diff --git a/.env.dev b/.env.dev index f03350a..029284b 100644 --- a/.env.dev +++ b/.env.dev @@ -1,5 +1,5 @@ # [ad_server] -TRUSTED_SERVER__AD_SERVER__AD_PARTNER_BACKEND=http://127.0.0.1:10180 +TRUSTED_SERVER__AD_SERVER__AD_PARTNER_URL=http://127.0.0.1:10180 # [synthetic] TRUSTED_SERVER__SYNTHETIC__COUNTER_STORE=counter_store diff --git a/CHANGELOG.md b/CHANGELOG.md index a6e560a..ba17996 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -33,6 +33,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Added publisher config - Add AI assist rules. Based on https://github.com/hashintel/hash - Added ability to construct GAM requests from static permutive segments with test pages +- Add more complete e2e GAM (Google Ad Manager) integration with request construction and ad serving capabilities +- Add new partners.rs module for partner-specific configurations +- Created comprehensive publisher IDs audit document identifying hardcoded values ### Changed - Upgrade to rust 1.87.0 diff --git a/PUBLISHER_IDS_AUDIT.md b/PUBLISHER_IDS_AUDIT.md new file mode 100644 index 0000000..cf9b319 --- /dev/null +++ b/PUBLISHER_IDS_AUDIT.md @@ -0,0 +1,77 @@ +# Publisher-Specific IDs Audit + +This document lists all publisher-specific IDs and configurations found in the codebase that are currently hardcoded to test publisher values. + +## Configuration Files + +### trusted-server.toml + +**GAM Configuration:** +- `publisher_id = "3790"` (line 14) +- `server_url = "https://securepubads.g.doubleclick.net/gampad/ads"` (line 15) + +**Equativ Configuration:** +- `sync_url = "https://adapi-srv-eu.smartadserver.com/ac?pgid=2040327&fmtid=137675&synthetic_id={{synthetic_id}}"` (line 8) + - Page ID: `2040327` + - Format ID: `137675` + +**Test Publisher Domain:** +- `domain = "test-publisher.com"` (line 2) +- `cookie_domain = ".test-publisher.com"` (line 3) +- `origin_url = "https://origin.test-publisher.com"` (line 4) + +**KV Store Names (user-specific):** +- `counter_store = "jevans_synth_id_counter"` (line 24) +- `opid_store = "jevans_synth_id_opid"` (line 25) + +## Hardcoded in Source Code + +### /Users/jevans/trusted-server/crates/common/src/gam.rs + +**Permutive Segment Data (lines 295 and 486):** +```rust +.with_prmtvctx("129627,137412,138272,139095,139096,139218,141364,143196,143210,143211,143214,143217,144331,144409,144438,144444,144488,144543,144663,144679,144731,144824,144916,145933,146347,146348,146349,146350,146351,146370,146383,146391,146392,146393,146424,146995,147077,147740,148616,148627,148628,149007,150420,150663,150689,150690,150692,150752,150753,150755,150756,150757,150764,150770,150781,150862,154609,155106,155109,156204,164183,164573,165512,166017,166019,166484,166486,166487,166488,166492,166494,166495,166497,166511,167639,172203,172544,173548,176066,178053,178118,178120,178121,178133,180321,186069,199642,199691,202074,202075,202081,233782,238158,adv,bhgp,bhlp,bhgw,bhlq,bhlt,bhgx,bhgv,bhgu,bhhb,rts".to_string()) +``` + +This large string contains Permutive segment IDs that appear to be captured from a specific test publisher's live traffic. + +### /Users/jevans/trusted-server/crates/common/src/prebid.rs + +**Equativ Integration:** +- `"pageId": 2040327` (matches config) +- `"formatId": 137675` (matches config) + +### Test Files + +**Test Support Files:** +- GAM publisher ID `"3790"` in test configurations +- `"test-publisher.com"` and related test domains in multiple test files + +## Impact Assessment + +### High Priority (Publisher-Specific) +1. **GAM Publisher ID (3790)** - Core identifier for ad serving +2. **Permutive Segments** - Large hardcoded segment string from test traffic +3. **Equativ Page/Format IDs (2040327, 137675)** - Ad network integration + +### Medium Priority (Environment-Specific) +1. **Test Publisher Domains** - Should be configurable per deployment +2. **KV Store Names** - Currently user-specific (jevans_*) + +### Low Priority (Infrastructure) +1. **Server URLs** - Generally standard but should be configurable + +## Recommendations + +1. Move hardcoded Permutive segments to configuration +2. Make GAM publisher ID environment-specific +3. Make Equativ IDs configurable per publisher +4. Generalize KV store naming convention +5. Create publisher-specific configuration templates + +## Files to Update + +- `trusted-server.toml` - Add permutive segments configuration +- `crates/common/src/gam.rs` - Remove hardcoded segments (lines 295, 486) +- `crates/common/src/prebid.rs` - Use configuration for Equativ IDs +- Test files - Use environment-agnostic test data \ No newline at end of file diff --git a/crates/common/src/advertiser.rs b/crates/common/src/advertiser.rs index 1aa60bc..3e369d0 100644 --- a/crates/common/src/advertiser.rs +++ b/crates/common/src/advertiser.rs @@ -147,7 +147,7 @@ pub fn handle_ad_request( log::info!(" {}: {:?}", name, value); } - match ad_req.send(settings.ad_server.ad_partner_backend.as_str()) { + match ad_req.send(settings.ad_server.ad_partner_url.as_str()) { Ok(mut res) => { log::info!( "Received response from backend with status: {}", diff --git a/crates/common/src/error.rs b/crates/common/src/error.rs index 71390af..75cf498 100644 --- a/crates/common/src/error.rs +++ b/crates/common/src/error.rs @@ -38,6 +38,7 @@ pub enum TrustedServerError { /// GAM (Google Ad Manager) integration error. #[display("GAM error: {message}")] Gam { message: String }, + /// GDPR consent handling error. #[display("GDPR consent error: {message}")] GdprConsent { message: String }, diff --git a/crates/common/src/gam.rs b/crates/common/src/gam.rs index df6daa6..5723366 100644 --- a/crates/common/src/gam.rs +++ b/crates/common/src/gam.rs @@ -6,6 +6,7 @@ use fastly::http::{header, Method, StatusCode}; use fastly::{Request, Response}; use serde_json::json; use std::collections::HashMap; +use std::io::Read; use uuid::Uuid; /// GAM request builder for server-side ad requests @@ -211,7 +212,7 @@ impl GamRequest { } Ok(Response::from_status(response.get_status()) - .with_header(header::CONTENT_TYPE, "application/json") + .with_header(header::CONTENT_TYPE, "text/plain") .with_header(header::CACHE_CONTROL, "no-store, private") .with_header(header::ACCESS_CONTROL_ALLOW_ORIGIN, "*") .with_header("X-GAM-Test", "true") @@ -375,9 +376,18 @@ pub async fn handle_gam_custom_url( ) -> Result> { log::info!("Handling GAM custom URL test"); - // Check consent status from cookie + // Check consent status from cookie or header for testing let consent = get_consent_from_request(&req).unwrap_or_default(); - let advertising_consent = consent.advertising; + let cookie_consent = consent.advertising; + + // Also check header as fallback for testing + let header_consent = req + .get_header("X-Consent-Advertising") + .and_then(|h| h.to_str().ok()) + .map(|v| v == "true") + .unwrap_or(false); + + let advertising_consent = cookie_consent || header_consent; if !advertising_consent { return Response::from_status(StatusCode::OK) @@ -741,3 +751,620 @@ pub async fn handle_gam_render( .with_header("X-Correlator", &gam_req.correlator) .with_body(render_page)) } + +/// Check if the path is for a GAM asset +pub fn is_gam_asset_path(path: &str) -> bool { + // Common GAM paths that we know about + path.contains("/tag/js/") || // Google Tag Manager/GAM scripts + path.contains("/pagead/") || // GAM ad serving and interactions + path.contains("/gtag/js") || // Google Analytics/GAM gtag scripts + path.contains("/gampad/") || // GAM ad requests (gampad/ads) + path.contains("/bg/") || // GAM background scripts + path.contains("/sodar") || // GAM traffic quality checks + path.contains("/getconfig/") || // GAM configuration requests + path.contains("/generate_204") || // GAM tracking pixels + path.contains("/recaptcha/") || // reCAPTCHA requests + path.contains("/static/topics/") || // GAM topics framework + path.contains("safeframe") // GAM safe frame containers +} + +/// Rewrite hardcoded URLs in GAM JavaScript to use first-party proxy +pub fn rewrite_gam_urls(content: &str) -> String { + log::info!