Skip to content

Commit

Permalink
Issue #38 allow referer passing via query parameter
Browse files Browse the repository at this point in the history
  • Loading branch information
@clezag
clezag committed Feb 22, 2024
1 parent 52f74a8 commit bd4f030
Show file tree
Hide file tree
Showing 6 changed files with 65 additions and 3 deletions.
17 changes: 17 additions & 0 deletions calls.http
View file
Original file line number Diff line number Diff line change
Expand Up @@ -284,3 +284,20 @@ Authorization: Bearer {{token}}

### ERROR 404 expected --> generic
{{host}}/flat,event/b/c/a

### Test referer parameter header override
# Switch on json logging to see the referer in output
#
### Just header
{{host}}/event,flat
Referer: rheader
### just parameter
{{host}}/event,flat
?referer=rparamlc
### both (parameter should override)
{{host}}/event,flat
?referer=rparamlc
Referer: rheader
### uppercase parameter (not advertised, there for consistency with Content API)
{{host}}/event,flat
?Referer=rparamuc
3 changes: 2 additions & 1 deletion src/main/java/it/bz/idm/bdp/ninja/quota/HistoryLimit.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@
import org.springframework.stereotype.Component;

import it.bz.idm.bdp.ninja.quota.PricingPlan.Policy;
import it.bz.idm.bdp.ninja.utils.Referer;
import it.bz.idm.bdp.ninja.utils.SecurityUtils;

/**
Expand Down Expand Up @@ -105,7 +106,7 @@ public Optional<QuotaLimitException> check(HttpServletRequest request, ZonedDate

private PricingPlan getPricingPlan(HttpServletRequest request) {
List<String> roles = SecurityUtils.getRolesFromAuthentication(SecurityUtils.RoleType.QUOTA);
String referer = request.getHeader("referer");
String referer = Referer.getReferer(request);
String user = SecurityUtils.getSubjectFromAuthentication();

LOG.debug("History Limiting Roles: {}", roles);
Expand Down
3 changes: 2 additions & 1 deletion src/main/java/it/bz/idm/bdp/ninja/quota/RateLimitInterceptor.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@
import io.github.bucket4j.Bucket;
import io.github.bucket4j.ConsumptionProbe;
import io.github.bucket4j.Refill;
import it.bz.idm.bdp.ninja.utils.Referer;
import it.bz.idm.bdp.ninja.utils.SecurityUtils;
import it.bz.idm.bdp.ninja.utils.conditionals.ConditionalMap;

Expand Down Expand Up @@ -120,7 +121,7 @@ public boolean preHandle(HttpServletRequest request, HttpServletResponse respons
SecurityContextHolder.clearContext();

List<String> roles = SecurityUtils.getRolesFromAuthentication(SecurityUtils.RoleType.QUOTA);
String referer = request.getHeader("referer");
String referer = Referer.getReferer(request);
String ip = request.getLocalAddr();
String path = request.getRequestURI();
String user = SecurityUtils.getSubjectFromAuthentication();
Expand Down
23 changes: 23 additions & 0 deletions src/main/java/it/bz/idm/bdp/ninja/utils/Referer.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
// SPDX-FileCopyrightText: NOI Techpark <[email protected]>
//
// SPDX-License-Identifier: AGPL-3.0-or-later
package it.bz.idm.bdp.ninja.utils;

import javax.servlet.http.HttpServletRequest;

import org.apache.logging.log4j.util.Strings;

public class Referer {
public static String getReferer(HttpServletRequest req) {
String referer = req.getParameter("referer");
if (Strings.isNotBlank(referer))
return referer;

referer = req.getParameter("Referer");
if (Strings.isNotBlank(referer))
return referer;

referer = req.getHeader("Referer");
return referer;
}
}
3 changes: 2 additions & 1 deletion src/main/java/it/bz/idm/bdp/ninja/utils/logging/CustomRequestLoggingFilter.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@
import org.slf4j.LoggerFactory;
import org.springframework.web.filter.AbstractRequestLoggingFilter;

import it.bz.idm.bdp.ninja.utils.Referer;
import it.bz.idm.bdp.ninja.utils.SecurityUtils;

import javax.servlet.FilterChain;
Expand Down Expand Up @@ -66,7 +67,7 @@ private Map<String, Object> logData(HttpServletRequest request, HttpServletRespo
result.put("user_roles_opendata", SecurityUtils.getRolesFromAuthentication(SecurityUtils.RoleType.OPENDATA));
result.put("status", response.getStatus());
result.put("origin", request.getParameter("origin"));
result.put("referer", request.getHeader("referer"));
result.put("referer", Referer.getReferer(request));
result.put("data_fetcher", request.getAttribute("data_fetcher"));
result.put("response_time", (System.nanoTime() - (long) request.getAttribute("timer_start")) / 1000000);
return result;
Expand Down
19 changes: 19 additions & 0 deletions src/main/resources/openapi3.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,7 @@ paths:
summary: View a list of entry points to the Open Data Hub Mobility domain
parameters:
- $ref: "#/components/parameters/origin"
- $ref: "#/components/parameters/referer"
responses:
200:
description: Successful response
Expand All @@ -61,6 +62,7 @@ paths:
parameters:
- $ref: "#/components/parameters/representation"
- $ref: "#/components/parameters/origin"
- $ref: "#/components/parameters/referer"
responses:
200:
description: Successful response
Expand Down Expand Up @@ -99,6 +101,7 @@ paths:
- $ref: "#/components/parameters/shownull"
- $ref: "#/components/parameters/distinct"
- $ref: "#/components/parameters/origin"
- $ref: "#/components/parameters/referer"
responses:
200:
description: OK
Expand Down Expand Up @@ -135,6 +138,7 @@ paths:
- $ref: "#/components/parameters/shownull"
- $ref: "#/components/parameters/distinct"
- $ref: "#/components/parameters/origin"
- $ref: "#/components/parameters/referer"
responses:
200:
description: OK
Expand Down Expand Up @@ -171,6 +175,7 @@ paths:
- $ref: "#/components/parameters/shownull"
- $ref: "#/components/parameters/distinct"
- $ref: "#/components/parameters/origin"
- $ref: "#/components/parameters/referer"
responses:
200:
description: OK
Expand Down Expand Up @@ -207,6 +212,7 @@ paths:
- $ref: "#/components/parameters/shownull"
- $ref: "#/components/parameters/distinct"
- $ref: "#/components/parameters/origin"
- $ref: "#/components/parameters/referer"
responses:
200:
description: OK
Expand Down Expand Up @@ -244,6 +250,7 @@ paths:
- $ref: "#/components/parameters/shownull"
- $ref: "#/components/parameters/distinct"
- $ref: "#/components/parameters/origin"
- $ref: "#/components/parameters/referer"
responses:
200:
description: OK
Expand Down Expand Up @@ -282,6 +289,7 @@ paths:
- $ref: "#/components/parameters/shownull"
- $ref: "#/components/parameters/distinct"
- $ref: "#/components/parameters/origin"
- $ref: "#/components/parameters/referer"
responses:
200:
description: OK
Expand Down Expand Up @@ -322,6 +330,7 @@ paths:
- $ref: "#/components/parameters/shownull"
- $ref: "#/components/parameters/distinct"
- $ref: "#/components/parameters/origin"
- $ref: "#/components/parameters/referer"
responses:
200:
description: OK
Expand Down Expand Up @@ -364,6 +373,7 @@ paths:
- $ref: "#/components/parameters/distinct"
- $ref: "#/components/parameters/timezone"
- $ref: "#/components/parameters/origin"
- $ref: "#/components/parameters/referer"
responses:
200:
description: OK
Expand Down Expand Up @@ -408,6 +418,7 @@ paths:
- $ref: "#/components/parameters/distinct"
- $ref: "#/components/parameters/timezone"
- $ref: "#/components/parameters/origin"
- $ref: "#/components/parameters/referer"
responses:
200:
description: OK
Expand Down Expand Up @@ -449,6 +460,7 @@ paths:
- $ref: "#/components/parameters/distinct"
- $ref: "#/components/parameters/timezone"
- $ref: "#/components/parameters/origin"
- $ref: "#/components/parameters/referer"
responses:
200:
description: OK
Expand Down Expand Up @@ -680,6 +692,13 @@ components:
schema:
type: string
default: ""
referer:
name: referer
in: query
description: |-
Alternate means of providing the HTTP `Referer` header in cases where setting headers is not possible
schema:
type: string

schemas:
measurement:
Expand Down

0 comments on commit bd4f030

Please sign in to comment.