Allow requests from all client origins to obtain access cookie (#51)

Author: Mark A. Matney, Jr

pom.xml

@@ -48,7 +48,7 @@
     <freelib.utils.version>3.3.0</freelib.utils.version>
     <cidr.ip.version>1.0.1</cidr.ip.version>
     <commons.codec.version>1.15</commons.codec.version>
-    <vertx.version>4.3.8</vertx.version>
+    <vertx.version>4.4.2</vertx.version>
 
     <!-- Build plugin versions -->
     <clean.plugin.version>3.1.0</clean.plugin.version>

src/main/java/edu/ucla/library/iiif/auth/CookieJsonKeys.java

@@ -19,8 +19,7 @@
  * <pre>
  * {
  *   "clientIpAddress": "127.0.0.1",
- *   "campusNetwork": false,
- *   "degradedAllowed": true
+ *   "campusNetwork": false
  * }
  * </pre>
  */
@@ -51,11 +50,6 @@ public final class CookieJsonKeys {
      */
     public static final String CAMPUS_NETWORK = "campusNetwork";
 
-    /**
-     * The JSON key for whether degraded content is available at the origin for which the cookie applies.
-     */
-    public static final String DEGRADED_ALLOWED = "degradedAllowed";
-
     /**
      * Private constructor for utility class.
      */

src/main/java/edu/ucla/library/iiif/auth/TemplateKeys.java

@@ -21,11 +21,6 @@ public final class TemplateKeys {
      */
     public static final String CLIENT_IP_ADDRESS = "clientIpAddress";
 
-    /**
-     * The degraded allowed key.
-     */
-    public static final String DEGRADED_ALLOWED = "degradedAllowed";
-
     /**
      * The window close delay key.
      */

src/main/java/edu/ucla/library/iiif/auth/handlers/AccessCookieHandler.java

@@ -20,14 +20,12 @@
 import edu.ucla.library.iiif.auth.Param;
 import edu.ucla.library.iiif.auth.TemplateKeys;
 import edu.ucla.library.iiif.auth.services.AccessCookieService;
-import edu.ucla.library.iiif.auth.services.DatabaseService;
 import edu.ucla.library.iiif.auth.utils.MediaType;
 
 import info.freelibrary.util.HTTP;
 import info.freelibrary.util.Logger;
 import info.freelibrary.util.LoggerFactory;
 
-import io.vertx.core.Future;
 import io.vertx.core.Handler;
 import io.vertx.core.Vertx;
 import io.vertx.core.http.Cookie;
@@ -56,11 +54,6 @@ public class AccessCookieHandler implements Handler<RoutingContext> {
      */
     private final JsonObject myConfig;
 
-    /**
-     * The service proxy for accessing the database.
-     */
-    private final DatabaseService myDatabaseServiceProxy;
-
     /**
      * The template engine for rendering the response.
      */
@@ -94,7 +87,6 @@ public class AccessCookieHandler implements Handler<RoutingContext> {
      */
     public AccessCookieHandler(final Vertx aVertx, final JsonObject aConfig) {
         myConfig = aConfig;
-        myDatabaseServiceProxy = DatabaseService.createProxy(aVertx);
         myHtmlTemplateEngine = HandlebarsTemplateEngine.create(aVertx);
         myCampusNetworkSubnets = new Cidr4Trie<>();
         myAccessCookieService = AccessCookieService.createProxy(aVertx);
@@ -136,32 +128,26 @@ public void handle(final RoutingContext aContext) {
 
         isOnCampusNetwork = isOnNetwork(clientIpAddress, myCampusNetworkSubnets);
 
-        myDatabaseServiceProxy.getDegradedAllowed(origin.toString()).compose(isDegradedAllowed -> {
-            final Future<String> cookieGeneration = myAccessCookieService.generateCookie(clientIpAddress.getAddress(),
-                    isOnCampusNetwork, isDegradedAllowed);
-
-            return cookieGeneration.compose(cookieValue -> {
-                final Cookie cookie =
-                        Cookie.cookie(CookieNames.HAUTH, cookieValue).setSameSite(CookieSameSite.NONE).setSecure(true);
+        myAccessCookieService.generateCookie(clientIpAddress.getAddress(), isOnCampusNetwork).compose(cookieValue -> {
+            final Cookie cookie =
+                    Cookie.cookie(CookieNames.HAUTH, cookieValue).setSameSite(CookieSameSite.NONE).setSecure(true);
 
