feat: added middleware for security purposes on verifier api calls

AlexMCon · AlexMCon · commit f62030394bfc · 2024-03-01T10:43:24.000+02:00
diff --git a/fplus-http-server/Cargo.toml b/fplus-http-server/Cargo.toml
@@ -9,7 +9,9 @@ edition = "2021"
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 
 [dependencies]
+futures-util = "0.3"
 actix-web = "4.3.1"
+actix-utils = "3.0.1"
 serde = { version =  "1.0.164", features = ["derive", "std",
 "serde_derive", "alloc", "rc"] } 
 tokio = { version = "1.29.1", features = ["full"] }
@@ -26,4 +28,3 @@ anyhow = "1.0.75"
 async-trait = "0.1.73"
 uuidv4 = "1.0.0"
 log = "0.4.20"
-
diff --git a/fplus-http-server/src/main.rs b/fplus-http-server/src/main.rs
@@ -1,11 +1,125 @@
-use std::env;
-
-use actix_web::middleware::Logger;
-use actix_web::{App, HttpServer};
 use env_logger;
 use log::info;
 use fplus_database;
 pub(crate) mod router;
+use reqwest::Client;
+use serde::Deserialize;
+
+use std::{env, future::{ready, Ready}};
+
+use actix_web::{
+    App,
+    HttpServer,
+    web,
+    middleware::Logger,
+    dev::{forward_ready, Service, ServiceRequest, ServiceResponse, Transform},
+    Error,
+    HttpResponse,
+    http::StatusCode,
+};
+use futures_util::future::LocalBoxFuture;
+
+#[derive(Deserialize, Debug)]
+struct RepoQuery {
+    owner: String,
+    repo: String,
+}
+
+pub struct GHAuth;
+
+impl<S, B> Transform<S, ServiceRequest> for GHAuth
+where
+    S: Service<ServiceRequest, Response = ServiceResponse<B>, Error = Error>,
+    S::Future: 'static,
+    B: 'static,
+{
+    type Response = ServiceResponse<B>;
+    type Error = Error;
+    type InitError = ();
+    type Transform = GHAuthMiddleware<S>;
+    type Future = Ready<Result<Self::Transform, Self::InitError>>;
+
+    fn new_transform(&self, service: S) -> Self::Future {
+        ready(Ok(GHAuthMiddleware { service }))
+    }
+}
+
+pub struct GHAuthMiddleware<S> {
+    service: S,
+}
+
+impl<S, B> Service<ServiceRequest> for GHAuthMiddleware<S>
+where
+    S: Service<ServiceRequest, Response = ServiceResponse<B>, Error = Error>,
+    S::Future: 'static,
+    B: 'static,
+{
+    type Response = ServiceResponse<B>;
+    type Error = Error;
+    type Future = LocalBoxFuture<'static, Result<Self::Response, Self::Error>>;
+
+    forward_ready!(service);
+
+    fn call(&self, req: ServiceRequest) -> Self::Future {
+        let query_string = req.query_string();
+        let query: Result<web::Query<RepoQuery>, _> = web::Query::from_query(query_string);
+
+        let auth_header_value = req.headers().get("Authorization")
+            .and_then(|hv| hv.to_str().ok())
+            .filter(|hv| hv.starts_with("Bearer "))
+            .map(|hv| hv["Bearer ".len()..].to_string());
+        let fut = self.service.call(req);
+
+        Box::pin(async move {
+            // if let Some(token) = auth_header_value {
+            //     // Make the asynchronous HTTP request here
+            //     let client = Client::new();
+            //     let user_info_result = client.get("https://api.github.com/user")
+            //         .header("Authorization", format!("Bearer {}", token))
+            //         .header("User-Agent", "Actix-web")
+            //         .send()
+            //         .await;
+    
+            //     match user_info_result {
+            //         Ok(response) => {
+            //             if response.status().is_success() {
+            //                 let user_info = response
+            //                 .json::<serde_json::Value>()
+            //                 .await
+            //                 .expect("Failed to parse JSON");
+                            
+            //                 if let Some(login) = user_info.get("login").and_then(|v| v.as_str()) {
+            //                     println!("Login: {}", login);
+            //                 } else {
+            //                     println!("Login information not found.");
+            //                 }
+            //             } else {
+            //                 println!("Failed to get GitHub user info");
+            //             }
+            //         },
+            //         Err(e) => println!("Request error: {:?}", e),
+            //     }
+            // }
+
+            // match database::get_allocator(&owner, &repo).await {
+            //     Ok(allocator) => {
+            //         match allocator {
+            //             Some(allocator) => HttpResponse::Ok().json(allocator),
+            //             None => HttpResponse::NotFound().finish(),
+            //         }
+            //     },
+            //     Err(e) => {
+            //         HttpResponse::InternalServerError().body(e.to_string())
+            //     }
+            // }
+    
+            let res = fut.await?;
+            println!("Hi from response");
+            Ok(res)
+        })
+    }
+}
+
 
