diff --git a/.github/workflows/build-and-test.yaml b/.github/workflows/build-and-test.yaml
index 00695f1db..aa13387c6 100644
--- a/.github/workflows/build-and-test.yaml
+++ b/.github/workflows/build-and-test.yaml
@@ -3,7 +3,7 @@ on: [pull_request, push, workflow_dispatch]
jobs:
build:
- uses: IABTechLab/uid2-shared-actions/.github/workflows/shared-build-and-test.yaml@v2
+ uses: IABTechLab/uid2-shared-actions/.github/workflows/shared-build-and-test.yaml@v3
with:
java_version: 21
secrets: inherit
\ No newline at end of file
diff --git a/.github/workflows/publish-all-operators.yaml b/.github/workflows/publish-all-operators.yaml
index c5db3a3b0..5e5bf559b 100644
--- a/.github/workflows/publish-all-operators.yaml
+++ b/.github/workflows/publish-all-operators.yaml
@@ -55,7 +55,7 @@ jobs:
fetch-depth: 0
- name: Scan vulnerabilities
- uses: IABTechLab/uid2-shared-actions/actions/vulnerability_scan_filesystem@v2
+ uses: IABTechLab/uid2-shared-actions/actions/vulnerability_scan_filesystem@v3
with:
scan_severity: HIGH,CRITICAL
failure_severity: CRITICAL
diff --git a/.github/workflows/validate-image.yaml b/.github/workflows/validate-image.yaml
index 524f19102..37b4bf912 100644
--- a/.github/workflows/validate-image.yaml
+++ b/.github/workflows/validate-image.yaml
@@ -19,7 +19,7 @@ on:
jobs:
build-publish-docker-default:
- uses: IABTechLab/uid2-shared-actions/.github/workflows/shared-validate-image.yaml@v2
+ uses: IABTechLab/uid2-shared-actions/.github/workflows/shared-validate-image.yaml@v3
with:
failure_severity: ${{ inputs.failure_severity || 'CRITICAL,HIGH' }}
fail_on_error: ${{ inputs.fail_on_error || true }}
@@ -27,7 +27,7 @@ jobs:
java_version: 21
secrets: inherit
build-publish-docker-aws:
- uses: IABTechLab/uid2-shared-actions/.github/workflows/shared-validate-image.yaml@v2
+ uses: IABTechLab/uid2-shared-actions/.github/workflows/shared-validate-image.yaml@v3
with:
failure_severity: ${{ inputs.failure_severity || 'CRITICAL,HIGH' }}
fail_on_error: ${{ inputs.fail_on_error || true }}
@@ -36,7 +36,7 @@ jobs:
secrets: inherit
needs: [build-publish-docker-default]
build-publish-docker-gcp:
- uses: IABTechLab/uid2-shared-actions/.github/workflows/shared-validate-image.yaml@v2
+ uses: IABTechLab/uid2-shared-actions/.github/workflows/shared-validate-image.yaml@v3
with:
failure_severity: ${{ inputs.failure_severity || 'CRITICAL,HIGH' }}
fail_on_error: ${{ inputs.fail_on_error || true }}
@@ -45,7 +45,7 @@ jobs:
secrets: inherit
needs: [build-publish-docker-aws]
build-publish-docker-azure:
- uses: IABTechLab/uid2-shared-actions/.github/workflows/shared-validate-image.yaml@v2
+ uses: IABTechLab/uid2-shared-actions/.github/workflows/shared-validate-image.yaml@v3
with:
failure_severity: ${{ inputs.failure_severity || 'CRITICAL,HIGH' }}
fail_on_error: ${{ inputs.fail_on_error || true }}
diff --git a/pom.xml b/pom.xml
index f92477342..af18e37d4 100644
--- a/pom.xml
+++ b/pom.xml
@@ -22,7 +22,7 @@
2.1.0
2.1.0
2.1.0
- 7.20.0
+ 7.20.4
${project.version}
21
21
diff --git a/src/main/java/com/uid2/operator/vertx/ClientVersionCapturingHandler.java b/src/main/java/com/uid2/operator/vertx/ClientVersionCapturingHandler.java
index d63626952..1626bb397 100644
--- a/src/main/java/com/uid2/operator/vertx/ClientVersionCapturingHandler.java
+++ b/src/main/java/com/uid2/operator/vertx/ClientVersionCapturingHandler.java
@@ -1,10 +1,16 @@
package com.uid2.operator.vertx;
+import com.uid2.operator.util.Tuple;
import com.uid2.shared.Const;
+import com.uid2.shared.auth.IAuthorizable;
+import com.uid2.shared.auth.IAuthorizableProvider;
+import com.uid2.shared.middleware.AuthMiddleware;
import io.micrometer.core.instrument.Counter;
import io.micrometer.core.instrument.Metrics;
import io.vertx.core.Handler;
import io.vertx.ext.web.RoutingContext;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
import java.io.IOException;
import java.nio.file.DirectoryStream;
@@ -12,21 +18,23 @@
import java.nio.file.Path;
import java.nio.file.Paths;
import java.util.HashMap;
