ashwin/nxtgauge-backend-rust
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

security: remove hardcoded fallback credentials and fix aws feature flag

Browse source 
- payments/src/main.rs: fail-fast on BEECEPTOR_URL and DATABASE_URL
- gateway/src/main.rs: fail-fast on all service URLs and CORS URLs
- users/src/handlers/ai.rs: fail-fast on LEADS_SERVICE_URL
- leads/src/main.rs: fail-fast on OLLAMA_BASE_URL and OLLAMA_CHAT_MODEL
- storage/Cargo.toml: replace rustls-aws-lc with rustls for aws-config/aws-sdk-s3
This commit is contained in:
Ashwin Kumar Sivakumar 2026-05-31 22:53:29 +05:30
parent 8f0cf64eb4
commit ed80820913
6 changed files with 32 additions and 209 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

187
Cargo.lock generated
View file

@ -111,8 +111,6 @@ checksum = "517aa062d8bd9015ee23d6daa5e1c1372328412fdae4e6c4c1be9b69c6ad37a2"
dependencies = [
"aws-credential-types",
"aws-runtime",
"aws-sdk-sso",
"aws-sdk-ssooidc",
"aws-sdk-sts",
"aws-smithy-async",
"aws-smithy-http",
@ -124,14 +122,11 @@ dependencies = [
"aws-types",
"bytes",
"fastrand",
"hex",
"http 1.4.1",
"sha1 0.10.6",
"time",
"tokio",
"tracing",
"url",
"zeroize",
]
[[package]]
@ -231,55 +226,6 @@ dependencies = [
"url",
]
[[package]]
name = "aws-sdk-sso"
version = "1.100.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "bee2719d4a5e5e147bb9e9b77490df6ece750df1094968aa857b09b618a1881a"
dependencies = [
"aws-credential-types",
"aws-runtime",
"aws-smithy-async",
"aws-smithy-http",
"aws-smithy-json",
"aws-smithy-observability",
"aws-smithy-runtime",
"aws-smithy-runtime-api",
"aws-smithy-types",
"aws-types",
"bytes",
"fastrand",
"http 0.2.12",
"http 1.4.1",
"regex-lite",
"tracing",
]
[[package]]
name = "aws-sdk-ssooidc"
version = "1.102.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b30d254992d56ef19f430396e5765b11e0f5bd21a7a557cb12fca1c8c18b9636"
dependencies = [
"arc-swap",
"aws-credential-types",
"aws-runtime",
"aws-smithy-async",
"aws-smithy-http",
"aws-smithy-json",
"aws-smithy-observability",
"aws-smithy-runtime",
"aws-smithy-runtime-api",
"aws-smithy-types",
"aws-types",
"bytes",
"fastrand",
"http 0.2.12",
"http 1.4.1",
"regex-lite",
"tracing",
]
[[package]]
name = "aws-sdk-sts"
version = "1.105.0"
@ -317,19 +263,15 @@ dependencies = [
"aws-smithy-runtime-api",
"aws-smithy-types",
"bytes",
"crypto-bigint",
"form_urlencoded",
"hex",
"hmac 0.13.0",
"http 0.2.12",
"http 1.4.1",
"p256",
"percent-encoding",
"sha2 0.11.0",
"subtle",
"time",
"tracing",
"zeroize",
]
[[package]]
@ -635,12 +577,6 @@ dependencies = [
"fastrand",
]
[[package]]
name = "base16ct"
version = "0.2.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "4c7f02d4ea65f2c1853089ffd8d2787bdbc63de2f0d29dedbcf8ccdfa0ccd4cf"
[[package]]
name = "base64"
version = "0.22.1"
@ -1000,23 +936,11 @@ version = "0.8.21"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d0a5c400df2834b80a4c3327b3aad3a4c4cd4de0629063962b03235697506a28"
[[package]]
name = "crypto-bigint"
version = "0.5.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0dc92fb57ca44df6db8059111ab3af99a63d5d0f8375d9972e319a379c6bab76"
dependencies = [
"generic-array",
"rand_core 0.6.4",
"subtle",
"zeroize",
]
[[package]]
name = "crypto-common"
version = "0.1.6"
version = "0.1.7"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1bfb12502f3fc46cca1bb51ac28df9d618d813cdc3d2f25b9fe775a34af26bb3"
checksum = "78c8292055d1c1df0cce5d180393dc8cce0abec0a7102adb6c7b1eef6016d60a"
dependencies = [
"generic-array",
"typenum",
@ -1131,7 +1055,7 @@ checksum = "9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292"
