Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(generategetobjectpresignedurl): implemented changes to restrict arbitrary access #310

Merged
merged 5 commits into from
Feb 6, 2023
Merged

fix(generategetobjectpresignedurl): implemented changes to restrict arbitrary access #310

merged 5 commits into from
Feb 6, 2023

Conversation

ctrlc03
Copy link

@ctrlc03 ctrlc03 commented Feb 1, 2023

Implemented changes to the generateGetObjectPreSignedUrl cloud function to prevent creation of pre-signed URLs for arbitrary objects.

fix #309

@ctrlc03
fix(generategetobjectpresignedurl): implemented changes to restrict a…
388caac 
…rbitrary access

Implemented changes to the generateGetObjectPreSignedUrl cloud function to prevent creation of
pre-signed URLs for arbitrary objects.

fix quadratic-funding#309
@ctrlc03 ctrlc03 self-assigned this Feb 1, 2023
@ctrlc03 ctrlc03 added bug 🪲 Something isn't working Medium Priority ⏰ labels Feb 1, 2023
@ctrlc03 ctrlc03 linked an issue Feb 1, 2023 that may be closed by this pull request
generatePreSignedURL should restrict access to ceremonies buckets only #309
Closed
@ctrlc03 ctrlc03 requested a review from 0xjei February 1, 2023 13:47
@ctrlc03 ctrlc03 marked this pull request as ready for review February 1, 2023 13:47
0xjei
0xjei suggested changes Feb 1, 2023
View reviewed changes
Copy link
Contributor

@0xjei 0xjei left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cool, just a few nits and small changes! 👍

packages/backend/.default.env Outdated Show resolved Hide resolved
packages/backend/src/functions/storage.ts Show resolved Hide resolved
packages/backend/src/functions/storage.ts Show resolved Hide resolved
packages/actions/test/unit/security.test.ts Outdated Show resolved Hide resolved
packages/actions/test/unit/security.test.ts Outdated Show resolved Hide resolved
packages/actions/test/unit/security.test.ts Outdated Show resolved Hide resolved
@ctrlc03
fix(backend-storage): merged dev and amended after PR review
46e9804 
Amended code to reflect the PR review, and merged the latest changes in the dev branch which
required further changes to the code.
@ctrlc03 ctrlc03 requested a review from 0xjei February 2, 2023 15:49
@ctrlc03
test(security): amended tests after pr review
18ae8d0 
Amended test cases after pr review and merged latest changes to dev.
0xjei
0xjei suggested changes Feb 6, 2023
View reviewed changes
Copy link
Contributor

@0xjei 0xjei left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, heads up on merging outdated code

packages/backend/.default.env Outdated Show resolved Hide resolved
ctrlc03 and others added 2 commits February 6, 2023 10:08
@ctrlc03
fix(signedurls): commiting correct .default.env file
6fe96b1 
commiting the correct .default.env file for the backend package. This includes a new env variable.
@0xjei
Merge branch 'dev' into security/signedurls
18c5223
@0xjei 0xjei merged commit 70b62b3 into quadratic-funding:dev Feb 6, 2023
@baumstern
Copy link
Contributor

Nice!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@0xjei 0xjei 0xjei approved these changes

Assignees

@ctrlc03 ctrlc03

Labels
bug 🪲 Something isn't working Medium Priority ⏰
Projects
None yet
Milestone
[E1 - MS2] Write Tests (>=90%)
Development

Successfully merging this pull request may close these issues.

generatePreSignedURL should restrict access to ceremonies buckets only
3 participants
@ctrlc03 @baumstern @0xjei