fix: middleware dos, storage metadata (#1581)

parmesant · web-flow · commit 6c583081a416 · 2026-03-13T15:09:12.000+05:30
removed usage of unwraps in middleware to prevent unauthenticated dos
bumped the default storage metadata version to v8
diff --git a/src/handlers/http/middleware.rs b/src/handlers/http/middleware.rs
@@ -152,18 +152,21 @@ where
         For requests made from other clients, no change.
 
         ## Section start */
-        if let Some(kinesis_common_attributes) =
-            req.request().headers().get(KINESIS_COMMON_ATTRIBUTES_KEY)
+        if self.action.eq(&Action::Ingest)
+            && let Some(kinesis_common_attributes) =
+                req.request().headers().get(KINESIS_COMMON_ATTRIBUTES_KEY)
+            && let Ok(attribute_value) = kinesis_common_attributes.to_str()
+            && let Ok(message) = serde_json::from_str::<Message>(attribute_value)
+            && let Ok(auth_value) =
+                header::HeaderValue::from_str(&message.common_attributes.authorization)
+            && let Ok(stream_name_key) =
+                header::HeaderValue::from_str(&message.common_attributes.x_p_stream)
         {
-            let attribute_value: &str = kinesis_common_attributes.to_str().unwrap();
-            let message: Message = serde_json::from_str(attribute_value).unwrap();
-            req.headers_mut().insert(
-                HeaderName::from_static(AUTHORIZATION_KEY),
-                header::HeaderValue::from_str(&message.common_attributes.authorization).unwrap(),
-            );
+            req.headers_mut()
+                .insert(HeaderName::from_static(AUTHORIZATION_KEY), auth_value);
             req.headers_mut().insert(
                 HeaderName::from_static(STREAM_NAME_HEADER_KEY),
-                header::HeaderValue::from_str(&message.common_attributes.x_p_stream).unwrap(),
+                stream_name_key,
             );
             req.headers_mut().insert(
                 HeaderName::from_static(LOG_SOURCE_KEY),
diff --git a/src/storage/store_metadata.rs b/src/storage/store_metadata.rs
@@ -43,7 +43,7 @@ use super::PARSEABLE_METADATA_FILE_NAME;
 
 // Expose some static variables for internal usage
 pub static STORAGE_METADATA: OnceCell<StaticStorageMetadata> = OnceCell::new();
-pub const CURRENT_STORAGE_METADATA_VERSION: &str = "v6";
+pub const CURRENT_STORAGE_METADATA_VERSION: &str = "v8";
 // For use in global static
 #[derive(Debug, PartialEq, Eq)]
 pub struct StaticStorageMetadata {