dependencies = [
"block-buffer 0.10.4",
"const-oid 0.9.6",
"crypto-common 0.1.6",
"crypto-common 0.1.7",
"subtle",
]
@ -1170,20 +1094,6 @@ version = "1.0.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "92773504d58c093f6de2459af4af33faa518c13451eb8f2b5698ed3d36e7c813"
[[package]]
name = "ecdsa"
version = "0.16.9"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ee27f32b5c5292967d2d4a9d7f1e0b0aed2c15daded5a60300e4abb9d8020bca"
dependencies = [
"der",
"digest 0.10.7",
"elliptic-curve",
"rfc6979",
"signature",
"spki",
]
[[package]]
name = "either"
version = "1.16.0"
@ -1193,26 +1103,6 @@ dependencies = [
"serde",
]
[[package]]
name = "elliptic-curve"
version = "0.13.8"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b5e6043086bf7973472e0c7dff2142ea0b680d30e18d9cc40f267efbf222bd47"
dependencies = [
"base16ct",
"crypto-bigint",
"digest 0.10.7",
"ff",
"generic-array",
"group",
"pem-rfc7468",
"pkcs8",
"rand_core 0.6.4",
"sec1",
"subtle",
"zeroize",
]
[[package]]
name = "email"
version = "0.1.0"
@ -1316,16 +1206,6 @@ version = "2.4.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9f1f227452a390804cdb637b74a86990f2a7d7ba4b7d5693aac9b4dd6defd8d6"
[[package]]
name = "ff"
version = "0.13.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c0b50bfb653653f9ca9095b427bed08ab8d75a137839d9ad64eb11810d5b6393"
dependencies = [
"rand_core 0.6.4",
"subtle",
]
[[package]]
name = "find-msvc-tools"
version = "0.1.9"
@ -1526,13 +1406,12 @@ dependencies = [
[[package]]
name = "generic-array"
version = "0.14.9"
version = "0.14.7"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "4bb6743198531e02858aeaea5398fcc883e71851fcbcb5a2f773e2fb6cb1edf2"
checksum = "85649ca51fd72272d7821adaf274ad91c288277713d9c18820d8499a7ff69e9a"
dependencies = [
"typenum",
"version_check",
"zeroize",
]
[[package]]
@ -1594,17 +1473,6 @@ dependencies = [
"uuid",
]
[[package]]
name = "group"
version = "0.13.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f0f9ef7462f7c099f518d754361858f86d8a07af53ba9af0fe635bbccb151a63"
dependencies = [
"ff",
"rand_core 0.6.4",
"subtle",
]
[[package]]
name = "h2"
version = "0.3.27"
@ -2561,18 +2429,6 @@ version = "0.5.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1a80800c0488c3a21695ea981a54918fbb37abf04f4d0720c453632255e2ff0e"
[[package]]
name = "p256"
version = "0.13.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c9863ad85fa8f4460f9c48cb909d38a0d689dba1f6f6988a5e3e0d31071bcd4b"
dependencies = [
"ecdsa",
"elliptic-curve",
"primeorder",
"sha2 0.10.9",
]
[[package]]
name = "parking"
version = "2.2.1"
@ -2754,15 +2610,6 @@ dependencies = [
"syn",
]
[[package]]
name = "primeorder"
version = "0.13.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "353e1ca18966c16d9deb1c69278edbc5f194139612772bd9537af60ac231e1e6"
dependencies = [
"elliptic-curve",
]
[[package]]
name = "proc-macro2"
version = "1.0.106"
@ -3028,16 +2875,6 @@ dependencies = [
"webpki-roots 1.0.7",
]
[[package]]
name = "rfc6979"
version = "0.4.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f8dd2a808d456c4a54e300a23e9f5a67e122c3024119acbfd73e3bf664491cb2"
dependencies = [
"hmac 0.12.1",
"subtle",
]
[[package]]
name = "ring"
version = "0.17.14"
@ -3209,20 +3046,6 @@ dependencies = [
"untrusted",
]
[[package]]
name = "sec1"
version = "0.7.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d3e97a565f76233a6003f9f5c54be1d9c5bdfa3eccfb189469f11ec4901c47dc"
dependencies = [
"base16ct",
"der",
"generic-array",
"pkcs8",
"subtle",
"zeroize",
]
[[package]]
name = "security-framework"
version = "3.7.0"

