MirrorMirror
/
Signal-Server
mirror of https://github.com/signalapp/Signal-Server.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add cdn number query parameter to `/archives/auth/read`

This commit is contained in:
ravi-signal 2024-04-15 13:59:14 -05:00 committed by GitHub
parent d36df3eaa9
commit 00ca7d5942
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 47 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
service/src/main/java/org/whispersystems/textsecuregcm/backup/BackupManager.java
View File

@ -317,10 +317,14 @@ public class BackupManager {
* Generate credentials that can be used to read from the backup CDN * Generate credentials that can be used to read from the backup CDN
* *
* @param backupUser an already ZK authenticated backup user * @param backupUser an already ZK authenticated backup user
* @param cdnNumber the cdn number to get backup credentials for
* @return A map of headers to include with CDN requests * @return A map of headers to include with CDN requests
*/ */
public Map<String, String> generateReadAuth(final AuthenticatedBackupUser backupUser) { public Map<String, String> generateReadAuth(final AuthenticatedBackupUser backupUser, final int cdnNumber) {
checkBackupTier(backupUser, BackupTier.MESSAGES); checkBackupTier(backupUser, BackupTier.MESSAGES);
if (cdnNumber != 3) {
throw Status.INVALID_ARGUMENT.withDescription("unknown cdn").asRuntimeException();
}
return cdn3BackupCredentialGenerator.readHeaders(backupUser.backupDir()); return cdn3BackupCredentialGenerator.readHeaders(backupUser.backupDir());
} }

6
service/src/main/java/org/whispersystems/textsecuregcm/controllers/ArchiveController.java
View File

@ -280,12 +280,14 @@ public class ArchiveController {
@Parameter(description = BackupAuthCredentialPresentationSignature.DESCRIPTION, schema = @Schema(implementation = String.class)) @Parameter(description = BackupAuthCredentialPresentationSignature.DESCRIPTION, schema = @Schema(implementation = String.class))
@NotNull @NotNull
@HeaderParam(X_SIGNAL_ZK_AUTH_SIGNATURE) final BackupAuthCredentialPresentationSignature signature) { @HeaderParam(X_SIGNAL_ZK_AUTH_SIGNATURE) final BackupAuthCredentialPresentationSignature signature,
@NotNull @Parameter(description = "The number of the CDN to get credentials for") @QueryParam("cdn") final Integer cdn) {
if (account.isPresent()) { if (account.isPresent()) {
throw new BadRequestException("must not use authenticated connection for anonymous operations"); throw new BadRequestException("must not use authenticated connection for anonymous operations");
} }
return backupManager.authenticateBackupUser(presentation.presentation, signature.signature) return backupManager.authenticateBackupUser(presentation.presentation, signature.signature)
.thenApply(backupManager::generateReadAuth) .thenApply(user -> backupManager.generateReadAuth(user, cdn))
.thenApply(ReadAuthResponse::new); .thenApply(ReadAuthResponse::new);
} }

38
service/src/test/java/org/whispersystems/textsecuregcm/controllers/ArchiveControllerTest.java
View File

@ -564,6 +564,44 @@ public class ArchiveControllerTest {
assertThat(response.getStatus()).isEqualTo(429); assertThat(response.getStatus()).isEqualTo(429);
} }
@Test
public void readAuth() throws VerificationFailedException {
final BackupAuthCredentialPresentation presentation =
backupAuthTestUtil.getPresentation(BackupTier.MEDIA, backupKey, aci);
when(backupManager.authenticateBackupUser(any(), any()))
.thenReturn(CompletableFuture.completedFuture(backupUser(presentation.getBackupId(), BackupTier.MEDIA)));
when(backupManager.generateReadAuth(any(), eq(3))).thenReturn(Map.of("key", "value"));
final ArchiveController.ReadAuthResponse response = resources.getJerseyTest()
.target("v1/archives/auth/read")
.queryParam("cdn", 3)
.request()
.header("X-Signal-ZK-Auth", Base64.getEncoder().encodeToString(presentation.serialize()))
.header("X-Signal-ZK-Auth-Signature", "aaa")
.get(ArchiveController.ReadAuthResponse.class);
assertThat(response.headers()).containsExactlyEntriesOf(Map.of("key", "value"));
}
@Test
public void readAuthInvalidParam() throws VerificationFailedException {
final BackupAuthCredentialPresentation presentation =
backupAuthTestUtil.getPresentation(BackupTier.MEDIA, backupKey, aci);
Response response = resources.getJerseyTest()
.target("v1/archives/auth/read")
.request()
.header("X-Signal-ZK-Auth", Base64.getEncoder().encodeToString(presentation.serialize()))
.header("X-Signal-ZK-Auth-Signature", "aaa")
.get();
assertThat(response.getStatus()).isEqualTo(400);
response = resources.getJerseyTest()
.target("v1/archives/auth/read")
.queryParam("abc")
.request()
.header("X-Signal-ZK-Auth", Base64.getEncoder().encodeToString(presentation.serialize()))
.header("X-Signal-ZK-Auth-Signature", "aaa")
.get();
assertThat(response.getStatus()).isEqualTo(400);
}
private static AuthenticatedBackupUser backupUser(byte[] backupId, BackupTier backupTier) { private static AuthenticatedBackupUser backupUser(byte[] backupId, BackupTier backupTier) {
return new AuthenticatedBackupUser(backupId, backupTier, "myBackupDir", "myMediaDir"); return new AuthenticatedBackupUser(backupId, backupTier, "myBackupDir", "myMediaDir");