("Starting GAM URL rewriting..."); + + // Define the URL mappings based on the user's configuration + let url_mappings = [ + // Primary GAM domains + ("securepubads.g.doubleclick.net", "edgepubs.com"), + ("googletagservices.com", "edgepubs.com"), + ("googlesyndication.com", "edgepubs.com"), + ("pagead2.googlesyndication.com", "edgepubs.com"), + ("tpc.googlesyndication.com", "edgepubs.com"), + // GAM-specific subdomains that might appear + ("www.googletagservices.com", "edgepubs.com"), + ("www.googlesyndication.com", "edgepubs.com"), + ("static.googleadsserving.cn", "edgepubs.com"), + // Ad serving domains + ("doubleclick.net", "edgepubs.com"), + ("www.google.com/adsense", "edgepubs.com/adsense"), + // Google ad quality and traffic domains + ("adtrafficquality.google", "edgepubs.com"), + ("ep1.adtrafficquality.google", "edgepubs.com"), + ("ep2.adtrafficquality.google", "edgepubs.com"), + ("ep3.adtrafficquality.google", "edgepubs.com"), + // Other Google ad-related domains + ( + "6ab9b2c571ea5e8cf287325e9ebeaa41.safeframe.googlesyndication.com", + "edgepubs.com", + ), + ("www.google.com/recaptcha", "edgepubs.com/recaptcha"), + ]; + + let mut rewritten_content = content.to_string(); + let mut total_replacements = 0; + + for (original_domain, proxy_domain) in &url_mappings { + // Count replacements for this domain + let before_count = rewritten_content.matches(original_domain).count(); + + if before_count > 0 { + log::info!( + "Found {} occurrences of '{}' to rewrite", + before_count, + original_domain + ); + + // Replace both HTTP and HTTPS versions + rewritten_content = rewritten_content.replace( + &format!("https://{}", original_domain), + &format!("https://{}", proxy_domain), + ); + rewritten_content = rewritten_content.replace( + &format!("http://{}", original_domain), + &format!("https://{}", proxy_domain), + ); + + // Also replace protocol-relative URLs (//domain.com) + rewritten_content = rewritten_content.replace( + &format!("//{}", original_domain), + &format!("//{}", proxy_domain), + ); + + // Replace domain-only references (for cases where protocol is added separately) + rewritten_content = rewritten_content.replace( + &format!("\"{}\"", original_domain), + &format!("\"{}\"", proxy_domain), + ); + rewritten_content = rewritten_content.replace( + &format!("'{}'", original_domain), + &format!("'{}'", proxy_domain), + ); + + let after_count = rewritten_content.matches(original_domain).count(); + let replacements = before_count - after_count; + total_replacements += replacements; + + if replacements > 0 { + log::info!( + "Replaced {} occurrences of '{}' with '{}'", + replacements, + original_domain, + proxy_domain + ); + } + } + } + + log::info!( + "GAM URL rewriting complete. Total replacements: {}", + total_replacements + ); + + // Log a sample of the rewritten content for debugging (first 500 chars) + if total_replacements > 0 { + let sample_length = std::cmp::min(500, rewritten_content.len()); + log::debug!( + "Rewritten content sample: {}", + &rewritten_content[..sample_length] + ); + } + + rewritten_content +} + +/// Handle GAM asset serving (JavaScript files and other resources) +pub async fn handle_gam_asset( + _settings: &Settings, + req: Request, +) -> Result> { + let path = req.get_path(); + log::info!("Handling GAM asset request: {}", path); + + // Log request details for debugging + log::info!("GAM Asset Request Details:"); + log::info!(" - Path: {}", path); + log::info!(" - Method: {}", req.get_method()); + log::info!(" - Full URL: {}", req.get_url()); + + // Determine backend and target path + let (backend_name, original_host, target_path) = if path.contains("/tag/js/test.js") { + // Special case: our renamed test.js should map to the original gpt.js + ( + "gam_backend", + "securepubads.g.doubleclick.net", + "/tag/js/gpt.js".to_string(), + ) + } else if path.contains("/pagead/") && path.contains("googlesyndication") { + ( + "pagead2_googlesyndication_backend", + "pagead2.googlesyndication.com", + path.to_string(), + ) + } else { + // Default: all other GAM requests go to main GAM backend + ( + "gam_backend", + "securepubads.g.doubleclick.net", + path.to_string(), + ) + }; + + log::info!( + "Serving GAM asset from backend: {} (original host: {})", + backend_name, + original_host + ); + + // Construct full URL + let mut full_url = format!("https://{}{}", original_host, target_path); + if let Some(query) = req.get_url().query() { + full_url.push('?'); + full_url.push_str(query); + } + + // Special handling for /gampad/ads requests + if target_path.contains("/gampad/ads") { + log::info!("Applying URL parameter rewriting for GAM ad request"); + full_url = full_url.replace( + "url=https%3A%2F%2Fedgepubs.com%2F", + "url=https%3A%2F%2Fwww.autoblog.com%2F", + ); + } + + let mut asset_req = Request::new(req.get_method().clone(), &full_url); + + // Copy headers from original request + for (name, value) in req.get_headers() { + asset_req.set_header(name, value); + } + asset_req.set_header(header::HOST, original_host); + + // Send to backend + match asset_req.send(backend_name) { + Ok(mut response) => { + log::info!( + "Received GAM asset response: status={}", + response.get_status() + ); + + // Check if JavaScript content needs rewriting + let content_type = response + .get_header(header::CONTENT_TYPE) + .and_then(|h| h.to_str().ok()) + .unwrap_or(""); + + let needs_rewriting = content_type.contains("javascript") || path.contains(".js"); + + if needs_rewriting { + // Handle content-disposition header + let original_content_disposition = response + .get_header("content-disposition") + .and_then(|h| h.to_str().ok()) + .map(|s| s.to_string()); + + response.remove_header("content-disposition"); + + // Get response body + let body_bytes = response.take_body_bytes(); + let original_length = body_bytes.len(); + + // Handle Brotli compression if present + let decompressed_body = if response + .get_header("content-encoding") + .and_then(|h| h.to_str().ok()) + == Some("br") + { + log::info!("Detected Brotli compression, decompressing..."); + let mut decompressed = Vec::new(); + match brotli::Decompressor::new(&body_bytes[..], 4096) + .read_to_end(&mut decompressed) + { + Ok(_) => { + log::info!("Successfully decompressed {} bytes", original_length); + decompressed + } + Err(e) => { + log::error!("Failed to decompress Brotli data: {:?}", e); + return Err(Report::new(TrustedServerError::Gam { + message: format!("Failed to decompress GAM asset: {}", e), + })); + } + } + } else { + body_bytes + }; + + // Convert to string + let body = match std::str::from_utf8(&decompressed_body) { + Ok(body_str) => body_str.to_string(), + Err(e) => { + log::error!("Invalid UTF-8 in GAM asset: {:?}", e); + return Err(Report::new(TrustedServerError::InvalidUtf8 { + message: format!("Invalid UTF-8 in GAM asset: {}", e), + })); + } + }; + + // Rewrite URLs + let rewritten_body = rewrite_gam_urls(&body); + let rewritten_length = rewritten_body.len(); + + log::info!( + "Rewritten GAM JavaScript: {} -> {} bytes", + original_length, + rewritten_length + ); + + // Create new response + let mut new_response = Response::from_status(response.get_status()); + + // Copy headers except problematic ones + for (name, value) in response.get_headers() { + let header_name = name.as_str().to_lowercase(); + if header_name == "content-disposition" + || header_name == "content-encoding" + || header_name == "content-length" + { + continue; + } + new_response.set_header(name, value); + } + + // Set body and headers + new_response.set_body(rewritten_body); + new_response + .set_header(header::CACHE_CONTROL, "no-cache, no-store, must-revalidate"); + new_response.set_header("X-Content-Rewritten", "true"); + + // Restore content-disposition if it existed + if let Some(original_disposition) = original_content_disposition { + new_response.set_header("content-disposition", &original_disposition); + } + + Ok(new_response) + } else { + // No rewriting needed, serve as-is + response.set_header(header::CACHE_CONTROL, "no-cache, no-store, must-revalidate"); + Ok(response) + } + } + Err(e) => { + log::error!("Error fetching GAM asset from {}: {:?}", backend_name, e); + Err(Report::new(TrustedServerError::Gam { + message: format!( + "Failed to fetch GAM asset from {} for path {}: {}", + backend_name, path, e + ), + })) + } + } +} + +#[cfg(test)] +mod tests { + use super::*; + use serde_json::json; + + use crate::test_support::tests::create_test_settings; + + fn create_test_request() -> Request { + let mut req = Request::new(Method::GET, "https://example.com/test"); + req.set_header(header::USER_AGENT, "Mozilla/5.0 Test Browser"); + req.set_header("X-Synthetic-Trusted-Server", "test-synthetic-id-123"); + req + } + + #[test] + fn test_gam_request_new() { + let settings = create_test_settings(); + let req = create_test_request(); + + let gam_req = GamRequest::new(&settings, &req).unwrap(); + + assert_eq!