Repurpose introspect to return the correct introspection payload

inngest · Sep 7, 2024 · f77b498 · f77b498
1 parent 239b059
commit f77b498
Show file tree

Hide file tree

Showing 2 changed files with 58 additions and 3 deletions.
diff --git a/inngest/src/main/kotlin/com/inngest/Comm.kt b/inngest/src/main/kotlin/com/inngest/Comm.kt
@@ -4,8 +4,11 @@ import com.beust.klaxon.Json
 import com.beust.klaxon.Klaxon
 import com.fasterxml.jackson.databind.ObjectMapper
 import com.fasterxml.jackson.databind.SerializationFeature
+import com.inngest.signingkey.checkHeadersAndValidateSignature
 import com.inngest.signingkey.getAuthorizationHeader
+import com.inngest.signingkey.hashedSigningKey
 import java.io.IOException
+import java.security.MessageDigest
 
 data class ExecutionRequestPayload(
     val ctx: ExecutionContext,
@@ -166,8 +169,50 @@ class CommHandler(
     // TODO
 //    fun sync(): Result<InngestSyncResult> = Result.success(InngestSyncResult.None)
 
-    fun introspect(origin: String): String {
-        val requestPayload = getRegistrationRequestPayload(origin)
+    fun introspect(
+        signature: String?,
+        requestBody: String,
+        serverKind: String?,
+    ): String {
+        val insecureIntrospection =
+            InsecureIntrospection(
+                functionCount = functions.size,
+                hasEventKey = Environment.isInngestEventKeySet(client.eventKey),
+                hasSigningKey = config.hasSigningKey(),
+                mode = if (client.env == InngestEnv.Dev) "dev" else "cloud",
+            )
+
+        val requestPayload =
+            when (client.env) {
+                InngestEnv.Dev -> insecureIntrospection
+
+                else ->
+                    runCatching {
+                        checkHeadersAndValidateSignature(signature, requestBody, serverKind, config)
+
+                        SecureIntrospection(
+                            functionCount = functions.size,
+                            hasEventKey = Environment.isInngestEventKeySet(client.eventKey),
+                            hasSigningKey = config.hasSigningKey(),
+                            authenticationSucceeded = true,
+                            mode = "cloud",
+                            env = client.env.value,
+                            appId = config.appId(),
+                            apiOrigin = "${config.baseUrl()}/",
+                            framework = framework.value,
+                            sdkVersion = Version.getVersion(),
+                            sdkLanguage = "java",
+                            servePath = config.servePath(),
+                            serveOrigin = config.serveOrigin(),
+                            signingKeyHash = hashedSigningKey(config.signingKey()),
+                            eventApiOrigin = "${Environment.inngestEventApiBaseUrl(client.env)}/",
+                            eventKeyHash = if (config.hasSigningKey()) hashedEventKey(client.eventKey) else null,
+                        )
+                    }.getOrElse {
+                        insecureIntrospection.apply { authenticationSucceeded = false }
+                    }
+            }
+
         return serializePayload(requestPayload)
     }
 
@@ -187,4 +232,14 @@ class CommHandler(
         val servePath = config.servePath() ?: "/api/inngest"
         return "$serveOrigin$servePath"
     }
+
+    private fun hashedEventKey(eventKey: String): String? =
+        eventKey
+            .takeIf { Environment.isInngestEventKeySet(it) }
+            ?.let {
+                MessageDigest
+                    .getInstance("SHA-256")
+                    .digest(it.toByteArray())
+                    .joinToString("") { byte -> "%02x".format(byte) }
+            }
 }
diff --git a/inngest/src/main/kotlin/com/inngest/signingkey/BearerToken.kt b/inngest/src/main/kotlin/com/inngest/signingkey/BearerToken.kt
@@ -15,7 +15,7 @@ val SIGNING_KEY_REGEX = Regex("""(?<prefix>^signkey-\w+-)(?<key>.*)""")
  * @throws InvalidSigningKeyException If signingKey is not in the form "signkey-<env>-<key>"
  */
 @OptIn(ExperimentalStdlibApi::class)
-private fun hashedSigningKey(signingKey: String): String {
+internal fun hashedSigningKey(signingKey: String): String {
     val matchResult = SIGNING_KEY_REGEX.matchEntire(signingKey) ?: throw InvalidSigningKeyException()
 
     // We aggressively assert non-null here because if `matchEntire` had failed (and thus these capture groups didn't