D9670.diff
No OneTemporary
Actions

Size

6 KB

Referenced Files

None

Subscribers

None

D9670.diff
View Options

	diff --git a/services/identity/Cargo.lock b/services/identity/Cargo.lock
	--- a/services/identity/Cargo.lock
	+++ b/services/identity/Cargo.lock
	@@ -1490,6 +1490,7 @@
	"ed25519-dalek",
	"grpc_clients",
	"hex",
	+ "http",
	"moka",
	"once_cell",
	"prost",
	@@ -1502,6 +1503,7 @@
	"tonic",
	"tonic-build",
	"tonic-web",
	+ "tower-http",
	"tracing",
	"tracing-subscriber",
	"tunnelbroker_messages",
	diff --git a/services/identity/Cargo.toml b/services/identity/Cargo.toml
	--- a/services/identity/Cargo.toml
	+++ b/services/identity/Cargo.toml
	@@ -31,6 +31,8 @@
	uuid = { version = "1.3", features = [ "v4" ] }
	base64 = "0.21.2"
	regex = "1"
	+tower-http = { version = "0.4", features = ["cors"] }
	+http = "0.2"

	[build-dependencies]
	tonic-build = "0.9.1"
	diff --git a/services/identity/src/config.rs b/services/identity/src/config.rs
	--- a/services/identity/src/config.rs
	+++ b/services/identity/src/config.rs
	@@ -67,6 +67,10 @@
	tunnelbroker_endpoint,
	})
	}
	+
	+ pub fn is_dev(&self) -> bool {
	+ self.localstack_endpoint.is_some()
	+ }
	}

	impl fmt::Debug for Config {
	diff --git a/services/identity/src/constants.rs b/services/identity/src/constants.rs
	--- a/services/identity/src/constants.rs
	+++ b/services/identity/src/constants.rs
	@@ -145,3 +145,36 @@
	// Minimum supported code versions

	pub const MIN_SUPPORTED_NATIVE_VERSION: u64 = 270;
	+
	+// Request metadata
	+
	+pub mod request_metadata {
	+ pub const CODE_VERSION: &str = "code_version";
	+ pub const DEVICE_TYPE: &str = "device_type";
	+ pub const USER_ID: &str = "user_id";
	+ pub const DEVICE_ID: &str = "device_id";
	+ pub const ACCESS_TOKEN: &str = "access_token";
	+}
	+
	+// CORS
	+
	+pub mod cors {
	+ use std::time::Duration;
	+
	+ pub const DEFAULT_MAX_AGE: Duration = Duration::from_secs(24 * 60 * 60);
	+ pub const DEFAULT_EXPOSED_HEADERS: [&str; 3] =
	+ ["grpc-status", "grpc-message", "grpc-status-details-bin"];
	+ pub const DEFAULT_ALLOW_HEADERS: [&str; 9] = [
	+ "x-grpc-web",
	+ "content-type",
	+ "x-user-agent",
	+ "grpc-timeout",
	+ super::request_metadata::CODE_VERSION,
	+ super::request_metadata::DEVICE_TYPE,
	+ super::request_metadata::USER_ID,
	+ super::request_metadata::DEVICE_ID,
	+ super::request_metadata::ACCESS_TOKEN,
	+ ];
	+ pub const DEFAULT_ALLOW_ORIGIN: [&str; 2] =
	+ ["https://web.comm.app", "http://localhost:3000"];
	+}
	diff --git a/services/identity/src/cors.rs b/services/identity/src/cors.rs
	new file mode 100644
	--- /dev/null
	+++ b/services/identity/src/cors.rs
	@@ -0,0 +1,35 @@
	+use http::{HeaderName, HeaderValue};
	+use tower_http::cors::{AllowOrigin, CorsLayer};
	+
	+use crate::{config::CONFIG, constants::cors};
	+
	+pub fn cors_layer() -> CorsLayer {
	+ let allow_origin = if CONFIG.is_dev() {
	+ AllowOrigin::mirror_request()
	+ } else {
	+ AllowOrigin::list(
	+ cors::DEFAULT_ALLOW_ORIGIN
	+ .iter()
	+ .cloned()
	+ .map(HeaderValue::from_static),
	+ )
	+ };
	+ CorsLayer::new()
	+ .allow_origin(allow_origin)
	+ .allow_credentials(true)
	+ .max_age(cors::DEFAULT_MAX_AGE)
	+ .expose_headers(
	+ cors::DEFAULT_EXPOSED_HEADERS
	+ .iter()
	+ .cloned()
	+ .map(HeaderName::from_static)
	+ .collect::<Vec<HeaderName>>(),
	+ )
	+ .allow_headers(
	+ cors::DEFAULT_ALLOW_HEADERS
	+ .iter()
	+ .cloned()
	+ .map(HeaderName::from_static)
	+ .collect::<Vec<HeaderName>>(),
	+ )
	+}
	diff --git a/services/identity/src/grpc_services/authenticated.rs b/services/identity/src/grpc_services/authenticated.rs
	--- a/services/identity/src/grpc_services/authenticated.rs
	+++ b/services/identity/src/grpc_services/authenticated.rs
	@@ -1,6 +1,6 @@
	use crate::{
	- client_service::handle_db_error, database::DatabaseClient,
	- grpc_services::shared::get_value,
	+ client_service::handle_db_error, constants::request_metadata,
	+ database::DatabaseClient, grpc_services::shared::get_value,
	};
	use tonic::{Request, Response, Status};

