Skip to content

Commit

Permalink
fix(cmd-api-server): add runtime type validation to HTTP verbs pulled…
Browse files Browse the repository at this point in the history
… from OAS

This addresses the shortcomings of the linter fix provided in hyperledger-cacti#2751, which
uses unchecked casts to the linter warnings go away.
With the fix of hyperledger-cacti#2751, at runtime, the possibility of a crash is still there
exactly as before, but it has silenced the linter about calling that
possibility out.

We now use a type guard to check the type of the object before casting it
and therefore ensure that at runtime the cast will not produce a crash.

[skip ci]

Depends on hyperledger-cacti#2751
Depends on hyperledger-cacti#2754

Signed-off-by: Peter Somogyvari <[email protected]>
  • Loading branch information
petermetz committed Oct 18, 2023
1 parent 43980b0 commit b0ff599
Showing 1 changed file with 16 additions and 8 deletions.
24 changes: 16 additions & 8 deletions packages/cactus-cmd-api-server/src/main/typescript/api-server.ts
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,7 @@ import { installOpenapiValidationMiddleware } from "@hyperledger/cactus-core";

import {
Bools,
isExpressHttpVerbMethodName,
Logger,
LoggerProvider,
newRex,
Expand Down Expand Up @@ -563,6 +564,7 @@ export class ApiServer {
* @param app
*/
async getOrCreateWebServices(app: express.Express): Promise<void> {
const fnTag = `${this.className}#getOrCreateWebServices()}`;
const { log } = this;
const { logLevel } = this.options.config;
const pluginRegistry = await this.getOrInitPluginRegistry();
Expand Down Expand Up @@ -595,10 +597,11 @@ export class ApiServer {
const { "/api/v1/api-server/healthcheck": oasPath } = OAS.paths;
const { http } = oasPath.get["x-hyperledger-cactus"];
const { path: httpPath, verbLowerCase: httpVerb } = http;
(app as express.Express)[httpVerb as keyof express.Express](
httpPath,
healthcheckHandler,
);
if (!isExpressHttpVerbMethodName(httpVerb)) {
const eMsg = `${fnTag} Invalid HTTP verb "${httpVerb}" in cmd-api-server OpenAPI specification for HTTP path: "${httpPath}"`;
throw new RuntimeError(eMsg);
}
app[httpVerb](httpPath, healthcheckHandler);

this.wsApi.on("connection", (socket: SocketIoSocket) => {
const { id } = socket;
Expand Down Expand Up @@ -629,14 +632,19 @@ export class ApiServer {
const {
"/api/v1/api-server/get-prometheus-exporter-metrics": oasPathPrometheus,
} = OAS.paths;

const { http: httpPrometheus } =
oasPathPrometheus.get["x-hyperledger-cactus"];

const { path: httpPathPrometheus, verbLowerCase: httpVerbPrometheus } =
httpPrometheus;
(app as express.Express)[httpVerbPrometheus as keyof express.Express](
httpPathPrometheus,
prometheusExporterHandler,
);

if (!isExpressHttpVerbMethodName(httpVerbPrometheus)) {
const eMsg = `${fnTag} Invalid HTTP verb "${httpVerbPrometheus}" in cmd-api-server OpenAPI specification for HTTP path: "${httpPathPrometheus}"`;
throw new RuntimeError(eMsg);
}

app[httpVerbPrometheus](httpPathPrometheus, prometheusExporterHandler);
}

async startGrpcServer(): Promise<AddressInfo> {
Expand Down

0 comments on commit b0ff599

Please sign in to comment.