40
apps/gateway/src/main.rs
View file

@ -41,41 +41,41 @@ impl Services {
fn from_env() -> Self {
Self {
users_url: std::env::var("USERS_SERVICE_URL")
.unwrap_or_else(|_| "http://localhost:9101".to_string()),
.expect("USERS_SERVICE_URL must be set"),
companies_url: std::env::var("COMPANIES_SERVICE_URL")
.unwrap_or_else(|_| "http://localhost:9102".to_string()),
.expect("COMPANIES_SERVICE_URL must be set"),
jobs_url: std::env::var("JOBS_SERVICE_URL")
.unwrap_or_else(|_| "http://localhost:9103".to_string()),
.expect("JOBS_SERVICE_URL must be set"),
leads_url: std::env::var("LEADS_SERVICE_URL")
.unwrap_or_else(|_| "http://localhost:9118".to_string()),
.expect("LEADS_SERVICE_URL must be set"),
job_seekers_url: std::env::var("JOB_SEEKERS_SERVICE_URL")
.unwrap_or_else(|_| "http://localhost:9104".to_string()),
.expect("JOB_SEEKERS_SERVICE_URL must be set"),
customers_url: std::env::var("CUSTOMERS_SERVICE_URL")
.unwrap_or_else(|_| "http://localhost:9105".to_string()),
.expect("CUSTOMERS_SERVICE_URL must be set"),
photographers_url: std::env::var("PHOTOGRAPHERS_SERVICE_URL")
.unwrap_or_else(|_| "http://localhost:9107".to_string()),
.expect("PHOTOGRAPHERS_SERVICE_URL must be set"),
makeup_artists_url: std::env::var("MAKEUP_ARTISTS_SERVICE_URL")
.unwrap_or_else(|_| "http://localhost:9109".to_string()),
.expect("MAKEUP_ARTISTS_SERVICE_URL must be set"),
tutors_url: std::env::var("TUTORS_SERVICE_URL")
.unwrap_or_else(|_| "http://localhost:9108".to_string()),
.expect("TUTORS_SERVICE_URL must be set"),
developers_url: std::env::var("DEVELOPERS_SERVICE_URL")
.unwrap_or_else(|_| "http://localhost:9110".to_string()),
.expect("DEVELOPERS_SERVICE_URL must be set"),
video_editors_url: std::env::var("VIDEO_EDITORS_SERVICE_URL")
.unwrap_or_else(|_| "http://localhost:9111".to_string()),
.expect("VIDEO_EDITORS_SERVICE_URL must be set"),
graphic_designers_url: std::env::var("GRAPHIC_DESIGNERS_SERVICE_URL")
.unwrap_or_else(|_| "http://localhost:9112".to_string()),
.expect("GRAPHIC_DESIGNERS_SERVICE_URL must be set"),
social_media_managers_url: std::env::var("SOCIAL_MEDIA_MANAGERS_SERVICE_URL")
.unwrap_or_else(|_| "http://localhost:9113".to_string()),
.expect("SOCIAL_MEDIA_MANAGERS_SERVICE_URL must be set"),
fitness_trainers_url: std::env::var("FITNESS_TRAINERS_SERVICE_URL")
.unwrap_or_else(|_| "http://localhost:9114".to_string()),
.expect("FITNESS_TRAINERS_SERVICE_URL must be set"),
catering_services_url: std::env::var("CATERING_SERVICES_SERVICE_URL")
.unwrap_or_else(|_| "http://localhost:9115".to_string()),
.expect("CATERING_SERVICES_SERVICE_URL must be set"),
ugc_content_creators_url: std::env::var("UGC_CONTENT_CREATORS_SERVICE_URL")
.unwrap_or_else(|_| "http://localhost:9117".to_string()),
.expect("UGC_CONTENT_CREATORS_SERVICE_URL must be set"),
payments_url: std::env::var("PAYMENTS_SERVICE_URL")
.unwrap_or_else(|_| "http://localhost:9116".to_string()),
.expect("PAYMENTS_SERVICE_URL must be set"),
employees_url: std::env::var("EMPLOYEES_SERVICE_URL")
.unwrap_or_else(|_| "http://localhost:9106".to_string()),
.expect("EMPLOYEES_SERVICE_URL must be set"),
client: reqwest::Client::new(),
}
}
@ -223,9 +223,9 @@ impl Services {
fn build_cors() -> CorsLayer {
let frontend_url = std::env::var("FRONTEND_URL")
.unwrap_or_else(|_| "http://localhost:9201".to_string());
.expect("FRONTEND_URL must be set");
let admin_url = std::env::var("ADMIN_URL")
.unwrap_or_else(|_| "http://localhost:9202".to_string());
.expect("ADMIN_URL must be set");
let allowed_origins: Vec<HeaderValue> = vec![
frontend_url.parse().expect("Invalid FRONTEND_URL"),

