Skip to content

Commit

Permalink
fix: use authorization filter before other filters #660
Browse files Browse the repository at this point in the history
  • Loading branch information
JonasKellerer authored and fengelniederhammer committed Feb 22, 2024
1 parent db1c6cb commit ceb81d0
Show file tree
Hide file tree
Showing 22 changed files with 258 additions and 55 deletions.
70 changes: 39 additions & 31 deletions .github/workflows/lapis2.yml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
name: LAPIS v2

on: [push]
on: [ push ]

env:
DOCKER_IMAGE_NAME: ghcr.io/genspectrum/lapis-v2
Expand All @@ -9,22 +9,18 @@ jobs:
Tests:
runs-on: ubuntu-latest
steps:
-
uses: actions/checkout@v4
-
name: Set up JDK
- uses: actions/checkout@v4
- name: Set up JDK
uses: actions/setup-java@v4
with:
java-version: '21'
distribution: 'adopt'
-
name: Execute Tests
- name: Execute Tests
uses: gradle/gradle-build-action@v3
with:
arguments: test
build-root-directory: lapis2
-
name: Check Format And Lint
- name: Check Format And Lint
uses: gradle/gradle-build-action@v3
with:
arguments: ktlintCheck
Expand All @@ -36,51 +32,43 @@ jobs:
permissions:
packages: write
steps:
-
uses: actions/checkout@v4
-
name: Set up JDK
- uses: actions/checkout@v4
- name: Set up JDK
uses: actions/setup-java@v4
with:
java-version: '21'
distribution: 'adopt'
-
name: Login to GitHub Container Registry
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
-
name: Docker metadata
- name: Docker metadata
id: dockerMetadata
uses: docker/metadata-action@v5
with:
images: ${{ env.DOCKER_IMAGE_NAME }}
tags: |
type=ref,event=branch,enable=${{ github.ref != 'refs/heads/main' }}
type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' }}
-
name: Build Docker Image For Branch
- name: Build Docker Image For Branch
uses: gradle/gradle-build-action@v3
env:
USER: ${{ github.actor }}
TOKEN: "${{ secrets.GITHUB_TOKEN }}"
with:
arguments: bootBuildImage --imageName=${{ steps.dockerMetadata.outputs.tags }}
build-root-directory: lapis2
-
name: Push Docker Image For Branch
- name: Push Docker Image For Branch
run: docker push ${{ steps.dockerMetadata.outputs.tags }}
-
name: Build "public" Docker Image
- name: Build "public" Docker Image
if: ${{ github.ref == 'refs/heads/public' }}
uses: gradle/gradle-build-action@v3
with:
arguments: bootBuildImage --imageName=${{ env.DOCKER_IMAGE_NAME }}:public
build-root-directory: lapis2
-
name: Push "public" Docker Image
- name: Push "public" Docker Image
if: ${{ github.ref == 'refs/heads/public' }}
run: docker push ${{ env.DOCKER_IMAGE_NAME }}:public

Expand All @@ -106,14 +94,33 @@ jobs:
arguments: generateOpenApiDocs
build-root-directory: lapis2

- name: Build OpenAPI Spec Protected
uses: gradle/gradle-build-action@v3
with:
arguments: generateOpenApiDocs -PopennessLevel=protected
build-root-directory: lapis2

- name: Cache .npm
uses: actions/cache@v4
with:
path: ~/.npm
key: ${{ runner.os }}-node-${{ hashFiles('siloLapisTests/**/package-lock.json') }}

- name: Prepare Tests
run: |
cd siloLapisTests
npm ci
npm run generateLapisClient
run: npm ci
working-directory: siloLapisTests

- name: Generate Lapis Client
run: npm run generateLapisClient
working-directory: siloLapisTests

- name: Generate Lapis Client Protected
run: npm run generateLapisClientProtected
working-directory: siloLapisTests

- name: Check Format
run: cd siloLapisTests && npm run check-format
run: npm run check-format
working-directory: siloLapisTests

- name: Docker metadata
id: dockerMetadata
Expand Down Expand Up @@ -151,7 +158,8 @@ jobs:
cd lapis2
mkdir p e2e-logs
docker compose logs silo > e2e-logs/silo.log
docker compose logs lapis > e2e-logs/lapis.log
docker compose logs lapisOpen > e2e-logs/lapisOpen.log
docker compose logs lapisProtected > e2e-logs/lapisProtected.log
env:
SILO_TAG: latest
LAPIS_TAG: ${{ steps.lapisBranchTag.outputs.lapisTag }}
Expand Down
2 changes: 1 addition & 1 deletion .idea/runConfigurations/LapisV2Open.xml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion .idea/runConfigurations/LapisV2Protected.xml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion .idea/runConfigurations/lapis2_docs.xml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion lapis2-docs/test-docker-compose.yml
Original file line number Diff line number Diff line change
Expand Up @@ -8,4 +8,4 @@ services:
- ../siloLapisTests/testData/testDatabaseConfig.yaml:/config/database_config.yaml
- ../siloLapisTests/testData/reference_genomes.json:/config/reference_genomes.json
environment:
LAPIS_URL: http://localhost:8080
LAPIS_URL: http://localhost:8090
2 changes: 1 addition & 1 deletion lapis2-docs/tests/queryGenerator.page.ts
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,7 @@ export class QueryGeneratorPage {

