hack - only use the X-CHALLENGER hooks on challenger end points

eviltester · Apr 7, 2024 · 07362ea · 07362ea
1 parent e93c928
commit 07362ea
Show file tree

Hide file tree

Showing 5 changed files with 50 additions and 14 deletions.
diff --git a/.../src/main/java/uk/co/compendiumdev/challenge/challengehooks/ChallengerApiRequestHook.java b/.../src/main/java/uk/co/compendiumdev/challenge/challengehooks/ChallengerApiRequestHook.java
@@ -49,6 +49,12 @@ public HttpApiResponse run(final HttpApiRequest request, final ThingifierApiConf
             return null;
         }
 
+        // extend the life of the challenger
+        challenger.touch();
+
+        // trim the list of challengers
+        challengers.purgeOldAuthData();
+
         // add challenger guid as session id to request
         request.addHeader(HTTP_SESSION_HEADER_NAME, challenger.getXChallenger());
 

diff --git a/.../java/uk/co/compendiumdev/challenge/challengehooks/ChallengerInternalHTTPRequestHook.java b/.../java/uk/co/compendiumdev/challenge/challengehooks/ChallengerInternalHTTPRequestHook.java
@@ -6,10 +6,15 @@
 import uk.co.compendiumdev.thingifier.api.http.HttpApiRequest;
 import uk.co.compendiumdev.thingifier.api.http.HttpApiResponse;
 import uk.co.compendiumdev.thingifier.application.sparkhttpmessageHooks.InternalHttpRequestHook;
-import uk.co.compendiumdev.thingifier.core.EntityRelModel;
+
+import java.util.List;
 
 import static uk.co.compendiumdev.thingifier.api.http.ThingifierHttpApi.HTTP_SESSION_HEADER_NAME;
 
+/*
+    This is an Internal HTTP Request because it covers functionality for endpoints that do not
+    go through the normal API process i.e. heartbeat, challenges, challenger
+ */
 public class ChallengerInternalHTTPRequestHook  implements InternalHttpRequestHook {
     private final Challengers challengers;
 
@@ -19,15 +24,24 @@ public ChallengerInternalHTTPRequestHook(final Challengers challengers) {
 
     @Override
     public HttpApiResponse run(final HttpApiRequest request) {
-        updateAuthTokenFrom(request.getHeader("X-CHALLENGER"));
-        challengers.purgeOldAuthData();
+
+        // TODO: fix hooks so that they only run on a specific thingifier basis.
+        // Until fixed so hooks only run on specific thingifiers, restrict this to Challenges API end points
+        List<String> validEndpointPrefixesToRunAgainst = List.of("challenger", "todo", "todos", "challenges", "heartbeat","secret");
+        String[] pathSegments = request.getPath().split("/");
+        if(!validEndpointPrefixesToRunAgainst.contains(pathSegments[0])){
+            return null;
+        }
 
         ChallengerAuthData challenger = challengers.getChallenger(request.getHeader("X-CHALLENGER"));
         if(challenger==null){
             // cannot track challenges
             return null;
         }
 
+        challenger.touch();
+        challengers.purgeOldAuthData();
+
         // add challenger guid as session id to request
         request.addHeader(HTTP_SESSION_HEADER_NAME, challenger.getXChallenger());
 
@@ -82,13 +96,4 @@ public HttpApiResponse run(final HttpApiRequest request) {
         return null;
     }
 
-    private void updateAuthTokenFrom(final String header) {
-        if(header==null || header.isEmpty())
-            return;
-
-        ChallengerAuthData data = challengers.getChallenger(header);
-        if(data!=null){
-            data.touch();
-        }
-    }
 }
diff --git a/...java/uk/co/compendiumdev/challenge/challengehooks/ChallengerInternalHTTPResponseHook.java b/...java/uk/co/compendiumdev/challenge/challengehooks/ChallengerInternalHTTPResponseHook.java
@@ -10,6 +10,8 @@
 import uk.co.compendiumdev.thingifier.application.internalhttpconversion.InternalHttpResponse;
 import uk.co.compendiumdev.thingifier.application.sparkhttpmessageHooks.InternalHttpResponseHook;
 
+import java.util.List;
+
 import static uk.co.compendiumdev.thingifier.api.http.HttpApiRequest.VERB.*;
 
 
@@ -25,15 +27,34 @@ public ChallengerInternalHTTPResponseHook(final Challengers challengers) {
     @Override
     public void run(final HttpApiRequest request, final InternalHttpResponse response) {
 
-        ChallengerAuthData challenger = challengers.getChallenger(request.getHeader("X-CHALLENGER"));
-
+        // TODO: do we actually need this? And if so, why is this not at a spark level for all requests?
         // allow cross origin requests
         response.setHeader("Access-Control-Allow-Origin", "*");
         response.setHeader("Access-Control-Allow-Headers", "*");
         if (request.getVerb() == OPTIONS && request.getHeaders().headerExists("Access-Control-Allow-Methods")) {
             response.setHeader("Access-Control-Allow-Methods", request.getHeader("Access-Control-Allow-Methods"));
         }
 
+        // TODO: fix hooks so that they only run on a specific thingifier basis.
+        // Until fixed so hooks only run on specific thingifiers, restrict this to Challenges API end points
+        List<String> validEndpointPrefixesToRunAgainst = List.of("challenger", "todo", "todos", "challenges", "heartbeat","secret");
+        String[] pathSegments = request.getPath().split("/");
+        if(!validEndpointPrefixesToRunAgainst.contains(pathSegments[0])){
+            return;
+        }
+//        boolean validEndpoint=false;
+//        for(String checkPrefix : validEndpointPrefixesToRunAgainst){
+//            if(request.getPath().startsWith(checkPrefix)){
+//                validEndpoint=true;
+//                break;
+//            }
+//        }
+//        if(!validEndpoint){
+//            return;
+//        }
+
+        ChallengerAuthData challenger = challengers.getChallenger(request.getHeader("X-CHALLENGER"));
+
         // we can complete a challenge while the user is null - creating the user
         if (request.getVerb() == POST &&
                 request.getPath().contentEquals("challenger") &&

diff --git a/...del/src/main/java/uk/co/compendiumdev/thingifier/core/domain/instances/AutoIncrement.java b/...del/src/main/java/uk/co/compendiumdev/thingifier/core/domain/instances/AutoIncrement.java
@@ -21,6 +21,8 @@ public String getName(){
     }
 
     public int getCurrentValue(){
+        //TODO: have a list of free items, used prior to the nextInt
+        // e.g. on DELETE, or if we do not create an item, or if we skip items during an increment on PUT
         return nextInt;
     }
 

diff --git a/...n/java/uk/co/compendiumdev/thingifier/core/domain/instances/EntityInstanceCollection.java b/...n/java/uk/co/compendiumdev/thingifier/core/domain/instances/EntityInstanceCollection.java
@@ -297,6 +297,8 @@ public ValidationReport checkFieldsForUniqueNess(EntityInstance instance, boolea
                         if(dupeFound) {
                             report.setValid(false);
                             report.addErrorMessage("Field %s Value is not unique".formatted(fieldName));
+                            // we only need to find one to end the check
+                            return report;
                         }
                     }
                 }