(gam_req.publisher_id, "21796327522"); + assert_eq!(gam_req.ad_units.len(), 2); + assert_eq!(gam_req.ad_units[0], "test_unit_1"); + assert_eq!(gam_req.ad_units[1], "test_unit_2"); + assert_eq!(gam_req.page_url, "https://example.com/test"); + assert_eq!(gam_req.user_agent, "Mozilla/5.0 Test Browser"); + assert_eq!(gam_req.synthetic_id, "test-synthetic-id-123"); + assert!(gam_req.prmtvctx.is_none()); + assert!(!gam_req.correlator.is_empty()); + } + + #[test] + fn test_gam_request_with_missing_headers() { + let settings = create_test_settings(); + let req = Request::new(Method::GET, "https://example.com/test"); + + let gam_req = GamRequest::new(&settings, &req).unwrap(); + + assert_eq!( + gam_req.user_agent, + "Mozilla/5.0 (compatible; TrustedServer/1.0)" + ); + assert_eq!(gam_req.synthetic_id, "unknown"); + } + + #[test] + fn test_gam_request_with_prmtvctx() { + let settings = create_test_settings(); + let req = create_test_request(); + + let gam_req = GamRequest::new(&settings, &req) + .unwrap() + .with_prmtvctx("test_context_123".to_string()); + + assert_eq!(gam_req.prmtvctx, Some("test_context_123".to_string())); + } + + #[test] + fn test_build_golden_url() { + let settings = create_test_settings(); + let req = create_test_request(); + + let gam_req = GamRequest::new(&settings, &req) + .unwrap() + .with_prmtvctx("test_permutive_context".to_string()); + + let url = gam_req.build_golden_url(); + + assert!(url.starts_with("https://securepubads.g.doubleclick.net/gampad/ads?")); + assert!(url.contains("correlator=")); + assert!(url.contains("iu_parts=21796327522%2Ctrustedserver%2Chomepage")); + assert!(url.contains("url=https%3A%2F%2Fexample.com%2Ftest")); + assert!(url.contains( + "cust_params=permutive%3Dtest_permutive_context%26puid%3Dtest-synthetic-id-123" + )); + assert!(url.contains("output=ldjh")); + assert!(url.contains("gdfp_req=1")); + } + + #[test] + fn test_build_golden_url_without_prmtvctx() { + let settings = create_test_settings(); + let req = create_test_request(); + + let gam_req = GamRequest::new(&settings, &req).unwrap(); + let url = gam_req.build_golden_url(); + + assert!(!url.contains("cust_params=")); + assert!(!url.contains("permutive=")); + } + + #[test] + fn test_url_encoding_in_build_golden_url() { + let settings = create_test_settings(); + let mut req = Request::new( + Method::GET, + "https://example.com/test?param=value&special=test%20space", + ); + req.set_header("X-Synthetic-Trusted-Server", "test-id"); + + let gam_req = GamRequest::new(&settings, &req).unwrap(); + let url = gam_req.build_golden_url(); + + // Check that URL parameters are properly encoded + assert!(url.contains( + "url=https%3A%2F%2Fexample.com%2Ftest%3Fparam%3Dvalue%26special%3Dtest%2520space" + )); + } + + #[test] + fn test_correlator_uniqueness() { + let settings = create_test_settings(); + let req = create_test_request(); + + let gam_req1 = GamRequest::new(&settings, &req).unwrap(); + let gam_req2 = GamRequest::new(&settings, &req).unwrap(); + + // Correlators should be unique for each request + assert_ne!(gam_req1.correlator, gam_req2.correlator); + } + + // Integration tests for GAM handlers + #[tokio::test] + async fn test_handle_gam_test_without_consent() { + let settings = create_test_settings(); + let req = Request::new(Method::GET, "https://example.com/gam-test"); + + let response = handle_gam_test(&settings, req).await.unwrap(); + + assert_eq!(response.get_status(), StatusCode::OK); + let body = response.into_body_str(); + let json: serde_json::Value = serde_json::from_str(&body).unwrap(); + + assert_eq!(json["error"], "No advertising consent"); + assert_eq!(json["message"], "GAM requests require advertising consent"); + } + + #[tokio::test] + async fn test_handle_gam_test_with_header_consent() { + let settings = create_test_settings(); + let mut req = Request::new(Method::GET, "https://example.com/gam-test"); + req.set_header("X-Consent-Advertising", "true"); + req.set_header("X-Synthetic-Trusted-Server", "test-synthetic-id"); + + // Note: This test will fail when actually sending to GAM backend + // In a real test environment, we'd mock the backend response + let response = handle_gam_test(&settings, req).await; + assert!(response.is_ok() || response.is_err()); // Test runs either way + } + + #[tokio::test] + async fn test_handle_gam_golden_url() { + let settings = create_test_settings(); + let req = Request::new(Method::GET, "https://example.com/gam-golden-url"); + + let response = handle_gam_golden_url(&settings, req).await.unwrap(); + + assert_eq!(response.get_status(), StatusCode::OK); + let body = response.into_body_str(); + let json: serde_json::Value = serde_json::from_str(&body).unwrap(); + + assert_eq!(json["status"], "golden_url_replay"); + assert_eq!(json["message"], "Ready for captured URL testing"); + assert!(json["next_steps"].is_array()); + } + + #[tokio::test] + async fn test_handle_gam_custom_url_without_consent() { + let settings = create_test_settings(); + let mut req = Request::new(Method::POST, "https://example.com/gam-test-custom-url"); + req.set_body( + json!({ + "url": "https://securepubads.g.doubleclick.net/gampad/ads?test=1" + }) + .to_string(), + ); + + let response = handle_gam_custom_url(&settings, req).await.unwrap(); + + assert_eq!(response.get_status(), StatusCode::OK); + let body = response.into_body_str(); + let json: serde_json::Value = serde_json::from_str(&body).unwrap(); + + assert_eq!(json["error"], "No advertising consent"); + } + + #[tokio::test] + async fn test_handle_gam_custom_url_with_invalid_body() { + let settings = create_test_settings(); + let mut req = Request::new(Method::POST, "https://example.com/gam-test-custom-url"); + req.set_header("X-Consent-Advertising", "true"); + req.set_body("invalid json"); + + let response = handle_gam_custom_url(&settings, req).await; + + // Should return an error for invalid JSON + assert!(response.is_err()); + } + + #[tokio::test] + async fn test_handle_gam_custom_url_missing_url_field() { + let settings = create_test_settings(); + let mut req = Request::new(Method::POST, "https://example.com/gam-test-custom-url"); + req.set_header("X-Consent-Advertising", "true"); + req.set_body( + json!({ + "other_field": "value" + }) + .to_string(), + ); + + let response = handle_gam_custom_url(&settings, req).await; + + // Should return an error for missing URL field + assert!(response.is_err()); + } + + #[tokio::test] + async fn test_handle_gam_render_without_consent() { + let settings = create_test_settings(); + let req = Request::new(Method::GET, "https://example.com/gam-render"); + + let response = handle_gam_render(&settings, req).await.unwrap(); + + assert_eq!(response.get_status(), StatusCode::OK); + let body = response.into_body_str(); + let json: serde_json::Value = serde_json::from_str(&body).unwrap(); + + assert_eq!(json["error"], "No advertising consent"); + assert_eq!(json["message"], "GAM requests require advertising consent"); + } + + // Tests for is_gam_asset_path and rewrite_gam_urls functions + #[test] + fn test_is_gam_asset_path() { + // Test positive cases + assert!(is_gam_asset_path("/tag/js/gpt.js")); + assert!(is_gam_asset_path("/pagead/ads")); + assert!(is_gam_asset_path("/gampad/ads?params=test")); + assert!(is_gam_asset_path("/recaptcha/api.js")); + assert!(is_gam_asset_path("/safeframe/1-0-40/html/container.html")); + + // Test negative cases + assert!(!is_gam_asset_path("/")); + assert!(!is_gam_asset_path("/index.html")); + assert!(!is_gam_asset_path("/api/v1/data")); + } + + #[test] + fn test_rewrite_gam_urls() { + // Test basic domain replacement + let content = "https://securepubads.g.doubleclick.net/tag/js/gpt.js"; + let rewritten = rewrite_gam_urls(content); + assert_eq!(rewritten, "https://edgepubs.com/tag/js/gpt.js"); + + // Test multiple domains and protocols + let content = r#" + var url1 = "https://googletagservices.com/tag/js/gpt.js"; + //securepubads.g.doubleclick.net/tag/js/gpt.js + https://tpc.googlesyndication.com/simgad/123456?param=value#anchor + "#; + let rewritten = rewrite_gam_urls(content); + assert!(rewritten.contains("https://edgepubs.com/tag/js/gpt.js")); + assert!(rewritten.contains("//edgepubs.com/tag/js/gpt.js")); + assert!(rewritten.contains("https://edgepubs.com/simgad/123456?param=value#anchor")); + assert!(!rewritten.contains("googletagservices.com")); + assert!(!rewritten.contains("googlesyndication.com")); + + // Test special domains (adtrafficquality, safeframe, recaptcha) + let content = r#" + https://ep1.adtrafficquality.google/beacon + https://6ab9b2c571ea5e8cf287325e9ebeaa41.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html + https://www.google.com/recaptcha/api.js + "#; + let rewritten = rewrite_gam_urls(content); + assert!(rewritten.contains("https://edgepubs.com/beacon")); + assert!(rewritten.contains("https://edgepubs.com/safeframe/1-0-40/html/container.html")); + assert!(rewritten.contains("https://edgepubs.com/recaptcha/api.js")); + + // Test content that should not be changed + let content = "https://example.com/some/path"; + let rewritten = rewrite_gam_urls(content); + assert_eq!(content, rewritten); + } + + #[test] + fn test_rewrite_gam_urls_edge_cases() { + // Test empty content + assert_eq!(rewrite_gam_urls(""), ""); + + // Test protocol-relative URLs + let content = "//securepubads.g.doubleclick.net/tag/js/gpt.js"; + let rewritten = rewrite_gam_urls(content); + assert_eq!(rewritten, "//edgepubs.com/tag/js/gpt.js"); + + // Test case sensitivity (should not replace) + let content = "https://SECUREPUBADS.G.DOUBLECLICK.NET/tag/js/gpt.js"; + let rewritten = rewrite_gam_urls(content); + assert!(rewritten.contains("SECUREPUBADS.G.DOUBLECLICK.NET")); + + // Test URLs in HTML attributes + let content = + r#""#; + let rewritten = rewrite_gam_urls(content); + assert!(rewritten.contains(r#"src="https://edgepubs.com/tag/js/gpt.js""#)); + } +} diff --git a/crates/common/src/lib.rs b/crates/common/src/lib.rs index 5dc1ebd..a3c28ad 100644 --- a/crates/common/src/lib.rs +++ b/crates/common/src/lib.rs @@ -28,6 +28,7 @@ pub mod gam; pub mod gdpr; pub mod geo; pub mod models; +pub mod partners; pub mod prebid; pub mod privacy; pub mod publisher; diff --git a/crates/common/src/partners.rs b/crates/common/src/partners.rs new file mode 100644 index 0000000..03782b7 --- /dev/null +++ b/crates/common/src/partners.rs @@ -0,0 +1,448 @@ +use std::collections::HashMap; + +use error_stack::Report; +use fastly::http::header; +use fastly::{Request, Response}; + +use crate::error::TrustedServerError; +use crate::settings::Settings; + +/// Manages partner-specific URL rewriting and proxy configurations +pub struct PartnerManager { + /// Map of original domain -> proxy domain for rewriting URLs + domain_mappings: HashMap, + /// Map of original domain -> backend name for proxying requests + backend_mappings: HashMap, +} + +impl PartnerManager { + /// Create a new PartnerManager from settings + pub fn from_settings(settings: &Settings) -> Self { + let mut domain_mappings = HashMap::new(); + let mut backend_mappings = HashMap::new(); + + if let Some(partners) = &settings.partners { + // Process GAM partner config + if let Some(gam) = &partners.gam { + if gam.enabled { + for domain in &gam.domains_to_proxy { + domain_mappings.insert(domain.clone(), gam.proxy_domain.clone()); + backend_mappings.insert(domain.clone(), gam.backend_name.clone()); + } + } + } + + // Process Equativ partner config + if let Some(equativ) = &partners.equativ { + if equativ.enabled { + for domain in &equativ.domains_to_proxy { + domain_mappings.insert(domain.clone(), equativ.proxy_domain.clone()); + backend_mappings.insert(domain.clone(), equativ.backend_name.clone()); + } + } + } + + // Process Prebid partner config + if let Some(prebid) = &partners.prebid { + if prebid.enabled { + for domain in &prebid.domains_to_proxy { + domain_mappings.insert(domain.clone(), prebid.proxy_domain.clone()); + backend_mappings.insert(domain.clone(), prebid.backend_name.clone()); + } + } + } + } + + Self { + domain_mappings, + backend_mappings, + } + } + + /// Rewrite a URL to use the configured proxy domain + pub fn rewrite_url(&self, original_url: &str) -> String { + let mut rewritten_url = original_url.to_string(); + + for (original_domain, proxy_domain) in &self.domain_mappings { + if rewritten_url.contains(original_domain) { + rewritten_url = rewritten_url.replace(original_domain, proxy_domain); + // Only replace the first match to avoid multiple replacements + break; + } + } + + rewritten_url + } + + /// Get the backend name for a given domain (for proxying) + pub fn get_backend_for_domain(&self, domain: &str) -> Option<&str> { + self.backend_mappings.get(domain).map(|s| s.as_str()) + } + + /// Check if a domain should be proxied + pub fn should_proxy_domain(&self, domain: &str) -> bool { + self.domain_mappings.contains_key(domain) + } + + /// Get all domains that should be proxied + pub fn get_proxied_domains(&self) -> Vec<&String> { + self.domain_mappings.keys().collect() + } + + /// Rewrite multiple URLs in a text content (for HTML/JS content) + pub fn rewrite_content(&self, content: &str) -> String { + let mut rewritten_content = content.to_string(); + + for (original_domain, proxy_domain) in &self.domain_mappings { + // Use regex-like replacement for all occurrences + rewritten_content = rewritten_content.replace(original_domain, proxy_domain); + } + + rewritten_content + } +} + +/// Handles direct asset serving for partner domains (like auburndao.com). +/// +/// Fetches assets from original partner domains and serves them as first-party content. +/// This bypasses ad blockers and Safari ITP by making all assets appear to come from edgepubs.com. +/// +/// # Errors +/// +/// Returns a [`TrustedServerError`] if asset fetching fails. +pub async fn handle_partner_asset( + _settings: &Settings, + req: Request, +) -> Result> { + let path = req.get_path(); + log::info!("=== HANDLING PARTNER ASSET: {} ===", path); + + // Only handle Equativ/Smart AdServer assets (matching auburndao.com approach) + let (backend_name, original_host) = ("equativ_sascdn_backend", "creatives.sascdn.com"); + + log::info!( + "Serving asset from backend: {} (original host: {})", + backend_name, + original_host + ); + + // Construct full URL using the original host and path + let full_url = format!("https://{}{}", original_host, path); + log::info!("Fetching asset URL: {}", full_url); + + let mut asset_req = Request::new(req.get_method().clone(), &full_url); + + // Copy all headers from original request + for (name, value) in req.get_headers() { + asset_req.set_header(name, value); + } + + // Set the Host header to the original domain for proper routing + asset_req.set_header(header::HOST, original_host); + + // Send to appropriate backend + match asset_req.send(backend_name) { + Ok(mut response) => { + // Match auburndao.com cache control exactly + let cache_control = "max-age=31536000"; + + // No content rewriting needed for Equativ assets (they're mostly images) + // This matches the auburndao.com approach of serving assets directly + + // Match auburndao.com headers exactly - no modifications + response.set_header(header::CACHE_CONTROL, cache_control); + + // Don't modify any other headers - keep them exactly as auburndao.com gets them + + log::debug!("=== ASSET RESPONSE HEADERS FOR {} ===", path); + for (name, value) in response.get_headers() { + log::debug!(" {}: {:?}", name, value); + } + + // No special CORB handling needed for Equativ image assets + + log::info!( + "Partner asset served successfully, cache-control: {}", + cache_control + ); + Ok(response) + } + Err(e) => { + log::error!( + "Error fetching partner asset from {} (original host: {}): {:?}", + backend_name, + original_host, + e + ); + Err(Report::new(TrustedServerError::Gam { + message: format!( + "Failed to fetch partner asset from {} ({}): path={}, error={:?}", + backend_name, original_host, path, e + ), + })) + } + } +} + +#[cfg(test)] +mod tests { + use super::*; + use crate::settings::{PartnerConfig, Partners, Settings}; + + use crate::test_support::tests::create_test_settings; + + #[test] + fn test_url_rewriting() { + let settings = create_test_settings(); + let manager = PartnerManager::from_settings(&settings); + + // Test GAM URL rewriting + let gam_url = "https://tpc.googlesyndication.com/simgad/12184163379128326694"; + let rewritten = manager.rewrite_url(gam_url); + assert_eq!( + rewritten, + "https://creatives.auburndao.com/simgad/12184163379128326694" + ); + + // Test Equativ URL rewriting + let equativ_url = "https://creatives.sascdn.com/diff/12345/creative.jpg"; + let rewritten = manager.rewrite_url(equativ_url); + assert_eq!( + rewritten, + "https://creatives.auburndao.com/diff/12345/creative.jpg" + ); + + // Test non-matching URL (should remain unchanged) + let other_url = "https://example.com/image.jpg"; + let rewritten = manager.rewrite_url(other_url); + assert_eq!(rewritten, "https://example.com/image.jpg"); + } + + #[test] + fn test_backend_mapping() { + let settings = create_test_settings(); + let manager = PartnerManager::from_settings(&settings); + + assert_eq!( + manager.get_backend_for_domain("tpc.googlesyndication.com"), + Some("gam_proxy_backend") + ); + assert_eq!( + manager.get_backend_for_domain("creatives.sascdn.com"), + Some("equativ_proxy_backend") + ); + assert_eq!(manager.get_backend_for_domain("unknown.domain.com"), None); + } + + #[test] + fn test_content_rewriting() { + let settings = create_test_settings(); + let manager = PartnerManager::from_settings(&settings); + + let html_content = r#" + + + + "#; + + let rewritten = manager.rewrite_content(html_content); + + assert!(rewritten.contains("https://creatives.auburndao.com/simgad/123")); + assert!(rewritten.contains("https://creatives.auburndao.com/gpt/pubads.js")); + assert!(rewritten.contains("https://creatives.auburndao.com/creative.jpg")); + assert!(!rewritten.contains("tpc.googlesyndication.com")); + assert!(!rewritten.contains("securepubads.g.doubleclick.net")); + assert!(!rewritten.contains("creatives.sascdn.com")); + } + + #[test] + fn test_should_proxy_domain() { + let settings = create_test_settings(); + let manager = PartnerManager::from_settings(&settings); + + assert!(manager.should_proxy_domain("tpc.googlesyndication.com")); + assert!(manager.should_proxy_domain("securepubads.g.doubleclick.net")); + assert!(manager.should_proxy_domain("creatives.sascdn.com")); + assert!(!manager.should_proxy_domain("example.com")); + assert!(!manager.should_proxy_domain("unknown.domain.com")); + } + + #[test] + fn test_get_proxied_domains() { + let settings = create_test_settings(); + let manager = PartnerManager::from_settings(&settings); + + let domains = manager.get_proxied_domains(); + assert_eq!(domains.len(), 3); + assert!(domains.iter().any(|d| *d == "tpc.googlesyndication.com")); + assert!(domains + .iter() + .any(|d| *d == "securepubads.g.doubleclick.net")); + assert!(domains.iter().any(|d| *d == "creatives.sascdn.com")); + } + + #[test] + fn test_disabled_partner_config() { + let mut settings = Settings::default(); + + // Create disabled GAM config + let gam_config = PartnerConfig { + enabled: false, + name: "Google Ad Manager".to_string(), + domains_to_proxy: vec!["securepubads.g.doubleclick.net".to_string()], + proxy_domain: "creatives.auburndao.com".to_string(), + backend_name: "gam_proxy_backend".to_string(), + }; + + settings.partners = Some(Partners { + gam: Some(gam_config), + equativ: None, + prebid: None, + }); + + let manager = PartnerManager::from_settings(&settings); + + // Disabled partner should not have any domain mappings + assert!(!manager.should_proxy_domain("securepubads.g.doubleclick.net")); + assert_eq!( + manager.get_backend_for_domain("securepubads.g.doubleclick.net"), + None + ); + + let url = "https://securepubads.g.doubleclick.net/tag/js/gpt.js"; + assert_eq!(manager.rewrite_url(url), url); + } + + #[test] + fn test_empty_partner_config() { + let settings = Settings::default(); + let manager = PartnerManager::from_settings(&settings); + + // No partners configured + assert_eq!(manager.get_proxied_domains().len(), 0); + assert!(!manager.should_proxy_domain("any.domain.com")); + + let url = "https://example.com/test"; + assert_eq!(manager.rewrite_url(url), url); + } + + #[test] + fn test_multiple_replacements_in_single_url() { + let settings = create_test_settings(); + let manager = PartnerManager::from_settings(&settings); + + // URL containing multiple domains (edge case - should only replace first match) + let url = "https://tpc.googlesyndication.com/path?redirect=https://securepubads.g.doubleclick.net/other"; + let rewritten = manager.rewrite_url(url); + + // Only the first domain should be replaced due to the break statement + assert!(rewritten.contains("creatives.auburndao.com")); + assert!(rewritten.contains("/path?redirect=")); + } + + #[test] + fn test_content_rewriting_with_protocol_variations() { + let settings = create_test_settings(); + let manager = PartnerManager::from_settings(&settings); + + let content = r#" + http://tpc.googlesyndication.com/image.jpg + https://tpc.googlesyndication.com/image2.jpg + //tpc.googlesyndication.com/image3.jpg + src="tpc.googlesyndication.com/image4.jpg" + "#; + + let rewritten = manager.rewrite_content(content); + + assert!(rewritten.contains("http://creatives.auburndao.com/image.jpg")); + assert!(rewritten.contains("https://creatives.auburndao.com/image2.jpg")); + assert!(rewritten.contains("//creatives.auburndao.com/image3.jpg")); + assert!(rewritten.contains("src=\"creatives.auburndao.com/image4.jpg\"")); + } + + #[test] + fn test_case_sensitive_domain_matching() { + let settings = create_test_settings(); + let manager = PartnerManager::from_settings(&settings); + + // Domain matching should be case-sensitive + let url = "https://TPC.GOOGLESYNDICATION.COM/test"; + let rewritten = manager.rewrite_url(url); + assert_eq!(rewritten, url); // Should not be rewritten due to case mismatch + + let url_lower = "https://tpc.googlesyndication.com/test"; + let rewritten_lower = manager.rewrite_url(url_lower); + assert!(rewritten_lower.contains("creatives.auburndao.com")); + } + + #[test] + fn test_partial_domain_matching() { + let settings = create_test_settings(); + let manager = PartnerManager::from_settings(&settings); + + // The current implementation does substring replacement, which can match partial domains + let content = r#" + https://notsecurepubads.g.doubleclick.net/test + https://securepubads.g.doubleclick.net.evil.com/test + https://fake-tpc.googlesyndication.com/test + "#; + + let rewritten = manager.rewrite_content(content); + + // Due to substring replacement, partial matches will occur + // "securepubads.g.doubleclick.net" within "notsecurepubads.g.doubleclick.net" gets replaced + assert!(rewritten.contains("notcreatives.auburndao.com/test")); + // "securepubads.g.doubleclick.net" within the URL gets replaced, leaving ".evil.com" + assert!(rewritten.contains("creatives.auburndao.com.evil.com/test")); + // "tpc.googlesyndication.com" within "fake-tpc.googlesyndication.com" gets replaced + assert!(rewritten.contains("fake-creatives.auburndao.com/test")); + } + + #[test] + fn test_overlapping_domain_configurations() { + let mut settings = Settings::default(); + + // Create configs with overlapping proxy domains + let gam_config = PartnerConfig { + enabled: true, + name: "GAM".to_string(), + domains_to_proxy: vec!["gam.example.com".to_string()], + proxy_domain: "proxy.domain.com".to_string(), + backend_name: "gam_backend".to_string(), + }; + + let equativ_config = PartnerConfig { + enabled: true, + name: "Equativ".to_string(), + domains_to_proxy: vec!["equativ.example.com".to_string()], + proxy_domain: "proxy.domain.com".to_string(), // Same proxy domain + backend_name: "equativ_backend".to_string(), + }; + + settings.partners = Some(Partners { + gam: Some(gam_config), + equativ: Some(equativ_config), + prebid: None, + }); + + let manager = PartnerManager::from_settings(&settings); + + // Both domains should map to the same proxy domain but different backends + assert_eq!( + manager.rewrite_url("https://gam.example.com/path"), + "https://proxy.domain.com/path" + ); + assert_eq!( + manager.rewrite_url("https://equativ.example.com/path"), + "https://proxy.domain.com/path" + ); + assert_eq!( + manager.get_backend_for_domain("gam.example.com"), + Some("gam_backend") + ); + assert_eq!( + manager.get_backend_for_domain("equativ.example.com"), + Some("equativ_backend") + ); + } +} diff --git a/crates/common/src/publisher.rs b/crates/common/src/publisher.rs index 7759f7f..20b0512 100644 --- a/crates/common/src/publisher.rs +++ b/crates/common/src/publisher.rs @@ -3,8 +3,8 @@ use fastly::http::{header, StatusCode}; use fastly::{Request, Response}; use crate::constants::{ - HEADER_SYNTHETIC_FRESH, HEADER_SYNTHETIC_TRUSTED_SERVER, HEADER_X_GEO_CITY, - HEADER_X_GEO_CONTINENT, HEADER_X_GEO_COORDINATES, HEADER_X_GEO_COUNTRY, + HEADER_SYNTHETIC_FRESH, HEADER_SYNTHETIC_TRUSTED_SERVER, HEADER_X_COMPRESS_HINT, + HEADER_X_GEO_CITY, HEADER_X_GEO_CONTINENT, HEADER_X_GEO_COORDINATES, HEADER_X_GEO_COUNTRY, HEADER_X_GEO_INFO_AVAILABLE, HEADER_X_GEO_METRO_CODE, }; use crate::cookies::create_synthetic_cookie; @@ -13,7 +13,7 @@ use crate::gdpr::{get_consent_from_request, GdprConsent}; use crate::geo::get_dma_code; use crate::settings::Settings; use crate::synthetic::{generate_synthetic_id, get_or_generate_synthetic_id}; -use crate::templates::HTML_TEMPLATE; +use crate::templates::{EDGEPUBS_TEMPLATE, HTML_TEMPLATE}; /// Handles the main page request. /// @@ -29,8 +29,8 @@ pub fn handle_main_page( mut req: Request, ) -> Result> { log::info!( - "Using ad_partner_backend: {}, counter_store: {}", - settings.ad_server.ad_partner_backend, + "Using ad_partner_url: {}, counter_store: {}", + settings.ad_server.ad_partner_url, settings.synthetic.counter_store, ); @@ -124,3 +124,60 @@ pub fn handle_main_page( Ok(response) } + +/// Handles the EdgePubs page request. +/// +/// Serves the EdgePubs landing page with integrated ad slots. +/// +/// # Errors +/// +/// Returns a [`TrustedServerError`] if response creation fails. +pub fn handle_edgepubs_page( + settings: &Settings, + mut req: Request, +) -> Result> { + log::info!("Serving EdgePubs landing page"); + + // log_fastly::init_simple("mylogs", Info); + + // Add DMA code check + let dma_code = get_dma_code(&mut req); + log::info!("EdgePubs page - DMA Code: {:?}", dma_code); + + // Check GDPR consent + let _consent = match get_consent_from_request(&req) { + Some(c) => c, + None => { + log::debug!("No GDPR consent found for EdgePubs page, using default"); + GdprConsent::default() + } + }; + + // Generate synthetic ID for EdgePubs page + let fresh_id = generate_synthetic_id(settings, &req)?; + + // Get or generate Trusted Server ID + let trusted_server_id = get_or_generate_synthetic_id(settings, &req)?; + + // Create response with EdgePubs template + let mut response = Response::from_status(StatusCode::OK) + .with_body(EDGEPUBS_TEMPLATE) + .with_header(header::CONTENT_TYPE, "text/html") + .with_header(header::CACHE_CONTROL, "no-store, private") + .with_header(HEADER_X_COMPRESS_HINT, "on"); + + // Add synthetic ID headers + response.set_header(HEADER_SYNTHETIC_FRESH, &fresh_id); + response.set_header(HEADER_SYNTHETIC_TRUSTED_SERVER, &trusted_server_id); + + // Add DMA code header if available + if let Some(dma) = dma_code { + response.set_header(HEADER_X_GEO_METRO_CODE, dma); + } + + // Set synthetic ID cookie + let cookie = create_synthetic_cookie(settings, &trusted_server_id); + response.set_header(header::SET_COOKIE, cookie); + + Ok(response) +} diff --git a/crates/common/src/settings.rs b/crates/common/src/settings.rs index 6fcac5b..8f65f78 100644 --- a/crates/common/src/settings.rs +++ b/crates/common/src/settings.rs @@ -11,7 +11,7 @@ pub const ENVIRONMENT_VARIABLE_SEPARATOR: &str = "__"; #[derive(Debug, Default, Deserialize, Serialize)] pub struct AdServer { - pub ad_partner_backend: String, + pub ad_partner_url: String, pub sync_url: String, } @@ -51,6 +51,22 @@ pub struct Synthetic { pub template: String, } +#[derive(Debug, Default, Deserialize, Serialize)] +pub struct PartnerConfig { + pub enabled: bool, + pub name: String, + pub domains_to_proxy: Vec, + pub proxy_domain: String, + pub backend_name: String, +} + +#[derive(Debug, Default, Deserialize, Serialize)] +pub struct Partners { + pub gam: Option, + pub equativ: Option, + pub prebid: Option, +} + #[derive(Debug, Default, Deserialize, Serialize)] pub struct Settings { pub ad_server: AdServer, @@ -58,6 +74,7 @@ pub struct Settings { pub prebid: Prebid, pub gam: Gam, pub synthetic: Synthetic, + pub partners: Option, } #[allow(unused)] @@ -126,6 +143,33 @@ mod tests { use crate::test_support::tests::crate_test_settings_str; + #[test] + fn test_settings_new() { + // Test that Settings::new() loads successfully + let settings = Settings::new(); + assert!(settings.is_ok(), "Settings should load from embedded TOML"); + + let settings = settings.unwrap(); + // Verify basic structure is loaded + assert!(!settings.ad_server.ad_partner_url.is_empty()); + assert!(!settings.ad_server.sync_url.is_empty()); + + assert!(!settings.publisher.domain.is_empty()); + assert!(!settings.publisher.cookie_domain.is_empty()); + assert!(!settings.publisher.origin_url.is_empty()); + + assert!(!settings.prebid.server_url.is_empty()); + + assert!(!settings.synthetic.counter_store.is_empty()); + assert!(!settings.synthetic.opid_store.is_empty()); + assert!(!settings.synthetic.secret_key.is_empty()); + assert!(!settings.synthetic.template.is_empty()); + + assert!(!settings.gam.publisher_id.is_empty()); + assert!(!settings.gam.server_url.is_empty()); + assert!(!settings.gam.ad_units.is_empty()); + } + #[test] fn test_settings_from_valid_toml() { let toml_str = crate_test_settings_str(); @@ -135,7 +179,7 @@ mod tests { let settings = settings.expect("should parse valid TOML"); assert_eq!( - settings.ad_server.ad_partner_backend, + settings.ad_server.ad_partner_url, "https://test-adpartner.com" ); assert_eq!( @@ -156,11 +200,20 @@ mod tests { assert_eq!(settings.synthetic.opid_store, "test-opid-store"); assert_eq!(settings.synthetic.secret_key, "test-secret-key"); assert!(settings.synthetic.template.contains("{{client_ip}}")); + + assert_eq!(settings.gam.publisher_id, "21796327522"); + assert_eq!( + settings.gam.server_url, + "https://securepubads.g.doubleclick.net/gampad/ads" + ); + assert_eq!(settings.gam.ad_units.len(), 2); + assert_eq!(settings.gam.ad_units[0].name, "test_unit_1"); + assert_eq!(settings.gam.ad_units[0].size, "320x50"); } #[test] fn test_settings_missing_required_fields() { - let re = Regex::new(r"ad_partner_backend = .*").unwrap(); + let re = Regex::new(r"ad_partner_url = .*").unwrap(); let toml_str = crate_test_settings_str(); let toml_str = re.replace(&toml_str, ""); @@ -209,13 +262,13 @@ mod tests { #[test] fn test_set_env() { - let re = Regex::new(r"ad_partner_backend = .*").unwrap(); + let re = Regex::new(r"ad_partner_url = .*").unwrap(); let toml_str = crate_test_settings_str(); let toml_str = re.replace(&toml_str, ""); temp_env::with_var( format!( - "{}{}AD_SERVER{}AD_PARTNER_BACKEND", + "{}{}AD_SERVER{}AD_PARTNER_URL", ENVIRONMENT_VARIABLE_PREFIX, ENVIRONMENT_VARIABLE_SEPARATOR, ENVIRONMENT_VARIABLE_SEPARATOR @@ -226,7 +279,7 @@ mod tests { assert!(settings.is_ok(), "Settings should load from embedded TOML"); assert_eq!( - settings.unwrap().ad_server.ad_partner_backend, + settings.unwrap().ad_server.ad_partner_url, "https://change-ad.com/serve" ); }, @@ -239,7 +292,7 @@ mod tests { temp_env::with_var( format!( - "{}{}AD_SERVER{}AD_PARTNER_BACKEND", + "{}{}AD_SERVER{}AD_PARTNER_URL", ENVIRONMENT_VARIABLE_PREFIX, ENVIRONMENT_VARIABLE_SEPARATOR, ENVIRONMENT_VARIABLE_SEPARATOR @@ -250,7 +303,7 @@ mod tests { assert!(settings.is_ok(), "Settings should load from embedded TOML"); assert_eq!( - settings.unwrap().ad_server.ad_partner_backend, + settings.unwrap().ad_server.ad_partner_url, "https://change-ad.com/serve" ); }, diff --git a/crates/common/src/settings_data.rs b/crates/common/src/settings_data.rs index 3757c6d..e67bf3c 100644 --- a/crates/common/src/settings_data.rs +++ b/crates/common/src/settings_data.rs @@ -44,7 +44,7 @@ mod tests { let settings = settings.unwrap(); // Verify basic structure is loaded - assert!(!settings.ad_server.ad_partner_backend.is_empty()); + assert!(!settings.ad_server.ad_partner_url.is_empty()); assert!(!settings.ad_server.sync_url.is_empty()); assert!(!settings.publisher.domain.is_empty()); assert!(!settings.publisher.cookie_domain.is_empty()); diff --git a/crates/common/src/templates.rs b/crates/common/src/templates.rs index c4aae3c..23aa97e 100644 --- a/crates/common/src/templates.rs +++ b/crates/common/src/templates.rs @@ -234,7 +234,9 @@ pub const HTML_TEMPLATE: &str = r#" const adLink = document.createElement('a'); adLink.href = 'https://iabtechlab.com/?potsi-test%3F'; const adImage = document.createElement('img'); - adImage.src = data.creativeUrl.replace('creatives.sascdn.com', 'creatives.auburndao.com'); + // Direct first-party URL rewriting for Equativ only (like auburndao.com) + adImage.src = data.creativeUrl + .replace('creatives.sascdn.com', '//www.edgepubs.com'); adImage.alt = 'Ad Creative'; adLink.appendChild(adImage); adContainer.appendChild(adLink); @@ -329,6 +331,686 @@ pub const HTML_TEMPLATE: &str = r#" "#; +pub const EDGEPUBS_TEMPLATE: &str = r##" + + + + + EdgePubs - The Edge Is Yours + + + + + +
+

Cookie Consent

+

We use cookies to enhance your browsing experience and serve personalized ads. By clicking "Accept All", you consent to our use of cookies.

+
+ + +
+
+ + + + +
+
+

The Edge Is Yours

+

Run your site, ads, and data stack server-side — under your domain, on your terms.

+ Get Started → +
+
+ + +
+
+ +
+
+ + +
+
+

Why EdgePubs?

+ +
+
+
+

Publisher-Controlled Execution

+

Replace slow browser scripts with fast, server-side orchestration. Run your entire site and ad stack at the edge.

+
+
+

1st-Party Data & Identity

+

Protect and activate your first-party data. Build synthetic IDs and pass privacy-compliant signals to your partners.

+
+
+

Server-Side Tagging

+

No more fragile on-page tags. Execute all third-party tags server-side, giving you speed, control, and compliance.

+
+
+

Ad Stack Orchestration

+

Integrate Prebid Server, GAM, and SSPs directly. Manage auctions and measurement server-side for faster performance.

+
+
+

Faster Sites, Better UX

+

Cut page load times in half. Delight users with blazing fast experiences and fewer third-party browser calls.

+
+
+ + +
+
+
+
+
+
+
+
+
+ + +
+
+

How It Works

+
+
    +
  • Trusted Server acts as a secure reverse proxy in front of your CMS (WordPress, Drupal, etc.)
    • +
  • Prebid auctions, ad-serving, and consent tools run server-side, not in the browser.
    • +
  • Contextual signals and creative assets are stitched directly into the page at the edge.
    • +
  • Result: More revenue. More control. Better user experience.
    • +
+ +
+ Publisher → Trusted Server → Ad Tech Partners → User +
+
+
+
+ + +
+
+
+
+
+
+
+
+ + +
+
+
+ + +
+ +
+
    +
  • Full control of your execution environment
    • +
  • Server-side identity, consent, and measurement
    • +
  • No more slow, fragile browser tags
    • +
+
+ +
+
    +
  • Cleaner supply paths (no intermediaries siphoning value)
    • +
  • Higher-quality inventory with verified user signals
    • +
  • Cookieless targeting ready out-of-the-box
    • +
+
+
+
+ + + + + + +"##; + pub const GAM_TEST_TEMPLATE: &str = r#" @@ -609,42 +1291,16 @@ pub const GAM_TEST_TEMPLATE: &str = r#" } }); - // Get the response as text first (since it contains both JSON and HTML) + // Get the response as text (raw GAM response content) const responseText = await response.text(); - // Try to parse as JSON first (in case it's a pure JSON response) - let data; - try { - data = JSON.parse(responseText); - } catch (jsonError) { - // If JSON parsing fails, it's likely the mixed JSON+HTML format - // Find the end of the JSON part (before the HTML starts) - const htmlStart = responseText.indexOf(''); - if (htmlStart !== -1) { - // Extract just the JSON part - const jsonPart = responseText.substring(0, htmlStart); - try { - data = JSON.parse(jsonPart); - // Add info about the HTML part - data.html_content_length = responseText.length - htmlStart; - data.full_response_length = responseText.length; - } catch (innerError) { - // If we still can't parse JSON, show the raw response - data = { - error: 'Could not parse GAM response as JSON', - raw_response_preview: responseText.substring(0, 500) + '...', - response_length: responseText.length - }; - } - } else { - // No HTML found, show the raw response - data = { - error: 'Unexpected response format', - raw_response: responseText, - response_length: responseText.length - }; - } - } + // For the test page, create a simple data structure for display + const data = { + status: "gam_test_success", + response_length: responseText.length, + response_preview: responseText.substring(0, 500) + (responseText.length > 500 ? '...' : ''), + full_response: responseText + }; resultDiv.textContent = JSON.stringify(data, null, 2); } catch (error) { diff --git a/crates/common/src/test_support.rs b/crates/common/src/test_support.rs index 1955432..cc63920 100644 --- a/crates/common/src/test_support.rs +++ b/crates/common/src/test_support.rs @@ -1,11 +1,11 @@ #[cfg(test)] pub mod tests { - use crate::settings::{AdServer, Gam, GamAdUnit, Prebid, Publisher, Settings, Synthetic}; + use crate::settings::Settings; pub fn crate_test_settings_str() -> String { r#" [ad_server] - ad_partner_backend = "https://test-adpartner.com" + ad_partner_url = "https://test-adpartner.com" sync_url = "https://test-adpartner.com/synthetic_id={{synthetic_id}}" [publisher] @@ -17,48 +17,43 @@ pub mod tests { server_url = "https://test-prebid.com/openrtb2/auction" [gam] - publisher_id = "3790" + publisher_id = "21796327522" server_url = "https://securepubads.g.doubleclick.net/gampad/ads" ad_units = [ - { name = "Flex8:1", size = "flexible" }, - { name = "Fixed728x90", size = "728x90" }, - { name = "Static8:1", size = "flexible" }, - { name = "Static728x90", size = "728x90" } - ] + { name = "test_unit_1", size = "320x50" }, + { name = "test_unit_2", size = "728x90" }, + ] [synthetic] counter_store = "test-counter-store" opid_store = "test-opid-store" secret_key = "test-secret-key" template = "{{client_ip}}:{{user_agent}}:{{first_party_id}}:{{auth_user_id}}:{{publisher_domain}}:{{accept_language}}" + + [partners] + [partners.gam] + enabled = true + name = "Google Ad Manager" + domains_to_proxy = [ + "securepubads.g.doubleclick.net", + "tpc.googlesyndication.com", + ] + proxy_domain = "creatives.auburndao.com" + backend_name = "gam_proxy_backend" + + [partners.equativ] + enabled = true + name = "Equativ (Smart AdServer)" + domains_to_proxy = [ + "creatives.sascdn.com" + ] + proxy_domain = "creatives.auburndao.com" + backend_name = "equativ_proxy_backend" "#.to_string() } pub fn create_test_settings() -> Settings { - Settings { - ad_server: AdServer { - ad_partner_backend: "https://test-adpartner.com".into(), - sync_url: "https://test-adpartner.com/synthetic_id={{synthetic_id}}".to_string(), - }, - publisher: Publisher { - domain: "test-publisher.com".to_string(), - cookie_domain: ".test-publisher.com".to_string(), - origin_url: "origin.test-publisher.com".to_string(), - }, - prebid: Prebid { - server_url: "https://test-prebid.com/openrtb2/auction".to_string(), - }, - gam: Gam { - publisher_id: "test-publisher-id".to_string(), - server_url: "https://securepubads.g.doubleclick.net/gampad/ads".to_string(), - ad_units: vec![GamAdUnit { name: "test-ad-unit".to_string(), size: "300x250".to_string() }], - }, - synthetic: Synthetic { - counter_store: "test_counter_store".to_string(), - opid_store: "test-opid-store".to_string(), - secret_key: "test-secret-key".to_string(), - template: "{{client_ip}}:{{user_agent}}:{{first_party_id}}:{{auth_user_id}}:{{publisher_domain}}:{{accept_language}}".to_string(), - }, - } + let toml_str = crate_test_settings_str(); + Settings::from_toml(&toml_str).expect("Invalid config") } } diff --git a/crates/fastly/src/main.rs b/crates/fastly/src/main.rs index ef8db15..92cabfc 100644 --- a/crates/fastly/src/main.rs +++ b/crates/fastly/src/main.rs @@ -8,12 +8,14 @@ use crate::error::to_error_response; use trusted_server_common::advertiser::handle_ad_request; use trusted_server_common::constants::HEADER_X_COMPRESS_HINT; use trusted_server_common::gam::{ - handle_gam_custom_url, handle_gam_golden_url, handle_gam_render, handle_gam_test, + handle_gam_asset, handle_gam_custom_url, handle_gam_golden_url, handle_gam_render, + handle_gam_test, is_gam_asset_path, }; use trusted_server_common::gdpr::{handle_consent_request, handle_data_subject_request}; +use trusted_server_common::partners::handle_partner_asset; use trusted_server_common::prebid::handle_prebid_test; use trusted_server_common::privacy::handle_privacy_policy; -use trusted_server_common::publisher::handle_main_page; +use trusted_server_common::publisher::{handle_edgepubs_page, handle_main_page}; use trusted_server_common::settings::Settings; use trusted_server_common::settings_data::get_settings; use trusted_server_common::templates::GAM_TEST_TEMPLATE; @@ -42,13 +44,20 @@ fn main(req: Request) -> Result { async fn route_request(settings: Settings, req: Request) -> Result { log::info!