D12451.diff
No OneTemporary
Actions

Size

7 KB

Referenced Files

None

Subscribers

None

D12451.diff
View Options

	diff --git a/services/reports/src/http/mod.rs b/services/reports/src/http/mod.rs
	--- a/services/reports/src/http/mod.rs
	+++ b/services/reports/src/http/mod.rs
	@@ -13,6 +13,7 @@
	use crate::service::{ReportsService, ReportsServiceError};

	mod handlers;
	+mod service;

	pub async fn run_http_server(
	reports_service: ReportsService,
	diff --git a/services/reports/src/http/service.rs b/services/reports/src/http/service.rs
	new file mode 100644
	--- /dev/null
	+++ b/services/reports/src/http/service.rs
	@@ -0,0 +1,90 @@
	+use actix_web::FromRequest;
	+use comm_lib::auth::{
	+ is_csat_verification_disabled, AuthService, AuthorizationCredential,
	+};
	+use std::{future::Future, pin::Pin};
	+use tracing::{error, warn};
	+
	+use crate::service::ReportsService;
	+
	+impl FromRequest for ReportsService {
	+ type Error = actix_web::Error;
	+ type Future = Pin<Box<dyn Future<Output = Result<Self, actix_web::Error>>>>;
	+
	+ #[inline]
	+ fn from_request(
	+ req: &actix_web::HttpRequest,
	+ payload: &mut actix_web::dev::Payload,
	+ ) -> Self::Future {
	+ use actix_web::error::{ErrorForbidden, ErrorInternalServerError};
	+
	+ let base_service =
	+ req.app_data::<ReportsService>().cloned().ok_or_else(\|\| {
	+ tracing::error!(
	+ "FATAL! Failed to extract ReportsService from actix app_data. \
	+ Check HTTP server configuration"
	+ );
	+ ErrorInternalServerError("Internal server error")
	+ });
	+
	+ let auth_service =
	+ req.app_data::<AuthService>().cloned().ok_or_else(\|\| {
	+ tracing::error!(
	+ "FATAL! Failed to extract AuthService from actix app_data. \
	+ Check HTTP server configuration"
	+ );
	+ ErrorInternalServerError("Internal server error")
	+ });
	+
	+ let request_auth_value =
	+ AuthorizationCredential::from_request(req, payload);
	+
	+ Box::pin(async move {
	+ let auth_service = auth_service?;
	+ let base_service = base_service?;
	+
	+ let credential = request_auth_value.await.ok();
	+
	+ // This is Some if the request contains valid Authorization header
	+ let auth_token = match credential {
	+ Some(token @ AuthorizationCredential::UserToken(_)) => {
	+ let token_valid = auth_service
	+ .verify_auth_credential(&token)
	+ .await
	+ .map_err(\|err\| {
	+ error!("Failed to verify access token: {err}");
	+ ErrorInternalServerError("Internal server error")
	+ })?;
	+ if token_valid \|\| is_csat_verification_disabled() {
	+ token
	+ } else {
	+ warn!("Posting report with invalid credentials! Defaulting to ServicesToken...");
	+ get_services_token_credential(&auth_service).await?
	+ }
	+ }
	+ Some(_) => {
	+ // Reports service shouldn't be called by other services
	+ warn!("Reports service requires user authorization");
	+ return Err(ErrorForbidden("Forbidden"));
	+ }
	+ None => {
	+ // Unauthenticated requests get a service-to-service token
	+ get_services_token_credential(&auth_service).await?
	+ }
	+ };
	+ let service = base_service.with_authentication(auth_token);
	+ Ok(service)
	+ })
	+ }
	+}
	+
	+async fn get_services_token_credential(
	+ auth_service: &AuthService,
	+) -> Result<AuthorizationCredential, actix_web::Error> {
	+ let services_token =
	+ auth_service.get_services_token().await.map_err(\|err\| {
	+ error!("Failed to get services token: {err}");
	+ actix_web::error::ErrorInternalServerError("Internal server error")
	+ })?;
	+ Ok(AuthorizationCredential::ServicesToken(services_token))
	+}
	diff --git a/services/reports/src/service.rs b/services/reports/src/service.rs
	--- a/services/reports/src/service.rs
	+++ b/services/reports/src/service.rs
	@@ -1,14 +1,13 @@
	-use actix_web::FromRequest;
	use chrono::Utc;
	use comm_lib::{
	- auth::{is_csat_verification_disabled, AuthService, AuthorizationCredential},
	+ auth::AuthorizationCredential,
	blob::client::{BlobServiceClient, BlobServiceError},
	crypto::aes256,
	database::{self, blob::BlobOrDBContent},
	};
	use derive_more::{Display, Error, From};
	-use std::{collections::HashMap, future::Future, pin::Pin, sync::Arc};
	-use tracing::{error, trace, warn};
	+use std::{collections::HashMap, sync::Arc};
	+use tracing::{error, trace};

