Page MenuHomePhabricator

[comm-lib][reports] Extract 'authenticated' service trait
ClosedPublic

Authored by bartek on Jun 20 2024, 2:32 AM.
Tags
None
Referenced Files
Unknown Object (File)
Mon, Nov 25, 4:39 AM
Unknown Object (File)
Sun, Nov 24, 11:54 PM
Unknown Object (File)
Sat, Nov 23, 5:27 PM
Unknown Object (File)
Sat, Nov 23, 4:40 PM
Unknown Object (File)
Sat, Nov 23, 1:56 PM
Unknown Object (File)
Sat, Nov 23, 11:28 AM
Unknown Object (File)
Fri, Nov 15, 5:32 AM
Unknown Object (File)
Thu, Nov 14, 8:59 PM
Subscribers

Details

Summary

This diff is large, but smaller parts make no sense without each other.

Introduced two entities:

  • HttpAuthenticatedService trait - to be implemented by services like ReportsService or BlobServiceClient. They do require either CSAM (UserIdentity) or a service-to-service token to work (e.g. make blob calls). But they can still be used in unauthenticated endpoints.
  • Authenticated<S> extractor. This is to be used in HTTP handler functions to get an instance of an aforementioned service - see D12508 for example usage.

The business logic code (FromRequest impl) was already implemented for Reports service. I extracted it into
the above trait and made more flexible. Added lots of in-code comments to better understand.

In the next diff, this will be implemented for Backup service - D12508.

Depends on D12506

Test Plan

Local reports service:

  • Upload report with valid CSAT - use it to get User ID and for blob service requests
  • Upload report with invalid CSAT - fallback to services-token
  • Upload report with no CSAT - service-to-service token was retrieved.

All reports were large enough to trigger Blob service uploads.

Diff Detail

Repository
rCOMM Comm
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

bartek held this revision as a draft.
bartek published this revision for review.Jun 20 2024, 2:51 AM
bartek added inline comments.
services/reports/src/http/service.rs
19–21 ↗(On Diff #41545)

For Reports service, we use:

#[post("/")]
async fn post_reports(
  payload: web::Json<PostReportsPayload>,
  service: ReportsService,
) -> actix_web::Result<HttpResponse> {
  // ...
}

Left this trait here, to be able to use directly service: ReportsService instead of having to replace it with service: Authenticated<ReportsService>

But wondering if replacing it won't make the code simpler and more obvious than keeping this trait

shared/comm-lib/src/http/auth_service.rs
24 ↗(On Diff #41545)

This should be implemented by ReportsService, BlobServiceClient etc - see diff description

51 ↗(On Diff #41545)
94 ↗(On Diff #41545)

This is basically moved from impl FromRequest for ReportsService. Just made it more flexible

Overall looks good but might be good to get a review from someone with more experience in Rust (cc. @varun)

kamil added 1 blocking reviewer(s): varun.
varun added inline comments.
services/reports/src/http/service.rs
19–21 ↗(On Diff #41545)

I think removing this trait makes sense

This revision is now accepted and ready to land.Jun 25 2024, 6:53 AM

Remove trait for reports service