One file for hmac

Author: ardatan

lib/executor/src/execution/hmac.rs

@@ -0,0 +1,111 @@
+use std::collections::BTreeMap;
+
+use bytes::{BufMut, Bytes};
+use hive_router_config::hmac_signature::{BooleanOrExpression, HMACSignatureConfig};
+use hmac::{Hmac, Mac};
+use sha2::Sha256;
+use vrl::{compiler::Program as VrlProgram, core::Value as VrlValue};
+
+use crate::{
+    execution::client_request_details::ClientRequestDetails,
+    executors::{error::SubgraphExecutorError, http::FIRST_EXTENSION_STR},
+    utils::{
+        consts::{CLOSE_BRACE, COLON, COMMA, QUOTE},
+        expression::{compile_expression, execute_expression_with_value},
+    },
+};
+
+#[derive(Debug)]
+pub enum BooleanOrProgram {
+    Boolean(bool),
+    Program(Box<VrlProgram>),
+}
+
+pub fn compile_hmac_config(
+    config: &HMACSignatureConfig,
+) -> Result<BooleanOrProgram, SubgraphExecutorError> {
+    match &config.enabled {
+        BooleanOrExpression::Boolean(b) => Ok(BooleanOrProgram::Boolean(*b)),
+        BooleanOrExpression::Expression { expression } => {
+            let program = compile_expression(expression, None)
+                .map_err(SubgraphExecutorError::HMACExpressionBuild)?;
+            Ok(BooleanOrProgram::Program(Box::new(program)))
+        }
+    }
+}
+type HmacSha256 = Hmac<Sha256>;
+
+pub fn sign_hmac(
+    hmac_program: &BooleanOrProgram,
+    hmac_config: &HMACSignatureConfig,
+    subgraph_name: &str,
+    client_request: &ClientRequestDetails,
+    first_extension: &mut bool,
+    body: &mut Vec<u8>,
+) -> Result<(), SubgraphExecutorError> {
+    let should_sign_hmac = match &hmac_program {
+        BooleanOrProgram::Boolean(b) => *b,
+        BooleanOrProgram::Program(expr) => {
+            // .subgraph
+            let subgraph_value = VrlValue::Object(BTreeMap::from([(
+                "name".into(),
+                VrlValue::Bytes(Bytes::from(subgraph_name.to_owned())),
+            )]));
+            // .request
+            let request_value: VrlValue = client_request.into();
+            let target_value = VrlValue::Object(BTreeMap::from([
+                ("subgraph".into(), subgraph_value),
+                ("request".into(), request_value),
+            ]));
+            let result = execute_expression_with_value(expr, target_value);
+            match result {
+                Ok(VrlValue::Boolean(b)) => b,
+                Ok(_) => {
+                    return Err(SubgraphExecutorError::HMACSignatureError(
+                        "HMAC signature expression did not evaluate to a boolean".to_string(),
+                    ));
+                }
+                Err(e) => {
+                    return Err(SubgraphExecutorError::HMACSignatureError(format!(
+                        "HMAC signature expression evaluation error: {}",
+                        e
+                    )));
+                }
+            }
+        }
+    };
+
+    if should_sign_hmac {
+        if hmac_config.secret.is_empty() {
+            return Err(SubgraphExecutorError::HMACSignatureError(
+                "HMAC signature secret is empty".to_string(),
+            ));
+        }
+        let mut mac = HmacSha256::new_from_slice(hmac_config.secret.as_bytes()).map_err(|e| {
+            SubgraphExecutorError::HMACSignatureError(format!(
+                "Failed to create HMAC instance: {}",
+                e
+            ))
+        })?;
+        let mut body_without_extensions = body.clone();
+        body_without_extensions.put(CLOSE_BRACE);
+        mac.update(&body_without_extensions);
+        let result = mac.finalize();
+        let result_bytes = result.into_bytes();
+        if *first_extension {
+            body.put(FIRST_EXTENSION_STR);
+            *first_extension = false;
+        } else {
+            body.put(COMMA);
+        }
+        body.put(QUOTE);
+        body.put(hmac_config.extension_name.as_bytes());
+        body.put(QUOTE);
+        body.put(COLON);
+        let hmac_hex = hex::encode(result_bytes);
+        body.put(QUOTE);
+        body.put(hmac_hex.as_bytes());
+        body.put(QUOTE);
+    }
+    Ok(())
+}

lib/executor/src/execution/mod.rs

@@ -1,5 +1,6 @@
 pub mod client_request_details;
 pub mod error;
+pub mod hmac;
 pub mod jwt_forward;
 pub mod plan;
 pub mod rewrites;

lib/executor/src/executors/http.rs

@@ -1,28 +1,24 @@
-use std::collections::BTreeMap;
 use std::sync::Arc;
 
