Page MenuHomePhabricator

D12451.id41383.diff
No OneTemporary

D12451.id41383.diff

diff --git a/services/reports/src/http/mod.rs b/services/reports/src/http/mod.rs
--- a/services/reports/src/http/mod.rs
+++ b/services/reports/src/http/mod.rs
@@ -13,6 +13,7 @@
use crate::service::{ReportsService, ReportsServiceError};
mod handlers;
+mod service;
pub async fn run_http_server(
reports_service: ReportsService,
diff --git a/services/reports/src/http/service.rs b/services/reports/src/http/service.rs
new file mode 100644
--- /dev/null
+++ b/services/reports/src/http/service.rs
@@ -0,0 +1,90 @@
+use actix_web::FromRequest;
+use comm_lib::auth::{
+ is_csat_verification_disabled, AuthService, AuthorizationCredential,
+};
+use std::{future::Future, pin::Pin};
+use tracing::{error, warn};
+
+use crate::service::ReportsService;
+
+impl FromRequest for ReportsService {
+ type Error = actix_web::Error;
+ type Future = Pin<Box<dyn Future<Output = Result<Self, actix_web::Error>>>>;
+
+ #[inline]
+ fn from_request(
+ req: &actix_web::HttpRequest,
+ payload: &mut actix_web::dev::Payload,
+ ) -> Self::Future {
+ use actix_web::error::{ErrorForbidden, ErrorInternalServerError};
+
+ let base_service =
+ req.app_data::<ReportsService>().cloned().ok_or_else(|| {
+ tracing::error!(
+ "FATAL! Failed to extract ReportsService from actix app_data. \
+ Check HTTP server configuration"
+ );
+ ErrorInternalServerError("Internal server error")
+ });
+
+ let auth_service =
+ req.app_data::<AuthService>().cloned().ok_or_else(|| {
+ tracing::error!(
+ "FATAL! Failed to extract AuthService from actix app_data. \
+ Check HTTP server configuration"
+ );
+ ErrorInternalServerError("Internal server error")
+ });
+
+ let request_auth_value =
+ AuthorizationCredential::from_request(req, payload);
+
+ Box::pin(async move {
+ let auth_service = auth_service?;
+ let base_service = base_service?;
+
+ let credential = request_auth_value.await.ok();
+
+ // This is Some if the request contains valid Authorization header
+ let auth_token = match credential {
+ Some(token @ AuthorizationCredential::UserToken(_)) => {
+ let token_valid = auth_service
+ .verify_auth_credential(&token)
+ .await
+ .map_err(|err| {
+ error!("Failed to verify access token: {err}");
+ ErrorInternalServerError("Internal server error")
+ })?;
+ if token_valid || is_csat_verification_disabled() {
+ token
+ } else {
+ warn!("Posting report with invalid credentials! Defaulting to ServicesToken...");
+ get_services_token_credential(&auth_service).await?
+ }
+ }
+ Some(_) => {
+ // Reports service shouldn't be called by other services
+ warn!("Reports service requires user authorization");
+ return Err(ErrorForbidden("Forbidden"));
+ }
+ None => {
+ // Unauthenticated requests get a service-to-service token
+ get_services_token_credential(&auth_service).await?
+ }
+ };
+ let service = base_service.with_authentication(auth_token);
+ Ok(service)
+ })
+ }
+}
+
+async fn get_services_token_credential(
+ auth_service: &AuthService,
+) -> Result<AuthorizationCredential, actix_web::Error> {
+ let services_token =
+ auth_service.get_services_token().await.map_err(|err| {
+ error!("Failed to get services token: {err}");
+ actix_web::error::ErrorInternalServerError("Internal server error")
+ })?;
+ Ok(AuthorizationCredential::ServicesToken(services_token))
+}
diff --git a/services/reports/src/service.rs b/services/reports/src/service.rs
--- a/services/reports/src/service.rs
+++ b/services/reports/src/service.rs
@@ -1,14 +1,13 @@
-use actix_web::FromRequest;
use chrono::Utc;
use comm_lib::{
- auth::{is_csat_verification_disabled, AuthService, AuthorizationCredential},
+ auth::AuthorizationCredential,
blob::client::{BlobServiceClient, BlobServiceError},
crypto::aes256,
database::{self, blob::BlobOrDBContent},
};
use derive_more::{Display, Error, From};
-use std::{collections::HashMap, future::Future, pin::Pin, sync::Arc};
-use tracing::{error, trace, warn};
+use std::{collections::HashMap, sync::Arc};
+use tracing::{error, trace};
use crate::{
config::CONFIG,
@@ -196,88 +195,6 @@
}
}
-impl FromRequest for ReportsService {
- type Error = actix_web::Error;
- type Future = Pin<Box<dyn Future<Output = Result<Self, actix_web::Error>>>>;
-
- #[inline]
- fn from_request(
- req: &actix_web::HttpRequest,
- payload: &mut actix_web::dev::Payload,
- ) -> Self::Future {
- use actix_web::error::{ErrorForbidden, ErrorInternalServerError};
-
- let base_service =
- req.app_data::<ReportsService>().cloned().ok_or_else(|| {
- tracing::error!(
- "FATAL! Failed to extract ReportsService from actix app_data. \
- Check HTTP server configuration"
- );
- ErrorInternalServerError("Internal server error")
- });
-
- let auth_service =
- req.app_data::<AuthService>().cloned().ok_or_else(|| {
- tracing::error!(
- "FATAL! Failed to extract AuthService from actix app_data. \
- Check HTTP server configuration"
- );
- ErrorInternalServerError("Internal server error")
- });
-
- let request_auth_value =
- AuthorizationCredential::from_request(req, payload);
-
- Box::pin(async move {
- let auth_service = auth_service?;
- let base_service = base_service?;
-
- let credential = request_auth_value.await.ok();
-
- // This is Some if the request contains valid Authorization header
- let auth_token = match credential {
- Some(token @ AuthorizationCredential::UserToken(_)) => {
- let token_valid = auth_service
- .verify_auth_credential(&token)
- .await
- .map_err(|err| {
- error!("Failed to verify access token: {err}");
- ErrorInternalServerError("Internal server error")
- })?;
- if token_valid || is_csat_verification_disabled() {
- token
- } else {
- warn!("Posting report with invalid credentials! Defaulting to ServicesToken...");
- get_services_token_credential(&auth_service).await?
- }
- }
- Some(_) => {
- // Reports service shouldn't be called by other services
- warn!("Reports service requires user authorization");
- return Err(ErrorForbidden("Forbidden"));
- }
- None => {
- // Unauthenticated requests get a service-to-service token
- get_services_token_credential(&auth_service).await?
- }
- };
- let service = base_service.with_authentication(auth_token);
- Ok(service)
- })
- }
-}
-
-async fn get_services_token_credential(
- auth_service: &AuthService,
-) -> Result<AuthorizationCredential, actix_web::Error> {
- let services_token =
- auth_service.get_services_token().await.map_err(|err| {
- error!("Failed to get services token: {err}");
- actix_web::error::ErrorInternalServerError("Internal server error")
- })?;
- Ok(AuthorizationCredential::ServicesToken(services_token))
-}
-
struct ProcessedReport {
id: ReportID,
db_item: ReportItem,

File Metadata

Mime Type
text/plain
Expires
Thu, Nov 28, 11:10 AM (21 h, 32 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2593834
Default Alt Text
D12451.id41383.diff (7 KB)

Event Timeline