Add timestamp header to all responses

This commit is contained in:
Chris Eager
2024-10-01 11:42:57 -05:00
committed by Chris Eager
parent 39590f1b28
commit 68814813c3
4 changed files with 84 additions and 20 deletions

View File

@@ -13,9 +13,11 @@ import io.dropwizard.testing.junit5.DropwizardAppExtension;
import io.dropwizard.testing.junit5.DropwizardExtensionsSupport;
import io.dropwizard.util.Resources;
import java.net.URI;
import java.util.List;
import java.util.Map;
import javax.ws.rs.client.Client;
import javax.ws.rs.core.Response;
import org.eclipse.jetty.websocket.api.Session;
import org.eclipse.jetty.websocket.client.WebSocketClient;
import org.junit.jupiter.api.AfterAll;
import org.junit.jupiter.api.AfterEach;
@@ -27,6 +29,7 @@ import org.whispersystems.textsecuregcm.storage.DynamoDbExtension;
import org.whispersystems.textsecuregcm.storage.DynamoDbExtensionSchema;
import org.whispersystems.textsecuregcm.tests.util.TestWebsocketListener;
import org.whispersystems.textsecuregcm.util.AttributeValues;
import org.whispersystems.textsecuregcm.util.HeaderUtils;
import org.whispersystems.websocket.messages.WebSocketResponseMessage;
import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
import software.amazon.awssdk.services.dynamodb.DynamoDbClient;
@@ -92,15 +95,42 @@ class WhisperServerServiceTest {
@Test
void websocket() throws Exception {
// test unauthenticated websocket
final long start = System.currentTimeMillis();
final TestWebsocketListener testWebsocketListener = new TestWebsocketListener();
webSocketClient.connect(testWebsocketListener,
final Session session = webSocketClient.connect(testWebsocketListener,
URI.create(String.format("ws://localhost:%d/v1/websocket/", EXTENSION.getLocalPort())))
.join();
final long sessionTimestamp = Long.parseLong(session.getUpgradeResponse().getHeader(HeaderUtils.TIMESTAMP_HEADER));
assertTrue(sessionTimestamp >= start);
final WebSocketResponseMessage keepAlive = testWebsocketListener.doGet("/v1/keepalive").join();
assertEquals(200, keepAlive.getStatus());
final long keepAliveTimestamp = Long.parseLong(
keepAlive.getHeaders().get(HeaderUtils.TIMESTAMP_HEADER.toLowerCase()));
assertTrue(keepAliveTimestamp >= start);
final WebSocketResponseMessage whoami = testWebsocketListener.doGet("/v1/accounts/whoami").join();
assertEquals(401, whoami.getStatus());
final long whoamiTimestamp = Long.parseLong(whoami.getHeaders().get(HeaderUtils.TIMESTAMP_HEADER.toLowerCase()));
assertTrue(whoamiTimestamp >= start);
}
@Test
void rest() throws Exception {
// test unauthenticated rest
final long start = System.currentTimeMillis();
final Response whoami = EXTENSION.client().target(
"http://localhost:%d/v1/accounts/whoami".formatted(EXTENSION.getLocalPort())).request().get();
assertEquals(401, whoami.getStatus());
final List<Object> timestampValues = whoami.getHeaders().get(HeaderUtils.TIMESTAMP_HEADER.toLowerCase());
assertEquals(1, timestampValues.size());
final long whoamiTimestamp = Long.parseLong(timestampValues.getFirst().toString());
assertTrue(whoamiTimestamp >= start);
}
@Test
@@ -140,7 +170,6 @@ class WhisperServerServiceTest {
.key(Map.of(numbers.hashKeyName(), numberAV))
.build());
}
}
}

View File

@@ -6,28 +6,42 @@
package org.whispersystems.textsecuregcm.filters;
import static org.junit.jupiter.api.Assertions.assertTrue;
import static org.mockito.ArgumentMatchers.eq;
import static org.mockito.ArgumentMatchers.matches;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.when;
import javax.servlet.FilterChain;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerResponseContext;
import javax.ws.rs.core.MultivaluedMap;
import org.glassfish.jersey.message.internal.HeaderUtils;
import org.junit.jupiter.api.Test;
import org.whispersystems.textsecuregcm.util.HeaderUtils;
class TimestampResponseFilterTest {
@Test
void testFilter() {
final ContainerRequestContext requestContext = mock(ContainerRequestContext.class);
final ContainerResponseContext responseContext = mock(ContainerResponseContext.class);
@Test
void testJerseyFilter() {
final ContainerRequestContext requestContext = mock(ContainerRequestContext.class);
final ContainerResponseContext responseContext = mock(ContainerResponseContext.class);
final MultivaluedMap<String, Object> headers = org.glassfish.jersey.message.internal.HeaderUtils.createOutbound();
when(responseContext.getHeaders()).thenReturn(headers);
final MultivaluedMap<String, Object> headers = HeaderUtils.createOutbound();
new TimestampResponseFilter().filter(requestContext, responseContext);
when(responseContext.getHeaders()).thenReturn(headers);
assertTrue(headers.containsKey(org.whispersystems.textsecuregcm.util.HeaderUtils.TIMESTAMP_HEADER));
}
new TimestampResponseFilter().filter(requestContext, responseContext);
@Test
void testServletFilter() throws Exception {
final HttpServletRequest request = mock(HttpServletRequest.class);
final HttpServletResponse response = mock(HttpServletResponse.class);
assertTrue(headers.containsKey(org.whispersystems.textsecuregcm.util.HeaderUtils.TIMESTAMP_HEADER));
}
new TimestampResponseFilter().doFilter(request, response, mock(FilterChain.class));
verify(response).setHeader(eq(HeaderUtils.TIMESTAMP_HEADER), matches("\\d{10,}"));
}
}