Skip to content

Commit

Permalink
Use project ID from header (#32)
Browse files Browse the repository at this point in the history
  • Loading branch information
patrislav authored Mar 13, 2024
1 parent 5652a08 commit 43f5f35
Show file tree
Hide file tree
Showing 14 changed files with 21 additions and 677 deletions.
1 change: 0 additions & 1 deletion go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,6 @@ require (
github.com/go-chi/traceid v0.2.0
github.com/go-chi/transport v0.1.0
github.com/goware/rerun v0.0.9
github.com/jxskiss/base62 v1.1.0
github.com/lestrrat-go/jwx/v2 v2.0.20
github.com/mdlayher/vsock v1.2.1
github.com/rs/zerolog v1.32.0
Expand Down
2 changes: 0 additions & 2 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -240,8 +240,6 @@ github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/
github.com/json-iterator/go v1.1.11/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM=
github.com/jxskiss/base62 v1.1.0 h1:A5zbF8v8WXx2xixnAKD2w+abC+sIzYJX+nxmhA6HWFw=
github.com/jxskiss/base62 v1.1.0/go.mod h1:HhWAlUXvxKThfOlZbcuFzsqwtF5TcqS9ru3y5GfjWAc=
github.com/kevinburke/ssh_config v0.0.0-20180830205328-81db2a75821e/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM=
github.com/kevinburke/ssh_config v0.0.0-20190725054713-01f96b0aa0cd/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM=
github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4=
Expand Down
9 changes: 0 additions & 9 deletions rpc/helpers_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,6 @@ import (
"crypto/rand"
"crypto/rsa"
"encoding/base64"
"encoding/binary"
"encoding/json"
"fmt"
"io"
Expand Down Expand Up @@ -33,7 +32,6 @@ import (
dynamodbtypes "github.com/aws/aws-sdk-go-v2/service/dynamodb/types"
"github.com/aws/aws-sdk-go-v2/service/kms"
kmstypes "github.com/aws/aws-sdk-go-v2/service/kms/types"
"github.com/jxskiss/base62"
"github.com/lestrrat-go/jwx/v2/jwa"
"github.com/lestrrat-go/jwx/v2/jwk"
"github.com/lestrrat-go/jwx/v2/jwt"
Expand Down Expand Up @@ -562,13 +560,6 @@ func newSession(t *testing.T, enc *enclave.Enclave, issuer string, signingSessio
return newSessionFromData(t, enc, payload)
}

func newRandAccessKey(projectID uint64) string {
buf := make([]byte, 24)
binary.BigEndian.PutUint64(buf, projectID)
rand.Read(buf[8:])
return base62.EncodeToString(buf)
}

type walletServiceMock struct {
registeredUsers map[string]struct{}
registeredSessions map[string]struct{}
Expand Down
3 changes: 2 additions & 1 deletion rpc/send_transaction_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ import (
mathrand "math/rand"
"net/http"
"net/http/httptest"
"strconv"
"testing"

"github.com/0xsequence/ethkit/ethwallet"
Expand Down Expand Up @@ -68,7 +69,7 @@ func TestRPC_SendIntent_SendTransaction(t *testing.T) {

c := proto.NewWaasAuthenticatorClient(srv.URL, http.DefaultClient)
header := make(http.Header)
header.Set("X-Access-Key", newRandAccessKey(tenant.ProjectID))
header.Set("X-Sequence-Project", strconv.Itoa(int(tenant.ProjectID)))
ctx, err := proto.WithHTTPRequestHeaders(context.Background(), header)

res, err := c.SendIntent(ctx, intent)
Expand Down
7 changes: 4 additions & 3 deletions rpc/sessions_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ import (
mathrand "math/rand"
"net/http"
"net/http/httptest"
"strconv"
"strings"
"testing"
"time"
Expand Down Expand Up @@ -200,7 +201,7 @@ func TestRPC_RegisterSession(t *testing.T) {

c := proto.NewWaasAuthenticatorClient(srv.URL, http.DefaultClient)
header := make(http.Header)
header.Set("X-Access-Key", newRandAccessKey(tenant.ProjectID))
header.Set("X-Sequence-Project", strconv.Itoa(int(tenant.ProjectID)))
ctx, err := proto.WithHTTPRequestHeaders(context.Background(), header)
require.NoError(t, err)

