Merge remote-tracking branch 'origin/main' into feat/multisig-support

charlykeyko · charlykeyko · commit 99344bcefee1 · 2024-03-07T10:43:07.000+01:00
diff --git a/fplus-http-server/Cargo.toml b/fplus-http-server/Cargo.toml
@@ -9,7 +9,9 @@ edition = "2021"
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 
 [dependencies]
+futures-util = "0.3"
 actix-web = "4.3.1"
+actix-utils = "3.0.1"
 serde = { version =  "1.0.164", features = ["derive", "std",
 "serde_derive", "alloc", "rc"] } 
 tokio = { version = "1.29.1", features = ["full"] }
@@ -26,4 +28,3 @@ anyhow = "1.0.75"
 async-trait = "0.1.73"
 uuidv4 = "1.0.0"
 log = "0.4.20"
-
diff --git a/fplus-http-server/src/main.rs b/fplus-http-server/src/main.rs
@@ -1,11 +1,16 @@
-use std::env;
-
-use actix_web::middleware::Logger;
-use actix_web::{App, HttpServer};
 use env_logger;
 use log::info;
-use fplus_database;
+mod middleware;
+use middleware::verifier_auth::VerifierAuth;
 pub(crate) mod router;
+use std::env;
+
+use actix_web::{
+    App,
+    HttpServer,
+    web,
+    middleware::Logger,
+};
 