	use crate::{
	config::CONFIG,
	@@ -196,88 +195,6 @@
	}
	}

	-impl FromRequest for ReportsService {
	- type Error = actix_web::Error;
	- type Future = Pin<Box<dyn Future<Output = Result<Self, actix_web::Error>>>>;
	-
	- #[inline]
	- fn from_request(
	- req: &actix_web::HttpRequest,
	- payload: &mut actix_web::dev::Payload,
	- ) -> Self::Future {
	- use actix_web::error::{ErrorForbidden, ErrorInternalServerError};
	-
	- let base_service =
	- req.app_data::<ReportsService>().cloned().ok_or_else(\|\| {
	- tracing::error!(
	- "FATAL! Failed to extract ReportsService from actix app_data. \
	- Check HTTP server configuration"
	- );
	- ErrorInternalServerError("Internal server error")
	- });
	-
	- let auth_service =
	- req.app_data::<AuthService>().cloned().ok_or_else(\|\| {
	- tracing::error!(
	- "FATAL! Failed to extract AuthService from actix app_data. \
	- Check HTTP server configuration"
	- );
	- ErrorInternalServerError("Internal server error")
	- });
	-
	- let request_auth_value =
	- AuthorizationCredential::from_request(req, payload);
	-
	- Box::pin(async move {
	- let auth_service = auth_service?;
	- let base_service = base_service?;
	-
	- let credential = request_auth_value.await.ok();
	-
	- // This is Some if the request contains valid Authorization header
	- let auth_token = match credential {
	- Some(token @ AuthorizationCredential::UserToken(_)) => {
	- let token_valid = auth_service
	- .verify_auth_credential(&token)
	- .await
	- .map_err(\|err\| {
	- error!("Failed to verify access token: {err}");
	- ErrorInternalServerError("Internal server error")
	- })?;
	- if token_valid \|\| is_csat_verification_disabled() {
	- token
	- } else {
	- warn!("Posting report with invalid credentials! Defaulting to ServicesToken...");
	- get_services_token_credential(&auth_service).await?
	- }
	- }
	- Some(_) => {
	- // Reports service shouldn't be called by other services
	- warn!("Reports service requires user authorization");
	- return Err(ErrorForbidden("Forbidden"));
	- }
	- None => {
	- // Unauthenticated requests get a service-to-service token
	- get_services_token_credential(&auth_service).await?
	- }
	- };
	- let service = base_service.with_authentication(auth_token);
	- Ok(service)
	- })
	- }
	-}
	-
	-async fn get_services_token_credential(
	- auth_service: &AuthService,
	-) -> Result<AuthorizationCredential, actix_web::Error> {
	- let services_token =
	- auth_service.get_services_token().await.map_err(\|err\| {
	- error!("Failed to get services token: {err}");
	- actix_web::error::ErrorInternalServerError("Internal server error")
	- })?;
	- Ok(AuthorizationCredential::ServicesToken(services_token))
	-}
	-
	struct ProcessedReport {
	id: ReportID,
	db_item: ReportItem,

File Metadata

Mime Type: text/plain
Expires: Sun, Nov 24, 3:22 PM (21 h, 41 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 2576551
Default Alt Text: D12451.diff (7 KB)

D12451.diffNo OneTemporaryActions

D12451.diffView Options

File Metadata

Event Timeline

D12451.diff
No OneTemporary
Actions

D12451.diff
View Options