From d58eb09b7ba5dfeb30a2ecd39a51b2a8bf9bcf1e Mon Sep 17 00:00:00 2001 From: Ian Nara Date: Thu, 7 Nov 2024 10:32:59 -0700 Subject: [PATCH 1/3] find participants on old sdks --- .../vertx/ClientVersionCapturingHandler.java | 63 +++++++++++++++---- .../operator/vertx/UIDOperatorVerticle.java | 2 +- 2 files changed, 51 insertions(+), 14 deletions(-) diff --git a/src/main/java/com/uid2/operator/vertx/ClientVersionCapturingHandler.java b/src/main/java/com/uid2/operator/vertx/ClientVersionCapturingHandler.java index d63626952..1626bb397 100644 --- a/src/main/java/com/uid2/operator/vertx/ClientVersionCapturingHandler.java +++ b/src/main/java/com/uid2/operator/vertx/ClientVersionCapturingHandler.java @@ -1,10 +1,16 @@ package com.uid2.operator.vertx; +import com.uid2.operator.util.Tuple; import com.uid2.shared.Const; +import com.uid2.shared.auth.IAuthorizable; +import com.uid2.shared.auth.IAuthorizableProvider; +import com.uid2.shared.middleware.AuthMiddleware; import io.micrometer.core.instrument.Counter; import io.micrometer.core.instrument.Metrics; import io.vertx.core.Handler; import io.vertx.ext.web.RoutingContext; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import java.io.IOException; import java.nio.file.DirectoryStream; @@ -12,21 +18,23 @@ import java.nio.file.Path; import java.nio.file.Paths; import java.util.HashMap; +import java.util.HashSet; import java.util.Map; +import java.util.Set; public class ClientVersionCapturingHandler implements Handler { - private final Map _clientVersionCounters = new HashMap<>(); + private static final Logger LOGGER = LoggerFactory.getLogger(ClientVersionCapturingHandler.class); + private static final String BEARER_TOKEN_PREFIX = "bearer "; + private final Map, Counter> _clientVersionCounters = new HashMap<>(); + private IAuthorizableProvider authKeyStore; + private final Set versions = new HashSet<>(); - public ClientVersionCapturingHandler(String dir, String whitelistGlob) throws IOException { + public ClientVersionCapturingHandler(String dir, String whitelistGlob, IAuthorizableProvider authKeyStore) throws IOException { + this.authKeyStore = authKeyStore; try (DirectoryStream dirStream = Files.newDirectoryStream(Paths.get(dir), whitelistGlob)) { dirStream.forEach(path -> { final String version = getFileNameWithoutExtension(path); - final Counter counter = Counter - .builder("uid2.client_sdk_versions") - .description("counter for how many http requests are processed per each client sdk version") - .tags("client_version", version) - .register(Metrics.globalRegistry); - _clientVersionCounters.put(version, counter); + versions.add(version); }); } } @@ -36,11 +44,22 @@ public void handle(RoutingContext context) { if (clientVersion == null) { clientVersion = !context.queryParam("client").isEmpty() ? context.queryParam("client").get(0) : null; } - if (clientVersion != null) { - final Counter counter = _clientVersionCounters.get(clientVersion); - if (counter != null) { - counter.increment(); - } + String apiContact; + try { + final String authHeaderValue = context.request().getHeader("Authorization"); + final String authKey = extractBearerToken(authHeaderValue); + final IAuthorizable profile = this.authKeyStore.get(authKey); + apiContact = profile.getContact(); + apiContact = apiContact == null ? "unknown" : apiContact; + } catch (Exception ex) { + apiContact = "unknown"; + } + if (clientVersion != null && versions.contains(clientVersion)) { + _clientVersionCounters.computeIfAbsent(new Tuple.Tuple2<>(apiContact, clientVersion), tuple -> Counter + .builder("uid2.client_sdk_versions") + .description("counter for how many http requests are processed per each client sdk version") + .tags("api_contact", tuple.getItem1(), "client_version", tuple.getItem2()) + .register(Metrics.globalRegistry)).increment();; } context.next(); } @@ -49,4 +68,22 @@ private static String getFileNameWithoutExtension(Path path) { final String fileName = path.getFileName().toString(); return fileName.indexOf(".") > 0 ? fileName.substring(0, fileName.lastIndexOf(".")) : fileName; } + + private static String extractBearerToken(final String headerValue) { + if (headerValue == null) { + return null; + } + + final String v = headerValue.trim(); + if (v.length() < BEARER_TOKEN_PREFIX.length()) { + return null; + } + + final String givenPrefix = v.substring(0, BEARER_TOKEN_PREFIX.length()); + + if (!BEARER_TOKEN_PREFIX.equals(givenPrefix.toLowerCase())) { + return