Expand Down Expand Up @@ -337,7 +338,7 @@ func TestRPC_SendIntent_DropSession(t *testing.T) {

c := proto.NewWaasAuthenticatorClient(srv.URL, http.DefaultClient)
header := make(http.Header)
header.Set("X-Access-Key", newRandAccessKey(tenant.ProjectID))
header.Set("X-Sequence-Project", strconv.Itoa(int(tenant.ProjectID)))
ctx, err := proto.WithHTTPRequestHeaders(context.Background(), header)

res, err := c.SendIntent(ctx, intent)
Expand Down Expand Up @@ -411,7 +412,7 @@ func TestRPC_SendIntent_ListSessions(t *testing.T) {

c := proto.NewWaasAuthenticatorClient(srv.URL, http.DefaultClient)
header := make(http.Header)
header.Set("X-Access-Key", newRandAccessKey(tenant.ProjectID))
header.Set("X-Sequence-Project", strconv.Itoa(int(tenant.ProjectID)))
ctx, err := proto.WithHTTPRequestHeaders(context.Background(), header)
require.NoError(t, err)

Expand Down
3 changes: 2 additions & 1 deletion rpc/sign_message_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ import (
mathrand "math/rand"
"net/http"
"net/http/httptest"
"strconv"
"testing"

"github.com/0xsequence/ethkit/ethwallet"
Expand Down Expand Up @@ -66,7 +67,7 @@ func TestRPC_SendIntent_SignMessage(t *testing.T) {

c := proto.NewWaasAuthenticatorClient(srv.URL, http.DefaultClient)
header := make(http.Header)
header.Set("X-Access-Key", newRandAccessKey(tenant.ProjectID))
header.Set("X-Sequence-Project", strconv.Itoa(int(tenant.ProjectID)))
ctx, err := proto.WithHTTPRequestHeaders(context.Background(), header)

res, err := c.SendIntent(ctx, intent)
Expand Down
28 changes: 13 additions & 15 deletions rpc/tenant/middleware.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,15 +2,15 @@ package tenant

import (
"context"
"encoding/binary"
"fmt"
"net/http"
"slices"
"strconv"
"strings"

"github.com/0xsequence/waas-authenticator/data"
"github.com/0xsequence/waas-authenticator/proto"
"github.com/0xsequence/waas-authenticator/rpc/crypto"
"github.com/jxskiss/base62"
)

// Middleware validates that the tenant sent in X-Access-Key header is valid and stores it in context.
Expand All @@ -19,21 +19,27 @@ func Middleware(tenants *data.TenantTable, tenantKeys []string) func(http.Handle
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
ctx := r.Context()

// Get projectID based on access key header which is encoded in the value
// and place the access key on the context.
// Place the access key in context as it's used by services downstream
accessKey := r.Header.Get("x-access-key")
if accessKey != "" {
ctx = WithAccessKey(ctx, accessKey)
}

projectID, err := decodeProjectIDFromAccessKey(accessKey)
// Get projectID from the header populated by the ingress service
projectHeader := r.Header.Get("x-sequence-project")
if projectHeader == "" {
proto.RespondWithError(w, fmt.Errorf("missing X-Sequence-Project header"))
return
}

projectID, err := strconv.Atoi(strings.TrimSpace(projectHeader))
if err != nil {
proto.RespondWithError(w, fmt.Errorf("invalid tenant: %v", projectID))
proto.RespondWithError(w, fmt.Errorf("parse project ID: %w", err))
return
}

// Find tenant based on project id
tenant, found, err := tenants.GetLatest(ctx, projectID)
tenant, found, err := tenants.GetLatest(ctx, uint64(projectID))
if err != nil {
proto.RespondWithError(w, fmt.Errorf("could not retrieve tenant: %w", err))
return
Expand Down Expand Up @@ -62,11 +68,3 @@ func Middleware(tenants *data.TenantTable, tenantKeys []string) func(http.Handle
})
}
}

func decodeProjectIDFromAccessKey(accessKey string) (uint64, error) {
buf, err := base62.DecodeString(accessKey)
if err != nil || len(buf) < 8 {
return 0, fmt.Errorf("invalid access key")
}
return binary.BigEndian.Uint64(buf[:8]), nil
}
1 change: 0 additions & 1 deletion vendor/github.com/jxskiss/base62/.gitignore

This file was deleted.

21 changes: 0 additions & 21 deletions vendor/github.com/jxskiss/base62/LICENSE

This file was deleted.

191 changes: 0 additions & 191 deletions vendor/github.com/jxskiss/base62/README.md

This file was deleted.

Loading

0 comments on commit 43f5f35

Please sign in to comment.