[cms] Add passthroughs for proposals requests #1171
Conversation
alexlyp
changed the title
| } | ||
|
|
||
| data, _ := ioutil.ReadAll(resp.Body) | ||
| util.RespondRaw(w, http.StatusOK, data) |
There was a problem hiding this comment.
| util.RespondRaw(w, http.StatusOK, data) | |
| resp.Body.Close() | |
| util.RespondRaw(w, http.StatusOK, data) |
politeiawww/cmswww.go
Outdated
| resp, err := http.Get(route) | ||
| if err != nil { | ||
| RespondWithError(w, r, 0, | ||
| "SOME ERROR", err) |
There was a problem hiding this comment.
we would want to handle this properly
politeiawww/cmswww.go
Outdated
| @@ -865,6 +887,9 @@ func (p *politeiawww) setCMSWWWRoutes() { | |||
| p.addRoute(http.MethodGet, cms.APIRoute, | |||
| cms.RouteProposalOwner, p.handleProposalOwner, | |||
| permissionLogin) | |||
| p.addRoute(http.MethodGet, cms.APIRoute, | |||
| www.RouteTokenInventory, p.handlePassThroughTokenInventory, | |||
| permissionPublic) | |||
There was a problem hiding this comment.
Maybe set this to permissionLogin . This would avoid the public hitting this heavy end point by mistake.
| permissionPublic) | |
| permissionLogin) |
alexlyp
changed the title
politeiawww/cmswww.go
Outdated
| return | ||
| } | ||
| defer func() { | ||
| resp.Body.Close() |
politeiawww/cmswww.go
Outdated
| }() | ||
|
|
||
| data, _ := ioutil.ReadAll(resp.Body) | ||
| resp.Body.Close() |
|
|
||
| // VerifyProposal verifies a proposal's merkle root, author signature, and | ||
| // censorship record. | ||
| func VerifyProposal(p v1.ProposalRecord, serverPubKey string) error { |
There was a problem hiding this comment.
We are going to need unit tests for this function where we test all failure modes.
There was a problem hiding this comment.
This was an existing unexported func in piwww. Where do you want these tests? I'm not seeing any in piwww.
politeiawww/cmswww.go
Outdated
| } | ||
|
|
||
| data, _ := ioutil.ReadAll(resp.Body) | ||
| resp.Body.Close() |
There was a problem hiding this comment.
I'd make this a defer right after the GET.
| @@ -30,6 +31,19 @@ func RespondWithJSON(w http.ResponseWriter, code int, payload interface{}) { | |||
| w.Write(response) | |||
| } | |||
|
|
|||
| func RespondRaw(w http.ResponseWriter, code int, payload []byte) { | |||
There was a problem hiding this comment.
This should be shared with the various CLI tools. So that we only have to change it once and not multiple times.
There was a problem hiding this comment.
It's exported within the util package, so it should be able to be used anywhere that it's necessary. What other tools should use it?
This allows us to request
https://cms.decred.org/api/v1/proposals/tokeninventoryandhttps://cms.decred.org/api/v1/proposals/batchto avoid a cross site request that causes security issues. This simple passes that request through via the API to the relevant proposals site (mainnet/testnet).