glm-5.1
f9d7b8112b
Break down findings from review #002 into dependency-ordered fix tasks: Critical/High: - fix/acme-contact-and-challenge (C1+C2): Add acme_contact field, wire to ACME, remove unused challenge_config, add validation rule 19 - fix/remove-health-and-hardcode-https (W5+W14+ADR-022): Remove /health from main listener, hardcode X-Forwarded-Proto to https - fix/config-reload-static-drift (C4): Use ArcSwap<StaticConfig> so reload diffs against last config, not startup config - fix/access-logging (W13): Wire up log_request! macro for every proxied request with client_ip, host, method, path, status, upstream, duration_ms Medium: - fix/graceful-shutdown (W1+W7): Join HTTPS tasks with timeout instead of abort, add shutdown signal to admin socket and eviction task - fix/connect-timeout (W4): Wire upstream_connect_timeout_secs to enforce separate connect timeout Low/Independent: - fix/token-bucket-nanosecond (W6): Use as_nanos() instead of as_millis() - fix/normalize-host-ipv6 (S3): Handle IPv6 bracket notation in normalize_host - fix/http-port-validation (S1): Validate http_port in range 0 or 1-65535 - fix/integration-test-toml (S10): Fix double-nested listeners.listeners.sites - fix/logging-test-global-subscriber (W9): Use try_init() to avoid test conflicts - fix/fragile-error-detection (W3): Add typed error matching or documented string match - fix/add-code-comments (C3,W8,W10,W11,S9): Document correct-but-non-obvious behaviors - fix/request-timeout-scope (S8): Document full-request timeout scope - fix/clean-dead-code (S4+S2): Remove dead_code annotations, add #[non_exhaustive] Review gate: - review/post-fix-review: Verify all fixes against architecture spec
1.7 KiB
1.7 KiB
id, name, status, depends_on, scope, risk, impact, level, review_findings
| id | name | status | depends_on | scope | risk | impact | level | review_findings | |
|---|---|---|---|---|---|---|---|---|---|
| fix/http-port-validation | Add http_port range validation (0 or 1-65535) | pending | single | trivial | isolated | implementation |
|
Description
The http_port validation only checks for port conflicts and whether http_port > 0 (for the conflict check). It doesn't validate that http_port is in the valid range: 0 (disabled) or 1-65535. A value like 65536 or -1 would pass validation incorrectly. There's already a HttpsPortInvalid error for https_port, but no equivalent for http_port.
Changes Required
src/config/validation.rs:
- Add a validation check after the existing
http_portconflict logic:if listener.http_port > 65535 { errors.push(ValidationError::HttpPortInvalid { bind_addr: listener.bind_addr.clone(), http_port: listener.http_port, }); } - Note:
http_port = 0is already treated as "disabled" and should be allowed, so only check> 65535
Tests:
- Add a test for
http_port = 65536producingHttpPortInvalid - Add a test for
http_port = 0still being valid (disabled)
Acceptance Criteria
http_port > 65535produces a validation errorhttp_port = 0(disabled) remains validhttp_portin 1-65535 remains valid- New
HttpPortInvaliderror variant with descriptive message - Existing validation tests pass
cargo clippypasses with no warnings
References
- docs/reviews/002-implementation-review.md — S1 finding
- src/config/validation.rs — existing validation logic
Notes
To be filled by implementation agent
Summary
To be filled on completion