1931642100

Committed 17 Jul 2025 07:06AM UTC coverage: 65.412% (-0.04%) from 65.45%

Build # 1931642100

Build Type

Pull #769

gitlab-ci

Committed by

alfrunes

Commit Message

chore(deviceauth): Add missing config env key replacer

The replacer did not exist because there were no prior configuration
settings with a period or dash in the key name.

Signed-off-by: Alf-Rune Siqveland <alf.rune@northern.tech>

Pull Request Pull Request #769: MEN-7744: Rate limits for authenticated requests

Run Details

25 of 71 new or added lines in 6 files covered. (35.21%)

14 existing lines in 2 files now uncovered.

32071 of 49029 relevant lines covered (65.41%)

1.39 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

91.76

/backend/services/deviceauth/api/http/routing.go

// Copyright 2023 Northern.tech AS
//
//        Licensed under the Apache License, Version 2.0 (the "License");
//        you may not use this file except in compliance with the License.
//        You may obtain a copy of the License at
//
//            http://www.apache.org/licenses/LICENSE-2.0
//
//        Unless required by applicable law or agreed to in writing, software
//        distributed under the License is distributed on an "AS IS" BASIS,
//        WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
//        See the License for the specific language governing permissions and
//        limitations under the License.
package http

import (
        "net/http"
        "strings"

        "github.com/gin-gonic/gin"

        "github.com/mendersoftware/mender-server/pkg/contenttype"
        "github.com/mendersoftware/mender-server/pkg/identity"
        "github.com/mendersoftware/mender-server/pkg/routing"
        "github.com/mendersoftware/mender-server/services/deviceauth/devauth"
        "github.com/mendersoftware/mender-server/services/deviceauth/store"
        "github.com/mendersoftware/mender-server/services/deviceauth/utils"
)

const (
        apiUrlDevicesV1 = "/api/devices/v1/authentication"
        uriAuthReqs     = "/auth_requests"

        // internal API
        apiUrlInternalV1      = "/api/internal/v1/devauth"
        uriAlive              = "/alive"
        uriHealth             = "/health"
        uriTokenVerify        = "/tokens/verify"
        uriTenantLimit        = "/tenant/:id/limits/:name"
        uriTokens             = "/tokens"
        uriTenants            = "/tenants"
        uriTenantDevice       = "/tenants/:tid/devices/:did"
        uriTenantDeviceStatus = "/tenants/:tid/devices/:did/status"
        uriTenantDevices      = "/tenants/:tid/devices"
        uriTenantDevicesCount = "/tenants/:tid/devices/count"

        // management API v2
        apiUrlManagementV2       = "/api/management/v2/devauth"
        v2uriDevices             = "/devices"
        v2uriDevicesCount        = "/devices/count"
        v2uriDevicesSearch       = "/devices/search"
        v2uriDevice              = "/devices/:id"
        v2uriDeviceAuthSet       = "/devices/:id/auth/:aid"
        v2uriDeviceAuthSetStatus = "/devices/:id/auth/:aid/status"
        v2uriToken               = "/tokens/:id"
        v2uriDevicesLimit        = "/limits/:name"

        HdrAuthReqSign = "X-MEN-Signature"
)

type HttpOptionsGenerator func(methods []string) gin.HandlerFunc

func AllowHeaderOptionsGenerator(methods []string) gin.HandlerFunc {
        // return a dummy handler for now
        return func(c *gin.Context) {
                for _, m := range methods {
                        c.Writer.Header().Add("Allow", m)
                }
        }
}

func supportsMethod(method string, methods []string) bool {
        return utils.ContainsString(method, methods)
}

