fix(auth): allow custom environments via BW_API_URL; harden token parsing#17
Open
kshahbw wants to merge 1 commit into
Open
fix(auth): allow custom environments via BW_API_URL; harden token parsing#17kshahbw wants to merge 1 commit into
kshahbw wants to merge 1 commit into
Conversation
…sing resolveEnvironment rejected any environment outside prod/test/uat, which also blocked an environment routed through an explicit BW_API_URL override — regressing that workflow. Permit a non-built-in environment when BW_API_URL is set: an explicit route is not a silent fall-through to prod, so it keeps the guarantee that an unrecognized value never silently resolves to production (the reason validation was added in ddb2632 / 11a4f95). Because a custom-routed environment still hits the production-only messaging host, widen messagingProdOnlyWarning to fire for any non-prod environment, so those users are still warned that sends are real and billable. Harden the OAuth token exchange: a 2xx response whose body is not a JSON object (an HTML proxy interstitial, or a misrouted host returning XML) now produces a clear 'non-JSON response — check your environment and BW_API_URL' error instead of a cryptic 'invalid character <' JSON parse failure.
✅ Snyk checks have passed. No issues have been found so far.
💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Two related auth-path hardenings, both grounded in the intent of the env-validation work in
ddb2632/11a4f95(kill silent fall-through to production):resolveEnvironment— restore the explicit-route escape hatch. After that change, any environment outsideprod/test/uatwas rejected outright — including environments intentionally routed through an explicitBW_API_URLoverride, which regressed that workflow. This permits a non-built-in environment only whenBW_API_URLis set. An explicit route is the opposite of a silent fall-through, so the original guarantee holds: an unrecognized value with no override still fails loudly and never silently resolves to prod.oauth.go— legible error for a non-JSON token response. A 2xx whose body isn't a JSON object (an HTML proxy interstitial, or a misrouted host returning XML) previously died with a crypticinvalid character '<' looking for beginning of valueparse error. It now returns "token endpoint returned a non-JSON response — you may be behind a proxy or pointed at the wrong host; check your environment andBW_API_URL."Also included (flag for review)
messagingProdOnlyWarningnow fires for any non-prod environment, not justtest/uat. This is slightly beyond the two fixes above, but it's the minimum needed to keep #1 from regressing a safety property: a custom-routed environment still hits the production-only messaging host, so without this a custom-env user would send real, billable messages with no warning — exactly the hazard the original hardening closed. Happy to drop it if you'd rather handle separately.Why this came up
A user hit
parsing token response: invalid character '<'on a command. Root cause: they were on an older binary whoseauthenticate()predatesresolveEnvironment, so an unrecognized environment silently fell through to the prod identity host and got back a non-JSON gateway body. On a current build the environment now validates up front — but the escape-hatch regression meant a legitimately-routed custom environment was also being rejected. This PR fixes both the regression and the cryptic error.Testing
resolveEnvironment: unit tests for fail-loud (no override) and opt-in (withBW_API_URL); verified in a real binary that an unknown env fails loudly without an override and routes the token request to the custom host with one.messagingProdOnlyWarning: unit test updated to assert any non-prod env warns.oauth.go: unit test asserts a 2xx HTML body yields the friendly error, not a parse error.go build ./..., fullgo test ./...,gofmt, andgo vetall clean.🤖 Generated with Claude Code