gqlapi: Ensure stable hash for API key policy

target / goalert

Open source on-call scheduling, automated escalations, and notifications so you never miss a critical alert

https://goalert.me

Apache License 2.0

2.17k stars 230 forks source link

gqlapi: Ensure stable hash for API key policy #3941

Closed mastercactapus closed 5 days ago

mastercactapus commented 5 days ago

Description: Fixes an issue where any change in the JSON formatting or key order would result in a hash change, thus causing valid key tokens to be rejected.

Most notably, this can happen during a switchover operation due to a bug where json fields whitespace and key order can be modified during the copy.