// Automatically add OPTIONS method support for each defined route,
// only if there's no OPTIONS handler for that route yet
func AutogenOptionsRoutes(router *gin.Engine, gen HttpOptionsGenerator) {
        routes := router.Routes()
        methodGroups := make(map[string][]string, len(routes))

        for _, route := range routes {
                if strings.HasPrefix(route.Path, "/api/internal") {
                        continue
                }
                methods, ok := methodGroups[route.Path]
                if !ok {
                        methods = make([]string, 0)
                }

                methodGroups[route.Path] = append(methods, route.Method)
        }

        for route, methods := range methodGroups {
                // skip if there's a handler for OPTIONS already
                if !supportsMethod(http.MethodOptions, methods) {
                        router.OPTIONS(route, gen(methods))
                }
        }
}

type Config struct {
        AuthVerifyRatelimits gin.HandlerFunc
}

type Option func(c *Config)

func ConfigAuthVerifyRatelimits(handler gin.HandlerFunc) Option {
        return func(c *Config) {
                c.AuthVerifyRatelimits = handler
        }
}

func NewRouter(app devauth.App, db store.DataStore, options ...Option) http.Handler {
        router := routing.NewGinRouter()
        cfg := new(Config)
        for _, option := range options {
                option(cfg)
        }

        d := NewDevAuthApiHandlers(app, db, options...)

        publicAPIs := router.Group(".")
        publicAPIs.Use(identity.Middleware())

        mgmtAPIV2 := publicAPIs.Group(apiUrlManagementV2)
        devicesAPIs := router.Group(apiUrlDevicesV1)

        // Devices API
        devicesAPIs.Group(".").Use(contenttype.CheckJSON()).
                POST(uriAuthReqs, d.SubmitAuthRequestHandler)

        // API v2
        mgmtAPIV2.GET(v2uriDevicesCount, d.GetDevicesCountHandler)
        mgmtAPIV2.GET(v2uriDevices, d.GetDevicesV2Handler)
        mgmtAPIV2.GET(v2uriDevice, d.GetDeviceV2Handler)
        mgmtAPIV2.GET(v2uriDeviceAuthSetStatus, d.GetAuthSetStatusHandler)
        mgmtAPIV2.GET(v2uriDevicesLimit, d.GetLimitHandler)
        mgmtAPIV2.DELETE(v2uriDevice, d.DecommissionDeviceHandler)
        mgmtAPIV2.DELETE(v2uriDeviceAuthSet, d.DeleteDeviceAuthSetHandler)
        mgmtAPIV2.DELETE(v2uriToken, d.DeleteTokenHandler)
        mgmtAPIV2.Group(".").Use(contenttype.CheckJSON()).
                POST(v2uriDevices, d.PostDevicesV2Handler).
                PUT(v2uriDeviceAuthSetStatus, d.UpdateDeviceStatusHandler).
                POST(v2uriDevicesSearch, d.SearchDevicesV2Handler)

        // automatically add Option routes for public endpoints
        AutogenOptionsRoutes(router, AllowHeaderOptionsGenerator)

        intrnlAPIV1 := router.Group(apiUrlInternalV1)

        intrnlAPIV1.GET(uriAlive, d.AliveHandler)
        intrnlAPIV1.GET(uriHealth, d.HealthCheckHandler)

        intrnlAPIV1.Group(".").
                Use(identity.Middleware()).
                GET(uriTokenVerify, d.VerifyTokenHandler).
                POST(uriTokenVerify, d.VerifyTokenHandler)
        intrnlAPIV1.DELETE(uriTokens, d.DeleteTokensHandler)
        intrnlAPIV1.PUT(uriTenantLimit, d.PutTenantLimitHandler)
        intrnlAPIV1.GET(uriTenantLimit, d.GetTenantLimitHandler)
        intrnlAPIV1.DELETE(uriTenantLimit, d.DeleteTenantLimitHandler)
        intrnlAPIV1.POST(uriTenants, d.ProvisionTenantHandler)
        intrnlAPIV1.GET(uriTenantDeviceStatus, d.GetTenantDeviceStatus)
        intrnlAPIV1.GET(uriTenantDevices, d.GetTenantDevicesHandler)
        intrnlAPIV1.GET(uriTenantDevicesCount, d.GetTenantDevicesCountHandler)
        intrnlAPIV1.DELETE(uriTenantDevice, d.DeleteDeviceHandler)

