fix: handle gcf, verify already provided request.body #936
Conversation
wolfy1339
added
the
Type: Bug
|
Can you make sure that this doesn't effect values that end in a zero decimal, ex: |
|
I think I can do it even better. |
|
@wolfy1339 But now it is trying to avoid unecessary serializiation and deserialization based on the input. GCF has body and rawBody, while rawBody is the Buffer. Let me test this on GCF and give you feedback :). |
|
It works now properly. Can you please explain what your concern is regarding numbers? |
|
NodeJS likes to remove trailing zeroes on numbers, and thus it changes the signature of the payload |
|
In this case, I just handle the specific case of GCF because there is no way I can ensure, that JSON.stringify and .parse will respect that. PTAL |
|
Tested on GCF and works as expected ;) |
Co-authored-by: wolfy1339 <[email protected]>
|
It is hard to provide a benchmark for body attribute, as it is gcf specific. Passing the body object is only relevant for gcf. In other cases it is just undefined and does not effect significantly the performance. In gcf it actually avoids one JSON.parse. I really need this PR to land, so i beg you to approve and merge it. My benchmarks show a significant performance gain from 73k ops/ 10s to 83k ops/ 10s. before: after: ┌─────────┬──────┬──────┬───────┬──────┬─────────┬─────────┬───────┐
│ Stat │ 2.5% │ 50% │ 97.5% │ 99% │ Avg │ Stdev │ Max │
├─────────┼──────┼──────┼───────┼──────┼─────────┼─────────┼───────┤
│ Latency │ 0 ms │ 0 ms │ 4 ms │ 4 ms │ 0.46 ms │ 0.99 ms │ 29 ms │
└─────────┴──────┴──────┴───────┴──────┴─────────┴─────────┴───────┘
┌───────────┬────────┬────────┬─────────┬─────────┬─────────┬─────────┬────────┐
│ Stat │ 1% │ 2.5% │ 50% │ 97.5% │ Avg │ Stdev │ Min │
├───────────┼────────┼────────┼─────────┼─────────┼─────────┼─────────┼────────┤
│ Req/Sec │ 4711 │ 4711 │ 8623 │ 8959 │ 8254.8 │ 1231.47 │ 4708 │
├───────────┼────────┼────────┼─────────┼─────────┼─────────┼─────────┼────────┤
│ Bytes/Sec │ 589 kB │ 589 kB │ 1.08 MB │ 1.12 MB │ 1.03 MB │ 154 kB │ 589 kB │
└───────────┴────────┴────────┴─────────┴─────────┴─────────┴─────────┴────────┘
Req/Bytes counts sampled once per second.
# of samples: 10
83k requests in 10.02s, 10.3 MB read |
| @@ -15,6 +15,7 @@ export async function verifyAndReceive( | |||
| // verify will validate that the secret is not undefined | |||
| const matchesSignature = await verify( | |||
| state.secret, | |||
| // @ts-expect-error verify uses createHmac, which can take Strings and Buffers | |||
There was a problem hiding this comment.
I'd rather not. It's better to fix this at the source
There was a problem hiding this comment.
|
Please let other maintainers the time to review this. Can you split the performance patches from this PR and only handle GCF compatibility please |
Co-authored-by: Gregor Martynus <[email protected]>
|
k |
Resolves #935
As explained in #935 in gcf the payload is already deserialized to be an object, resulting that the payload can not be verified.
Can this be please fast-tracked?
@wolfy1339
@gr2m
Before the change?
After the change?
Pull request checklist
Does this introduce a breaking change?
Please see our docs on breaking changes to help!