Validate that incoming requests to mutate state are sent to keyed ser…

…vices only (virtual objects or workflows) (#1581)
restatedev · Jun 3, 2024 · 4be2980 · 4be2980
1 parent 1e08897
commit 4be2980
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 1 deletion.
diff --git a/crates/admin/src/rest_api/error.rs b/crates/admin/src/rest_api/error.rs
@@ -21,6 +21,7 @@ use okapi_operation::okapi::openapi3::Responses;
 use okapi_operation::{okapi, Components, ToMediaTypes, ToResponses};
 use restate_core::ShutdownError;
 use restate_types::identifiers::{DeploymentId, SubscriptionId};
+use restate_types::invocation::ServiceType;
 use schemars::JsonSchema;
 use serde::Serialize;
 
@@ -41,6 +42,8 @@ pub enum MetaApiError {
     },
     #[error("The requested subscription '{0}' does not exist")]
     SubscriptionNotFound(SubscriptionId),
+    #[error("Cannot {0} for service type {1}")]
+    UnsupportedOperation(&'static str, ServiceType),
     #[error(transparent)]
     Schema(#[from] SchemaError),
     #[error(transparent)]
@@ -68,7 +71,9 @@ impl IntoResponse for MetaApiError {
             | MetaApiError::HandlerNotFound { .. }
             | MetaApiError::DeploymentNotFound(_)
             | MetaApiError::SubscriptionNotFound(_) => StatusCode::NOT_FOUND,
-            MetaApiError::InvalidField(_, _) => StatusCode::BAD_REQUEST,
+            MetaApiError::InvalidField(_, _) | MetaApiError::UnsupportedOperation(_, _) => {
+                StatusCode::BAD_REQUEST
+            }
             MetaApiError::Schema(schema_error) => match schema_error {
                 SchemaError::NotFound(_) => StatusCode::NOT_FOUND,
                 SchemaError::Override(_)

diff --git a/crates/admin/src/rest_api/services.rs b/crates/admin/src/rest_api/services.rs
@@ -155,6 +155,16 @@ pub async fn modify_service_state<V>(
         new_state,
     }): Json<ModifyServiceStateRequest>,
 ) -> Result<StatusCode, MetaApiError> {
+    let svc = state
+        .task_center
+        .run_in_scope_sync("get-service", None, || {
+            state.schema_registry.get_service(&service_name)
+        })
+        .ok_or_else(|| MetaApiError::ServiceNotFound(service_name.clone()))?;
+    if !svc.ty.has_state() {
+        return Err(MetaApiError::UnsupportedOperation("modify state", svc.ty));
+    }
+
     let service_id = ServiceId::new(service_name, object_key);
 
     let new_state = new_state