Mask Handler Response.

Author: rlakde

gradle.properties

@@ -10,5 +10,5 @@ mavenPassword=YourPassword
 # When updating the version, please as well consider:
 # - here-naksha-lib-core/src/main/com/here/naksha/lib/core/NakshaVersion (static property: latest)
 # - here-naksha-app-service/src/main/resources/swagger/openapi.yaml (info.version property)
-version=2.2.2
+version=2.2.3
 

here-naksha-app-service/src/main/java/com/here/naksha/app/service/http/ops/MaskingUtil.java

@@ -25,26 +25,27 @@
 import java.util.Set;
 
 public class MaskingUtil {
-
+  public static final Set<String> SENSITIVE_PROPERTIES = Set.of("password", "authorization");
   static final String MASK = "xxxxxx";
 
   private MaskingUtil() {}
 
-  public static void maskProperties(XyzFeature feature, Set<String> propertiesToMask) {
-    maskProperties(feature.getProperties(), propertiesToMask);
+  public static void maskProperties(XyzFeature feature) {
+    maskProperties(feature.getProperties());
   }
 
-  private static void maskProperties(Map<String, Object> propertiesAsMap, Set<String> propertiesToMask) {
+  private static void maskProperties(Map<String, Object> propertiesAsMap) {
     for (Entry<String, Object> entry : propertiesAsMap.entrySet()) {
-      if (propertiesToMask.stream().anyMatch(entry.getKey()::contains)) {
+      if (SENSITIVE_PROPERTIES.stream()
+          .anyMatch(property -> entry.getKey().toLowerCase().contains(property.toLowerCase()))) {
         entry.setValue(MASK);
       } else if (entry.getValue() instanceof Map) {
-        maskProperties((Map<String, Object>) entry.getValue(), propertiesToMask);
+        maskProperties((Map<String, Object>) entry.getValue());
       } else if (entry.getValue() instanceof ArrayList array) {
         // recursive call to the nested array json
         for (Object arrayEntry : array) {
           if (arrayEntry instanceof Map) {
-            maskProperties((Map<String, Object>) arrayEntry, propertiesToMask);
+            maskProperties((Map<String, Object>) arrayEntry);
           }
         }
       }

here-naksha-app-service/src/main/java/com/here/naksha/app/service/http/tasks/EventHandlerApiTask.java

@@ -39,9 +39,7 @@
 import com.here.naksha.lib.core.util.json.Json;
 import com.here.naksha.lib.core.util.storage.RequestHelper;
 import com.here.naksha.lib.core.view.ViewDeserialize;
-import com.here.naksha.lib.psql.PsqlInstanceConfig;
 import io.vertx.ext.web.RoutingContext;
-import java.util.Set;
 import org.jetbrains.annotations.NotNull;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -50,9 +48,6 @@ public class EventHandlerApiTask<T extends XyzResponse> extends AbstractApiTask<
 
   private static final Logger logger = LoggerFactory.getLogger(EventHandlerApiTask.class);
 
-  private static final Set<String> SENSITIVE_PROPERTIES =
-      Set.of(PsqlInstanceConfig.PASSWORD, "Authorization", "authorization");
-
   private final @NotNull EventHandlerApiReqType reqType;
 
   public EventHandlerApiTask(
@@ -103,11 +98,7 @@ protected void init() {}
     // Read request JSON
     final EventHandler newHandler = handlerFromRequestBody();
     final WriteXyzFeatures writeRequest = RequestHelper.createFeatureRequest(EVENT_HANDLERS, newHandler, false);
-    // persist new handler in Admin DB (if doesn't exist already)
-    try (Result writeResult = executeWriteRequestFromSpaceStorage(writeRequest)) {
-      return transformWriteResultToXyzFeatureResponse(
-          writeResult, EventHandler.class, this::handlerWithMaskedSensitiveProperties);
-    }
+    return transformedResponseTo(writeRequest);
   }
 
   private @NotNull XyzResponse executeGetHandlers() {
@@ -116,20 +107,15 @@ protected void init() {}
     // Submit request to NH Space Storage
     try (Result rdResult = executeReadRequestFromSpaceStorage(request)) {
       // transform ReadResult to Http FeatureCollection response
-      return transformReadResultToXyzCollectionResponse(
-          rdResult, EventHandler.class, this::handlerWithMaskedSensitiveProperties);
+      return transformReadResultToXyzCollectionResponse(rdResult, EventHandler.class);
     }
   }
 
   private @NotNull XyzResponse executeGetHandlerById() {
     // Create ReadFeatures Request to read the handler with the specific ID from Admin DB
     final String handlerId = routingContext.pathParam(HANDLER_ID);
     final ReadFeatures request = new ReadFeatures(EVENT_HANDLERS).withPropertyOp(POp.eq(PRef.id(), handlerId));
-    // Submit request to NH Space Storage
-    try (Result rdResult = executeReadRequestFromSpaceStorage(request)) {
-      return transformReadResultToXyzFeatureResponse(
-          rdResult, EventHandler.class, this::handlerWithMaskedSensitiveProperties);
-    }
+    return transformedResponseTo(request);
   }
 
   private @NotNull XyzResponse executeUpdateHandler() throws JsonProcessingException {
@@ -141,10 +127,7 @@ protected void init() {}
     } else {
       final WriteXyzFeatures updateHandlerReq =
           RequestHelper.updateFeatureRequest(EVENT_HANDLERS, handlerToUpdate);
-      try (Result updateHandlerResult = executeWriteRequestFromSpaceStorage(updateHandlerReq)) {
-        return transformWriteResultToXyzFeatureResponse(
-            updateHandlerResult, EventHandler.class, this::handlerWithMaskedSensitiveProperties);
-      }
+      return transformedResponseTo(updateHandlerReq);
     }
   }
 
