ashwin/nxtgauge-backend-rust
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

security: remove hardcoded fallback credentials and fix aws feature flag

Browse source 
- payments/src/main.rs: fail-fast on BEECEPTOR_URL and DATABASE_URL
- gateway/src/main.rs: fail-fast on all service URLs and CORS URLs
- users/src/handlers/ai.rs: fail-fast on LEADS_SERVICE_URL
- leads/src/main.rs: fail-fast on OLLAMA_BASE_URL and OLLAMA_CHAT_MODEL
- storage/Cargo.toml: replace rustls-aws-lc with rustls for aws-config/aws-sdk-s3
This commit is contained in:
Ashwin Kumar Sivakumar 2026-05-31 22:53:29 +05:30
parent 8f0cf64eb4
commit ed80820913
6 changed files with 32 additions and 209 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

187
Cargo.lock generated
View file

@ -111,8 +111,6 @@ checksum = "517aa062d8bd9015ee23d6daa5e1c1372328412fdae4e6c4c1be9b69c6ad37a2"
dependencies = [ dependencies = [
"aws-credential-types", "aws-credential-types",
"aws-runtime", "aws-runtime",
"aws-sdk-sso",
"aws-sdk-ssooidc",
"aws-sdk-sts", "aws-sdk-sts",
"aws-smithy-async", "aws-smithy-async",
"aws-smithy-http", "aws-smithy-http",
@ -124,14 +122,11 @@ dependencies = [
"aws-types", "aws-types",
"bytes", "bytes",
"fastrand", "fastrand",
"hex",
"http 1.4.1", "http 1.4.1",
"sha1 0.10.6",
"time", "time",
"tokio", "tokio",
"tracing", "tracing",
"url", "url",
"zeroize",
] ]
[[package]] [[package]]
@ -231,55 +226,6 @@ dependencies = [
"url", "url",
] ]
[[package]]
name = "aws-sdk-sso"
version = "1.100.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "bee2719d4a5e5e147bb9e9b77490df6ece750df1094968aa857b09b618a1881a"
dependencies = [
"aws-credential-types",
"aws-runtime",
"aws-smithy-async",
"aws-smithy-http",
"aws-smithy-json",
"aws-smithy-observability",
"aws-smithy-runtime",
"aws-smithy-runtime-api",
"aws-smithy-types",
"aws-types",
"bytes",
"fastrand",
"http 0.2.12",
"http 1.4.1",
"regex-lite",
"tracing",
]
[[package]]
name = "aws-sdk-ssooidc"
version = "1.102.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b30d254992d56ef19f430396e5765b11e0f5bd21a7a557cb12fca1c8c18b9636"
dependencies = [
"arc-swap",
"aws-credential-types",
"aws-runtime",
"aws-smithy-async",
"aws-smithy-http",
"aws-smithy-json",
"aws-smithy-observability",
"aws-smithy-runtime",
"aws-smithy-runtime-api",
"aws-smithy-types",
"aws-types",
"bytes",
"fastrand",
"http 0.2.12",
"http 1.4.1",
"regex-lite",
"tracing",
]
[[package]] [[package]]
name = "aws-sdk-sts" name = "aws-sdk-sts"
version = "1.105.0" version = "1.105.0"
@ -317,19 +263,15 @@ dependencies = [
"aws-smithy-runtime-api", "aws-smithy-runtime-api",
"aws-smithy-types", "aws-smithy-types",
"bytes", "bytes",
"crypto-bigint",
"form_urlencoded", "form_urlencoded",
"hex", "hex",
"hmac 0.13.0", "hmac 0.13.0",
"http 0.2.12", "http 0.2.12",
"http 1.4.1", "http 1.4.1",
"p256",
"percent-encoding", "percent-encoding",
"sha2 0.11.0", "sha2 0.11.0",
"subtle",
