Merge pull request #107 from codex-team/new-token

n0str · web-flow · commit f0a377c649b0 · 2024-12-18T16:04:47.000+03:00
Support of the Hawk Token verification and decoding
diff --git a/.gitignore b/.gitignore
@@ -14,5 +14,5 @@
 .idea
 venv
 .DS_Store
-hawk.collector
+bin/hawk.collector
 .env
diff --git a/pkg/accounts/cache.go b/pkg/accounts/cache.go
@@ -2,6 +2,9 @@ package accounts
 
 import (
 	"context"
+	"encoding/base64"
+	"encoding/json"
+	"strings"
 	"time"
 
 	"go.mongodb.org/mongo-driver/bson/primitive"
@@ -14,6 +17,11 @@ import (
 const projectsCollectionName = "projects"
 const contextTimeout = 5 * time.Second
 
+type acountToken struct {
+	IntegrationId string `json:"integrationId"`
+	Secret        string `json:"secret"`
+}
+
 type accountProject struct {
 	ProjectID primitive.ObjectID `bson:"_id"`
 	Token     string             `bson:"token"`
@@ -39,11 +47,33 @@ func (client *AccountsMongoDBClient) UpdateTokenCache() error {
 
 	client.ValidTokens = make(map[string]string)
 	for _, project := range projects {
-		client.ValidTokens[project.Token] = project.ProjectID.Hex()
+		integrationSecret, err := DecodeToken(project.Token)
+		if err == nil {
+			client.ValidTokens[integrationSecret] = project.ProjectID.Hex()
+		} else {
+			log.Errorf("Integration token %s is invalid: %s", project.Token, err)
+		}
 	}
 
 	log.Debugf("Cache for MongoDB tokens successfully updates with %d tokens", len(client.ValidTokens))
 	log.Tracef("Current token cache state: %s", client.ValidTokens)
 
 	return nil
 }
+
+// decodeToken decodes token from base64 to integrationId + secret
+func DecodeToken(token string) (string, error) {
+	decoded, err := base64.StdEncoding.DecodeString(token)
+	if err != nil {
+		return "", err
+	}
+	var data acountToken
+	err = json.Unmarshal(decoded, &data)
+	if err != nil {
+		return "", err
+	}
+
+	integrationId := strings.ReplaceAll(data.IntegrationId, "-", "")
+	secret := strings.ReplaceAll(data.Secret, "-", "")
+	return integrationId + secret, nil
+}
diff --git a/pkg/server/errorshandler/handler.go b/pkg/server/errorshandler/handler.go
@@ -52,12 +52,18 @@ func (handler *Handler) process(body []byte) ResponseMessage {
 		return ResponseMessage{400, true, "CatcherType is empty"}
 	}
 
-	projectId, ok := handler.AccountsMongoDBClient.ValidTokens[message.Token]
+	integrationSecret, err := accounts.DecodeToken(string(message.Token))
+	if err != nil {
+		log.Warnf("[release] Token decoding error: %s", err)
+		return ResponseMessage{400, true, "Token decoding error"}
+	}
+
+	projectId, ok := handler.AccountsMongoDBClient.ValidTokens[integrationSecret]
 	if !ok {
-		log.Debugf("Token %s is not in the accounts cache", message.Token)
-		return ResponseMessage{400, true, fmt.Sprintf("Integration token invalid: %s", message.Token)}
+		log.Debugf("Token %s is not in the accounts cache", integrationSecret)
+		return ResponseMessage{400, true, fmt.Sprintf("Integration token invalid: %s", integrationSecret)}
 	}
-	log.Debugf("Found project with ID %s for integration token %s", projectId, message.Token)
+	log.Debugf("Found project with ID %s for integration token %s", projectId, integrationSecret)
 
 	if handler.RedisClient.IsBlocked(projectId) {
 		handler.ErrorsBlockedByLimit.Inc()
diff --git a/pkg/server/errorshandler/handler_sentry.go b/pkg/server/errorshandler/handler_sentry.go
@@ -9,7 +9,7 @@ import (
 	"github.com/valyala/fasthttp"
 )
 
-const SentryQueueName = "errors/sentry"
+const SentryQueueName = "external/sentry"
 const CatcherType = "sentry"
 
 // HandleHTTP processes HTTP requests with JSON body
diff --git a/pkg/server/releasehandler/handler_http.go b/pkg/server/releasehandler/handler_http.go
@@ -4,6 +4,7 @@ import (
 	"encoding/json"
 	"errors"
 
+	"github.com/codex-team/hawk.collector/pkg/accounts"
 	"github.com/codex-team/hawk.collector/pkg/hawk"
 	log "github.com/sirupsen/logrus"
 	"github.com/valyala/fasthttp"
@@ -39,8 +40,15 @@ func (handler *Handler) HandleHTTP(ctx *fasthttp.RequestCtx) {
 
 	log.Debugf("[release] Multipart form with token: %s", token)
 
+	integrationSecret, err := accounts.DecodeToken(string(token))
+	if err != nil {
+		log.Warnf("[release] Token decoding error: %s", err)
+		sendAnswerHTTP(ctx, ResponseMessage{400, true, "Token decoding error"})
+		return
+	}
+
 	// process raw body via unified sourcemap handler
-	response := handler.process(form, string(token))
+	response := handler.process(form, integrationSecret)
 	log.Debugf("[release] Multipart form response: %s", response.Message)
 
 	sendAnswerHTTP(ctx, response)

Original file line number	Diff line number	Diff line change
`@@ -9,7 +9,7 @@ import (`
`9`	`9`	`"github.com/valyala/fasthttp"`
`10`	`10`	`)`
`11`	`11`
`12`		`-const SentryQueueName = "errors/sentry"`
	`12`	`+const SentryQueueName = "external/sentry"`
`13`	`13`	`const CatcherType = "sentry"`
`14`	`14`
`15`	`15`	`// HandleHTTP processes HTTP requests with JSON body`