Simplify parsing/validation of spam report tokens

2023-01-30 11:15:22 -05:00 · 2023-01-30 11:15:22 -05:00 · 00e08b8402
parent 48e8584e13
commit 00e08b8402
3 changed files with 9 additions and 15 deletions
--- a/service/src/main/java/org/whispersystems/textsecuregcm/controllers/MessageController.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/controllers/MessageController.java
@ -643,16 +643,7 @@ public class MessageController {
    UUID spamReporterUuid = auth.getAccount().getUuid();

    // spam report token is optional, but if provided ensure it is valid base64.
-    byte[] spamReportToken = null;
-    if (spamReport != null) {
-      try {
-        spamReportToken = Base64.getDecoder().decode(spamReport.token());
-        Metrics.counter(REPORT_SPAM_TOKENS_RECEIVED_COUNTER_NAME).increment();
-      } catch (IllegalArgumentException e) {
-        logger.error("Invalid report spam token provided", e);
-        throw new WebApplicationException(Response.status(400).build());
-      }
-    }
+    @Nullable final byte[] spamReportToken = spamReport != null ? spamReport.token() : null;

    // fire-and-forget: we don't want to block the response on this action.
    CompletableFuture<Boolean> ignored =
--- a/service/src/main/java/org/whispersystems/textsecuregcm/entities/SpamReport.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/entities/SpamReport.java
@ -1,7 +1,12 @@
 package org.whispersystems.textsecuregcm.entities;

 import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
+import com.fasterxml.jackson.databind.annotation.JsonSerialize;
+import org.whispersystems.textsecuregcm.util.ByteArrayAdapter;
 import javax.validation.Valid;
 import javax.validation.constraints.NotEmpty;

-public record SpamReport(@JsonProperty("token") @NotEmpty String token) {}
+public record SpamReport(@JsonSerialize(using = ByteArrayAdapter.Serializing.class)
+                         @JsonDeserialize(using = ByteArrayAdapter.Deserializing.class)
+                         @NotEmpty byte[] token) {}
--- a/service/src/test/java/org/whispersystems/textsecuregcm/controllers/MessageControllerTest.java
+++ b/service/src/test/java/org/whispersystems/textsecuregcm/controllers/MessageControllerTest.java
@ -722,8 +722,7 @@ class MessageControllerTest {

    ArgumentCaptor<byte[]> captor = ArgumentCaptor.forClass(byte[].class);

-    String token = Base64.getEncoder().encodeToString(new byte[3]);
-    Entity<SpamReport> entity = Entity.entity(new SpamReport(token), "application/json");
+    Entity<SpamReport> entity = Entity.entity(new SpamReport(new byte[3]), "application/json");
    Response response =
        resources.getJerseyTest()
            .target(String.format("/v1/messages/report/%s/%s", senderAci, messageGuid))
@ -744,8 +743,7 @@ class MessageControllerTest {

    messageGuid = UUID.randomUUID();

-    token = Base64.getEncoder().encodeToString(new byte[5]);
-    entity = Entity.entity(new SpamReport(token), "application/json");
+    entity = Entity.entity(new SpamReport(new byte[5]), "application/json");
    response =
        resources.getJerseyTest()
            .target(String.format("/v1/messages/report/%s/%s", senderAci, messageGuid))