"time", "time",
"tracing", "tracing",
"zeroize",
] ]
[[package]] [[package]]
@ -635,12 +577,6 @@ dependencies = [
"fastrand", "fastrand",
] ]
[[package]]
name = "base16ct"
version = "0.2.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "4c7f02d4ea65f2c1853089ffd8d2787bdbc63de2f0d29dedbcf8ccdfa0ccd4cf"
[[package]] [[package]]
name = "base64" name = "base64"
version = "0.22.1" version = "0.22.1"
@ -1000,23 +936,11 @@ version = "0.8.21"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d0a5c400df2834b80a4c3327b3aad3a4c4cd4de0629063962b03235697506a28" checksum = "d0a5c400df2834b80a4c3327b3aad3a4c4cd4de0629063962b03235697506a28"
[[package]]
name = "crypto-bigint"
version = "0.5.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0dc92fb57ca44df6db8059111ab3af99a63d5d0f8375d9972e319a379c6bab76"
dependencies = [
"generic-array",
"rand_core 0.6.4",
"subtle",
"zeroize",
]
[[package]] [[package]]
name = "crypto-common" name = "crypto-common"
version = "0.1.6" version = "0.1.7"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1bfb12502f3fc46cca1bb51ac28df9d618d813cdc3d2f25b9fe775a34af26bb3" checksum = "78c8292055d1c1df0cce5d180393dc8cce0abec0a7102adb6c7b1eef6016d60a"
dependencies = [ dependencies = [
"generic-array", "generic-array",
"typenum", "typenum",
@ -1131,7 +1055,7 @@ checksum = "9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292"
dependencies = [ dependencies = [
"block-buffer 0.10.4", "block-buffer 0.10.4",
"const-oid 0.9.6", "const-oid 0.9.6",
"crypto-common 0.1.6", "crypto-common 0.1.7",
"subtle", "subtle",
] ]
@ -1170,20 +1094,6 @@ version = "1.0.5"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "92773504d58c093f6de2459af4af33faa518c13451eb8f2b5698ed3d36e7c813" checksum = "92773504d58c093f6de2459af4af33faa518c13451eb8f2b5698ed3d36e7c813"
[[package]]
name = "ecdsa"
version = "0.16.9"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ee27f32b5c5292967d2d4a9d7f1e0b0aed2c15daded5a60300e4abb9d8020bca"
dependencies = [
"der",
"digest 0.10.7",
"elliptic-curve",
"rfc6979",
"signature",
"spki",
]
[[package]] [[package]]
name = "either" name = "either"
version = "1.16.0" version = "1.16.0"
@ -1193,26 +1103,6 @@ dependencies = [
"serde", "serde",
] ]
[[package]]
name = "elliptic-curve"
version = "0.13.8"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b5e6043086bf7973472e0c7dff2142ea0b680d30e18d9cc40f267efbf222bd47"
dependencies = [
"base16ct",
"crypto-bigint",
"digest 0.10.7",
"ff",
"generic-array",
"group",
"pem-rfc7468",
"pkcs8",
"rand_core 0.6.4",
"sec1",
"subtle",
"zeroize",
]
[[package]] [[package]]
name = "email" name = "email"
version = "0.1.0" version = "0.1.0"
@ -1316,16 +1206,6 @@ version = "2.4.1"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9f1f227452a390804cdb637b74a86990f2a7d7ba4b7d5693aac9b4dd6defd8d6" checksum = "9f1f227452a390804cdb637b74a86990f2a7d7ba4b7d5693aac9b4dd6defd8d6"
[[package]]
name = "ff"
version = "0.13.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c0b50bfb653653f9ca9095b427bed08ab8d75a137839d9ad64eb11810d5b6393"
dependencies = [
"rand_core 0.6.4",
"subtle",
]
[[package]] [[package]]
name = "find-msvc-tools" name = "find-msvc-tools"
version = "0.1.9" version = "0.1.9"
@ -1526,13 +1406,12 @@ dependencies = [
[[package]] [[package]]
name = "generic-array" name = "generic-array"
version = "0.14.9" version = "0.14.7"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "4bb6743198531e02858aeaea5398fcc883e71851fcbcb5a2f773e2fb6cb1edf2" checksum = "85649ca51fd72272d7821adaf274ad91c288277713d9c18820d8499a7ff69e9a"
dependencies = [ dependencies = [
"typenum", "typenum",
"version_check", "version_check",
"zeroize",
] ]
[[package]] [[package]]
@ -1594,17 +1473,6 @@ dependencies = [
"uuid", "uuid",
] ]
[[package]]
name = "group"
version = "0.13.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f0f9ef7462f7c099f518d754361858f86d8a07af53ba9af0fe635bbccb151a63"
dependencies = [
"ff",
"rand_core 0.6.4",
"subtle",
]
[[package]] [[package]]
name = "h2" name = "h2"
version = "0.3.27" version = "0.3.27"
@ -2561,18 +2429,6 @@ version = "0.5.2"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1a80800c0488c3a21695ea981a54918fbb37abf04f4d0720c453632255e2ff0e" checksum = "1a80800c0488c3a21695ea981a54918fbb37abf04f4d0720c453632255e2ff0e"
[[package]]
name = "p256"
version = "0.13.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c9863ad85fa8f4460f9c48cb909d38a0d689dba1f6f6988a5e3e0d31071bcd4b"
dependencies = [
"ecdsa",
"elliptic-curve",
"primeorder",
"sha2 0.10.9",
]
[[package]] [[package]]
name = "parking" name = "parking"
version = "2.2.1" version = "2.2.1"
@ -2754,15 +2610,6 @@ dependencies = [
"syn", "syn",
] ]
[[package]]
name = "primeorder"
version = "0.13.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "353e1ca18966c16d9deb1c69278edbc5f194139612772bd9537af60ac231e1e6"
dependencies = [
"elliptic-curve",
]
[[package]] [[package]]
name = "proc-macro2" name = "proc-macro2"
version = "1.0.106" version = "1.0.106"
@ -3028,16 +2875,6 @@ dependencies = [
"webpki-roots 1.0.7", "webpki-roots 1.0.7",
] ]
[[package]]
name = "rfc6979"
version = "0.4.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f8dd2a808d456c4a54e300a23e9f5a67e122c3024119acbfd73e3bf664491cb2"
dependencies = [
"hmac 0.12.1",
"subtle",
]
[[package]] [[package]]
name = "ring" name = "ring"
version = "0.17.14" version = "0.17.14"
@ -3209,20 +3046,6 @@ dependencies = [
"untrusted", "untrusted",
] ]
[[package]]
name = "sec1"
version = "0.7.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d3e97a565f76233a6003f9f5c54be1d9c5bdfa3eccfb189469f11ec4901c47dc"
dependencies = [
"base16ct",
"der",
"generic-array",
"pkcs8",
"subtle",
"zeroize",
]
[[package]] [[package]]
name = "security-framework" name = "security-framework"
version = "3.7.0" version = "3.7.0"

40
apps/gateway/src/main.rs
View file

@ -41,41 +41,41 @@ impl Services {
fn from_env() -> Self { fn from_env() -> Self {
Self { Self {
users_url: std::env::var("USERS_SERVICE_URL") users_url: std::env::var("USERS_SERVICE_URL")
.unwrap_or_else(|_| "http://localhost:9101".to_string()), .expect("USERS_SERVICE_URL must be set"),
companies_url: std::env::var("COMPANIES_SERVICE_URL") companies_url: std::env::var("COMPANIES_SERVICE_URL")
.unwrap_or_else(|_| "http://localhost:9102".to_string()), .expect("COMPANIES_SERVICE_URL must be set"),
jobs_url: std::env::var("JOBS_SERVICE_URL") jobs_url: std::env::var("JOBS_SERVICE_URL")
.unwrap_or_else(|_| "http://localhost:9103".to_string()), .expect("JOBS_SERVICE_URL must be set"),
leads_url: std::env::var("LEADS_SERVICE_URL") leads_url: std::env::var("LEADS_SERVICE_URL")
.unwrap_or_else(|_| "http://localhost:9118".to_string()), .expect("LEADS_SERVICE_URL must be set"),
job_seekers_url: std::env::var("JOB_SEEKERS_SERVICE_URL") job_seekers_url: std::env::var("JOB_SEEKERS_SERVICE_URL")
.unwrap_or_else(|_| "http://localhost:9104".to_string()), .expect("JOB_SEEKERS_SERVICE_URL must be set"),
customers_url: std::env::var("CUSTOMERS_SERVICE_URL") customers_url: std::env::var("CUSTOMERS_SERVICE_URL")
.unwrap_or_else(|_| "http://localhost:9105".to_string()), .expect("CUSTOMERS_SERVICE_URL must be set"),
photographers_url: std::env::var("PHOTOGRAPHERS_SERVICE_URL") photographers_url: std::env::var("PHOTOGRAPHERS_SERVICE_URL")
.unwrap_or_else(|_| "http://localhost:9107".to_string()), .expect("PHOTOGRAPHERS_SERVICE_URL must be set"),
makeup_artists_url: std::env::var("MAKEUP_ARTISTS_SERVICE_URL") makeup_artists_url: std::env::var("MAKEUP_ARTISTS_SERVICE_URL")
.unwrap_or_else(|_| "http://localhost:9109".to_string()), .expect("MAKEUP_ARTISTS_SERVICE_URL must be set"),
tutors_url: std::env::var("TUTORS_SERVICE_URL") tutors_url: std::env::var("TUTORS_SERVICE_URL")
.unwrap_or_else(|_| "http://localhost:9108".to_string()), .expect("TUTORS_SERVICE_URL must be set"),
developers_url: std::env::var("DEVELOPERS_SERVICE_URL") developers_url: std::env::var("DEVELOPERS_SERVICE_URL")
.unwrap_or_else(|_| "http://localhost:9110".to_string()), .expect("DEVELOPERS_SERVICE_URL must be set"),
video_editors_url: std::env::var("VIDEO_EDITORS_SERVICE_URL") video_editors_url: std::env::var("VIDEO_EDITORS_SERVICE_URL")
.unwrap_or_else(|_| "http://localhost:9111".to_string()), .expect("VIDEO_EDITORS_SERVICE_URL must be set"),
graphic_designers_url: std::env::var("GRAPHIC_DESIGNERS_SERVICE_URL") graphic_designers_url: std::env::var("GRAPHIC_DESIGNERS_SERVICE_URL")
.unwrap_or_else(|_| "http://localhost:9112".to_string()), .expect("GRAPHIC_DESIGNERS_SERVICE_URL must be set"),
social_media_managers_url: std::env::var("SOCIAL_MEDIA_MANAGERS_SERVICE_URL") social_media_managers_url: std::env::var("SOCIAL_MEDIA_MANAGERS_SERVICE_URL")
.unwrap_or_else(|_| "http://localhost:9113".to_string()), .expect("SOCIAL_MEDIA_MANAGERS_SERVICE_URL must be set"),
fitness_trainers_url: std::env::var("FITNESS_TRAINERS_SERVICE_URL") fitness_trainers_url: std::env::var("FITNESS_TRAINERS_SERVICE_URL")
.unwrap_or_else(|_| "http://localhost:9114".to_string()), .expect("FITNESS_TRAINERS_SERVICE_URL must be set"),
catering_services_url: std::env::var("CATERING_SERVICES_SERVICE_URL") catering_services_url: std::env::var("CATERING_SERVICES_SERVICE_URL")
.unwrap_or_else(|_| "http://localhost:9115".to_string()), .expect("CATERING_SERVICES_SERVICE_URL must be set"),
ugc_content_creators_url: std::env::var("UGC_CONTENT_CREATORS_SERVICE_URL") ugc_content_creators_url: std::env::var("UGC_CONTENT_CREATORS_SERVICE_URL")
.unwrap_or_else(|_| "http://localhost:9117".to_string()), .expect("UGC_CONTENT_CREATORS_SERVICE_URL must be set"),
payments_url: std::env::var("PAYMENTS_SERVICE_URL") payments_url: std::env::var("PAYMENTS_SERVICE_URL")
.unwrap_or_else(|_| "http://localhost:9116".to_string()), .expect("PAYMENTS_SERVICE_URL must be set"),
employees_url: std::env::var("EMPLOYEES_SERVICE_URL") employees_url: std::env::var("EMPLOYEES_SERVICE_URL")
.unwrap_or_else(|_| "http://localhost:9106".to_string()), .expect("EMPLOYEES_SERVICE_URL must be set"),
client: reqwest::Client::new(), client: reqwest::Client::new(),
} }
} }
@ -223,9 +223,9 @@ impl Services {
fn build_cors() -> CorsLayer { fn build_cors() -> CorsLayer {
let frontend_url = std::env::var("FRONTEND_URL") let frontend_url = std::env::var("FRONTEND_URL")
.unwrap_or_else(|_| "http://localhost:9201".to_string()); .expect("FRONTEND_URL must be set");
let admin_url = std::env::var("ADMIN_URL") let admin_url = std::env::var("ADMIN_URL")
.unwrap_or_else(|_| "http://localhost:9202".to_string()); .expect("ADMIN_URL must be set");
let allowed_origins: Vec<HeaderValue> = vec![ let allowed_origins: Vec<HeaderValue> = vec![
frontend_url.parse().expect("Invalid FRONTEND_URL"), frontend_url.parse().expect("Invalid FRONTEND_URL"),

4
apps/leads/src/main.rs
View file

@ -118,9 +118,9 @@ async fn main() {
pool, pool,
http_client: Client::new(), http_client: Client::new(),
ollama_base_url: std::env::var("OLLAMA_BASE_URL") ollama_base_url: std::env::var("OLLAMA_BASE_URL")
.unwrap_or_else(|_| "http://ollama.nxtgauge-ai.svc.cluster.local:11434".to_string()), .expect("OLLAMA_BASE_URL must be set"),
ollama_model: std::env::var("OLLAMA_CHAT_MODEL") ollama_model: std::env::var("OLLAMA_CHAT_MODEL")
.unwrap_or_else(|_| "gemma3:270m".to_string()), .expect("OLLAMA_CHAT_MODEL must be set"),
}); });
let cors = CorsLayer::new() let cors = CorsLayer::new()

4
apps/payments/src/main.rs
View file

@ -342,10 +342,10 @@ async fn main() {
.init(); .init();
let beeceptor_url = std::env::var("BEECEPTOR_URL") let beeceptor_url = std::env::var("BEECEPTOR_URL")
.unwrap_or_else(|_| "https://nxtgauge.free.beeceptor.com".to_string()); .expect("BEECEPTOR_URL must be set");
let db_url = std::env::var("DATABASE_URL") let db_url = std::env::var("DATABASE_URL")
.unwrap_or_else(|_| "postgres://postgres:password@localhost:5432/nxtgauge".to_string()); .expect("DATABASE_URL must be set");
let pool = PgPool::connect(&db_url) let pool = PgPool::connect(&db_url)
.await .await
.expect("Failed to connect to database"); .expect("Failed to connect to database");

2
apps/users/src/handlers/ai.rs
View file

@ -1105,7 +1105,7 @@ async fn ai_auto_respond_to_lead(
} }
let leads_service_url = std::env::var("LEADS_SERVICE_URL") let leads_service_url = std::env::var("LEADS_SERVICE_URL")
.unwrap_or_else(|_| "http://localhost:9118".to_string()); .expect("LEADS_SERVICE_URL must be set");
let profile_id: Option<Uuid> = sqlx::query_scalar( let profile_id: Option<Uuid> = sqlx::query_scalar(
"SELECT id FROM user_role_profiles WHERE user_id = $1" "SELECT id FROM user_role_profiles WHERE user_id = $1"

4
crates/storage/Cargo.toml
View file

@ -10,8 +10,8 @@ serde = { workspace = true }
uuid = { workspace = true } uuid = { workspace = true }
tokio = { workspace = true } tokio = { workspace = true }
reqwest = { version = "0.12", features = ["json", "multipart"] } reqwest = { version = "0.12", features = ["json", "multipart"] }
aws-sdk-s3 = "1" aws-sdk-s3 = { version = "1", default-features = false, features = ["rt-tokio", "rustls"] }
aws-config = "1" aws-config = { version = "1", default-features = false, features = ["rt-tokio", "rustls"] }
aws-credential-types = "1" aws-credential-types = "1"
bytes = "1" bytes = "1"
mime_guess = "2" mime_guess = "2"