 #[tokio::main]
 async fn main() -> std::io::Result<()> {
@@ -27,9 +32,13 @@ async fn main() -> std::io::Result<()> {
             .wrap(cors)
             .service(router::health)
             .service(router::application::create)
-            .service(router::application::trigger)
-            .service(router::application::propose)
-            .service(router::application::approve)
+            .service(
+                web::scope("/api")
+                    .wrap(VerifierAuth) // Apply GitHubAuth to all routes under "/api"
+                    .service(router::application::trigger)
+                    .service(router::application::propose)
+                    .service(router::application::approve)
+            )
             .service(router::application::merged)
             .service(router::application::active)
             .service(router::application::all_applications)
diff --git a/fplus-http-server/src/middleware/mod.rs b/fplus-http-server/src/middleware/mod.rs
@@ -0,0 +1 @@
+pub mod verifier_auth;
diff --git a/fplus-http-server/src/middleware/verifier_auth.rs b/fplus-http-server/src/middleware/verifier_auth.rs
@@ -0,0 +1,140 @@
+use actix_web::{
+    dev::{forward_ready, Service, ServiceRequest, ServiceResponse, Transform},
+    Error, web,
+  };
+  use futures_util::future::{LocalBoxFuture, ready, Ready};
+  use reqwest::Client;
+  use serde::Deserialize;
+  
+  // Import any other modules that you reference in this file
+  use fplus_database::database::allocators::get_allocator;
+  #[derive(Deserialize, Debug)]
+  struct RepoQuery {
+    owner: String,
+    repo: String,
+    github_username: String
+  }
+  
+  pub struct VerifierAuth;
+  
+  impl<S, B> Transform<S, ServiceRequest> for VerifierAuth
+  where
+      S: Service<ServiceRequest, Response = ServiceResponse<B>, Error = Error>,
+      S::Future: 'static,
+      B: 'static,
+  {
+      type Response = ServiceResponse<B>;
+      type Error = Error;
+      type InitError = ();
+      type Transform = VerifierAuthMiddleware<S>;
+      type Future = Ready<Result<Self::Transform, Self::InitError>>;
+  
+      fn new_transform(&self, service: S) -> Self::Future {
+          ready(Ok(VerifierAuthMiddleware { service }))
+      }
+  }
+  
+  pub struct VerifierAuthMiddleware<S> {
+      service: S,
+  }
+  
+  impl<S, B> Service<ServiceRequest> for VerifierAuthMiddleware<S>
+  where
+      S: Service<ServiceRequest, Response = ServiceResponse<B>, Error = Error>,
+      S::Future: 'static,
+      B: 'static,
+  {
+      type Response = ServiceResponse<B>;
+      type Error = Error;
+      type Future = LocalBoxFuture<'static, Result<Self::Response, Self::Error>>;
+  
+      forward_ready!(service);
+  
+      fn call(&self, req: ServiceRequest) -> Self::Future {
+          let query_string = req.query_string();
+          let query: Result<web::Query<RepoQuery>, _> = web::Query::from_query(query_string);
+          let RepoQuery { owner, repo, github_username } = match query {
+              Ok(q) => q.into_inner(),
+              Err(_) => {
+                  return Box::pin(async {
+                      return Err(actix_web::error::ErrorBadRequest("Wrong query string format"));
+                  });
+              }
+          };
+  
+          let auth_header_value = req.headers().get("Authorization")
+              .and_then(|hv| hv.to_str().ok())
+              .filter(|hv| hv.starts_with("Bearer "))
+              .map(|hv| hv["Bearer ".len()..].to_string());
+          let fut = self.service.call(req);
+  
+          Box::pin(async move {
+              let mut user_handle = String::new();
+  
+              if let Some(token) = auth_header_value {
+                  // Make the asynchronous HTTP request here
+                  let client = Client::new();
+                  let user_info_result = client.get("https://api.github.com/user")
+                      .header("Authorization", format!("Bearer {}", token))
+                      .header("User-Agent", "Actix-web")
+                      .send()
+                      .await;
+      
+                  match user_info_result {
+                      Ok(response) => {
+                          //Raise an actix test error
+                          if response.status().is_success() {
+                              let user_info = response
+                                  .json::<serde_json::Value>()
+                                  .await
+                                  .expect("Failed to parse JSON");
+  
+                              if let Some(login) = user_info.get("login").and_then(|v| v.as_str()) {
+                                  user_handle = login.to_string();
+                              } else {
+                                  println!("GitHub handle information not found.");
+                                  return Err(actix_web::error::ErrorInternalServerError("GitHub handle information not found."))
+                              }
+                          } else {
+                              println!("Failed to get GitHub user info");
+                              return Err(actix_web::error::ErrorUnauthorized("Failed to get GitHub user info."))
+                          }
+                      },
+                      Err(e) => {
+                          println!("Request error: {:?}", e);
+                          return Err(actix_web::error::ErrorBadRequest(e))
+                      }
+                  }
+              }
+  
+              if github_username != user_handle {
+                  return Err(actix_web::error::ErrorBadRequest("Sent GitHub handle different than auth token owner."))
+              }
+  
+              match get_allocator(&owner, &repo).await {
+                  Ok(allocator) => {
+                      if let Some(allocator) = &allocator {
+                          if let Some(verifiers) = &allocator.verifiers_gh_handles {
+                              let verifier_handles: Vec<String> = verifiers.split(',')
+                                  .map(|s| s.trim().to_lowercase())
+                                  .collect();
+                              if verifier_handles.contains(&user_handle.to_lowercase()) {
+                                  println!("{} is a verifier.", user_handle);
+                              } else {
+                                  println!("The user is not a verifier.");
+                                  return Err(actix_web::error::ErrorUnauthorized("The user is not a verifier."))
+                              }
+                          }
+                      }
+                  },
+                  Err(e) => {
+                      println!("Failed to get allocator: {:?}", e);
+                  }
+              }
+      
+              let res = fut.await?;
+              return Ok(res)
+          })
+      }
+  }
+  
diff --git a/fplus-http-server/src/router/application.rs b/fplus-http-server/src/router/application.rs
@@ -1,7 +1,6 @@
 use actix_web::{get, post, web, HttpResponse, Responder};
 use fplus_lib::core::{
-    CompleteGovernanceReviewInfo, CompleteNewApplicationProposalInfo, CreateApplicationInfo,
-    LDNApplication, RefillInfo, DcReachedInfo, ValidationPullRequestData, GithubQueryParams, ApplicationQueryParams
+    application::file::VerifierInput, ApplicationQueryParams, CompleteGovernanceReviewInfo, CompleteNewApplicationProposalInfo, CreateApplicationInfo, DcReachedInfo, GithubQueryParams, LDNApplication, RefillInfo, ValidationPullRequestData, VerifierActionsQueryParams
 };
 
 #[post("/application")]
@@ -27,22 +26,21 @@ pub async fn single(query: web::Query<ApplicationQueryParams>) -> impl Responder
     };
 }
 
-#[post("/application/{id}/trigger")]
+#[post("/application/trigger")]
 pub async fn trigger(
-    id: web::Path<String>,
+    query: web::Query<ApplicationQueryParams>,
     info: web::Json<CompleteGovernanceReviewInfo>,
 ) -> impl Responder {
-
-    let CompleteGovernanceReviewInfo { actor, owner, repo } = info.into_inner();
-    let ldn_application = match LDNApplication::load(id.into_inner(), owner.clone(), repo.clone()).await {
+    let CompleteGovernanceReviewInfo { actor} = info.into_inner();
+    let ldn_application = match LDNApplication::load(query.id.clone(), query.owner.clone(), query.repo.clone()).await {
         Ok(app) => app,
         Err(e) => {
             return HttpResponse::BadRequest().body(e.to_string());
         }
     };
     dbg!(&ldn_application);
     match ldn_application
-        .complete_governance_review(actor, owner, repo)
+        .complete_governance_review(actor, query.owner.clone(), query.repo.clone())
         .await
     {
         Ok(app) => HttpResponse::Ok().body(serde_json::to_string_pretty(&app).unwrap()),
@@ -53,25 +51,29 @@ pub async fn trigger(
     }
 }
 