        return router
}

1	// Copyright 2023 Northern.tech AS
2	//
3	// Licensed under the Apache License, Version 2.0 (the "License");
4	// you may not use this file except in compliance with the License.
5	// You may obtain a copy of the License at
6	//
7	// http://www.apache.org/licenses/LICENSE-2.0
8	//
9	// Unless required by applicable law or agreed to in writing, software
10	// distributed under the License is distributed on an "AS IS" BASIS,
11	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12	// See the License for the specific language governing permissions and
13	// limitations under the License.
14	package http
15
16	import (
17	"net/http"
18	"strings"
19
20	"github.com/gin-gonic/gin"
21
22	"github.com/mendersoftware/mender-server/pkg/contenttype"
23	"github.com/mendersoftware/mender-server/pkg/identity"
24	"github.com/mendersoftware/mender-server/pkg/routing"
25	"github.com/mendersoftware/mender-server/services/deviceauth/devauth"
26	"github.com/mendersoftware/mender-server/services/deviceauth/store"
27	"github.com/mendersoftware/mender-server/services/deviceauth/utils"
28	)
29
30	const (
31	apiUrlDevicesV1 = "/api/devices/v1/authentication"
32	uriAuthReqs = "/auth_requests"
33
34	// internal API
35	apiUrlInternalV1 = "/api/internal/v1/devauth"
36	uriAlive = "/alive"
37	uriHealth = "/health"
38	uriTokenVerify = "/tokens/verify"
39	uriTenantLimit = "/tenant/:id/limits/:name"
40	uriTokens = "/tokens"
41	uriTenants = "/tenants"
42	uriTenantDevice = "/tenants/:tid/devices/:did"
43	uriTenantDeviceStatus = "/tenants/:tid/devices/:did/status"
44	uriTenantDevices = "/tenants/:tid/devices"
45	uriTenantDevicesCount = "/tenants/:tid/devices/count"
46
47	// management API v2
48	apiUrlManagementV2 = "/api/management/v2/devauth"
49	v2uriDevices = "/devices"
50	v2uriDevicesCount = "/devices/count"
51	v2uriDevicesSearch = "/devices/search"
52	v2uriDevice = "/devices/:id"
53	v2uriDeviceAuthSet = "/devices/:id/auth/:aid"
54	v2uriDeviceAuthSetStatus = "/devices/:id/auth/:aid/status"
55	v2uriToken = "/tokens/:id"
56	v2uriDevicesLimit = "/limits/:name"
57
58	HdrAuthReqSign = "X-MEN-Signature"
59	)
60
61	type HttpOptionsGenerator func(methods []string) gin.HandlerFunc
62
63	func AllowHeaderOptionsGenerator(methods []string) gin.HandlerFunc {	3✔
64	// return a dummy handler for now	3✔
65	return func(c *gin.Context) {	4✔
66	for _, m := range methods {	2✔
67	c.Writer.Header().Add("Allow", m)	1✔
68	}	1✔
69	}
70	}
71
72	func supportsMethod(method string, methods []string) bool {	3✔
73	return utils.ContainsString(method, methods)	3✔
74	}	3✔
75
76	// Automatically add OPTIONS method support for each defined route,
77	// only if there's no OPTIONS handler for that route yet
78	func AutogenOptionsRoutes(router *gin.Engine, gen HttpOptionsGenerator) {	3✔
79	routes := router.Routes()	3✔
80	methodGroups := make(map[string][]string, len(routes))	3✔
81		3✔
82	for _, route := range routes {	6✔
83	if strings.HasPrefix(route.Path, "/api/internal") {	3✔
UNCOV 84	continue	×
85	}
86	methods, ok := methodGroups[route.Path]	3✔
87	if !ok {	6✔
88	methods = make([]string, 0)	3✔
89	}	3✔
90
91	methodGroups[route.Path] = append(methods, route.Method)	3✔
92	}
93