4
apps/leads/src/main.rs
View file

@ -118,9 +118,9 @@ async fn main() {
pool,
http_client: Client::new(),
ollama_base_url: std::env::var("OLLAMA_BASE_URL")
.unwrap_or_else(|_| "http://ollama.nxtgauge-ai.svc.cluster.local:11434".to_string()),
.expect("OLLAMA_BASE_URL must be set"),
ollama_model: std::env::var("OLLAMA_CHAT_MODEL")
.unwrap_or_else(|_| "gemma3:270m".to_string()),
.expect("OLLAMA_CHAT_MODEL must be set"),
});
let cors = CorsLayer::new()

4
apps/payments/src/main.rs
View file

@ -342,10 +342,10 @@ async fn main() {
.init();
let beeceptor_url = std::env::var("BEECEPTOR_URL")
.unwrap_or_else(|_| "https://nxtgauge.free.beeceptor.com".to_string());
.expect("BEECEPTOR_URL must be set");
let db_url = std::env::var("DATABASE_URL")
.unwrap_or_else(|_| "postgres://postgres:password@localhost:5432/nxtgauge".to_string());
.expect("DATABASE_URL must be set");
let pool = PgPool::connect(&db_url)
.await
.expect("Failed to connect to database");

2
apps/users/src/handlers/ai.rs
View file

@ -1105,7 +1105,7 @@ async fn ai_auto_respond_to_lead(
}
let leads_service_url = std::env::var("LEADS_SERVICE_URL")
.unwrap_or_else(|_| "http://localhost:9118".to_string());
.expect("LEADS_SERVICE_URL must be set");
let profile_id: Option<Uuid> = sqlx::query_scalar(
"SELECT id FROM user_role_profiles WHERE user_id = $1"

4
crates/storage/Cargo.toml
View file

@ -10,8 +10,8 @@ serde = { workspace = true }
uuid = { workspace = true }
tokio = { workspace = true }
reqwest = { version = "0.12", features = ["json", "multipart"] }
aws-sdk-s3 = "1"
aws-config = "1"
aws-sdk-s3 = { version = "1", default-features = false, features = ["rt-tokio", "rustls"] }
aws-config = { version = "1", default-features = false, features = ["rt-tokio", "rustls"] }
aws-credential-types = "1"
bytes = "1"
mime_guess = "2"