public async expectQueryUrlContains(expected: string) {
await expect(this.page.getByRole('textbox', {})).toHaveValue(
new RegExp(`^http://localhost:8080/sample.*${expected}`),
new RegExp(`^http://localhost:8090/sample.*${expected}`),
);
}

Expand Down
1 change: 1 addition & 0 deletions lapis2/.gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -4,4 +4,5 @@ build/
!**/src/main/**/build/
!**/src/test/**/build/
/lapis-v2-openapi.json
/lapis-v2-openapi-protected.json
log
2 changes: 1 addition & 1 deletion lapis2/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ When running LAPIS behind a proxy, the proxy needs to set X-Forwarded headers:
There are end-to-end tests in `siloLapisTests/` that test the integration of SILO and LAPIS.

How to execute the tests
(Given that you have a running LAPIS instance listening on localhost:8080, e.g. via `docker compose up`):
(Given that you have a running LAPIS instance listening on localhost:8090, e.g. via `docker compose up`):

* Generate the OpenAPI docs for LAPIS: `cd lapis2 && ./gradlew generateOpenApiDocs`
* Switch to test directory: `cd ../siloLapisTests/`
Expand Down
14 changes: 11 additions & 3 deletions lapis2/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -81,13 +81,21 @@ tasks.named('bootBuildImage') {

openApi {
outputDir.set(file("$rootDir"))
outputFileName.set("lapis-v2-openapi.json")

def opennessLevel = project.hasProperty("opennessLevel") ? project.opennessLevel : "open"

def customOutputFileName = opennessLevel == "open" ? "lapis-v2-openapi.json" : "lapis-v2-openapi-protected.json"
def customLapisConfig = opennessLevel == "open" ? "../siloLapisTests/testData/testDatabaseConfig.yaml" : "../siloLapisTests/testData/protectedTestDatabaseConfig.yaml"

outputFileName.set(customOutputFileName)
apiDocsUrl.set("http://localhost:8080/api-docs")

customBootRun {
args.set([
"--silo.url=does.not.matter.here",
"--lapis.databaseConfig.path=../siloLapisTests/testData/testDatabaseConfig.yaml",
"--referenceGenomeFilename=../siloLapisTests/testData/reference_genomes.json"
"--lapis.databaseConfig.path=$customLapisConfig",
"--referenceGenomeFilename=../siloLapisTests/testData/reference_genomes.json",
"--lapis.accessKeys.path=./src/test/resources/config/testAccessKeys.yaml"
])
}
}
24 changes: 21 additions & 3 deletions lapis2/docker-compose.yml
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
version: "3.9"
services:
lapis:
lapisOpen:
image: ghcr.io/genspectrum/lapis-v2:${LAPIS_TAG}
ports:
- "8080:8080"
- "8090:8080"
command: --silo.url=http://silo:8081
volumes:
- type: bind
Expand All @@ -18,7 +18,7 @@ services:
silo:
image: ghcr.io/genspectrum/lapis-silo:${SILO_TAG}
ports:
- "8081:8081"
- "8091:8081"
command: --api
volumes:
- ../siloLapisTests/testData/output:/data
Expand All @@ -34,3 +34,21 @@ services:
- ../siloLapisTests/testData/output:/preprocessing/output
- ../siloLapisTests/testData/preprocessingConfig.yaml:/app/preprocessing_config.yaml
- ../siloLapisTests/testData/testDatabaseConfig.yaml:/app/database_config.yaml

