwn/job/1107620
Details
Message ID
<CXI63L843A9L.35YNGLN6HJOEK@bitfehler.net>
In-Reply-To
<20231204201921.114339-1-ch@bitfehler.net> (view parent)
DKIM signature
missing
Download raw message
Merged

to git@git.sr.ht:~sircmpwn/core-go
  d2ad494..53966da  master -> master
Reply to thread Export thread (mbox)