Add endppoint for creating package hashes

nfdi4plants · Feb 22, 2024 · 75a6d2f · 75a6d2f
1 parent 1c553cb
commit 75a6d2f
Show file tree

Hide file tree

Showing 4 changed files with 55 additions and 5 deletions.
diff --git a/src/PackageRegistryService/API/Endpoints/VerificationEndpointsV1.cs b/src/PackageRegistryService/API/Endpoints/VerificationEndpointsV1.cs
@@ -9,7 +9,12 @@ public static RouteGroupBuilder MapVerificationApiV1(this RouteGroupBuilder grou
         {
             group.MapPost("/", VerificationHandlers.Verify)
                 .WithOpenApi()
-                .WithName("Verify");
+                .WithName("VerifyPackageContent");
+
+            group.MapPost("/hashes", VerificationHandlers.CreateContentHash)
+                .WithOpenApi()
+                .WithName("CreatePackageContentHash")
+                .AddEndpointFilter<APIKeyEndpointFilter>(); // creating hashes via post requests requires an API key
 
             return group.WithTags("Content Verification");
         }

diff --git a/src/PackageRegistryService/API/Handlers/VerificationHandlers.cs b/src/PackageRegistryService/API/Handlers/VerificationHandlers.cs
@@ -9,25 +9,56 @@ public class VerificationHandlers
     {
         public static async Task<Results<Ok, UnprocessableEntity, NotFound>> Verify(PackageContentHash hashedPackage, ValidationPackageDb database)
         {
-            var package = await 
+            var existingHash = await 
                 database.Hashes.FindAsync(
                     hashedPackage.PackageName, 
                     hashedPackage.PackageMajorVersion,
                     hashedPackage.PackageMinorVersion,
                     hashedPackage.PackagePatchVersion
                 );
 
-            if (package is null)
+            var existingPackage = await
+                database.ValidationPackages.FindAsync(
+                    hashedPackage.PackageName,
+                    hashedPackage.PackageMajorVersion,
+                    hashedPackage.PackageMinorVersion,
+                    hashedPackage.PackagePatchVersion
+                );
+
+            if (existingHash is null || existingPackage is null)
             {
                 return TypedResults.NotFound();
             }
 
-            if (package.Hash != hashedPackage.Hash)
+            if (existingHash.Hash != hashedPackage.Hash)
             {
                 return TypedResults.UnprocessableEntity();
             }
 
             return TypedResults.Ok();
         }
+
+        public static async Task<Results<Ok<PackageContentHash>, Conflict, UnauthorizedHttpResult>> CreateContentHash(PackageContentHash hashedPackage, ValidationPackageDb database)
+        {
+
+            var existing = await 
+                database.Hashes.FindAsync(
+                    hashedPackage.PackageName,
+                    hashedPackage.PackageMajorVersion,
+                    hashedPackage.PackageMinorVersion,
+                    hashedPackage.PackagePatchVersion
+                );
+
+            if (existing != null)
+            {
+                return TypedResults.Conflict();
+            }
+
+            database.Hashes.Add(hashedPackage);
+            await database.SaveChangesAsync();
+
+            return TypedResults.Ok(hashedPackage);
+
+        }
     }
 }
diff --git a/src/PackageRegistryService/OpenAPI/DocGen.cs b/src/PackageRegistryService/OpenAPI/DocGen.cs
@@ -27,7 +27,7 @@ public static void GeneratorSetup (AspNetCoreOpenApiDocumentGeneratorSettings se
             // For e.g. JWT, this would work because we could rely on full blown authorization service/config, but this is a simple API key checked via endpoint filters
             settings.OperationProcessors.Add(
                 new OperationSecurityProcessor(
-                    secureEndpointIds: ["CreatePackage"]
+                    secureEndpointIds: ["CreatePackage", "CreatePackageContentHash"]
                 )
             );
             // fix for WithDescription and WithSummary methods not working with nswag and minimal API endpoints

diff --git a/src/PackageRegistryService/OpenAPI/OperationMetadataProcessor.cs b/src/PackageRegistryService/OpenAPI/OperationMetadataProcessor.cs
@@ -35,6 +35,20 @@ public class OperationMetadataProcessor : IOperationProcessor
                     { "Summary", "Get a specific version of a validation package" },
                     { "Description", "Get a specific version of a validation package from the package registry. Package content is a base64 encoded byte array containing the package executable." }
                 }
+            },
+            {
+                "VerifyPackageContent", new Dictionary<string, string>
+                {
+                    { "Summary", "Verify a content hash for a given package." },
+                    { "Description", "Verify a content hash for a given package. Hashes are MD5 hex fingerprints." }
+                }
+            },
+            {
+                "CreatePackageContentHash", new Dictionary<string, string>
+                {
+                    { "Summary", "Create a content hash for a given package." },
+                    { "Description", "Create a content hash for a given package. Hashes are MD5 hex fingerprints. This Endpoint requires API Key authentication." }
+                }
             }
         };