lapisProtected:
image: ghcr.io/genspectrum/lapis-v2:${LAPIS_TAG}
ports:
- "8092:8080"
command: --silo.url=http://silo:8081 --lapis.accessKeys.path=/workspace/access_keys.yaml
volumes:
- type: bind
source: ../siloLapisTests/testData/protectedTestDatabaseConfig.yaml
target: /workspace/database_config.yaml
read_only: true
- type: bind
source: ../siloLapisTests/testData/reference_genomes.json
target: /workspace/reference_genomes.json
read_only: true
- type: bind
source: ./src/test/resources/config/testAccessKeys.yaml
target: /workspace/access_keys.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -13,13 +13,15 @@ import org.genspectrum.lapis.controller.AGGREGATED_ROUTE
import org.genspectrum.lapis.controller.AMINO_ACID_INSERTIONS_ROUTE
import org.genspectrum.lapis.controller.AMINO_ACID_MUTATIONS_ROUTE
import org.genspectrum.lapis.controller.DATABASE_CONFIG_ROUTE
import org.genspectrum.lapis.controller.DATA_OPENNESS_AUTHORIZATION_FILTER_ORDER
import org.genspectrum.lapis.controller.FIELDS_PROPERTY
import org.genspectrum.lapis.controller.INFO_ROUTE
import org.genspectrum.lapis.controller.LapisErrorResponse
import org.genspectrum.lapis.controller.NUCLEOTIDE_INSERTIONS_ROUTE
import org.genspectrum.lapis.controller.NUCLEOTIDE_MUTATIONS_ROUTE
import org.genspectrum.lapis.controller.REFERENCE_GENOME_ROUTE
import org.genspectrum.lapis.util.CachedBodyHttpServletRequest
import org.springframework.core.annotation.Order
import org.springframework.http.HttpStatus
import org.springframework.http.MediaType
import org.springframework.http.ProblemDetail
Expand All @@ -43,6 +45,7 @@ class DataOpennessAuthorizationFilterFactory(
}
}

@Order(DATA_OPENNESS_AUTHORIZATION_FILTER_ORDER)
abstract class DataOpennessAuthorizationFilter(protected val objectMapper: ObjectMapper) : OncePerRequestFilter() {
override fun doFilterInternal(
request: HttpServletRequest,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -81,7 +81,7 @@ fun ZstdOutputStream.commitUnderlyingResponseToPreventContentLengthFromBeingSet(
class RequestCompression(var compression: Compression? = null)

@Component
@Order(DOWNLOAD_AS_FILE_FILTER_ORDER - 1)
@Order(COMPRESSION_FILTER_ORDER)
class CompressionFilter(val objectMapper: ObjectMapper, val requestCompression: RequestCompression) :
OncePerRequestFilter() {
override fun doFilterInternal(
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,6 @@ import com.fasterxml.jackson.databind.ObjectMapper
import jakarta.servlet.FilterChain
import jakarta.servlet.http.HttpServletRequest
import jakarta.servlet.http.HttpServletResponse
import mu.KotlinLogging
import org.genspectrum.lapis.util.CachedBodyHttpServletRequest
import org.genspectrum.lapis.util.HeaderModifyingRequestWrapper
import org.springframework.core.annotation.Order
Expand All @@ -13,16 +12,12 @@ import org.springframework.http.MediaType
import org.springframework.stereotype.Component
import org.springframework.web.filter.OncePerRequestFilter

private val log = KotlinLogging.logger {}

const val HEADERS_ACCEPT_HEADER_PARAMETER = "headers"

const val TEXT_CSV_HEADER = "text/csv"
const val TEXT_CSV_WITHOUT_HEADERS_HEADER = "text/csv;$HEADERS_ACCEPT_HEADER_PARAMETER=false"
const val TEXT_TSV_HEADER = "text/tab-separated-values"

const val DATA_FORMAT_FILTER_ORDER = 0

object DataFormat {
const val JSON = "JSON"
const val CSV = "CSV"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -12,8 +12,6 @@ import org.springframework.http.HttpHeaders.CONTENT_DISPOSITION
import org.springframework.stereotype.Component
import org.springframework.web.filter.OncePerRequestFilter

const val DOWNLOAD_AS_FILE_FILTER_ORDER = DATA_FORMAT_FILTER_ORDER + 1

@Component
@Order(DOWNLOAD_AS_FILE_FILTER_ORDER)
class DownloadAsFileFilter(private val objectMapper: ObjectMapper) : OncePerRequestFilter() {
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
package org.genspectrum.lapis.controller

const val DATA_FORMAT_FILTER_ORDER = 0
const val DOWNLOAD_AS_FILE_FILTER_ORDER = DATA_FORMAT_FILTER_ORDER + 1
const val COMPRESSION_FILTER_ORDER = DOWNLOAD_AS_FILE_FILTER_ORDER - 1
const val DATA_OPENNESS_AUTHORIZATION_FILTER_ORDER = DATA_FORMAT_FILTER_ORDER - 3
3 changes: 2 additions & 1 deletion siloLapisTests/.prettierignore
Original file line number Diff line number Diff line change
@@ -1 +1,2 @@
/test/lapisClient
/test/lapisClient
/test/lapisClientProtected
25 changes: 25 additions & 0 deletions siloLapisTests/package-lock.json

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading

0 comments on commit ceb81d0

Please sign in to comment.