Change the default mode to allow all urls

lestrrat-go · Sep 27, 2024 · 8a76cef · 8a76cef
1 parent 071255b
commit 8a76cef
Show file tree

Hide file tree

Showing 5 changed files with 16 additions and 5 deletions.
diff --git a/client.go b/client.go
@@ -23,12 +23,17 @@ type Client struct {
 const DefaultWorkers = 5
 const oneDay = 24 * time.Hour
 
+// NewClient creates a new `httprc.Client` object.
+//
+// By default ALL urls are allowed. This may not be suitable for you if
+// are using this in a production environment. You are encouraged to specify
+// a whitelist using the `WithWhitelist` option.
 func NewClient(options ...NewClientOption) *Client {
 	//nolint:stylecheck
 	var errSink ErrorSink = errsink.NewNop()
 	//nolint:stylecheck
 	var traceSink TraceSink = tracesink.NewNop()
-	var wl Whitelist = BlockAllWhitelist{}
+	var wl Whitelist = InsecureWhitelist{}
 
 	numWorkers := DefaultWorkers
 	//nolint:forcetypeassert

diff --git a/client_example_test.go b/client_example_test.go
@@ -24,7 +24,7 @@ func ExampleClient() {
 	}))
 
 	options := []httprc.NewClientOption{
-		httprc.WithWhitelist(httprc.NewInsecureWhitelist()),
+		//		httprc.WithWhitelist(httprc.NewInsecureWhitelist()),
 	}
 	// If you would like to handle errors from asynchronous workers, you can specify a error sink.
 	// This is disabled in this example because the trace logs are dynamic

diff --git a/httprc_test.go b/httprc_test.go
@@ -41,7 +41,7 @@ func TestClient(t *testing.T) {
 	defer cancel()
 
 	options := []httprc.NewClientOption{
-		httprc.WithWhitelist(httprc.NewInsecureWhitelist()),
+		//		httprc.WithWhitelist(httprc.NewInsecureWhitelist()),
 	}
 	cl := httprc.NewClient(options...)
 	ctrl, err := cl.Start(ctx)

diff --git a/transformer.go b/transformer.go
@@ -21,6 +21,8 @@ func (bytesTransformer) Transform(_ context.Context, res *http.Response) ([]byte
 
 type jsonTransformer[T any] struct{}
 
+// JSONTransformer returns a Transformer that decodes the response body as JSON
+// into the provided type T.
 func JSONTransformer[T any]() Transformer[T] {
 	return jsonTransformer[T]{}
 }

diff --git a/whitelist.go b/whitelist.go
@@ -9,9 +9,14 @@ import (
 // or not. Implementations of this interface can be used to restrict the URLs that
 // the client can access.
 //
+// By default all URLs are allowed, but this may not be ideal in production environments
+// for security reasons.
+//
 // This exists because you might use this module to store resources provided by
 // user of your application, in which case you cannot necessarily trust that the
 // URLs are safe.
+//
+// You will HAVE to provide some sort of whitelist.
 type Whitelist interface {
 	IsAllowed(string) bool
 }
@@ -21,8 +26,7 @@ type WhitelistFunc func(string) bool
 
 func (f WhitelistFunc) IsAllowed(u string) bool { return f(u) }
 
-// BlockAllWhitelist is a Whitelist implementation that blocks all URLs. This is the
-// default whitelist implementation.
+// BlockAllWhitelist is a Whitelist implementation that blocks all URLs.
 type BlockAllWhitelist struct{}
 
 // NewBlockAllWhitelist creates a new BlockAllWhitelist instance. It is safe to