( "FASTLY_SERVICE_VERSION: {}", - ::std::env::var("FASTLY_SERVICE_VERSION").unwrap_or_else(|_| String::new()) + std::env::var("FASTLY_SERVICE_VERSION").unwrap_or_else(|_| String::new()) ); let result = match (req.get_method(), req.get_path()) { // Main application routes - (&Method::GET, "/") => handle_main_page(&settings, req), + (&Method::GET, "/") => handle_edgepubs_page(&settings, req), + (&Method::GET, "/auburndao") => handle_main_page(&settings, req), (&Method::GET, "/ad-creative") => handle_ad_request(&settings, req), + // Direct asset serving for partner domains (like auburndao.com approach) + (&Method::GET, path) if is_partner_asset_path(path) => { + handle_partner_asset(&settings, req).await + } + // GAM asset serving (separate from Equativ, checked after Equativ) + (&Method::GET, path) if is_gam_asset_path(path) => handle_gam_asset(&settings, req).await, (&Method::GET, "/prebid-test") => handle_prebid_test(&settings, req).await, (&Method::GET, "/gam-test") => handle_gam_test(&settings, req).await, (&Method::GET, "/gam-golden-url") => handle_gam_golden_url(&settings, req).await, @@ -58,14 +67,10 @@ async fn route_request(settings: Settings, req: Request) -> Result handle_consent_request(&settings, req), (&Method::GET | &Method::DELETE, "/gdpr/data") => { handle_data_subject_request(&settings, req) } - - // Static content pages (&Method::GET, "/privacy-policy") => handle_privacy_policy(&settings, req), (&Method::GET, "/why-trusted-server") => handle_why_trusted_server(&settings, req), @@ -85,6 +90,15 @@ fn not_found_response() -> Response { .with_header(HEADER_X_COMPRESS_HINT, "on") } +/// Check if the path is for an Equativ asset that should be served directly (like auburndao.com) +fn is_partner_asset_path(path: &str) -> bool { + // Only handle Equativ/Smart AdServer assets for now + path.contains("/diff/") || // Equativ assets + path.ends_with(".png") || // Images + path.ends_with(".jpg") || // Images + path.ends_with(".gif") // Images +} + fn init_logger() { let logger = Logger::builder() .default_endpoint("tslog") diff --git a/fastly.toml b/fastly.toml index 566b9dd..a4bd9ac 100644 --- a/fastly.toml +++ b/fastly.toml @@ -3,20 +3,46 @@ authors = ["jason@stackpop.com"] cloned_from = "https://github.com/fastly/compute-starter-kit-rust-default" -description = "Trusted Server" +description = "EdgePubs - Trusted Server" language = "rust" manifest_version = 3 name = "trusted-server-fastly" +service_id = "dysUw6h73VzeomD61eal85" [scripts] build = """ cargo build --bin trusted-server-fastly --release --target wasm32-wasip1 --color always """ +# Production Backends for Partner Asset Serving (like auburndao.com) +[backends] + + [backends.tpc_googlesyndication_backend] + url = "https://tpc.googlesyndication.com" + + [backends.GAM_javascript_backend] + url = "https://pagead2.googlesyndication.com" + + [backends.GTS_services_backend] + url = "https://googletagservices.com" + + [backends.pagead2_googlesyndication_backend] + url = "https://googlesyndication.com" + + [backends.equativ_sascdn_backend] + url = "https://creatives.sascdn.com" + + [backends.googleads_doubleclick_backend] + url = "https://securepubads.g.doubleclick.net" + [local_server] + address = "127.0.0.1:7676" + tls_cert_path = "./localhost+2.pem" + tls_key_path = "./localhost+2-key.pem" + [local_server.backends] - [local_server.backends.ad_partner_backend] + [local_server.backends.equativ_ad_api_2] url = "https://adapi-srv-eu.smartadserver.com" [local_server.backends.prebid_backend] url = "http://68.183.113.79:8000" @@ -24,6 +50,22 @@ build = """ url = "https://securepubads.g.doubleclick.net" [local_server.backends.wordpress_backend] url = "http://localhost:8080" # Adjust this to your local WordPress URL + [local_server.backends.edgepubs_main_be] + url = "https://api.edgepubs.com" # EdgePubs API backend (update when you provide the real backend URL) + + # Partner Asset Backends (matching auburndao.com approach) + [local_server.backends.tpc_googlesyndication_backend] + url = "https://tpc.googlesyndication.com" + [local_server.backends.GAM_javascript_backend] + url = "https://pagead2.googlesyndication.com" + [local_server.backends.GTS_services_backend] + url = "https://googletagservices.com" + [local_server.backends.pagead2_googlesyndication_backend] + url = "https://googlesyndication.com" + [local_server.backends.equativ_sascdn_backend] + url = "https://creatives.sascdn.com" + [local_server.backends.googleads_doubleclick_backend] + url = "https://securepubads.g.doubleclick.net" [local_server.kv_stores] diff --git a/trusted-server.toml b/trusted-server.toml index 181ed41..dde7bde 100644 --- a/trusted-server.toml +++ b/trusted-server.toml @@ -4,14 +4,14 @@ cookie_domain = ".test-publisher.com" origin_url = "https://origin.test-publisher.com" [ad_server] -ad_partner_backend = "ad_partner_backend" +ad_partner_url = "equativ_ad_api_2" sync_url = "https://adapi-srv-eu.smartadserver.com/ac?pgid=2040327&fmtid=137675&synthetic_id={{synthetic_id}}" [prebid] server_url = "http://68.183.113.79:8000/openrtb2/auction" [gam] -publisher_id = "3790" +publisher_id = "88059007" server_url = "https://securepubads.g.doubleclick.net/gampad/ads" ad_units = [ { name = "Flex8:1", size = "flexible" }, @@ -32,3 +32,35 @@ secret_key = "trusted-server" # - "publisher_domain" # - "accept_language" template = "{{ client_ip }}:{{ user_agent }}:{{ first_party_id }}:{{ auth_user_id }}:{{ publisher_domain }}:{{ accept_language }}" + +# Partner Proxy Configuration +[partners] + +[partners.gam] +enabled = true +name = "Google Ad Manager" +domains_to_proxy = [ + "securepubads.g.doubleclick.net", + "tpc.googlesyndication.com", + "googletagservices.com", + "googlesyndication.com" +] +proxy_domain = "www.edgepubs.com" +backend_name = "gam_proxy_backend" + +[partners.equativ] +enabled = true +name = "Equativ (Smart AdServer)" +domains_to_proxy = [ + "creatives.sascdn.com", + "adapi-srv-eu.smartadserver.com" +] +proxy_domain = "www.edgepubs.com" +backend_name = "equativ_proxy_backend" + +[partners.prebid] +enabled = true +name = "Prebid Server" +domains_to_proxy = ["68.183.113.79"] +proxy_domain = "www.edgepubs.com" +backend_name = "prebid_proxy_backend"