e5e7ebfe80dbec4965226225050d4ef5c8216e88-PR-605

Committed 21 Feb 2025 02:35PM UTC coverage: 45.973% (-0.03%) from 46.003%

Build # e5e7ebfe80dbec4965226225050d4ef5c8216e88-PR-605

Build Type

Pull #605

github

Committed by

hauleth

Commit Message

fix: remaining SSL connections that need to set `verify_none` option

Pull Request Pull Request #605: fix: remaining SSL connections that need to set `verify_none` option

Run Details

2 of 9 new or added lines in 3 files covered. (22.22%)

267 existing lines in 26 files now uncovered.

959 of 2086 relevant lines covered (45.97%)

635.02 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

51.85

/lib/supavisor_web/router.ex

defmodule SupavisorWeb.Router do
  use SupavisorWeb, :router

  pipeline :browser do
    plug(:accepts, ["html"])
    plug(:fetch_session)
    plug(:fetch_live_flash)
    plug(:put_root_layout, {SupavisorWeb.LayoutView, :root})
    plug(:protect_from_forgery)
    plug(:put_secure_browser_headers)
  end

  pipeline :api do
    plug(:accepts, ["json"])
    plug(:check_auth, [:api_jwt_secret, :api_blocklist])
  end

  pipeline :metrics do
    plug(:check_auth, [:metrics_jwt_secret, :metrics_blocklist])
  end

  pipeline :openapi do
    plug(OpenApiSpex.Plug.PutApiSpec, module: SupavisorWeb.ApiSpec)
  end

  scope "/swaggerui" do
    pipe_through(:browser)
    get("/", OpenApiSpex.Plug.SwaggerUI, path: "/api/openapi")
  end

  scope "/api" do
    pipe_through(:openapi)
    get("/openapi", OpenApiSpex.Plug.RenderSpec, [])
  end

  # websocket pg proxy
  scope "/v2" do
    get("/", SupavisorWeb.WsProxy, [])
  end

  scope "/api", SupavisorWeb do
    pipe_through(:api)

    get("/tenants/:external_id", TenantController, :show)
    put("/tenants/:external_id", TenantController, :update)
    delete("/tenants/:external_id", TenantController, :delete)
    get("/tenants/:external_id/terminate", TenantController, :terminate)
    get("/health", TenantController, :health)

    get("/clusters/:alias", ClusterController, :show)
    put("/clusters/:alias", ClusterController, :update)
    delete("/clusters/:alias", ClusterController, :delete)
    # get("/clusters/:alias/terminate", ClusterController, :terminate)
  end

  scope "/metrics", SupavisorWeb do
    pipe_through(:metrics)

    get("/", MetricsController, :index)
    get("/:external_id", MetricsController, :tenant)
  end

  # Other scopes may use custom stacks.
  # scope "/api", SupavisorWeb do
  #   pipe_through :api
  # end

  # Enables LiveDashboard only for development
  #
  # If you want to use the LiveDashboard in production, you should put
  # it behind authentication and allow only admins to access it.
  # If your application does not have an admins-only section yet,
  # you can use Plug.BasicAuth to set up some basic authentication
  # as long as you are also using SSL (which you should anyway).
  if Mix.env() in [:dev, :test] do
    import Phoenix.LiveDashboard.Router

    scope "/" do
      pipe_through(:browser)

      live_dashboard("/dashboard", metrics: SupavisorWeb.Telemetry)
    end
  end

  defp check_auth(%{request_path: "/api/health"} = conn, _), do: conn

  defp check_auth(conn, [secret_key, blocklist_key]) do
    secret = Application.fetch_env!(:supavisor, secret_key)
    blocklist = Application.fetch_env!(:supavisor, blocklist_key)

    with ["Bearer " <> token] <- get_req_header(conn, "authorization"),
         token <- Regex.replace(~r/\s|\n/, URI.decode(token), ""),
         false <- token in blocklist,
         {:ok, _claims} <- Supavisor.Jwt.authorize(token, secret) do
      conn
    else
      _ ->
        conn
        |> send_resp(403, "")
        |> halt()
    end
  end
end

