don't unwrap reqwest requests for appservice and pushers too

this is another denial of service vector, but less severe than the federation one.

Signed-off-by: girlbossceo <june@girlboss.ceo>

src/api/appservice_server.rs

@@ -39,8 +39,7 @@ where
     );
     *http_request.uri_mut() = parts.try_into().expect("our manipulation is always valid");
 
-    let mut reqwest_request = reqwest::Request::try_from(http_request)
-        .expect("all http requests are valid reqwest requests");
+    let mut reqwest_request = reqwest::Request::try_from(http_request)?;
 
     *reqwest_request.timeout_mut() = Some(Duration::from_secs(30));
 

src/service/pusher/mod.rs

@@ -66,8 +66,7 @@ impl Service {
             })?
             .map(|body| body.freeze());
 
-        let reqwest_request = reqwest::Request::try_from(http_request)
-            .expect("all http requests are valid reqwest requests");
+        let reqwest_request = reqwest::Request::try_from(http_request)?;
 
         // TODO: we could keep this very short and let expo backoff do it's thing...
         //*reqwest_request.timeout_mut() = Some(Duration::from_secs(5));