feat: allow localhost endpoints

frain-dev · Jan 14, 2025 · 7a32372 · 7a32372
1 parent 633ea57
commit 7a32372
Show file tree

Hide file tree

Showing 5 changed files with 13 additions and 36 deletions.
diff --git a/datastore/models.go b/datastore/models.go
@@ -291,7 +291,7 @@ var (
 		MetaEvent:              &MetaEventConfiguration{IsEnabled: false},
 	}
 
-	DefaultSSLConfig = SSLConfiguration{EnforceSecureEndpoints: true}
+	DefaultSSLConfig = SSLConfiguration{EnforceSecureEndpoints: false}
 
 	DefaultStrategyConfig = StrategyConfiguration{
 		Type:       LinearStrategyProvider,

diff --git a/internal/pkg/retention/retention.go b/internal/pkg/retention/retention.go
@@ -2,7 +2,6 @@ package retention
 
 import (
 	"context"
-	"fmt"
 	"github.com/frain-dev/convoy/database"
 	"github.com/frain-dev/convoy/database/postgres"
 	"github.com/frain-dev/convoy/datastore"
@@ -141,8 +140,6 @@ func (r *RetentionPolicy) Start(ctx context.Context, sampleRate time.Duration) {
 					if err != nil {
 						r.logger.WithError(err).Error("failed to add convoy.delivery_attempts to managed tables")
 					}
-
-					fmt.Printf("pro: %+v\n", len(r.partitioner.(*partman.Manager).GetConfig().Tables))
 				}
 			}
 		}

diff --git a/net/dispatcher.go b/net/dispatcher.go
@@ -71,26 +71,13 @@ func NewDispatcher(l license.Licenser, ff *fflag.FFlag, options ...DispatcherOpt
 		return nil, ErrLoggerIsRequired
 	}
 
-	if ff.CanAccessFeature(fflag.IpRules) && len(d.rules.Allow) == 0 && len(d.rules.Block) == 0 {
-		d.rules = &netjail.Rules{
-			Allow: []netip.Prefix{
-				netip.MustParsePrefix("0.0.0.0/8"),
-				netip.MustParsePrefix("::/0"),
-			},
-			Block: []netip.Prefix{
-				netip.MustParsePrefix("127.0.0.0/8"),
-				netip.MustParsePrefix("::1/128"),
-			},
-		}
-	}
-
 	netJailTransport := &netjail.Transport{
 		New: func() *http.Transport {
 			return d.transport.Clone()
 		},
 	}
 
-	if ff.CanAccessFeature(fflag.IpRules) {
+	if ff.CanAccessFeature(fflag.IpRules) && l.IpRules() {
 		d.client.Transport = netJailTransport
 	} else {
 		d.client.Transport = d.transport
@@ -124,14 +111,14 @@ func ProxyOption(httpProxy string) DispatcherOption {
 // AllowListOption sets a list of IP prefixes which will outgoing traffic will be granted access
 func AllowListOption(allowList []string) DispatcherOption {
 	return func(d *Dispatcher) error {
-		if len(allowList) == 0 {
-			return ErrAllowListIsRequired
-		}
-
 		if !d.l.IpRules() || !d.ff.CanAccessFeature(fflag.IpRules) {
 			return nil
 		}
 
+		if len(allowList) == 0 {
+			return ErrAllowListIsRequired
+		}
+
 		netAllow := make([]netip.Prefix, len(allowList))
 		for i, prefix := range allowList {
 			parsed, err := netip.ParsePrefix(prefix)
@@ -149,14 +136,14 @@ func AllowListOption(allowList []string) DispatcherOption {
 // BlockListOption sets a list of IP prefixes which will outgoing traffic will be denied access
 func BlockListOption(blockList []string) DispatcherOption {
 	return func(d *Dispatcher) error {
-		if len(blockList) == 0 {
-			return ErrBlockListIsRequired
-		}
-
 		if !d.l.IpRules() || !d.ff.CanAccessFeature(fflag.IpRules) {
 			return nil
 		}
 
+		if len(blockList) == 0 {
+			return ErrBlockListIsRequired
+		}
+
 		netBlock := make([]netip.Prefix, len(blockList))
 		for i, prefix := range blockList {
 			parsed, err := netip.ParsePrefix(prefix)
@@ -231,7 +218,7 @@ func (d *Dispatcher) SendRequest(ctx context.Context, endpoint, method string, j
 		return r, err
 	}
 
-	if d.ff.CanAccessFeature(fflag.IpRules) {
+	if d.ff.CanAccessFeature(fflag.IpRules) && d.l.IpRules() {
 		ctx = netjail.ContextWithRules(ctx, d.rules)
 	}
 

diff --git a/services/create_endpoint.go b/services/create_endpoint.go
@@ -131,7 +131,7 @@ func ValidateEndpointAuthentication(auth *datastore.EndpointAuthentication) (*da
 			return nil, err
 		}
 
-		if auth == nil && auth.Type == datastore.APIKeyAuthentication {
+		if auth.Type == datastore.APIKeyAuthentication {
 			return nil, util.NewServiceError(http.StatusBadRequest, errors.New("api key field is required"))
 		}
 

diff --git a/util/endpoint.go b/util/endpoint.go
@@ -8,7 +8,6 @@ import (
 	"net"
 	"net/http"
 	"net/url"
-	"strings"
 	"time"
 )
 
@@ -30,8 +29,7 @@ func ValidateEndpoint(s string, enforceSecure bool) (string, error) {
 	case "https":
 		client := &http.Client{Timeout: 10 * time.Second, Transport: &http.Transport{
 			DialTLSContext: func(ctx context.Context, network, addr string) (net.Conn, error) {
-				conn, err := tls.Dial(network, addr, &tls.Config{MinVersion: tls.VersionTLS12})
-				return conn, err
+				return tls.Dial(network, addr, &tls.Config{MinVersion: tls.VersionTLS12})
 			},
 		}}
 
@@ -43,10 +41,5 @@ func ValidateEndpoint(s string, enforceSecure bool) (string, error) {
 		return "", errors.New("invalid endpoint scheme")
 	}
 
-	switch strings.ToLower(u.Hostname()) {
-	case "localhost", "127.0.0.1":
-		return "", errors.New("cannot use localhost or 127.0.0.1")
-	}
-
 	return u.String(), nil
 }