+use crate::execution::hmac::{sign_hmac, BooleanOrProgram};
 use crate::executors::common::HttpExecutionResponse;
 use crate::executors::dedupe::{request_fingerprint, ABuildHasher, SharedResponse};
-use crate::utils::expression::execute_expression_with_value;
 use dashmap::DashMap;
 use hive_router_config::HiveRouterConfig;
 use tokio::sync::OnceCell;
 
 use async_trait::async_trait;
 
 use bytes::{BufMut, Bytes, BytesMut};
-use hmac::{Hmac, Mac};
 use http::HeaderMap;
 use http::HeaderValue;
 use http_body_util::BodyExt;
 use http_body_util::Full;
 use hyper::Version;
 use hyper_tls::HttpsConnector;
 use hyper_util::client::legacy::{connect::HttpConnector, Client};
-use sha2::Sha256;
 use tokio::sync::Semaphore;
 use tracing::debug;
-use vrl::compiler::Program as VrlProgram;
 
 use crate::executors::common::HttpExecutionRequest;
 use crate::executors::error::SubgraphExecutorError;
@@ -32,7 +28,6 @@ use crate::utils::consts::COLON;
 use crate::utils::consts::COMMA;
 use crate::utils::consts::QUOTE;
 use crate::{executors::common::SubgraphExecutor, json_writer::write_and_escape_string};
-use vrl::core::Value as VrlValue;
 
 #[derive(Debug)]
 pub struct HTTPSubgraphExecutor {
@@ -48,18 +43,10 @@ pub struct HTTPSubgraphExecutor {
 
 const FIRST_VARIABLE_STR: &[u8] = b",\"variables\":{";
 const FIRST_QUOTE_STR: &[u8] = b"{\"query\":";
-const FIRST_EXTENSION_STR: &[u8] = b",\"extensions\":{";
+pub const FIRST_EXTENSION_STR: &[u8] = b",\"extensions\":{";
 
 pub type HttpClient = Client<HttpsConnector<HttpConnector>, Full<Bytes>>;
 
-type HmacSha256 = Hmac<Sha256>;
-
-#[derive(Debug)]
-pub enum BooleanOrProgram {
-    Boolean(bool),
-    Program(Box<VrlProgram>),
-}
-
 impl HTTPSubgraphExecutor {
     pub fn new(
         subgraph_name: String,
@@ -92,80 +79,6 @@ impl HTTPSubgraphExecutor {
         }
     }
 
