Create global remote config controllable in the signal server configuration (#127)

* Add global config controller through file rather than database * Do no permit attempting to set or delete global config entries
2026-04-21 22:48:04 +01:00 · 2020-08-10 16:31:15 -05:00
parent b14a8ff2fd
commit b97158bf7b
5 changed files with 63 additions and 9 deletions
--- a/service/src/main/java/org/whispersystems/textsecuregcm/controllers/RemoteConfigController.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/controllers/RemoteConfigController.java
@@ -27,19 +27,23 @@ import java.nio.charset.StandardCharsets;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
 import java.util.List;
+import java.util.Map;
 import java.util.Set;
 import java.util.UUID;
 import java.util.stream.Collectors;
+import java.util.stream.Stream;

@Path("/v1/config")
 public class RemoteConfigController {

  private final RemoteConfigsManager remoteConfigsManager;
  private final List<String>         configAuthTokens;
+  private final Map<String, String>  globalConfig;

-  public RemoteConfigController(RemoteConfigsManager remoteConfigsManager, List<String> configAuthTokens) {
+  public RemoteConfigController(RemoteConfigsManager remoteConfigsManager, List<String> configAuthTokens, Map<String, String> globalConfig) {
    this.remoteConfigsManager = remoteConfigsManager;
-    this.configAuthTokens      = configAuthTokens;
+    this.configAuthTokens = configAuthTokens;
+    this.globalConfig = globalConfig;
  }

  @Timed
@@ -50,11 +54,12 @@ public class RemoteConfigController {
    try {
      MessageDigest digest = MessageDigest.getInstance("SHA1");

-      return new UserRemoteConfigList(remoteConfigsManager.getAll().stream().map(config -> {
+      final Stream<UserRemoteConfig> globalConfigStream = globalConfig.entrySet().stream().map(entry -> new UserRemoteConfig("g." + entry.getKey(), true, entry.getValue()));
+      return new UserRemoteConfigList(Stream.concat(remoteConfigsManager.getAll().stream().map(config -> {
        final byte[] hashKey = config.getHashKey() != null ? config.getHashKey().getBytes(StandardCharsets.UTF_8) : config.getName().getBytes(StandardCharsets.UTF_8);
        boolean inBucket = isInBucket(digest, account.getUuid(), hashKey, config.getPercentage(), config.getUuids());
        return new UserRemoteConfig(config.getName(), inBucket, inBucket ? config.getValue() : config.getDefaultValue());
-      }).collect(Collectors.toList()));
+      }), globalConfigStream).collect(Collectors.toList()));
    } catch (NoSuchAlgorithmException e) {
      throw new AssertionError(e);
    }
@@ -69,6 +74,10 @@ public class RemoteConfigController {
      throw new WebApplicationException(Response.Status.UNAUTHORIZED);
    }

+    if (config.getName().startsWith("g.")) {
+      throw new WebApplicationException(Response.Status.FORBIDDEN);
+    }
+
    remoteConfigsManager.set(config);
  }

@@ -80,6 +89,10 @@ public class RemoteConfigController {
      throw new WebApplicationException(Response.Status.UNAUTHORIZED);
    }

+    if (name.startsWith("g.")) {
+      throw new WebApplicationException(Response.Status.FORBIDDEN);
+    }
+
    remoteConfigsManager.delete(name);
  }