	@@ -29,9 +29,9 @@
	fn get_auth_info(req: &Request<()>) -> Option<(String, String, String)> {
	debug!("Retrieving auth info for request: {:?}", req);

	- let user_id = get_value(req, "user_id")?;
	- let device_id = get_value(req, "device_id")?;
	- let access_token = get_value(req, "access_token")?;
	+ let user_id = get_value(req, request_metadata::USER_ID)?;
	+ let device_id = get_value(req, request_metadata::DEVICE_ID)?;
	+ let access_token = get_value(req, request_metadata::ACCESS_TOKEN)?;

	Some((user_id, device_id, access_token))
	}
	@@ -70,9 +70,9 @@
	pub fn get_user_and_device_id<T>(
	request: &Request<T>,
	) -> Result<(String, String), Status> {
	- let user_id = get_value(request, "user_id")
	+ let user_id = get_value(request, request_metadata::USER_ID)
	.ok_or_else(\|\| Status::unauthenticated("Missing user_id field"))?;
	- let device_id = get_value(request, "device_id")
	+ let device_id = get_value(request, request_metadata::DEVICE_ID)
	.ok_or_else(\|\| Status::unauthenticated("Missing device_id field"))?;

	Ok((user_id, device_id))
	diff --git a/services/identity/src/grpc_services/shared.rs b/services/identity/src/grpc_services/shared.rs
	--- a/services/identity/src/grpc_services/shared.rs
	+++ b/services/identity/src/grpc_services/shared.rs
	@@ -2,7 +2,7 @@
	use tonic::{Request, Status};
	use tracing::debug;

	-use crate::constants::MIN_SUPPORTED_NATIVE_VERSION;
	+use crate::constants::{request_metadata, MIN_SUPPORTED_NATIVE_VERSION};

	pub fn version_interceptor(req: Request<()>) -> Result<Request<()>, Status> {
	debug!("Intercepting request to check version: {:?}", req);
	@@ -21,8 +21,10 @@
	fn get_version_info(req: &Request<()>) -> Option<(u64, String)> {
	debug!("Retrieving version info for request: {:?}", req);

	- let code_version: u64 = get_value(req, "code_version")?.parse().ok()?;
	- let device_type = get_value(req, "device_type")?;
	+ let code_version: u64 = get_value(req, request_metadata::CODE_VERSION)?
	+ .parse()
	+ .ok()?;
	+ let device_type = get_value(req, request_metadata::DEVICE_TYPE)?;

	Some((code_version, device_type))
	}
	diff --git a/services/identity/src/main.rs b/services/identity/src/main.rs
	--- a/services/identity/src/main.rs
	+++ b/services/identity/src/main.rs
	@@ -4,10 +4,12 @@
	use database::DatabaseClient;
	use moka::future::Cache;
	use tonic::transport::Server;
	+use tonic_web::GrpcWebLayer;

	mod client_service;
	mod config;
	pub mod constants;
	+mod cors;
	mod database;
	pub mod ddb_utils;
	pub mod error;
	@@ -23,6 +25,7 @@

	use config::load_config;
	use constants::{IDENTITY_SERVICE_SOCKET_ADDR, SECRETS_DIRECTORY};
	+use cors::cors_layer;
	use keygen::generate_and_persist_keypair;
	use tracing::{self, info, Level};
	use tracing_subscriber::EnvFilter;
	@@ -93,7 +96,9 @@
	info!("Listening to gRPC traffic on {}", addr);
	Server::builder()
	.accept_http1(true)
	- .add_service(tonic_web::enable(client_service))
	+ .layer(cors_layer())
	+ .layer(GrpcWebLayer::new())
	+ .add_service(client_service)
	.add_service(auth_service)
	.serve(addr)
	.await?;

File Metadata

Mime Type: text/plain
Expires: Mon, Dec 2, 10:44 PM (21 h, 54 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 2609151
Default Alt Text: D9670.diff (6 KB)

D9670.diffNo OneTemporaryActions

D9670.diffView Options

File Metadata

Event Timeline

D9670.diff
No OneTemporary
Actions

D9670.diff
View Options