@@ -157,8 +140,25 @@ protected void init() {}
     }
   }
 
+  @NotNull
+  private XyzResponse transformedResponseTo(ReadFeatures rdRequest) {
+    try (Result rdResult = executeReadRequestFromSpaceStorage(rdRequest)) {
+      return transformReadResultToXyzFeatureResponse(
+          rdResult, EventHandler.class, this::handlerWithMaskedSensitiveProperties);
+    }
+  }
+
+  @NotNull
+  private XyzResponse transformedResponseTo(WriteXyzFeatures updateHandlerReq) {
+    // persist new handler in Admin DB (if doesn't exist already)
+    try (Result updateHandlerResult = executeWriteRequestFromSpaceStorage(updateHandlerReq)) {
+      return transformWriteResultToXyzFeatureResponse(
+          updateHandlerResult, EventHandler.class, this::handlerWithMaskedSensitiveProperties);
+    }
+  }
+
   private EventHandler handlerWithMaskedSensitiveProperties(EventHandler handler) {
-    maskProperties(handler, SENSITIVE_PROPERTIES);
+    maskProperties(handler);
     return handler;
   }
 

here-naksha-app-service/src/main/java/com/here/naksha/app/service/http/tasks/StorageApiTask.java

@@ -39,19 +39,14 @@
 import com.here.naksha.lib.core.util.json.Json;
 import com.here.naksha.lib.core.util.storage.RequestHelper;
 import com.here.naksha.lib.core.view.ViewDeserialize;
-import com.here.naksha.lib.psql.PsqlInstanceConfig;
 import io.vertx.ext.web.RoutingContext;
-import java.util.Set;
 import org.jetbrains.annotations.NotNull;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 public class StorageApiTask extends AbstractApiTask<XyzResponse> {
 
   private static final Logger logger = LoggerFactory.getLogger(StorageApiTask.class);
-
-  private static final Set<String> SENSITIVE_PROPERTIES =
-      Set.of(PsqlInstanceConfig.PASSWORD, "Authorization", "authorization");
   private final @NotNull StorageApiReqType reqType;
 
   public enum StorageApiReqType {
@@ -164,7 +159,7 @@ private XyzResponse transformedResponseTo(WriteXyzFeatures updateStorageReq) {
   }
 
   private Storage storageWithMaskedSensitiveProperties(Storage storage) {
-    maskProperties(storage, SENSITIVE_PROPERTIES);
+    maskProperties(storage);
     return storage;
   }
 

here-naksha-app-service/src/main/resources/swagger/openapi.yaml

@@ -12,7 +12,7 @@ servers:
 info:
   title: "Naksha Hub-API"
   description: "Naksha Hub-API is a REST API to provide simple access to geo data."
-  version: "2.2.2"
+  version: "2.2.3"
 
 security:
   - AccessToken: [ ]

here-naksha-app-service/src/test/java/com/here/naksha/app/service/http/ops/MaskingUtilTest.java

@@ -15,7 +15,7 @@ class MaskingUtilTest {
   void shouldMaskProperties(){
     // Given
     XyzFeature feature = featureWithProps(mutableMapOf(
-        "sensitiveObject", mutableMapOf(
+        "Authorization", mutableMapOf(
             "some_entry_1", 123,
             "some_entry_2", "lorem ipsum"
         ),
@@ -30,7 +30,7 @@ void shouldMaskProperties(){
             "nested", mutableMapOf(
                 "map", mutableMapOf(
                     "to", mutableMapOf(
-                        "sensitiveObject", mutableMapOf(
+                        "authorization", mutableMapOf(
                             "foo", "bar"
                         )
                     )
@@ -39,15 +39,12 @@ void shouldMaskProperties(){
         )
     ));
 
-    // And:
-    Set<String> sensitiveProperties = Set.of("sensitiveObject", "Authorization", "password");
-
     // When:
-    MaskingUtil.maskProperties(feature, sensitiveProperties);
+    MaskingUtil.maskProperties(feature);
 
     // Then:
     assertEquals(Map.of(
-        "sensitiveObject", MaskingUtil.MASK,
+        "Authorization", MaskingUtil.MASK,
         "headers", Map.of(
             "Authorization", MaskingUtil.MASK,
             "Content-Type", "application/json"
@@ -59,7 +56,7 @@ void shouldMaskProperties(){
             "nested", Map.of(
                 "map", Map.of(
                     "to", Map.of(
-                        "sensitiveObject", MaskingUtil.MASK
+                        "authorization", MaskingUtil.MASK
                     )
                 )
             )

here-naksha-lib-core/src/main/java/com/here/naksha/lib/core/NakshaVersion.java

@@ -60,12 +60,13 @@ public class NakshaVersion implements Comparable<NakshaVersion> {
   public static final String v2_2_0 = "2.2.0";
   public static final String v2_2_1 = "2.2.1";
   public static final String v2_2_2 = "2.2.2";
+  public static final String v2_2_3 = "2.2.3";
 
   /**
    * The latest version of the naksha-extension stored in the resources.
    */
   @AvailableSince(v2_0_5)
-  public static final NakshaVersion latest = of(v2_2_2);
+  public static final NakshaVersion latest = of(v2_2_3);
 
   private final int major;
   private final int minor;