I have this in my rust canister:
#[inspect_message]
fn inspect_message() {
let inspected_maethod_name = ic_cdk::api::call::method_name();
if inspected_maethod_name == "create_user" {
ic_cdk::api::call::reject_message();
}
ic_cdk::api::call::accept_message();
}
but i still can call the create_user function in the test suit using ic-test-state-machine’s call_candid method.
Not an expert here, but inspect_message only handles ingress messages. ic-test-state-machine operates on another level.
To test the inspect_message handler you’d need to run e2e tests, i.e. running your canister on the (local) replica and calling create_user from a client.
Any open source project used the inspect message feature? I want to get a example to learn how to use it.
Here’s one: examples/rust/nft-wallet/src/lib.rs at 71156ae52e4911a8ce7cf4ed957741a7131c9454 · dfinity/examples · GitHub
As far as I remember this only runs for calls that come through the http gateway. Other canisters that call your canister directly (inter canister call) will not go through inspect_message if I remember correctly.
So make sure that it’s not used as the sole security layer, still make sure that the methods themselves also verify access.