Added common logger

Author: aram356

.github/workflows/security.yml

@@ -0,0 +1,47 @@
+name: Security Audit
+
+on:
+  push:
+    branches: [main, develop]
+  pull_request:
+    branches: [main, develop]
+  schedule:
+    - cron: "0 0 * * 0" # Weekly on Sunday at midnight
+
+jobs:
+  audit:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Cache Cargo dependencies
+        uses: actions/cache@v4
+        with:
+          path: |
+            ~/.cargo/bin/
+            ~/.cargo/registry/index/
+            ~/.cargo/registry/cache/
+            ~/.cargo/git/db/
+            target/
+          key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
+
+      - name: Retrieve Rust version
+        id: rust-version
+        run: echo "rust-version=$(grep '^rust ' .tool-versions | awk '{print $2}')" >> $GITHUB_OUTPUT
+        shell: bash
+
+      - name: Set up Rust tool chain
+        uses: actions-rust-lang/setup-rust-toolchain@v1
+        with:
+          toolchain: ${{ steps.rust-version.outputs.rust-version }}
+
+      - name: Install cargo-audit
+        run: cargo install cargo-audit
+
+      - name: Run security audit
+        run: cargo audit
+
+      - name: Check for known vulnerabilities in dependencies
+        uses: actions-rs/audit-check@v1
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}

Cargo.lock

@@ -24,4 +24,6 @@ serde = { version = "1.0", features = ["derive"] }
 serde_json = "1.0.91"
 sha2 = "0.10.6"
 tokio = { version = "1.43", features = ["sync", "macros", "io-util", "rt", "time"] }   
+thiserror = "1.0"
 url = "2.4.1"
+uuid = { version = "1.0", features = ["v4", "serde"] }

crates/common/Cargo.toml

@@ -15,3 +15,4 @@ pub const HEADER_X_GEO_INFO_AVAILABLE: HeaderName = HeaderName::from_static("x-g
 pub const HEADER_X_GEO_METRO_CODE: HeaderName = HeaderName::from_static("x-geo-metro-code");
 pub const HEADER_X_GEO_REGION: HeaderName = HeaderName::from_static("x-geo-region");
 pub const HEADER_X_SUBJECT_ID: HeaderName = HeaderName::from_static("x-subject-id");
+pub const HEADER_X_REQUEST_ID: HeaderName = HeaderName::from_static("x-request-id");

crates/common/src/constants.rs

@@ -2,6 +2,7 @@ use cookie::{Cookie, CookieJar};
 use http::header;
 
 use crate::http_wrapper::RequestWrapper;
+use crate::settings::Settings;
 
 const COOKIE_MAX_AGE: i32 = 365 * 24 * 60 * 60; // 1 year
 
@@ -32,10 +33,10 @@ pub fn handle_request_cookies<T: RequestWrapper>(req: &T) -> Option<CookieJar> {
     }
 }
 
-pub fn create_synthetic_cookie(synthetic_id: &str) -> String {
+pub fn create_synthetic_cookie(synthetic_id: &str, settings: &Settings) -> String {
     format!(
-        "synthetic_id={}; Domain=.auburndao.com; Path=/; Secure; SameSite=Lax; Max-Age={}",
-        synthetic_id, COOKIE_MAX_AGE,
+        "synthetic_id={}; Domain={}; Path=/; Secure; SameSite=Lax; Max-Age={}",
+        synthetic_id, settings.server.cookie_domain, COOKIE_MAX_AGE,
     )
 }
 
@@ -132,10 +133,40 @@ mod tests {
 
     #[test]
     fn test_create_synthetic_cookie() {
-        let result = create_synthetic_cookie("12345");
+        // Create a test settings
+        let settings_toml = r#"
+[server]
+domain = "example.com"
+cookie_domain = ".example.com"
+
+[ad_server]
+ad_partner_url = "test"
+sync_url = "test"
+
+[prebid]
+server_url = "test"
+
+[synthetic]
+counter_store = "test"
+opid_store = "test"
+secret_key = "test-key"
+template = "test"
+        "#;
+
+        let settings: Settings = config::Config::builder()
+            .add_source(config::File::from_str(
+                settings_toml,
+                config::FileFormat::Toml,
+            ))
+            .build()
+            .unwrap()
+            .try_deserialize()
+            .unwrap();
+
+        let result = create_synthetic_cookie("12345", &settings);
         assert_eq!(
             result,
-            "synthetic_id=12345; Domain=.auburndao.com; Path=/; Secure; SameSite=Lax; Max-Age=31536000"
+            "synthetic_id=12345; Domain=.example.com; Path=/; Secure; SameSite=Lax; Max-Age=31536000"
         );
     }
 }

