ISSUE-410 Add utility parser function for webhook event (#411)

* add line-bot-parser module

* let LineBotCallbackRequestParser use WebhookParser

* fix debug log message in WebhookParser

* reformat settings.gradle

* add copyright

* keep LineBotCallbackRequestParser#handle(String, String) as Deprecated method

* add SignatureValidator interface

* fix SignatureValidator mock and its tests

* add test for deprecated method

Author: okue

line-bot-api-client/build.gradle

@@ -16,6 +16,7 @@
 
 dependencies {
     compile project(':line-bot-model')
+    implementation project(':line-bot-parser')
     compile 'com.fasterxml.jackson.core:jackson-core'
     compile 'com.fasterxml.jackson.core:jackson-databind'
     compile 'org.slf4j:slf4j-api'

line-bot-api-client/src/main/java/com/linecorp/bot/client/LineSignatureValidator.java

@@ -24,20 +24,22 @@
 import javax.crypto.Mac;
 import javax.crypto.spec.SecretKeySpec;
 
+import com.linecorp.bot.parser.SignatureValidator;
+
 import lombok.NonNull;
 
 /**
  * This class validates value of the `X-LINE-Signature` header.
  */
-public class LineSignatureValidator {
+public class LineSignatureValidator implements SignatureValidator {
     private static final String HASH_ALGORITHM = "HmacSHA256";
     private final SecretKeySpec secretKeySpec;
 
     /**
      * Create new instance with channel secret.
      */
     public LineSignatureValidator(byte[] channelSecret) {
-        this.secretKeySpec = new SecretKeySpec(channelSecret, HASH_ALGORITHM);
+        secretKeySpec = new SecretKeySpec(channelSecret, HASH_ALGORITHM);
     }
 
     /**
@@ -48,6 +50,7 @@ public LineSignatureValidator(byte[] channelSecret) {
      *
      * @return True if headerSignature matches signature of the content. False otherwise.
      */
+    @Override
     public boolean validateSignature(@NonNull byte[] content, @NonNull String headerSignature) {
         final byte[] signature = generateSignature(content);
         final byte[] decodeHeaderSignature = Base64.getDecoder().decode(headerSignature);
@@ -63,7 +66,7 @@ public boolean validateSignature(@NonNull byte[] content, @NonNull String header
      */
     public byte[] generateSignature(@NonNull byte[] content) {
         try {
-            Mac mac = Mac.getInstance(HASH_ALGORITHM);
+            final Mac mac = Mac.getInstance(HASH_ALGORITHM);
             mac.init(secretKeySpec);
             return mac.doFinal(content);
         } catch (NoSuchAlgorithmException | InvalidKeyException e) {
@@ -76,4 +79,3 @@ public byte[] generateSignature(@NonNull byte[] content) {
     }
 
 }
-

line-bot-parser/build.gradle

@@ -0,0 +1,21 @@
+/*
+ * Copyright 2019 LINE Corporation
+ *
+ * LINE Corporation licenses this file to you under the Apache License,
+ * version 2.0 (the "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at:
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+dependencies {
+    implementation project(':line-bot-model')
+    implementation 'com.fasterxml.jackson.core:jackson-databind'
+    implementation 'org.slf4j:slf4j-api'
+}

line-bot-parser/src/main/java/com/linecorp/bot/parser/SignatureValidator.java

@@ -0,0 +1,21 @@
+/*
+ * Copyright 2019 LINE Corporation
+ *
+ * LINE Corporation licenses this file to you under the Apache License,
+ * version 2.0 (the "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at:
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+package com.linecorp.bot.parser;
+
+public interface SignatureValidator {
+    boolean validateSignature(byte[] content, String headerSignature);
+}

line-bot-parser/src/main/java/com/linecorp/bot/parser/WebhookParseException.java

@@ -0,0 +1,25 @@
+/*
+ * Copyright 2019 LINE Corporation
+ *
+ * LINE Corporation licenses this file to you under the Apache License,
+ * version 2.0 (the "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at:
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+package com.linecorp.bot.parser;
+
+public class WebhookParseException extends Exception {
+    private static final long serialVersionUID = 3026745517844618607L;
+
+    public WebhookParseException(String message) {
+        super(message);
+    }
+}

line-bot-parser/src/main/java/com/linecorp/bot/parser/WebhookParser.java

@@ -0,0 +1,74 @@
+/*
+ * Copyright 2019 LINE Corporation
+ *
+ * LINE Corporation licenses this file to you under the Apache License,
+ * version 2.0 (the "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at:
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+package com.linecorp.bot.parser;
+
+import java.io.IOException;
+import java.nio.charset.StandardCharsets;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+
+import com.linecorp.bot.model.event.CallbackRequest;
+import com.linecorp.bot.model.objectmapper.ModelObjectMapper;
+
+import lombok.NonNull;
+import lombok.extern.slf4j.Slf4j;
+
+@Slf4j
+public class WebhookParser {
+    private final ObjectMapper objectMapper = ModelObjectMapper.createNewObjectMapper();
+    private final SignatureValidator signatureValidator;
+
+    /**
+     * Creates a new instance.
+     *
+     * @param signatureValidator LINE messaging API's signature validator
+     */
+    public WebhookParser(@NonNull SignatureValidator signatureValidator) {
+        this.signatureValidator = signatureValidator;
+    }
+
+    /**
+     * Parses a request.
+     *
+     * @param signature X-Line-Signature header.
+     * @param payload Request body.
+     *
+     * @return Parsed result. If there's an error, this method sends response.
+     *
+     * @throws WebhookParseException There's an error around signature.
+     */
+    public CallbackRequest handle(String signature, byte[] payload) throws IOException, WebhookParseException {
+        // validate signature
+        if (signature == null || signature.isEmpty()) {
+            throw new WebhookParseException("Missing 'X-Line-Signature' header");
+        }
+
+        if (log.isDebugEnabled()) {
+            log.debug("got: {}", new String(payload, StandardCharsets.UTF_8));
+        }
+
+        if (!signatureValidator.validateSignature(payload, signature)) {
+            throw new WebhookParseException("Invalid API signature");
+        }
+
+        final CallbackRequest callbackRequest = objectMapper.readValue(payload, CallbackRequest.class);
+        if (callbackRequest == null || callbackRequest.getEvents() == null) {
+            throw new WebhookParseException("Invalid content");
+        }
+        return callbackRequest;
+    }
+}

