Skip to content

Commit

Permalink
Support of the Hawk Token verification and decoding
Browse files Browse the repository at this point in the history
  • Loading branch information
n0str committed Dec 18, 2024
1 parent b487670 commit ec75255
Show file tree
Hide file tree
Showing 5 changed files with 52 additions and 8 deletions.
2 changes: 1 addition & 1 deletion .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -14,5 +14,5 @@
.idea
venv
.DS_Store
hawk.collector
bin/hawk.collector
.env
32 changes: 31 additions & 1 deletion pkg/accounts/cache.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,9 @@ package accounts

import (
"context"
"encoding/base64"
"encoding/json"
"strings"
"time"

"go.mongodb.org/mongo-driver/bson/primitive"
Expand All @@ -14,6 +17,11 @@ import (
const projectsCollectionName = "projects"
const contextTimeout = 5 * time.Second

type acountToken struct {
IntegrationId string `json:"integrationId"`
Secret string `json:"secret"`
}

type accountProject struct {
ProjectID primitive.ObjectID `bson:"_id"`
Token string `bson:"token"`
Expand All @@ -39,11 +47,33 @@ func (client *AccountsMongoDBClient) UpdateTokenCache() error {

client.ValidTokens = make(map[string]string)
for _, project := range projects {
client.ValidTokens[project.Token] = project.ProjectID.Hex()
integrationSecret, err := DecodeToken(project.Token)
if err == nil {
client.ValidTokens[integrationSecret] = project.ProjectID.Hex()
} else {
log.Errorf("Integration token %s is invalid: %s", project.Token, err)
}
}

log.Debugf("Cache for MongoDB tokens successfully updates with %d tokens", len(client.ValidTokens))
log.Tracef("Current token cache state: %s", client.ValidTokens)

return nil
}

// decodeToken decodes token from base64 to integrationId + secret
func DecodeToken(token string) (string, error) {
decoded, err := base64.StdEncoding.DecodeString(token)
if err != nil {
return "", err
}
var data acountToken
err = json.Unmarshal(decoded, &data)
if err != nil {
return "", err
}

integrationId := strings.ReplaceAll(data.IntegrationId, "-", "")
secret := strings.ReplaceAll(data.Secret, "-", "")
return integrationId + secret, nil
}
14 changes: 10 additions & 4 deletions pkg/server/errorshandler/handler.go
Original file line number Diff line number Diff line change
Expand Up @@ -52,12 +52,18 @@ func (handler *Handler) process(body []byte) ResponseMessage {
return ResponseMessage{400, true, "CatcherType is empty"}
}

projectId, ok := handler.AccountsMongoDBClient.ValidTokens[message.Token]
integrationSecret, err := accounts.DecodeToken(string(message.Token))
if err != nil {
log.Warnf("[release] Token decoding error: %s", err)
return ResponseMessage{400, true, "Token decoding error"}
}

projectId, ok := handler.AccountsMongoDBClient.ValidTokens[integrationSecret]
if !ok {
log.Debugf("Token %s is not in the accounts cache", message.Token)
return ResponseMessage{400, true, fmt.Sprintf("Integration token invalid: %s", message.Token)}
log.Debugf("Token %s is not in the accounts cache", integrationSecret)
return ResponseMessage{400, true, fmt.Sprintf("Integration token invalid: %s", integrationSecret)}
}
log.Debugf("Found project with ID %s for integration token %s", projectId, message.Token)
log.Debugf("Found project with ID %s for integration token %s", projectId, integrationSecret)

if handler.RedisClient.IsBlocked(projectId) {
handler.ErrorsBlockedByLimit.Inc()
Expand Down
2 changes: 1 addition & 1 deletion pkg/server/errorshandler/handler_sentry.go
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ import (
"github.com/valyala/fasthttp"
)

const SentryQueueName = "errors/sentry"
const SentryQueueName = "external/sentry"
const CatcherType = "sentry"

// HandleHTTP processes HTTP requests with JSON body
Expand Down
10 changes: 9 additions & 1 deletion pkg/server/releasehandler/handler_http.go
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ import (
"encoding/json"
"errors"

"github.com/codex-team/hawk.collector/pkg/accounts"
"github.com/codex-team/hawk.collector/pkg/hawk"
log "github.com/sirupsen/logrus"
"github.com/valyala/fasthttp"
Expand Down Expand Up @@ -39,8 +40,15 @@ func (handler *Handler) HandleHTTP(ctx *fasthttp.RequestCtx) {

log.Debugf("[release] Multipart form with token: %s", token)

integrationSecret, err := accounts.DecodeToken(string(token))
if err != nil {
log.Warnf("[release] Token decoding error: %s", err)
sendAnswerHTTP(ctx, ResponseMessage{400, true, "Token decoding error"})
return
}

// process raw body via unified sourcemap handler
response := handler.process(form, string(token))
response := handler.process(form, integrationSecret)
log.Debugf("[release] Multipart form response: %s", response.Message)

sendAnswerHTTP(ctx, response)
Expand Down

0 comments on commit ec75255

Please sign in to comment.