Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 1 addition & 2 deletions Makefile

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please revert the formatting changes to this file

Original file line number Diff line number Diff line change
@@ -1,7 +1,6 @@

package:
mvn package

clean:
mvn clean
rm -f *.log *.err
rm -f *.log *.err
39 changes: 39 additions & 0 deletions src/main/java/jp/co/sony/csl/dcoes/apis/tools/web/ApiServer.java
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@
import jp.co.sony.csl.dcoes.apis.tools.web.api_handler.DealGeneration;
import jp.co.sony.csl.dcoes.apis.tools.web.api_handler.ErrorGeneration;
import jp.co.sony.csl.dcoes.apis.tools.web.api_handler.LogConfiguration;
import java.security.MessageDigest;

/**
* These Verticles provide various Web API for controlling APIS from the
Expand Down Expand Up @@ -69,6 +70,7 @@ public class ApiServer extends AbstractVerticle {
* @param startFuture {@inheritDoc}
* @throws Exception {@inheritDoc}
*/

@Override
public void start(Promise<Void> startPromise) throws Exception {
startHttpService_(resHttp -> {
Expand All @@ -95,6 +97,28 @@ public void stop() throws Exception {
log.trace("stopped : " + deploymentID());
}


/**
* Starts authenticates request to our server.
* Gets providedKey from request and authenticates, by matching with our servers apiKey.
*
* @param req the request object hitting our server
* @param apiKey the configured apiKey from our server
*/
static Integer checkAuth(HttpServerRequest req, String apiKey) {
if (apiKey == null || apiKey.isEmpty()) {
return 500;
}
String providedKey = req.getHeader("X-API-Key");
if (providedKey == null || !MessageDigest.isEqual(apiKey.getBytes(), providedKey.getBytes())) {
return 401;
}
return null; // auth passed
}




////

/**
Expand All @@ -110,12 +134,27 @@ public void stop() throws Exception {
*/
private void startHttpService_(Handler<AsyncResult<Void>> completionHandler) {
Integer port = VertxConfig.config.getInteger(DEFAULT_PORT, "apiServer", "port");
// fetches the config api-key
String apiKey = VertxConfig.apiServerApiKey();


vertx.createHttpServer().requestHandler(req -> {
req.exceptionHandler(t -> {
log.error("exceptionHandler", t);
req.response().setChunked(true).putHeader("content-type", "text/plain").setStatusCode(500)
.end("exceptionHandler : " + t + '\n');
});


// --- start auth check ---
Integer authFail = checkAuth(req, apiKey);
if (authFail != null) {
req.response().setStatusCode(authFail).end(authFail == 500 ? "server misconfigured\n" : "unauthorized\n");
return;
}
// --- end auth check ---


try {
for (ApiHandler apiHandler : apiHandlers_) {
if (apiHandler.canHandleRequest(req)) {
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
package jp.co.sony.csl.dcoes.apis.tools.web;

import io.vertx.core.http.HttpServerRequest;
import org.junit.Test;
import static org.junit.Assert.*;
import static org.mockito.Mockito.*;
Comment on lines +5 to +6

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Don't import *, just import the required methods



public class ApiServerAuthTest {

@Test
public void nullApiKey_returns500() {
HttpServerRequest req = mock(HttpServerRequest.class);
assertEquals(Integer.valueOf(500), ApiServer.checkAuth(req, null));
}

@Test
public void emptyApiKey_returns500() {
HttpServerRequest req = mock(HttpServerRequest.class);
assertEquals(Integer.valueOf(500), ApiServer.checkAuth(req, ""));
}

@Test
public void missingHeader_returns401() {
HttpServerRequest req = mock(HttpServerRequest.class);
when(req.getHeader("X-API-Key")).thenReturn(null);
assertEquals(Integer.valueOf(401), ApiServer.checkAuth(req, "secret"));
}

@Test
public void wrongKey_returns401() {
HttpServerRequest req = mock(HttpServerRequest.class);
when(req.getHeader("X-API-Key")).thenReturn("wrong");
assertEquals(Integer.valueOf(401), ApiServer.checkAuth(req, "secret"));
}

@Test
public void correctKey_returnsNull() {
HttpServerRequest req = mock(HttpServerRequest.class);
when(req.getHeader("X-API-Key")).thenReturn("secret");
assertNull(ApiServer.checkAuth(req, "secret"));
}
}

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add a newline here. This can also be covered by Checkstyle eventually.