94	for route, methods := range methodGroups {	6✔
95	// skip if there's a handler for OPTIONS already	3✔
96	if !supportsMethod(http.MethodOptions, methods) {	6✔
97	router.OPTIONS(route, gen(methods))	3✔
98	}	3✔
99	}
100	}
101
102	type Config struct {
103	AuthVerifyRatelimits gin.HandlerFunc
104	}
105
106	type Option func(c *Config)
107
NEW UNCOV 108	func ConfigAuthVerifyRatelimits(handler gin.HandlerFunc) Option {	×
NEW UNCOV 109	return func(c *Config) {	×
NEW UNCOV 110	c.AuthVerifyRatelimits = handler	×
NEW UNCOV 111	}	×
112	}
113
114	func NewRouter(app devauth.App, db store.DataStore, options ...Option) http.Handler {	3✔
115	router := routing.NewGinRouter()	3✔
116	cfg := new(Config)	3✔
117	for _, option := range options {	3✔
NEW UNCOV 118	option(cfg)	×
NEW UNCOV 119	}	×
120
121	d := NewDevAuthApiHandlers(app, db, options...)	3✔
122		3✔
123	publicAPIs := router.Group(".")	3✔
124	publicAPIs.Use(identity.Middleware())	3✔
125		3✔
126	mgmtAPIV2 := publicAPIs.Group(apiUrlManagementV2)	3✔
127	devicesAPIs := router.Group(apiUrlDevicesV1)	3✔
128		3✔
129	// Devices API	3✔
130	devicesAPIs.Group(".").Use(contenttype.CheckJSON()).	3✔
131	POST(uriAuthReqs, d.SubmitAuthRequestHandler)	3✔
132		3✔
133	// API v2	3✔
134	mgmtAPIV2.GET(v2uriDevicesCount, d.GetDevicesCountHandler)	3✔
135	mgmtAPIV2.GET(v2uriDevices, d.GetDevicesV2Handler)	3✔
136	mgmtAPIV2.GET(v2uriDevice, d.GetDeviceV2Handler)	3✔
137	mgmtAPIV2.GET(v2uriDeviceAuthSetStatus, d.GetAuthSetStatusHandler)	3✔
138	mgmtAPIV2.GET(v2uriDevicesLimit, d.GetLimitHandler)	3✔
139	mgmtAPIV2.DELETE(v2uriDevice, d.DecommissionDeviceHandler)	3✔
140	mgmtAPIV2.DELETE(v2uriDeviceAuthSet, d.DeleteDeviceAuthSetHandler)	3✔
141	mgmtAPIV2.DELETE(v2uriToken, d.DeleteTokenHandler)	3✔
142	mgmtAPIV2.Group(".").Use(contenttype.CheckJSON()).	3✔
143	POST(v2uriDevices, d.PostDevicesV2Handler).	3✔
144	PUT(v2uriDeviceAuthSetStatus, d.UpdateDeviceStatusHandler).	3✔
145	POST(v2uriDevicesSearch, d.SearchDevicesV2Handler)	3✔
146		3✔
147	// automatically add Option routes for public endpoints	3✔
148	AutogenOptionsRoutes(router, AllowHeaderOptionsGenerator)	3✔
149		3✔
150	intrnlAPIV1 := router.Group(apiUrlInternalV1)	3✔
151		3✔
152	intrnlAPIV1.GET(uriAlive, d.AliveHandler)	3✔
153	intrnlAPIV1.GET(uriHealth, d.HealthCheckHandler)	3✔
154		3✔
155	intrnlAPIV1.Group(".").	3✔
156	Use(identity.Middleware()).	3✔
157	GET(uriTokenVerify, d.VerifyTokenHandler).	3✔
158	POST(uriTokenVerify, d.VerifyTokenHandler)	3✔
159	intrnlAPIV1.DELETE(uriTokens, d.DeleteTokensHandler)	3✔
160	intrnlAPIV1.PUT(uriTenantLimit, d.PutTenantLimitHandler)	3✔
161	intrnlAPIV1.GET(uriTenantLimit, d.GetTenantLimitHandler)	3✔
162	intrnlAPIV1.DELETE(uriTenantLimit, d.DeleteTenantLimitHandler)	3✔
163	intrnlAPIV1.POST(uriTenants, d.ProvisionTenantHandler)	3✔
164	intrnlAPIV1.GET(uriTenantDeviceStatus, d.GetTenantDeviceStatus)	3✔
165	intrnlAPIV1.GET(uriTenantDevices, d.GetTenantDevicesHandler)	3✔
166	intrnlAPIV1.GET(uriTenantDevicesCount, d.GetTenantDevicesCountHandler)	3✔
167	intrnlAPIV1.DELETE(uriTenantDevice, d.DeleteDeviceHandler)	3✔
168		3✔
169	return router	3✔
170	}

mendersoftware / mender-server / 1931642100

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous