storj/satellite/console/userinfo/endpoint.go

// Copyright (C) 2022 Storj Labs, Inc.
// See LICENSE for copying information.

package userinfo

import (
	"context"

	"github.com/spacemonkeygo/monkit/v3"
	"github.com/zeebo/errs"
	"go.uber.org/zap"

	"storj.io/common/identity"
	"storj.io/common/macaroon"
	"storj.io/common/pb"
	"storj.io/common/rpc/rpcpeer"
	"storj.io/common/rpc/rpcstatus"
	"storj.io/common/storj"
	"storj.io/storj/satellite/console"
)

var (
	mon = monkit.Package()
	// Error is an error class for userinfo endpoint errors.
	Error = errs.Class("userinfo_endpoint")
)

// Config holds Endpoint's configuration.
type Config struct {
	Enabled      bool           `help:"Whether the private Userinfo rpc endpoint is enabled" default:"false"`
	AllowedPeers storj.NodeURLs `help:"A comma delimited list of peers (IDs/addresses) allowed to use this endpoint."`
}

// Endpoint userinfo endpoint.
type Endpoint struct {
	pb.DRPCUserInfoUnimplementedServer

	log          *zap.Logger
	users        console.Users
	apiKeys      console.APIKeys
	projects     console.Projects
	config       Config
	allowedPeers map[storj.NodeID]storj.NodeURL
}

// NewEndpoint creates a new userinfo endpoint instance.
func NewEndpoint(log *zap.Logger, users console.Users, apiKeys console.APIKeys, projects console.Projects, config Config) (*Endpoint, error) {
	if len(config.AllowedPeers) == 0 {
		return nil, Error.New("allowed peer list parameter '--allowed-peer-list' is required")
	}

	// put peers into a map for faster retrieval by NodeID.
	allowedPeers := make(map[storj.NodeID]storj.NodeURL)
	for _, peer := range config.AllowedPeers {
		allowedPeers[peer.ID] = peer
	}

	return &Endpoint{
		log:          log,
		users:        users,
		apiKeys:      apiKeys,
		projects:     projects,
		config:       config,
		allowedPeers: allowedPeers,
	}, nil
}

// Close closes resources.
func (e *Endpoint) Close() error { return nil }

// Get returns relevant info about the current user.
func (e *Endpoint) Get(ctx context.Context, req *pb.GetUserInfoRequest) (response *pb.GetUserInfoResponse, err error) {
	defer mon.Task()(&ctx)(&err)

	peer, err := rpcpeer.FromContext(ctx)
	if err != nil {
		return nil, rpcstatus.Error(rpcstatus.Internal, err.Error())
	}

	peerID, err := identity.PeerIdentityFromPeer(peer)
	if err != nil {
		return nil, rpcstatus.Error(rpcstatus.Unauthenticated, err.Error())
	}

	if err = e.verifyPeer(peerID.ID); err != nil {
		return nil, rpcstatus.Error(rpcstatus.PermissionDenied, err.Error())
	}

	key, err := e.getAPIKey(ctx, req.Header)
	if err != nil {
		return nil, rpcstatus.Error(rpcstatus.InvalidArgument, err.Error())
	}

	info, err := e.apiKeys.GetByHead(ctx, key.Head())
	if err != nil {
		return nil, rpcstatus.Error(rpcstatus.InvalidArgument, Error.Wrap(err).Error())
	}

	project, err := e.projects.Get(ctx, info.ProjectID)
	if err != nil {
		return nil, rpcstatus.Error(rpcstatus.NotFound, Error.Wrap(err).Error())
	}

	user, err := e.users.Get(ctx, project.OwnerID)
	if err != nil {
		return nil, rpcstatus.Error(rpcstatus.NotFound, Error.Wrap(err).Error())
	}

	return &pb.GetUserInfoResponse{
		PaidTier: user.PaidTier,
	}, nil
}

// verifyPeer verifies that a peer is allowed.
func (e *Endpoint) verifyPeer(id storj.NodeID) error {
	_, ok := e.allowedPeers[id]
	if !ok {
		return Error.New("peer %q is untrusted", id)
	}
	return nil
}

func (e *Endpoint) getAPIKey(ctx context.Context, header *pb.RequestHeader) (key *macaroon.APIKey, err error) {
	defer mon.Task()(&ctx)(&err)

	if header == nil {
		return nil, Error.New("Missing API credentials")
	}

	key, err = macaroon.ParseRawAPIKey(header.ApiKey)
	if err != nil {
		err = Error.Wrap(err)
		e.log.Debug("Invalid credentials", zap.Error(err))
		return nil, err
	}

	return key, nil
}
console/userinfo: stub userinfo endpoint This change stubs userinfo endpoint from storj/common/pb/userinfo.proto. It also adds config for allowed peers, and a method for verifying peers. Issue: https://github.com/storj/storj/issues/5358 Change-Id: I057a0e873a9e9b3b9ad0bba69305f0d708bd9b9e 2022-12-12 11:33:58 +00:00			`// Copyright (C) 2022 Storj Labs, Inc.`
			`// See LICENSE for copying information.`

			`package userinfo`

			`import (`
			`"context"`

			`"github.com/spacemonkeygo/monkit/v3"`
			`"github.com/zeebo/errs"`
			`"go.uber.org/zap"`

			`"storj.io/common/identity"`
console/userinfo: implement get userinfo This change implements the get userinfo endpoint stubbed in #5358 Issue: https://github.com/storj/storj/issues/5363 Change-Id: I8d8deb0be1375395bbf3f52e7718990bc77f00b5 2022-12-22 10:58:46 +00:00			`"storj.io/common/macaroon"`
console/userinfo: stub userinfo endpoint This change stubs userinfo endpoint from storj/common/pb/userinfo.proto. It also adds config for allowed peers, and a method for verifying peers. Issue: https://github.com/storj/storj/issues/5358 Change-Id: I057a0e873a9e9b3b9ad0bba69305f0d708bd9b9e 2022-12-12 11:33:58 +00:00			`"storj.io/common/pb"`
			`"storj.io/common/rpc/rpcpeer"`
			`"storj.io/common/rpc/rpcstatus"`
			`"storj.io/common/storj"`
			`"storj.io/storj/satellite/console"`
			`)`

			`var (`
			`mon = monkit.Package()`
			`// Error is an error class for userinfo endpoint errors.`
			`Error = errs.Class("userinfo_endpoint")`
			`)`

			`// Config holds Endpoint's configuration.`
			`type Config struct {`
console/userinfo: implement get userinfo This change implements the get userinfo endpoint stubbed in #5358 Issue: https://github.com/storj/storj/issues/5363 Change-Id: I8d8deb0be1375395bbf3f52e7718990bc77f00b5 2022-12-22 10:58:46 +00:00			Enabled bool `help:"Whether the private Userinfo rpc endpoint is enabled" default:"false"`
console/userinfo: stub userinfo endpoint This change stubs userinfo endpoint from storj/common/pb/userinfo.proto. It also adds config for allowed peers, and a method for verifying peers. Issue: https://github.com/storj/storj/issues/5358 Change-Id: I057a0e873a9e9b3b9ad0bba69305f0d708bd9b9e 2022-12-12 11:33:58 +00:00			AllowedPeers storj.NodeURLs `help:"A comma delimited list of peers (IDs/addresses) allowed to use this endpoint."`
			`}`

			`// Endpoint userinfo endpoint.`
			`type Endpoint struct {`
			`pb.DRPCUserInfoUnimplementedServer`

			`log *zap.Logger`
			`users console.Users`
			`apiKeys console.APIKeys`
			`projects console.Projects`
			`config Config`
			`allowedPeers map[storj.NodeID]storj.NodeURL`
			`}`

			`// NewEndpoint creates a new userinfo endpoint instance.`
			`func NewEndpoint(log zap.Logger, users console.Users, apiKeys console.APIKeys, projects console.Projects, config Config) (Endpoint, error) {`
			`if len(config.AllowedPeers) == 0 {`
			`return nil, Error.New("allowed peer list parameter '--allowed-peer-list' is required")`
			`}`

			`// put peers into a map for faster retrieval by NodeID.`
			`allowedPeers := make(map[storj.NodeID]storj.NodeURL)`
			`for _, peer := range config.AllowedPeers {`
			`allowedPeers[peer.ID] = peer`
			`}`

			`return &Endpoint{`
			`log: log,`
			`users: users,`
			`apiKeys: apiKeys,`
			`projects: projects,`
			`config: config,`
			`allowedPeers: allowedPeers,`
			`}, nil`
			`}`

			`// Close closes resources.`
			`func (e *Endpoint) Close() error { return nil }`

			`// Get returns relevant info about the current user.`
console/userinfo: implement get userinfo This change implements the get userinfo endpoint stubbed in #5358 Issue: https://github.com/storj/storj/issues/5363 Change-Id: I8d8deb0be1375395bbf3f52e7718990bc77f00b5 2022-12-22 10:58:46 +00:00			`func (e Endpoint) Get(ctx context.Context, req pb.GetUserInfoRequest) (response *pb.GetUserInfoResponse, err error) {`
console/userinfo: stub userinfo endpoint This change stubs userinfo endpoint from storj/common/pb/userinfo.proto. It also adds config for allowed peers, and a method for verifying peers. Issue: https://github.com/storj/storj/issues/5358 Change-Id: I057a0e873a9e9b3b9ad0bba69305f0d708bd9b9e 2022-12-12 11:33:58 +00:00			`defer mon.Task()(&ctx)(&err)`

			`peer, err := rpcpeer.FromContext(ctx)`
			`if err != nil {`
			`return nil, rpcstatus.Error(rpcstatus.Internal, err.Error())`
			`}`

			`peerID, err := identity.PeerIdentityFromPeer(peer)`
			`if err != nil {`
			`return nil, rpcstatus.Error(rpcstatus.Unauthenticated, err.Error())`
			`}`

			`if err = e.verifyPeer(peerID.ID); err != nil {`
console/userinfo: return appropriate errors This modifies the userinfo endpoint to return appropriate errors; PermissionDenied for untrusted peers and Unimplemented because the endpoint isn't implemented Change-Id: I5109bb204b5e1ce2e21fe16b003991b6c900a8ce 2022-12-20 10:49:57 +00:00			`return nil, rpcstatus.Error(rpcstatus.PermissionDenied, err.Error())`
console/userinfo: stub userinfo endpoint This change stubs userinfo endpoint from storj/common/pb/userinfo.proto. It also adds config for allowed peers, and a method for verifying peers. Issue: https://github.com/storj/storj/issues/5358 Change-Id: I057a0e873a9e9b3b9ad0bba69305f0d708bd9b9e 2022-12-12 11:33:58 +00:00			`}`

console/userinfo: implement get userinfo This change implements the get userinfo endpoint stubbed in #5358 Issue: https://github.com/storj/storj/issues/5363 Change-Id: I8d8deb0be1375395bbf3f52e7718990bc77f00b5 2022-12-22 10:58:46 +00:00			`key, err := e.getAPIKey(ctx, req.Header)`
			`if err != nil {`
			`return nil, rpcstatus.Error(rpcstatus.InvalidArgument, err.Error())`
			`}`

			`info, err := e.apiKeys.GetByHead(ctx, key.Head())`
			`if err != nil {`
			`return nil, rpcstatus.Error(rpcstatus.InvalidArgument, Error.Wrap(err).Error())`
			`}`

			`project, err := e.projects.Get(ctx, info.ProjectID)`
			`if err != nil {`
			`return nil, rpcstatus.Error(rpcstatus.NotFound, Error.Wrap(err).Error())`
			`}`

			`user, err := e.users.Get(ctx, project.OwnerID)`
			`if err != nil {`
			`return nil, rpcstatus.Error(rpcstatus.NotFound, Error.Wrap(err).Error())`
			`}`
console/userinfo: stub userinfo endpoint This change stubs userinfo endpoint from storj/common/pb/userinfo.proto. It also adds config for allowed peers, and a method for verifying peers. Issue: https://github.com/storj/storj/issues/5358 Change-Id: I057a0e873a9e9b3b9ad0bba69305f0d708bd9b9e 2022-12-12 11:33:58 +00:00
console/userinfo: implement get userinfo This change implements the get userinfo endpoint stubbed in #5358 Issue: https://github.com/storj/storj/issues/5363 Change-Id: I8d8deb0be1375395bbf3f52e7718990bc77f00b5 2022-12-22 10:58:46 +00:00			`return &pb.GetUserInfoResponse{`
			`PaidTier: user.PaidTier,`
			`}, nil`
console/userinfo: stub userinfo endpoint This change stubs userinfo endpoint from storj/common/pb/userinfo.proto. It also adds config for allowed peers, and a method for verifying peers. Issue: https://github.com/storj/storj/issues/5358 Change-Id: I057a0e873a9e9b3b9ad0bba69305f0d708bd9b9e 2022-12-12 11:33:58 +00:00			`}`

			`// verifyPeer verifies that a peer is allowed.`
			`func (e *Endpoint) verifyPeer(id storj.NodeID) error {`
			`_, ok := e.allowedPeers[id]`
			`if !ok {`
			`return Error.New("peer %q is untrusted", id)`
			`}`
			`return nil`
			`}`
console/userinfo: implement get userinfo This change implements the get userinfo endpoint stubbed in #5358 Issue: https://github.com/storj/storj/issues/5363 Change-Id: I8d8deb0be1375395bbf3f52e7718990bc77f00b5 2022-12-22 10:58:46 +00:00
			`func (e Endpoint) getAPIKey(ctx context.Context, header pb.RequestHeader) (key *macaroon.APIKey, err error) {`
			`defer mon.Task()(&ctx)(&err)`

			`if header == nil {`
			`return nil, Error.New("Missing API credentials")`
			`}`

			`key, err = macaroon.ParseRawAPIKey(header.ApiKey)`
			`if err != nil {`
			`err = Error.Wrap(err)`
			`e.log.Debug("Invalid credentials", zap.Error(err))`
			`return nil, err`
			`}`

			`return key, nil`
			`}`