line-bot-parser/src/test/java/com/linecorp/bot/parser/WebhookParserTest.java

@@ -0,0 +1,113 @@
+/*
+ * Copyright 2019 LINE Corporation
+ *
+ * LINE Corporation licenses this file to you under the Apache License,
+ * version 2.0 (the "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at:
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+package com.linecorp.bot.parser;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.mockito.Mockito.when;
+
+import java.io.InputStream;
+import java.nio.charset.StandardCharsets;
+import java.time.Instant;
+import java.util.List;
+
+import org.junit.Before;
+import org.junit.Rule;
+import org.junit.Test;
+import org.mockito.Mock;
+import org.mockito.junit.MockitoJUnit;
+import org.mockito.junit.MockitoRule;
+
+import com.google.common.io.ByteStreams;
+
+import com.linecorp.bot.model.event.CallbackRequest;
+import com.linecorp.bot.model.event.Event;
+import com.linecorp.bot.model.event.MessageEvent;
+import com.linecorp.bot.model.event.message.TextMessageContent;
+
+public class WebhookParserTest {
+    @Rule
+    public final MockitoRule mockitoRule = MockitoJUnit.rule();
+
+    @Mock
+    private final SignatureValidator signatureValidator = new MockSignatureValidator();
+
+    static class MockSignatureValidator implements SignatureValidator {
+        @Override
+        public boolean validateSignature(byte[] content, String headerSignature) {
+            return false;
+        }
+    }
+
+    private WebhookParser parser;
+
+    @Before
+    public void before() {
+        parser = new WebhookParser(signatureValidator);
+    }
+
+    @Test
+    public void testMissingHeader() {
+        assertThatThrownBy(() -> parser.handle("", "".getBytes(StandardCharsets.UTF_8)))
+                .isInstanceOf(WebhookParseException.class)
+                .hasMessage("Missing 'X-Line-Signature' header");
+    }
+
+    @Test
+    public void testInvalidSignature() {
+        assertThatThrownBy(
+                () -> parser.handle("SSSSIGNATURE", "{}".getBytes(StandardCharsets.UTF_8)))
+                .isInstanceOf(WebhookParseException.class)
+                .hasMessage("Invalid API signature");
+    }
+
+    @Test
+    public void testNullRequest() {
+        final String signature = "SSSSIGNATURE";
+        final byte[] nullContent = "null".getBytes(StandardCharsets.UTF_8);
+
+        when(signatureValidator.validateSignature(nullContent, signature)).thenReturn(true);
+
+        assertThatThrownBy(() -> parser.handle(signature, nullContent))
+                .isInstanceOf(WebhookParseException.class)
+                .hasMessage("Invalid content");
+    }
+
+    @Test
+    public void testCallRequest() throws Exception {
+        final InputStream resource = getClass().getClassLoader().getResourceAsStream(
+                "callback-request.json");
+        final byte[] payload = ByteStreams.toByteArray(resource);
+
+        when(signatureValidator.validateSignature(payload, "SSSSIGNATURE")).thenReturn(true);
+
+        final CallbackRequest callbackRequest = parser.handle("SSSSIGNATURE", payload);
+
+        assertThat(callbackRequest).isNotNull();
+
+        final List<Event> result = callbackRequest.getEvents();
+
+        final MessageEvent messageEvent = (MessageEvent) result.get(0);
+        final TextMessageContent text = (TextMessageContent) messageEvent.getMessage();
+        assertThat(text.getText()).isEqualTo("Hello, world");
+
+        final String followedUserId = messageEvent.getSource().getUserId();
+        assertThat(followedUserId).isEqualTo("u206d25c2ea6bd87c17655609a1c37cb8");
+        assertThat(messageEvent.getTimestamp()).isEqualTo(
+                Instant.parse("2016-05-07T13:57:59.859Z"));
+    }
+}

line-bot-parser/src/test/resources/callback-request.json

@@ -0,0 +1,28 @@
+{
+  "destination":  "U00000000000000000000000000000000",
+  "events": [
+    {
+      "replyToken": "nHuyWiB7yP5Zw52FIkcQobQuGDXCTA",
+      "type": "message",
+      "timestamp": 1462629479859,
+      "source": {
+        "type": "user",
+        "userId": "u206d25c2ea6bd87c17655609a1c37cb8"
+      },
+      "message": {
+        "id": "325708",
+        "type": "text",
+        "text": "Hello, world"
+      }
+    },
+    {
+      "replyToken": "nHuyWiB7yP5Zw52FIkcQobQuGDXCTA",
+      "type": "follow",
+      "timestamp": 1462629479859,
+      "source": {
+        "type": "user",
+        "userId": "u206d25c2ea6bd87c17655609a1c37cb8"
+      }
+    }
+  ]
+}

line-bot-servlet/build.gradle

@@ -16,6 +16,7 @@
 
 dependencies {
     compile project(':line-bot-api-client')
+    implementation project(':line-bot-parser')
     compile 'com.fasterxml.jackson.core:jackson-databind'
     compile 'com.google.guava:guava'