-#[post("/application/{id}/propose")]
+#[post("/application/propose")]
 pub async fn propose(
-    id: web::Path<String>,
     info: web::Json<CompleteNewApplicationProposalInfo>,
+    query: web::Query<VerifierActionsQueryParams>,
 ) -> impl Responder {
     let CompleteNewApplicationProposalInfo {
         signer,
         request_id, 
-        owner, 
-        repo
     } = info.into_inner();
-    let ldn_application = match LDNApplication::load(id.into_inner(), owner.clone(), repo.clone()).await {
+    let ldn_application = match LDNApplication::load(query.id.clone(), query.owner.clone(), query.repo.clone()).await {
         Ok(app) => app,
         Err(e) => {
             return HttpResponse::BadRequest().body(e.to_string());
         }
     };
+    let updated_signer = VerifierInput {
+        github_username: query.github_username.clone(), // Use the provided `github_username` parameter
+        signing_address: signer.signing_address,
+        created_at: signer.created_at,
+        message_cid: signer.message_cid,
+    };
     match ldn_application
-        .complete_new_application_proposal(signer, request_id, owner, repo)
+        .complete_new_application_proposal(updated_signer, request_id, query.owner.clone(), query.repo.clone())
         .await
     {
         Ok(app) => HttpResponse::Ok().body(serde_json::to_string_pretty(&app).unwrap()),
@@ -81,25 +83,29 @@ pub async fn propose(
     }
 }
 
-#[post("/application/{id}/approve")]
+#[post("/application/approve")]
 pub async fn approve(
-    id: web::Path<String>,
+    query: web::Query<VerifierActionsQueryParams>,
     info: web::Json<CompleteNewApplicationProposalInfo>,
 ) -> impl Responder {
     let CompleteNewApplicationProposalInfo {
         signer,
         request_id, 
-        owner, 
-        repo
     } = info.into_inner();
-    let ldn_application = match LDNApplication::load(id.into_inner(), owner.clone(), repo.clone()).await {
+    let ldn_application = match LDNApplication::load(query.id.clone(), query.owner.clone(), query.repo.clone()).await {
         Ok(app) => app,
         Err(e) => {
             return HttpResponse::BadRequest().body(e.to_string());
         }
     };
+    let updated_signer = VerifierInput {
+        github_username: query.github_username.clone(), // Use the provided `github_username` parameter
+        signing_address: signer.signing_address,
+        created_at: signer.created_at,
+        message_cid: signer.message_cid,
+    };
     match ldn_application
-        .complete_new_application_approval(signer, request_id, owner, repo)
+        .complete_new_application_approval(updated_signer, request_id, query.owner.clone(), query.repo.clone())
         .await
     {
         Ok(app) => HttpResponse::Ok().body(serde_json::to_string_pretty(&app).unwrap()),
diff --git a/fplus-lib/src/core/mod.rs b/fplus-lib/src/core/mod.rs
@@ -44,12 +44,17 @@ pub struct CreateApplicationInfo {
 #[derive(Deserialize, Serialize, Debug)]
 pub struct VerifierList(pub Vec<String>);
 
+#[derive(Deserialize, Serialize, Debug)]
+pub struct ApplicationProposalApprovalSignerInfo {
+    pub signing_address: String,
+    pub created_at: String,
+    pub message_cid: String,
+}
+
 #[derive(Deserialize, Serialize, Debug)]
 pub struct CompleteNewApplicationProposalInfo {
-    pub signer: VerifierInput,
+    pub signer: ApplicationProposalApprovalSignerInfo,
     pub request_id: String,
-    pub owner: String,
-    pub repo: String,
 }
 
 #[derive(Debug)]
@@ -64,8 +69,6 @@ pub struct LDNApplication {
 #[derive(Debug, Serialize, Deserialize)]
 pub struct CompleteGovernanceReviewInfo {
     pub actor: String,
-    pub owner: String,
-    pub repo: String,
 }
 
 #[derive(Deserialize, Debug)]
@@ -133,6 +136,14 @@ pub struct ApplicationQueryParams {
     pub repo: String,
 }
 
+#[derive(Deserialize)]
+pub struct VerifierActionsQueryParams {
+    pub github_username: String,
+    pub id: String,
+    pub owner: String,
+    pub repo: String,
+}
+
 #[derive(Debug, Clone)]
 pub struct ApplicationFileWithDate {
     pub application_file: ApplicationFile,