null; + } + return v.substring(BEARER_TOKEN_PREFIX.length()); + } } \ No newline at end of file diff --git a/src/main/java/com/uid2/operator/vertx/UIDOperatorVerticle.java b/src/main/java/com/uid2/operator/vertx/UIDOperatorVerticle.java index 4f6fd97db..8c92da12e 100644 --- a/src/main/java/com/uid2/operator/vertx/UIDOperatorVerticle.java +++ b/src/main/java/com/uid2/operator/vertx/UIDOperatorVerticle.java @@ -221,7 +221,7 @@ private Router createRoutesSetup() throws IOException { router.allowForward(AllowForwardHeaders.X_FORWARD); router.route().handler(new RequestCapturingHandler()); - router.route().handler(new ClientVersionCapturingHandler("static/js", "*.js")); + router.route().handler(new ClientVersionCapturingHandler("static/js", "*.js", clientKeyProvider)); router.route().handler(CorsHandler.create() .addRelativeOrigin(".*.") .allowedMethod(io.vertx.core.http.HttpMethod.GET) From 015091b0296a32bf423f6adccf640971927dc87c Mon Sep 17 00:00:00 2001 From: Ian Nara Date: Thu, 7 Nov 2024 10:42:55 -0700 Subject: [PATCH 2/3] update workflow refs --- .github/workflows/build-and-test.yaml | 2 +- .github/workflows/publish-all-operators.yaml | 2 +- .github/workflows/validate-image.yaml | 8 ++++---- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/build-and-test.yaml b/.github/workflows/build-and-test.yaml index 00695f1db..aa13387c6 100644 --- a/.github/workflows/build-and-test.yaml +++ b/.github/workflows/build-and-test.yaml @@ -3,7 +3,7 @@ on: [pull_request, push, workflow_dispatch] jobs: build: - uses: IABTechLab/uid2-shared-actions/.github/workflows/shared-build-and-test.yaml@v2 + uses: IABTechLab/uid2-shared-actions/.github/workflows/shared-build-and-test.yaml@v3 with: java_version: 21 secrets: inherit \ No newline at end of file diff --git a/.github/workflows/publish-all-operators.yaml b/.github/workflows/publish-all-operators.yaml index c5db3a3b0..5e5bf559b 100644 --- a/.github/workflows/publish-all-operators.yaml +++ b/.github/workflows/publish-all-operators.yaml @@ -55,7 +55,7 @@ jobs: fetch-depth: 0 - name: Scan vulnerabilities - uses: IABTechLab/uid2-shared-actions/actions/vulnerability_scan_filesystem@v2 + uses: IABTechLab/uid2-shared-actions/actions/vulnerability_scan_filesystem@v3 with: scan_severity: HIGH,CRITICAL failure_severity: CRITICAL diff --git a/.github/workflows/validate-image.yaml b/.github/workflows/validate-image.yaml index 524f19102..37b4bf912 100644 --- a/.github/workflows/validate-image.yaml +++ b/.github/workflows/validate-image.yaml @@ -19,7 +19,7 @@ on: jobs: build-publish-docker-default: - uses: IABTechLab/uid2-shared-actions/.github/workflows/shared-validate-image.yaml@v2 + uses: IABTechLab/uid2-shared-actions/.github/workflows/shared-validate-image.yaml@v3 with: failure_severity: ${{ inputs.failure_severity || 'CRITICAL,HIGH' }} fail_on_error: ${{ inputs.fail_on_error || true }} @@ -27,7 +27,7 @@ jobs: java_version: 21 secrets: inherit build-publish-docker-aws: - uses: IABTechLab/uid2-shared-actions/.github/workflows/shared-validate-image.yaml@v2 + uses: IABTechLab/uid2-shared-actions/.github/workflows/shared-validate-image.yaml@v3 with: failure_severity: ${{ inputs.failure_severity || 'CRITICAL,HIGH' }} fail_on_error: ${{ inputs.fail_on_error || true }} @@ -36,7 +36,7 @@ jobs: secrets: inherit needs: [build-publish-docker-default] build-publish-docker-gcp: - uses: IABTechLab/uid2-shared-actions/.github/workflows/shared-validate-image.yaml@v2 + uses: IABTechLab/uid2-shared-actions/.github/workflows/shared-validate-image.yaml@v3 with: failure_severity: ${{ inputs.failure_severity || 'CRITICAL,HIGH' }} fail_on_error: ${{ inputs.fail_on_error || true }} @@ -45,7 +45,7 @@ jobs: secrets: inherit needs: [build-publish-docker-aws] build-publish-docker-azure: - uses: IABTechLab/uid2-shared-actions/.github/workflows/shared-validate-image.yaml@v2 + uses: IABTechLab/uid2-shared-actions/.github/workflows/shared-validate-image.yaml@v3 with: failure_severity: ${{ inputs.failure_severity || 'CRITICAL,HIGH' }} fail_on_error: ${{ inputs.fail_on_error || true }} From aae3f7365de11f4428d9cdf9bae9b42ce2464206 Mon Sep 17 00:00:00 2001 From: Ian Nara Date: Thu, 7 Nov 2024 14:55:32 -0700 Subject: [PATCH 3/3] update shared version --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index f92477342..af18e37d4 100644 --- a/pom.xml +++ b/pom.xml @@ -22,7 +22,7 @@ 2.1.0 2.1.0 2.1.0 - 7.20.0 + 7.20.4 ${project.version} 21 21