crates/common/src/cookies.rs

@@ -0,0 +1,33 @@
+use thiserror::Error;
+
+#[derive(Error, Debug)]
+pub enum TrustedServerError {
+    #[error("Configuration error: {0}")]
+    Config(#[from] config::ConfigError),
+
+    #[error("Template rendering error: {0}")]
+    Template(#[from] handlebars::RenderError),
+
+    #[error("Invalid UTF-8: {0}")]
+    Utf8(#[from] std::str::Utf8Error),
+
+    #[error("JSON error: {0}")]
+    Json(#[from] serde_json::Error),
+
+    #[error("HTTP error: {0}")]
+    Http(String),
+
+    #[error("KV store error: {0}")]
+    KvStore(String),
+
+    #[error("Invalid request: {0}")]
+    InvalidRequest(String),
+
+    #[error("Security error: {0}")]
+    Security(String),
+
+    #[error("IO error: {0}")]
+    Io(#[from] std::io::Error),
+}
+
+pub type Result<T> = std::result::Result<T, TrustedServerError>;

crates/common/src/error.rs

@@ -64,15 +64,16 @@ pub fn get_consent_from_request<T: RequestWrapper>(req: &T) -> Option<GdprConsen
     None
 }
 
-pub fn create_consent_cookie(consent: &GdprConsent) -> String {
+pub fn create_consent_cookie(consent: &GdprConsent, settings: &Settings) -> String {
     format!(
-        "gdpr_consent={}; Domain=.auburndao.com; Path=/; Secure; SameSite=Lax; Max-Age=31536000",
-        serde_json::to_string(consent).unwrap_or_default()
+        "gdpr_consent={}; Domain={}; Path=/; Secure; SameSite=Lax; Max-Age=31536000",
+        serde_json::to_string(consent).unwrap_or_default(),
+        settings.server.cookie_domain
     )
 }
 
 pub fn handle_consent_request<T: RequestWrapper>(
-    _settings: &Settings,
+    settings: &Settings,
     mut req: T,
 ) -> Result<Response, Error> {
     match *req.get_method() {
@@ -90,7 +91,10 @@ pub fn handle_consent_request<T: RequestWrapper>(
                 .with_header(header::CONTENT_TYPE, "application/json")
                 .with_body(serde_json::to_string(&consent)?);
 
-            response.set_header(header::SET_COOKIE, create_consent_cookie(&consent));
+            response.set_header(
+                header::SET_COOKIE,
+                create_consent_cookie(&consent, settings),
+            );
             Ok(response)
         }
         _ => {

crates/common/src/gdpr.rs

@@ -0,0 +1,25 @@
+use fastly::Response;
+
+use crate::constants::{
+    HEADER_X_GEO_CITY, HEADER_X_GEO_CONTINENT, HEADER_X_GEO_COORDINATES, HEADER_X_GEO_COUNTRY,
+    HEADER_X_GEO_INFO_AVAILABLE, HEADER_X_GEO_METRO_CODE,
+};
+use crate::http_wrapper::RequestWrapper;
+
+/// Copy all geo headers from request to response
+pub fn copy_geo_headers<T: RequestWrapper>(req: &T, response: &mut Response) {
+    let geo_headers = &[
+        HEADER_X_GEO_CITY,
+        HEADER_X_GEO_COUNTRY,
+        HEADER_X_GEO_CONTINENT,
+        HEADER_X_GEO_COORDINATES,
+        HEADER_X_GEO_METRO_CODE,
+        HEADER_X_GEO_INFO_AVAILABLE,
+    ];
+
+    for header_name in geo_headers {
+        if let Some(value) = req.get_header(header_name.clone()) {
+            response.set_header(header_name, value);
+        }
+    }
+}