-    fn sign_hmac(
-        &self,
-        execution_request: &HttpExecutionRequest,
-        body: &mut Vec<u8>,
-        first_extension: &mut bool,
-    ) -> Result<(), SubgraphExecutorError> {
-        let should_sign_hmac = match &self.should_sign_hmac.as_ref() {
-            BooleanOrProgram::Boolean(b) => *b,
-            BooleanOrProgram::Program(expr) => {
-                // .subgraph
-                let subgraph_value = VrlValue::Object(BTreeMap::from([(
-                    "name".into(),
-                    VrlValue::Bytes(Bytes::from(self.subgraph_name.to_owned())),
-                )]));
-                // .request
-                let request_value: VrlValue = execution_request.client_request.into();
-                let target_value = VrlValue::Object(BTreeMap::from([
-                    ("subgraph".into(), subgraph_value),
-                    ("request".into(), request_value),
-                ]));
-                let result = execute_expression_with_value(expr, target_value);
-                match result {
-                    Ok(VrlValue::Boolean(b)) => b,
-                    Ok(_) => {
-                        return Err(SubgraphExecutorError::HMACSignatureError(
-                            "HMAC signature expression did not evaluate to a boolean".to_string(),
-                        ));
-                    }
-                    Err(e) => {
-                        return Err(SubgraphExecutorError::HMACSignatureError(format!(
-                            "HMAC signature expression evaluation error: {}",
-                            e
-                        )));
-                    }
-                }
-            }
-        };
-
-        if should_sign_hmac {
-            if self.config.hmac_signature.secret.is_empty() {
-                return Err(SubgraphExecutorError::HMACSignatureError(
-                    "HMAC signature secret is empty".to_string(),
-                ));
-            }
-            let mut mac = HmacSha256::new_from_slice(self.config.hmac_signature.secret.as_bytes())
-                .map_err(|e| {
-                    SubgraphExecutorError::HMACSignatureError(format!(
-                        "Failed to create HMAC instance: {}",
-                        e
-                    ))
-                })?;
-            let mut body_without_extensions = body.clone();
-            body_without_extensions.put(CLOSE_BRACE);
-            mac.update(&body_without_extensions);
-            let result = mac.finalize();
-            let result_bytes = result.into_bytes();
-            if *first_extension {
-                body.put(FIRST_EXTENSION_STR);
-                *first_extension = false;
-            } else {
-                body.put(COMMA);
-            }
-            body.put(QUOTE);
-            body.put(self.config.hmac_signature.extension_name.as_bytes());
-            body.put(QUOTE);
-            body.put(COLON);
-            let hmac_hex = hex::encode(result_bytes);
-            body.put(QUOTE);
-            body.put(hmac_hex.as_bytes());
-            body.put(QUOTE);
-        }
-        Ok(())
-    }
-
     fn build_request_body<'exec, 'req>(
         &self,
         execution_request: &HttpExecutionRequest<'exec, 'req>,
@@ -213,7 +126,14 @@ impl HTTPSubgraphExecutor {
         let mut first_extension = true;
 
         if !self.config.hmac_signature.is_disabled() {
-            self.sign_hmac(execution_request, &mut body, &mut first_extension)?;
+            sign_hmac(
+                &self.should_sign_hmac,
+                &self.config.hmac_signature,
+                &self.subgraph_name,
+                execution_request.client_request,
+                &mut first_extension,
+                &mut body,
+            )?;
         }
 
         if let Some(extensions) = &execution_request.extensions {

lib/executor/src/executors/map.rs

@@ -5,9 +5,7 @@ use std::{
 
 use bytes::{BufMut, Bytes, BytesMut};
 use dashmap::DashMap;
-use hive_router_config::{
-    hmac_signature::BooleanOrExpression, override_subgraph_urls::UrlOrExpression, HiveRouterConfig,
-};
+use hive_router_config::{override_subgraph_urls::UrlOrExpression, HiveRouterConfig};
 use http::Uri;
 use hyper_tls::HttpsConnector;
 use hyper_util::{
@@ -19,14 +17,17 @@ use tracing::error;
 use vrl::{compiler::Program as VrlProgram, core::Value as VrlValue};
 
 use crate::{
-    execution::client_request_details::ClientRequestDetails,
+    execution::{
+        client_request_details::ClientRequestDetails,
+        hmac::{compile_hmac_config, BooleanOrProgram},
+    },
     executors::{
         common::{
             HttpExecutionRequest, HttpExecutionResponse, SubgraphExecutor, SubgraphExecutorBoxedArc,
         },
         dedupe::{ABuildHasher, SharedResponse},
         error::SubgraphExecutorError,
-        http::{BooleanOrProgram, HTTPSubgraphExecutor, HttpClient},
+        http::{HTTPSubgraphExecutor, HttpClient},
     },
     response::graphql_error::GraphQLError,
     utils::expression::{compile_expression, execute_expression_with_value},
@@ -65,14 +66,7 @@ impl SubgraphExecutorMap {
 
         let max_connections_per_host = config.traffic_shaping.max_connections_per_host;
 
-        let should_sign_hmac = match &config.hmac_signature.enabled {
-            BooleanOrExpression::Boolean(b) => BooleanOrProgram::Boolean(*b),
-            BooleanOrExpression::Expression { expression } => {
-                let program = compile_expression(expression, None)
-                    .map_err(SubgraphExecutorError::HMACExpressionBuild)?;
-                BooleanOrProgram::Program(Box::new(program))
-            }
-        };
+        let should_sign_hmac = compile_hmac_config(&config.hmac_signature)?;
 
         Ok(SubgraphExecutorMap {
             executors_by_subgraph: Default::default(),