diff --git a/.bk.yaml b/.bk.yaml deleted file mode 100644 index 813fb3c..0000000 --- a/.bk.yaml +++ /dev/null @@ -1 +0,0 @@ -selected_org: cash diff --git a/cmd/cachewd/main.go b/cmd/cachewd/main.go index 9f91584..26d8625 100644 --- a/cmd/cachewd/main.go +++ b/cmd/cachewd/main.go @@ -214,9 +214,6 @@ func newServer(ctx context.Context, muxHandler http.Handler, bind string, metric )(handler) handler = httputil.LoggingMiddleware(handler) - if os.Getenv("IS_PLAYPEN") != "true" { - handler = httputil.PlaypenGuardMiddleware(handler) - } logger := logging.FromContext(ctx) return &http.Server{ diff --git a/internal/httputil/playpen_guard.go b/internal/httputil/playpen_guard.go deleted file mode 100644 index 2456a6f..0000000 --- a/internal/httputil/playpen_guard.go +++ /dev/null @@ -1,31 +0,0 @@ -package httputil - -import ( - "net/http" - "strings" -) - -// PlaypenGuardMiddleware rejects requests that target a playpen instance -// (via the Baggage header) when this instance is not a playpen. -// This prevents requests from silently falling through to staging. -func PlaypenGuardMiddleware(next http.Handler) http.Handler { - return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - if baggage := r.Header.Get("Baggage"); hasCachewPlaypenKey(baggage) { - http.Error(w, "no matching cachew playpen found — start one with: sq playpen sync", http.StatusServiceUnavailable) - return - } - next.ServeHTTP(w, r) - }) -} - -func hasCachewPlaypenKey(baggage string) bool { - if baggage == "" { - return false - } - for entry := range strings.SplitSeq(baggage, ",") { - if strings.HasPrefix(strings.TrimSpace(entry), "cachew-playpen=") { - return true - } - } - return false -} diff --git a/internal/httputil/playpen_guard_test.go b/internal/httputil/playpen_guard_test.go deleted file mode 100644 index c90576d..0000000 --- a/internal/httputil/playpen_guard_test.go +++ /dev/null @@ -1,41 +0,0 @@ -package httputil_test - -import ( - "net/http" - "net/http/httptest" - "testing" - - "github.com/alecthomas/assert/v2" - - "github.com/block/cachew/internal/httputil" -) - -func TestPlaypenGuardMiddleware(t *testing.T) { - ok := http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) { - w.WriteHeader(http.StatusOK) - }) - guard := httputil.PlaypenGuardMiddleware(ok) - - t.Run("allows normal requests", func(t *testing.T) { - req := httptest.NewRequest(http.MethodGet, "/", nil) - rr := httptest.NewRecorder() - guard.ServeHTTP(rr, req) - assert.Equal(t, http.StatusOK, rr.Code) - }) - - t.Run("blocks requests with cachew playpen baggage", func(t *testing.T) { - req := httptest.NewRequest(http.MethodGet, "/", nil) - req.Header.Set("Baggage", "cachew-playpen=jrobotham") - rr := httptest.NewRecorder() - guard.ServeHTTP(rr, req) - assert.Equal(t, http.StatusServiceUnavailable, rr.Code) - }) - - t.Run("allows requests with unrelated baggage", func(t *testing.T) { - req := httptest.NewRequest(http.MethodGet, "/", nil) - req.Header.Set("Baggage", "blox-playpen=jrobotham") - rr := httptest.NewRecorder() - guard.ServeHTTP(rr, req) - assert.Equal(t, http.StatusOK, rr.Code) - }) -}