+import java.util.HashSet;
import java.util.Map;
+import java.util.Set;
public class ClientVersionCapturingHandler implements Handler {
- private final Map _clientVersionCounters = new HashMap<>();
+ private static final Logger LOGGER = LoggerFactory.getLogger(ClientVersionCapturingHandler.class);
+ private static final String BEARER_TOKEN_PREFIX = "bearer ";
+ private final Map, Counter> _clientVersionCounters = new HashMap<>();
+ private IAuthorizableProvider authKeyStore;
+ private final Set versions = new HashSet<>();
- public ClientVersionCapturingHandler(String dir, String whitelistGlob) throws IOException {
+ public ClientVersionCapturingHandler(String dir, String whitelistGlob, IAuthorizableProvider authKeyStore) throws IOException {
+ this.authKeyStore = authKeyStore;
try (DirectoryStream dirStream = Files.newDirectoryStream(Paths.get(dir), whitelistGlob)) {
dirStream.forEach(path -> {
final String version = getFileNameWithoutExtension(path);
- final Counter counter = Counter
- .builder("uid2.client_sdk_versions")
- .description("counter for how many http requests are processed per each client sdk version")
- .tags("client_version", version)
- .register(Metrics.globalRegistry);
- _clientVersionCounters.put(version, counter);
+ versions.add(version);
});
}
}
@@ -36,11 +44,22 @@ public void handle(RoutingContext context) {
if (clientVersion == null) {
clientVersion = !context.queryParam("client").isEmpty() ? context.queryParam("client").get(0) : null;
}
- if (clientVersion != null) {
- final Counter counter = _clientVersionCounters.get(clientVersion);
- if (counter != null) {
- counter.increment();
- }
+ String apiContact;
+ try {
+ final String authHeaderValue = context.request().getHeader("Authorization");
+ final String authKey = extractBearerToken(authHeaderValue);
+ final IAuthorizable profile = this.authKeyStore.get(authKey);
+ apiContact = profile.getContact();
+ apiContact = apiContact == null ? "unknown" : apiContact;
+ } catch (Exception ex) {
+ apiContact = "unknown";
+ }
+ if (clientVersion != null && versions.contains(clientVersion)) {
+ _clientVersionCounters.computeIfAbsent(new Tuple.Tuple2<>(apiContact, clientVersion), tuple -> Counter
+ .builder("uid2.client_sdk_versions")
+ .description("counter for how many http requests are processed per each client sdk version")
+ .tags("api_contact", tuple.getItem1(), "client_version", tuple.getItem2())
+ .register(Metrics.globalRegistry)).increment();;
}
context.next();
}
@@ -49,4 +68,22 @@ private static String getFileNameWithoutExtension(Path path) {
final String fileName = path.getFileName().toString();
return fileName.indexOf(".") > 0 ? fileName.substring(0, fileName.lastIndexOf(".")) : fileName;
}
+
+ private static String extractBearerToken(final String headerValue) {
+ if (headerValue == null) {
+ return null;
+ }
+
+ final String v = headerValue.trim();
+ if (v.length() < BEARER_TOKEN_PREFIX.length()) {
+ return null;
+ }
+
+ final String givenPrefix = v.substring(0, BEARER_TOKEN_PREFIX.length());
+
+ if (!BEARER_TOKEN_PREFIX.equals(givenPrefix.toLowerCase())) {
+ return null;
+ }
+ return v.substring(BEARER_TOKEN_PREFIX.length());
+ }
}
\ No newline at end of file
diff --git a/src/main/java/com/uid2/operator/vertx/UIDOperatorVerticle.java b/src/main/java/com/uid2/operator/vertx/UIDOperatorVerticle.java
index 4f6fd97db..8c92da12e 100644
--- a/src/main/java/com/uid2/operator/vertx/UIDOperatorVerticle.java
+++ b/src/main/java/com/uid2/operator/vertx/UIDOperatorVerticle.java
@@ -221,7 +221,7 @@ private Router createRoutesSetup() throws IOException {
router.allowForward(AllowForwardHeaders.X_FORWARD);
router.route().handler(new RequestCapturingHandler());
- router.route().handler(new ClientVersionCapturingHandler("static/js", "*.js"));
+ router.route().handler(new ClientVersionCapturingHandler("static/js", "*.js", clientKeyProvider));
router.route().handler(CorsHandler.create()
.addRelativeOrigin(".*.")
.allowedMethod(io.vertx.core.http.HttpMethod.GET)