-                // Along with the origin, pass all the cookie data to the HTML template
-                final JsonObject templateData = new JsonObject().put(TemplateKeys.ORIGIN, origin)
-                        .put(TemplateKeys.VERSION, myConfig.getString(Config.HAUTH_VERSION))
-                        .put(TemplateKeys.CLIENT_IP_ADDRESS, clientIpAddress)
-                        .put(TemplateKeys.CAMPUS_NETWORK, isOnCampusNetwork)
-                        .put(TemplateKeys.DEGRADED_ALLOWED, isDegradedAllowed);
+            // Along with the origin, pass all the cookie data to the HTML template
+            final JsonObject templateData = new JsonObject().put(TemplateKeys.ORIGIN, origin)
+                    .put(TemplateKeys.VERSION, myConfig.getString(Config.HAUTH_VERSION))
+                    .put(TemplateKeys.CLIENT_IP_ADDRESS, clientIpAddress)
+                    .put(TemplateKeys.CAMPUS_NETWORK, isOnCampusNetwork);
 
-                myWindowCloseDelay.ifPresent(delay -> {
-                    if (delay >= 0) {
-                        templateData.put(TemplateKeys.WINDOW_CLOSE_DELAY, delay);
-                    }
-                });
-                myCookieDomain.ifPresent(cookie::setDomain);
+            myWindowCloseDelay.ifPresent(delay -> {
+                if (delay >= 0) {
+                    templateData.put(TemplateKeys.WINDOW_CLOSE_DELAY, delay);
+                }
+            });
+            myCookieDomain.ifPresent(cookie::setDomain);
 
-                response.addCookie(cookie);
+            response.addCookie(cookie);
 
-                return myHtmlTemplateEngine.render(templateData, "templates/cookie.hbs");
-            });
+            return myHtmlTemplateEngine.render(templateData, "templates/cookie.hbs");
         }).onSuccess(renderedHtmlTemplate -> {
             response.setStatusCode(HTTP.OK).end(renderedHtmlTemplate);
         }).onFailure(error -> {

src/main/java/edu/ucla/library/iiif/auth/services/AccessCookieService.java

@@ -60,11 +60,10 @@ static AccessCookieService createProxy(final Vertx aVertx) {
      *
      * @param aClientIpAddress The IP address of the client
      * @param aIsOnCampusNetwork If the client is on a campus network subnet
-     * @param aIsDegradedAllowed If the origin allows degraded access to content
      * @return A Future that resolves to a value that can be used to create a cookie with
      *         {@link Cookie#cookie(String, String)}
      */
-    Future<String> generateCookie(String aClientIpAddress, boolean aIsOnCampusNetwork, boolean aIsDegradedAllowed);
+    Future<String> generateCookie(String aClientIpAddress, boolean aIsOnCampusNetwork);
 
     /**
      * Decrypts an access cookie value.

src/main/java/edu/ucla/library/iiif/auth/services/AccessCookieServiceImpl.java

@@ -166,11 +166,9 @@ public Future<Void> close() {
     }
 
     @Override
-    public Future<String> generateCookie(final String aClientIpAddress, final boolean aIsOnCampusNetwork,
-            final boolean aIsDegradedAllowed) {
+    public Future<String> generateCookie(final String aClientIpAddress, final boolean aIsOnCampusNetwork) {
         final JsonObject cookieData = new JsonObject().put(CookieJsonKeys.CLIENT_IP_ADDRESS, aClientIpAddress)
-                .put(CookieJsonKeys.CAMPUS_NETWORK, aIsOnCampusNetwork)
-                .put(CookieJsonKeys.DEGRADED_ALLOWED, aIsDegradedAllowed);
+                .put(CookieJsonKeys.CAMPUS_NETWORK, aIsOnCampusNetwork);
         final byte[] encryptedCookieData;
         final JsonObject unencodedCookie;
         final String cookie;

src/main/java/edu/ucla/library/iiif/auth/services/DatabaseService.java

@@ -76,21 +76,4 @@ static DatabaseService createProxy(final Vertx aVertx) {
      * @return A Future that resolves once the items have been set
      */
     Future<Void> setItems(JsonArray aItems);
-
-    /**
-     * Gets the "degraded allowed" for content hosted at the given origin.
-     *
-     * @param aOrigin The origin
-     * @return A Future that resolves to the degraded allowed once it's been fetched
-     */
-    Future<Boolean> getDegradedAllowed(String aOrigin);
-
-    /**
-     * Sets the given "degraded allowed" for content hosted at the given origin.
-     *
-     * @param aOrigin The origin
-     * @param aDegradedAllowed The degraded allowed to set for the origin
-     * @return A Future that resolves once the degraded allowed has been set
-     */
-    Future<Void> setDegradedAllowed(String aOrigin, boolean aDegradedAllowed);
 }