 #[tokio::main]
 async fn main() -> std::io::Result<()> {
@@ -27,9 +141,14 @@ async fn main() -> std::io::Result<()> {
             .wrap(cors)
             .service(router::health)
             .service(router::application::create)
-            .service(router::application::trigger)
-            .service(router::application::propose)
-            .service(router::application::approve)
+            .service(
+                web::scope("/api")
+                    .wrap(GHAuth) // Apply GitHubAuth to all routes under "/api"
+                    .service(router::application::testz)
+                    .service(router::application::trigger)
+                    .service(router::application::propose)
+                    .service(router::application::approve)
+            )
             .service(router::application::merged)
             .service(router::application::active)
             .service(router::application::all_applications)
diff --git a/fplus-http-server/src/router/application.rs b/fplus-http-server/src/router/application.rs
@@ -32,22 +32,30 @@ pub async fn single(query: web::Query<ApplicationQueryParams>) -> impl Responder
     }
 }
 
-#[post("/application/{id}/trigger")]
+#[post("/testz")]
+pub async fn testz(
+    query: web::Query<ApplicationQueryParams>
+) -> impl Responder {
+    println!("testzzzz {:?} {:?}", query.owner, query.repo);
+    return HttpResponse::Ok()
+}
+
+#[post("/application/trigger")]
 pub async fn trigger(
-    id: web::Path<String>,
+    query: web::Query<ApplicationQueryParams>,
     info: web::Json<CompleteGovernanceReviewInfo>,
 ) -> impl Responder {
 
-    let CompleteGovernanceReviewInfo { actor, owner, repo } = info.into_inner();
-    let ldn_application = match LDNApplication::load(id.into_inner(), owner.clone(), repo.clone()).await {
+    let CompleteGovernanceReviewInfo { actor} = info.into_inner();
+    let ldn_application = match LDNApplication::load(query.id.clone(), query.owner.clone(), query.repo.clone()).await {
         Ok(app) => app,
         Err(e) => {
             return HttpResponse::BadRequest().body(e.to_string());
         }
     };
     dbg!(&ldn_application);
     match ldn_application
-        .complete_governance_review(actor, owner, repo)
+        .complete_governance_review(actor, query.id.clone(), query.repo.clone())
         .await
     {
         Ok(app) => HttpResponse::Ok().body(serde_json::to_string_pretty(&app).unwrap()),
@@ -58,25 +66,23 @@ pub async fn trigger(
     }
 }
 
-#[post("/application/{id}/propose")]
+#[post("/application/propose")]
 pub async fn propose(
-    id: web::Path<String>,
     info: web::Json<CompleteNewApplicationProposalInfo>,
+    query: web::Query<ApplicationQueryParams>,
 ) -> impl Responder {
     let CompleteNewApplicationProposalInfo {
         signer,
         request_id, 
-        owner, 
-        repo
     } = info.into_inner();
-    let ldn_application = match LDNApplication::load(id.into_inner(), owner.clone(), repo.clone()).await {
+    let ldn_application = match LDNApplication::load(query.id.clone(), query.owner.clone(), query.repo.clone()).await {
         Ok(app) => app,
         Err(e) => {
             return HttpResponse::BadRequest().body(e.to_string());
         }
     };
     match ldn_application
-        .complete_new_application_proposal(signer, request_id, owner, repo)
+        .complete_new_application_proposal(signer, request_id, query.owner.clone(), query.repo.clone())
         .await
     {
         Ok(app) => HttpResponse::Ok().body(serde_json::to_string_pretty(&app).unwrap()),
@@ -86,26 +92,24 @@ pub async fn propose(
     }
 }
 
-#[post("/application/{id}/approve")]
+#[post("/application/approve")]
 pub async fn approve(
-    id: web::Path<String>,
+    query: web::Query<ApplicationQueryParams>,
     info: web::Json<CompleteNewApplicationProposalInfo>,
 ) -> impl Responder {
     let CompleteNewApplicationProposalInfo {
         signer,
         request_id, 
-        owner, 
-        repo
     } = info.into_inner();
-    let ldn_application = match LDNApplication::load(id.into_inner(), owner.clone(), repo.clone()).await {
+    let ldn_application = match LDNApplication::load(query.id.clone(), query.owner.clone(), query.repo.clone()).await {
         Ok(app) => app,
         Err(e) => {
             return HttpResponse::BadRequest().body(e.to_string());
         }
     };
     dbg!(&ldn_application);
     match ldn_application
-        .complete_new_application_approval(signer, request_id, owner, repo)
+        .complete_new_application_approval(signer, request_id, query.owner.clone(), query.repo.clone())
         .await
     {
         Ok(app) => HttpResponse::Ok().body(serde_json::to_string_pretty(&app).unwrap()),
