From 91eea5ab05ab2a31809af2cabf0d56d9baba23a7 Mon Sep 17 00:00:00 2001 From: Michael Matloka Date: Wed, 20 Sep 2023 11:41:32 +0200 Subject: [PATCH] chore(plugin-server): Allow full rollout of hostname guard (#17500) * chore(plugin-server): Allow full rollout of hostname guard * Add comment --- plugin-server/src/types.ts | 3 ++- plugin-server/src/utils/db/hub.ts | 7 ++++--- plugin-server/src/worker/ingestion/hooks.ts | 16 +++++++++++----- plugin-server/src/worker/vm/imports.ts | 5 ++++- 4 files changed, 21 insertions(+), 10 deletions(-) diff --git a/plugin-server/src/types.ts b/plugin-server/src/types.ts index 7434efb363515..3c16957e997f8 100644 --- a/plugin-server/src/types.ts +++ b/plugin-server/src/types.ts @@ -268,7 +268,8 @@ export interface Hub extends PluginsServerConfig { lastActivityType: string statelessVms: StatelessVmMap conversionBufferEnabledTeams: Set - fetchHostnameGuardTeams: Set + /** null means that the hostname guard is enabled for everyone */ + fetchHostnameGuardTeams: Set | null // functions enqueuePluginJob: (job: EnqueuedPluginJob) => Promise // ValueMatchers used for various opt-in/out features diff --git a/plugin-server/src/utils/db/hub.ts b/plugin-server/src/utils/db/hub.ts index a3ee16667d2f3..aeb5c26c95cfa 100644 --- a/plugin-server/src/utils/db/hub.ts +++ b/plugin-server/src/utils/db/hub.ts @@ -70,9 +70,10 @@ export async function createHub( const conversionBufferEnabledTeams = new Set( serverConfig.CONVERSION_BUFFER_ENABLED_TEAMS.split(',').filter(String).map(Number) ) - const fetchHostnameGuardTeams = new Set( - serverConfig.FETCH_HOSTNAME_GUARD_TEAMS.split(',').filter(String).map(Number) - ) + const fetchHostnameGuardTeams = + serverConfig.FETCH_HOSTNAME_GUARD_TEAMS === '*' + ? null + : new Set(serverConfig.FETCH_HOSTNAME_GUARD_TEAMS.split(',').filter(String).map(Number)) const statsd: StatsD | undefined = createStatsdClient(serverConfig, threadId) diff --git a/plugin-server/src/worker/ingestion/hooks.ts b/plugin-server/src/worker/ingestion/hooks.ts index 2cc8279c88d52..c2bab8f9e3a42 100644 --- a/plugin-server/src/worker/ingestion/hooks.ts +++ b/plugin-server/src/worker/ingestion/hooks.ts @@ -257,7 +257,8 @@ export class HookCommander { organizationManager: OrganizationManager statsd: StatsD | undefined siteUrl: string - fetchHostnameGuardTeams: Set + /** null means that the hostname guard is enabled for everyone */ + fetchHostnameGuardTeams: Set | null /** Hook request timeout in ms. */ EXTERNAL_REQUEST_TIMEOUT = 10 * 1000 @@ -266,13 +267,13 @@ export class HookCommander { postgres: PostgresRouter, teamManager: TeamManager, organizationManager: OrganizationManager, - fetchHostnameGuardTeams?: Set, + fetchHostnameGuardTeams: Set | null = new Set(), statsd?: StatsD ) { this.postgres = postgres this.teamManager = teamManager this.organizationManager = organizationManager - this.fetchHostnameGuardTeams = fetchHostnameGuardTeams || new Set() + this.fetchHostnameGuardTeams = fetchHostnameGuardTeams if (process.env.SITE_URL) { this.siteUrl = process.env.SITE_URL } else { @@ -362,7 +363,10 @@ export class HookCommander { `⌛⌛⌛ Posting Webhook slow. Timeout warning after 5 sec! url=${webhookUrl} team_id=${team.id} event_id=${event.eventUuid}` ) }, 5000) - const relevantFetch = isCloud() && this.fetchHostnameGuardTeams.has(team.id) ? safeTrackedFetch : trackedFetch + const relevantFetch = + isCloud() && (!this.fetchHostnameGuardTeams || this.fetchHostnameGuardTeams.has(team.id)) + ? safeTrackedFetch + : trackedFetch try { await instrumentWebhookStep('fetch', async () => { const request = await relevantFetch(webhookUrl, { @@ -405,7 +409,9 @@ export class HookCommander { ) }, 5000) const relevantFetch = - isCloud() && this.fetchHostnameGuardTeams.has(hook.team_id) ? safeTrackedFetch : trackedFetch + isCloud() && (!this.fetchHostnameGuardTeams || this.fetchHostnameGuardTeams.has(hook.team_id)) + ? safeTrackedFetch + : trackedFetch try { const request = await relevantFetch(hook.target, { method: 'POST', diff --git a/plugin-server/src/worker/vm/imports.ts b/plugin-server/src/worker/vm/imports.ts index d7b02d87c1c41..0b7e5e0df6a72 100644 --- a/plugin-server/src/worker/vm/imports.ts +++ b/plugin-server/src/worker/vm/imports.ts @@ -35,7 +35,10 @@ export function determineImports(hub: Hub, teamId: number) { 'aws-sdk': AWS, ethers: ethers, 'generic-pool': genericPool, - 'node-fetch': isCloud() && hub.fetchHostnameGuardTeams.has(teamId) ? safeTrackedFetch : trackedFetch, + 'node-fetch': + isCloud() && (!hub.fetchHostnameGuardTeams || hub.fetchHostnameGuardTeams.has(teamId)) + ? safeTrackedFetch + : trackedFetch, 'snowflake-sdk': snowflake, crypto: crypto, jsonwebtoken: jsonwebtoken,