diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 8ce8f998..0c0ef5fe 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -15,14 +15,15 @@ jobs: steps: - uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 with: - egress-policy: audit - # allowed-endpoints: > - # sparrow.cloudflare.com:443 - # api.cloudflare.com:443 - # api.github.com:443 - # github.com:443 - # hooks.slack.com:443 - # registry.npmjs.org:443 + egress-policy: block + allowed-endpoints: > + sparrow.cloudflare.com:443 + api.cloudflare.com:443 + api.github.com:443 + github.com:443 + hooks.slack.com:443 + registry.npmjs.org:443 + sentry.io:443 - name: Git Checkout uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 diff --git a/src/middleware/throwMiddleware.ts b/src/middleware/throwMiddleware.ts new file mode 100644 index 00000000..7534882a --- /dev/null +++ b/src/middleware/throwMiddleware.ts @@ -0,0 +1,10 @@ +import type { Middleware } from './middleware'; + +/** + * Middleware that exists just to throw an error + */ +export class ThrowMiddleware implements Middleware { + handle(): Promise { + throw new Error('Throw endpoint hit'); + } +} diff --git a/src/routes/index.ts b/src/routes/index.ts index 45c2c815..5b3bfd0f 100644 --- a/src/routes/index.ts +++ b/src/routes/index.ts @@ -7,6 +7,7 @@ import { OriginMiddleware } from '../middleware/originMiddleware'; import { R2Middleware } from '../middleware/r2Middleware'; import { RedirectionMiddleware } from '../middleware/redirectionMiddleware'; import { SubtitutionMiddleware } from '../middleware/subtituteMiddleware'; +import { ThrowMiddleware } from '../middleware/throwMiddleware'; import type { Router } from './router'; export function registerRoutes(router: Router): void { @@ -63,6 +64,8 @@ export function registerRoutes(router: Router): void { originMiddleware, ]); + router.post('/_throw', [new ThrowMiddleware()]); + router.get('*', [new NotFoundMiddleware()]); router.all('*', [new MethodNotAllowedMiddleware()]); diff --git a/src/routes/router.ts b/src/routes/router.ts index c87c088a..2bae5fbb 100644 --- a/src/routes/router.ts +++ b/src/routes/router.ts @@ -56,6 +56,14 @@ export class Router { return callMiddlewareChain(middlewareChain, req, ctx, unsubstitutedUrl); }); } + + post(endpoint: string, middlewares: Middleware[]): void { + const middlewareChain = buildMiddlewareChain(middlewares); + + this.itty.post(endpoint, (req, ctx, unsubstitutedUrl) => { + return callMiddlewareChain(middlewareChain, req, ctx, unsubstitutedUrl); + }); + } } type MiddlewareChain = ( diff --git a/src/worker.ts b/src/worker.ts index 112c9548..4c616de7 100644 --- a/src/worker.ts +++ b/src/worker.ts @@ -45,13 +45,6 @@ export default { execution: ctx, }; - if ( - env.ENVIRONMENT === 'staging' && - request.url === '/_657ee98d-f9d3-46cd-837b-f58a88add70a' - ) { - throw new Error('sentry source map testing'); - } - return await router.handle(request, context); } catch (e) { // Send to sentry, if it's disabled this will just noop