src/main/java/edu/ucla/library/iiif/auth/services/DatabaseServiceImpl.java

@@ -61,17 +61,6 @@ public class DatabaseServiceImpl implements DatabaseService {
     private static final String UPSERT_ACCESS_MODE = String.join(SPACE, "INSERT INTO items VALUES ($1, $2)",
             "ON CONFLICT (uid) DO", "UPDATE SET access_mode = EXCLUDED.access_mode");
 
-    /**
-     * The PreparedQuery template for selecting an origin's "degraded allowed".
-     */
-    private static final String SELECT_DEGRADED_ALLOWED = "SELECT degraded_allowed FROM origins WHERE url = $1";
-
-    /**
-     * The PreparedQuery template for upserting an origin's "degraded allowed".
-     */
-    private static final String UPSERT_DEGRADED_ALLOWED = String.join(SPACE, "INSERT INTO origins VALUES ($1, $2)",
-            "ON CONFLICT (url) DO", "UPDATE SET degraded_allowed = EXCLUDED.degraded_allowed");
-
     /**
      * The database's default hostname.
      */
@@ -163,29 +152,6 @@ public Future<Void> setItems(final JsonArray aItems) {
         }).compose(result -> Future.succeededFuture());
     }
 
-    @Override
-    public Future<Boolean> getDegradedAllowed(final String aOrigin) {
-        return myDbConnectionPool.withConnection(connection -> {
-            return connection.preparedQuery(SELECT_DEGRADED_ALLOWED).execute(Tuple.of(aOrigin));
-        }).recover(error -> {
-            return Future.failedFuture(new ServiceException(INTERNAL_ERROR, error.getMessage()));
-        }).compose(select -> {
-            if (hasSingleRow(select)) {
-                return Future.succeededFuture(select.iterator().next().getBoolean("degraded_allowed"));
-            }
-            return Future.failedFuture(new ServiceException(NOT_FOUND_ERROR, aOrigin));
-        });
-    }
-
-    @Override
-    public Future<Void> setDegradedAllowed(final String aOrigin, final boolean aDegradedAllowed) {
-        return myDbConnectionPool.withConnection(connection -> {
-            return connection.preparedQuery(UPSERT_DEGRADED_ALLOWED).execute(Tuple.of(aOrigin, aDegradedAllowed));
-        }).recover(error -> {
-            return Future.failedFuture(new ServiceException(INTERNAL_ERROR, error.getMessage()));
-        }).compose(result -> Future.succeededFuture());
-    }
-
     /**
      * Gets the options for the database connection pool.
      *

src/main/resources/templates/cookie.hbs

@@ -11,13 +11,7 @@
         hosted at: <em id="origin">{{origin}}</em>
     <p>
     <p>
-        {{#if degradedAllowed}}
-        Degraded versions of the content are accessible
-        {{else}}
-        The content is not accessible
-        {{/if}}
-
-        to users outside of the Campus Network.
+        Degraded versions of the content are accessible to users outside of the Campus Network.
     </p>
     <p>
         Your current IP address: <em id="client-ip-address">{{clientIpAddress}}</em>

src/test/java/edu/ucla/library/iiif/auth/handlers/AbstractHandlerIT.java

@@ -149,8 +149,7 @@ public void setUp(final Vertx aVertx, final VertxTestContext aContext) {
             final DatabaseService db = DatabaseService.create(aVertx, config);
             @SuppressWarnings("rawtypes")
             final List<Future> dbOps = List.of(db.setAccessMode(TEST_ID_OPEN_ACCESS, 0),
-                    db.setAccessMode(TEST_ID_TIERED_ACCESS, 1), db.setAccessMode(TEST_ID_ALL_OR_NOTHING_ACCESS, 2),
-                    db.setDegradedAllowed(TEST_ORIGIN, true));
+                    db.setAccessMode(TEST_ID_TIERED_ACCESS, 1), db.setAccessMode(TEST_ID_ALL_OR_NOTHING_ACCESS, 2));
 
             myConfig = config;
             myWebClient = WebClient.create(aVertx);