fix: add some sanity checks to secret keys

arlyon · Jul 23, 2024 · 9b453e0 · 9b453e0
1 parent ba6f20d
commit 9b453e0
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 1 deletion.
diff --git a/async-stripe/Cargo.toml b/async-stripe/Cargo.toml
@@ -99,8 +99,9 @@ miniserde.workspace = true
 
 # stream for lists
 futures-util = { version = "0.3.21", optional = true }
+tracing = "0.1.40"
 
 [dev-dependencies]
 httpmock = "0.6.7"
 async-std = { version = "1.10.0", features = ["attributes"] }
-tokio = { version = "1.24.1", features = ["rt", "macros"] }
+tokio = { version = "1.24.1", features = ["rt", "macros"] }
diff --git a/async-stripe/src/client/stripe.rs b/async-stripe/src/client/stripe.rs
@@ -32,6 +32,14 @@ impl Client {
 
     /// Create a new account pointed at a specific URL. This is useful for testing.
     pub fn from_url<'a>(url: impl Into<&'a str>, secret_key: impl Into<String>) -> Self {
+        let secret_key = secret_key.into();
+
+        // some basic sanity checks
+        // TODO: maybe a full-blown type here rather than a warning?
+        if secret_key.trim() != secret_key || !secret_key.starts_with("sk_") {
+            tracing::warn!("suspiciously formatted secret key")
+        }
+
         Client {
             client: BaseClient::new(),
             secret_key: secret_key.into(),