1	defmodule SupavisorWeb.Router do
2	use SupavisorWeb, :router
3
4	pipeline :browser do	×
5	plug(:accepts, ["html"])
6	plug(:fetch_session)
7	plug(:fetch_live_flash)
8	plug(:put_root_layout, {SupavisorWeb.LayoutView, :root})
9	plug(:protect_from_forgery)
10	plug(:put_secure_browser_headers)
11	end
12
UNCOV 13	pipeline :api do	9✔
14	plug(:accepts, ["json"])
15	plug(:check_auth, [:api_jwt_secret, :api_blocklist])
16	end
17
UNCOV 18	pipeline :metrics do	2✔
19	plug(:check_auth, [:metrics_jwt_secret, :metrics_blocklist])
20	end
21
22	pipeline :openapi do	×
23	plug(OpenApiSpex.Plug.PutApiSpec, module: SupavisorWeb.ApiSpec)
24	end
25
26	scope "/swaggerui" do
27	pipe_through(:browser)
28	get("/", OpenApiSpex.Plug.SwaggerUI, path: "/api/openapi")	×
29	end
30
31	scope "/api" do
32	pipe_through(:openapi)
33	get("/openapi", OpenApiSpex.Plug.RenderSpec, [])	×
34	end
35
36	# websocket pg proxy
37	scope "/v2" do
38	get("/", SupavisorWeb.WsProxy, [])	×
39	end
40
41	scope "/api", SupavisorWeb do
42	pipe_through(:api)
43
UNCOV 44	get("/tenants/:external_id", TenantController, :show)	8✔
UNCOV 45	put("/tenants/:external_id", TenantController, :update)	24✔
UNCOV 46	delete("/tenants/:external_id", TenantController, :delete)	4✔
47	get("/tenants/:external_id/terminate", TenantController, :terminate)	×
48	get("/health", TenantController, :health)	×
49
50	get("/clusters/:alias", ClusterController, :show)	×
51	put("/clusters/:alias", ClusterController, :update)	×
52	delete("/clusters/:alias", ClusterController, :delete)	×
53	# get("/clusters/:alias/terminate", ClusterController, :terminate)
54	end
55
56	scope "/metrics", SupavisorWeb do
57	pipe_through(:metrics)
58
UNCOV 59	get("/", MetricsController, :index)	8✔
60	get("/:external_id", MetricsController, :tenant)	×
61	end
62
63	# Other scopes may use custom stacks.
64	# scope "/api", SupavisorWeb do
65	# pipe_through :api
66	# end
67
68	# Enables LiveDashboard only for development
69	#
70	# If you want to use the LiveDashboard in production, you should put
71	# it behind authentication and allow only admins to access it.
72	# If your application does not have an admins-only section yet,
73	# you can use Plug.BasicAuth to set up some basic authentication
74	# as long as you are also using SSL (which you should anyway).
75	if Mix.env() in [:dev, :test] do
76	import Phoenix.LiveDashboard.Router
77
78	scope "/" do
79	pipe_through(:browser)
80
81	live_dashboard("/dashboard", metrics: SupavisorWeb.Telemetry)	×
82	end
83	end
84
85	defp check_auth(%{request_path: "/api/health"} = conn, _), do: conn	×
86
87	defp check_auth(conn, [secret_key, blocklist_key]) do
UNCOV 88	secret = Application.fetch_env!(:supavisor, secret_key)	11✔
UNCOV 89	blocklist = Application.fetch_env!(:supavisor, blocklist_key)	11✔
90
UNCOV 91	with ["Bearer " <> token] <- get_req_header(conn, "authorization"),	11✔
UNCOV 92	token <- Regex.replace(~r/\s\|\n/, URI.decode(token), ""),	11✔
UNCOV 93	false <- token in blocklist,	11✔
UNCOV 94	{:ok, _claims} <- Supavisor.Jwt.authorize(token, secret) do	10✔
UNCOV 95	conn	9✔
96	else
97	_ ->
98	conn
99	\|> send_resp(403, "")
UNCOV 100	\|> halt()	2✔
101	end
102	end
103	end

supabase / supavisor / e5e7ebfe80dbec4965226225050d4ef5c8216e88-PR-605

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous