feat: Validate session_id as UUID (#482)

pluto · Feb 18, 2025 · 2dc768e · 2dc768e
1 parent 6eed838
commit 2dc768e
Show file tree

Hide file tree

Showing 9 changed files with 36 additions and 26 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -54,6 +54,8 @@ tokio-rustls={ version="0.26.0", default-features=false, features=["logging", "t
 # circuits witness generator
 web-proof-circuits-witness-generator={ git="https://github.com/pluto/web-prover-circuits", rev="0a09df087612d45fa3b0d5914d93c72417edb58b" }
 
+uuid={ version="1.10.0", default-features=false, features=["v4", "serde"] }
+
 [package]
 name   ="webprover"
 edition="2021"

diff --git a/book/book.toml b/book/book.toml
@@ -12,21 +12,21 @@ extra-watch-dirs=[] # Don't watch any extra directories
 create-missing=false # Don't create missing files
 use-default-preprocessors=false
 exclude=[
-    "target/**/*",
-    "**/target/**/*",
-    "**/node_modules/**/*",
-    "client_wasm/demo/**/*",              # Explicitly exclude all demo content
-    "client_wasm/demo/static/build/**/*", # Extra specific exclusion for build artifacts
-    "client_wasm/demo/pkg/**/*",          # Extra specific exclusion for pkg
-    "client_wasm/demo/node_modules/**/*", # Extra specific exclusion for node_modules
-    "build/**/*",
-    "bin/**/*",
-    "client/**/*",
-    "client_ios/**/*",
-    "fixture/**/*",
-    "notary/**/*",
-    "tls/**/*",
-    "proofs/src/**/*",
+  "target/**/*",
+  "**/target/**/*",
+  "**/node_modules/**/*",
+  "client_wasm/demo/**/*",              # Explicitly exclude all demo content
+  "client_wasm/demo/static/build/**/*", # Extra specific exclusion for build artifacts
+  "client_wasm/demo/pkg/**/*",          # Extra specific exclusion for pkg
+  "client_wasm/demo/node_modules/**/*", # Extra specific exclusion for node_modules
+  "build/**/*",
+  "bin/**/*",
+  "client/**/*",
+  "client_ios/**/*",
+  "fixture/**/*",
+  "notary/**/*",
+  "tls/**/*",
+  "proofs/src/**/*",
 ]
 
 [preprocessor.links]

diff --git a/client/Cargo.toml b/client/Cargo.toml
@@ -65,7 +65,7 @@ tokio-util={ version="0.7", features=[
 chrono="0.4"
 p256={ version="0.13", features=["pem", "ecdsa"] }
 
-uuid={ version="1.10.0", default-features=false, features=["v4"] }
+uuid={ workspace=true }
 
 clap      ={ workspace=true }
 serde_with={ version="3.12.0", features=["base64"] }

diff --git a/notary/Cargo.toml b/notary/Cargo.toml
@@ -54,6 +54,7 @@ rs_merkle       ="1.4.2"
 alloy-primitives={ version="0.8.2", features=["k256"] }
 k256            ={ version="0.13.3", features=["ecdsa"] }
 reqwest         ={ version="0.12", features=["json"] }
+uuid            ={ workspace=true }
 
 tls-client2={ workspace=true }
 

diff --git a/notary/src/origo.rs b/notary/src/origo.rs
@@ -25,6 +25,7 @@ use tokio::{
 };
 use tokio_util::compat::FuturesAsyncReadCompatExt;
 use tracing::{debug, error, info};
+use uuid::Uuid;
 use web_proof_circuits_witness_generator::polynomial_digest;
 use ws_stream_tungstenite::WsStream;
 
@@ -38,7 +39,7 @@ use crate::{
 
 #[derive(Deserialize)]
 pub struct SignQuery {
-  session_id: String,
+  session_id: Uuid,
 }
 
 #[derive(Serialize)]
@@ -64,7 +65,8 @@ pub async fn sign(
   State(state): State<Arc<SharedState>>,
   extract::Json(payload): extract::Json<SignBody>,
 ) -> Result<Json<SignReply>, ProxyError> {
-  let transcript = state.origo_sessions.lock().unwrap().get(&query.session_id).cloned().unwrap();
+  let transcript =
+    state.origo_sessions.lock().unwrap().get(&query.session_id.to_string()).cloned().unwrap();
 
   let handshake_server_key = hex::decode(payload.handshake_server_key).unwrap();
   let handshake_server_iv = hex::decode(payload.handshake_server_iv).unwrap();
@@ -103,7 +105,7 @@ pub async fn sign(
     .verifier_sessions
     .lock()
     .unwrap()
-    .insert(query.session_id.clone(), VerifierInputs { request_messages, response_messages });
+    .insert(query.session_id.to_string(), VerifierInputs { request_messages, response_messages });
 
   // TODO check OSCP and CT (maybe)
   // TODO check target_name matches SNI and/or cert name (let's discuss)
@@ -216,7 +218,7 @@ impl Hasher for KeccakHasher {
 
 #[derive(Deserialize)]
 pub struct NotarizeQuery {
-  session_id:  String,
+  session_id:  Uuid,
   target_host: String,
   target_port: u16,
 }
@@ -246,7 +248,7 @@ pub async fn proxy(
   query: Query<NotarizeQuery>,
   State(state): State<Arc<SharedState>>,
 ) -> Response {
-  let session_id = query.session_id.clone();
+  let session_id = query.session_id.to_string();
 
   info!("Starting notarize with ID: {}", session_id);
 

diff --git a/notary/src/proxy.rs b/notary/src/proxy.rs
@@ -13,12 +13,13 @@ use reqwest::{Request, Response};
 use serde::Deserialize;
 use serde_json::Value;
 use tracing::{debug, info};
+use uuid::Uuid;
 
 use crate::{errors::NotaryServerError, SharedState};
 
 #[derive(Deserialize)]
 pub struct NotarizeQuery {
-  session_id: String,
+  session_id: Uuid,
 }
 
 pub async fn proxy(

diff --git a/notary/src/tee.rs b/notary/src/tee.rs
@@ -21,6 +21,7 @@ use tls_client2::tls_core::msgs::message::MessagePayload;
 use tokio::io::{AsyncRead, AsyncReadExt, AsyncWrite, AsyncWriteExt};
 use tokio_util::compat::FuturesAsyncReadCompatExt;
 use tracing::{debug, error, field::debug, info};
+use uuid::Uuid;
 use ws_stream_tungstenite::WsStream;
 
 use crate::{
@@ -34,7 +35,7 @@ use crate::{
 
 #[derive(Deserialize)]
 pub struct NotarizeQuery {
-  session_id:  String,
+  session_id:  Uuid,
   target_host: String,
   target_port: u16,
 }
@@ -44,7 +45,7 @@ pub async fn proxy(
   query: Query<NotarizeQuery>,
   State(state): State<Arc<SharedState>>,
 ) -> Response {
-  let session_id = query.session_id.clone();
+  let session_id = query.session_id.to_string();
 
   info!("Starting notarize with ID: {}", session_id);
 

diff --git a/notary/src/tlsn.rs b/notary/src/tlsn.rs
@@ -14,6 +14,7 @@ use tlsn_verifier::tls::{Verifier, VerifierConfig};
 use tokio::io::{AsyncRead, AsyncWrite};
 use tokio_util::compat::{FuturesAsyncReadCompatExt, TokioAsyncReadCompatExt};
 use tracing::{debug, error, info};
+use uuid::Uuid;
 use ws_stream_tungstenite::WsStream;
 
 use crate::{
@@ -84,7 +85,7 @@ pub async fn notary_service<S: AsyncWrite + AsyncRead + Send + Unpin + 'static>(
 
 #[derive(Deserialize)]
 pub struct NotarizeQuery {
-  session_id: String,
+  session_id: Uuid,
 }
 
 // TODO Response or impl IntoResponse?
@@ -93,7 +94,7 @@ pub async fn notarize(
   query: Query<NotarizeQuery>,
   State(state): State<Arc<SharedState>>,
 ) -> Response {
-  let session_id = query.session_id.clone();
+  let session_id = query.session_id.to_string();
 
   debug!("Starting notarize with ID: {}", session_id);