From cade4b44677ab5b36bb163c38bbb4601898503cb Mon Sep 17 00:00:00 2001 From: Jordan Last Date: Fri, 19 Apr 2024 06:50:21 -0500 Subject: [PATCH] add authentication to autoreload, get rid of warning, add replica log for reloading --- src/compiler/index.ts | 3 --- src/compiler/log_auto_reload_warning.ts | 14 -------------- .../rust/canister_methods/src/hash_file.rs | 4 ++-- .../rust/canister_methods/src/reload_js.rs | 6 ++---- .../canister_methods/src/upload_file_chunk/mod.rs | 6 +++--- .../src/upload_file_chunk/versions.rs | 2 +- 6 files changed, 8 insertions(+), 27 deletions(-) delete mode 100644 src/compiler/log_auto_reload_warning.ts diff --git a/src/compiler/index.ts b/src/compiler/index.ts index 23e9317409..7b89e7b2ea 100644 --- a/src/compiler/index.ts +++ b/src/compiler/index.ts @@ -6,7 +6,6 @@ import { getCandidAndCanisterMethods } from './get_candid_and_canister_methods'; import { getCanisterJavaScript } from './get_canister_javascript'; import { getNamesAfterCli, getNamesBeforeCli } from './get_names'; import { handleCli } from './handle_cli'; -import { logAutoreloadWarning } from './log_auto_reload_warning'; import { prepareDockerImage } from './prepare_docker_image'; import { prepareRustStagingArea } from './prepare_rust_staging_area'; import { logSuccess, time, unwrap } from './utils'; @@ -128,8 +127,6 @@ async function azle() { ); logSuccess(canisterName, canisterId, replicaWebServerPort); - - logAutoreloadWarning(); } function createAzleDirectories() { diff --git a/src/compiler/log_auto_reload_warning.ts b/src/compiler/log_auto_reload_warning.ts deleted file mode 100644 index 8dac9bac8d..0000000000 --- a/src/compiler/log_auto_reload_warning.ts +++ /dev/null @@ -1,14 +0,0 @@ -import { red } from './utils/colors'; - -export function logAutoreloadWarning() { - if ( - process.env.AZLE_AUTORELOAD === 'true' && - process.env.DFX_NETWORK !== 'local' - ) { - console.info( - red( - `DANGER: AZLE_AUTORELOAD is set to true; arbitrary untrusted JavaScript can be executed with the reload_js update method\n` - ) - ); - } -} diff --git a/src/compiler/rust/canister_methods/src/hash_file.rs b/src/compiler/rust/canister_methods/src/hash_file.rs index e441abe640..8ea612371a 100644 --- a/src/compiler/rust/canister_methods/src/hash_file.rs +++ b/src/compiler/rust/canister_methods/src/hash_file.rs @@ -7,7 +7,7 @@ pub fn get_hash_file() -> proc_macro2::TokenStream { hash_file_by_parts(&path, 0) } - #[ic_cdk_macros::query(guard = is_authenticated)] + #[ic_cdk_macros::query(guard = guard_against_non_controllers)] pub fn get_file_hash(path: String) -> Option { Some( load_hashes() @@ -19,7 +19,7 @@ pub fn get_hash_file() -> proc_macro2::TokenStream { ) } - #[ic_cdk_macros::query(guard = is_authenticated)] + #[ic_cdk_macros::query(guard = guard_against_non_controllers)] pub fn get_hash_status(path: String) -> Option<(u64, u64)> { Some((get_bytes_hashed(&path), get_file_size(&path)?)) } diff --git a/src/compiler/rust/canister_methods/src/reload_js.rs b/src/compiler/rust/canister_methods/src/reload_js.rs index b64c3b2d95..adbe6f6c6f 100644 --- a/src/compiler/rust/canister_methods/src/reload_js.rs +++ b/src/compiler/rust/canister_methods/src/reload_js.rs @@ -1,15 +1,12 @@ use quote::quote; -// TODO there is no authentication on this method -// TODO it is up to the developer to not deploy with this function -// TODO in the binary if they are worried about it pub fn get_reload_js(env_vars: &Vec<(String, String)>) -> proc_macro2::TokenStream { let azle_autoreload_env_var = env_vars.iter().find(|(key, _)| key == "AZLE_AUTORELOAD"); if let Some((_, value)) = azle_autoreload_env_var { if value == "true" { return quote! { - #[ic_cdk_macros::update] + #[ic_cdk_macros::update(guard = guard_against_non_controllers)] fn reload_js(timestamp: u64, chunk_number: u64, js_bytes: Vec, total_len: u64) { RELOADED_JS_TIMESTAMP.with(|reloaded_js_timestamp| { let mut reloaded_js_timestamp_mut = reloaded_js_timestamp.borrow_mut(); @@ -33,6 +30,7 @@ pub fn get_reload_js(env_vars: &Vec<(String, String)>) -> proc_macro2::TokenStre if reloaded_js_complete_bytes.len() as u64 == total_len { let js_string = String::from_utf8_lossy(&reloaded_js_complete_bytes); initialize_js(&js_string, false); + ic_cdk::println!("Azle: Reloaded canister JavaScript"); } }); } diff --git a/src/compiler/rust/canister_methods/src/upload_file_chunk/mod.rs b/src/compiler/rust/canister_methods/src/upload_file_chunk/mod.rs index 10b373ea3a..9e80a98b1c 100644 --- a/src/compiler/rust/canister_methods/src/upload_file_chunk/mod.rs +++ b/src/compiler/rust/canister_methods/src/upload_file_chunk/mod.rs @@ -15,7 +15,7 @@ pub fn get_upload_file_chunk() -> proc_macro2::TokenStream { #check_if_latest_version_src #hash_file_src - #[ic_cdk_macros::update(guard = is_authenticated)] + #[ic_cdk_macros::update(guard = guard_against_non_controllers)] pub fn upload_file_chunk( dest_path: String, timestamp: u64, @@ -46,11 +46,11 @@ pub fn get_upload_file_chunk() -> proc_macro2::TokenStream { } } - pub fn is_authenticated() -> Result<(), String> { + pub fn guard_against_non_controllers() -> Result<(), String> { if ic_cdk::api::is_controller(&ic_cdk::api::caller()) { return Ok(()); } - return Err("Not Authorized: must be a controller to call this method".to_string()); + return Err("Not Authorized: only controllers of this canister may call this method".to_string()); } pub fn start_hash(dest_path: String) { diff --git a/src/compiler/rust/canister_methods/src/upload_file_chunk/versions.rs b/src/compiler/rust/canister_methods/src/upload_file_chunk/versions.rs index 7c002c8cfc..3d03f7be4d 100644 --- a/src/compiler/rust/canister_methods/src/upload_file_chunk/versions.rs +++ b/src/compiler/rust/canister_methods/src/upload_file_chunk/versions.rs @@ -27,7 +27,7 @@ pub fn get_check_if_latest_version_src() -> proc_macro2::TokenStream { }) } - #[ic_cdk_macros::update(guard = is_authenticated)] + #[ic_cdk_macros::update(guard = guard_against_non_controllers)] pub fn clear_file_and_info(path: String) { reset_for_new_upload(&path, 0).unwrap() }