Skip to content

Commit

Permalink
Support apikey based traffic restriction (envoyproxy#189)
Browse files Browse the repository at this point in the history
* b/36368559 support apikey based traffic restriction

* Fixed code formatting
  • Loading branch information
mangchiandjjoe authored Mar 20, 2017
1 parent 20c5bab commit 557d0c6
Show file tree
Hide file tree
Showing 5 changed files with 98 additions and 0 deletions.
14 changes: 14 additions & 0 deletions contrib/endpoints/src/api_manager/context/request_context.cc
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,16 @@ const char kDefaultApiKeyQueryName1[] = "key";
const char kDefaultApiKeyQueryName2[] = "api_key";
const char kDefaultApiKeyHeaderName[] = "x-api-key";

// Header for android package name, used for api key restriction check.
const char kXAndroidPackage[] = "x-android-package";

// Header for android certificate fingerprint, used for api key restriction
// check.
const char kXAndroidCert[] = "x-android-cert";

// Header for IOS bundle identifier, used for api key restriction check.
const char kXIosBundleId[] = "x-ios-bundle-identifier";

// Default location
const char kDefaultLocation[] = "us-central1";

Expand Down Expand Up @@ -225,6 +235,10 @@ void RequestContext::FillCheckRequestInfo(
service_control::CheckRequestInfo *info) {
FillOperationInfo(info);
info->allow_unregistered_calls = method()->allow_unregistered_calls();

request_->FindHeader(kXAndroidPackage, &info->android_package_name);
request_->FindHeader(kXAndroidCert, &info->android_cert_fingerprint);
request_->FindHeader(kXIosBundleId, &info->ios_bundle_id);
}

void RequestContext::FillReportRequestInfo(
Expand Down
5 changes: 5 additions & 0 deletions contrib/endpoints/src/api_manager/service_control/info.h
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,11 @@ struct CheckRequestInfo : public OperationInfo {
// Whether the method allow unregistered calls.
bool allow_unregistered_calls;

// used for api key restriction check
std::string android_package_name;
std::string android_cert_fingerprint;
std::string ios_bundle_id;

CheckRequestInfo() : allow_unregistered_calls(false) {}
};

Expand Down
18 changes: 18 additions & 0 deletions contrib/endpoints/src/api_manager/service_control/proto.cc
Original file line number Diff line number Diff line change
Expand Up @@ -420,6 +420,12 @@ const char kServiceControlServiceAgent[] =
const char kServiceControlUserAgent[] =
"servicecontrol.googleapis.com/user_agent";
const char kServiceControlPlatform[] = "servicecontrol.googleapis.com/platform";
const char kServiceControlAndroidPackageName[] =
"servicecontrol.googleapis.com/android_package_name";
const char kServiceControlAndroidCertFingerprint[] =
"servicecontrol.googleapis.com/android_cert_fingerprint";
const char kServiceControlIosBundleId[] =
"servicecontrol.googleapis.com/ios_bundle_id";

// User agent label value
// The value for kUserAgent should be configured at service control server.
Expand Down Expand Up @@ -928,6 +934,18 @@ Status Proto::FillCheckRequest(const CheckRequestInfo& info,
(*labels)[kServiceControlUserAgent] = kUserAgent;
(*labels)[kServiceControlServiceAgent] =
kServiceAgentPrefix + utils::Version::instance().get();

if (!info.android_package_name.empty()) {
(*labels)[kServiceControlAndroidPackageName] = info.android_package_name;
}
if (!info.android_cert_fingerprint.empty()) {
(*labels)[kServiceControlAndroidCertFingerprint] =
info.android_cert_fingerprint;
}
if (!info.ios_bundle_id.empty()) {
(*labels)[kServiceControlIosBundleId] = info.ios_bundle_id;
}

return Status::OK;
}

Expand Down
18 changes: 18 additions & 0 deletions contrib/endpoints/src/api_manager/service_control/proto_test.cc
Original file line number Diff line number Diff line change
Expand Up @@ -161,6 +161,24 @@ TEST_F(ProtoTest, FillGoodCheckRequestTest) {
ASSERT_EQ(expected_text, text);
}

TEST_F(ProtoTest, FillGoodCheckRequestAndroidIosTest) {
CheckRequestInfo info;
FillOperationInfo(&info);
FillCheckRequestInfo(&info);

info.android_package_name = "com.google.cloud";
info.android_cert_fingerprint = "AIzaSyB4Gz8nyaSaWo63IPUcy5d_L8dpKtOTSD0";
info.ios_bundle_id = "5b40ad6af9a806305a0a56d7cb91b82a27c26909";

gasv1::CheckRequest request;
ASSERT_TRUE(scp_.FillCheckRequest(info, &request).ok());

std::string text = CheckRequestToString(&request);
std::string expected_text =
ReadTestBaseline("check_request_android_ios.golden");
ASSERT_EQ(expected_text, text);
}

TEST_F(ProtoTest, FillNoApiKeyCheckRequestTest) {
CheckRequestInfo info;
info.operation_id = "operation_id";
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
service_name: "test_service"
operation {
operation_id: "operation_id"
operation_name: "operation_name"
consumer_id: "api_key:api_key_x"
start_time {
seconds: 100000
nanos: 100000
}
end_time {
seconds: 100000
nanos: 100000
}
labels {
key: "servicecontrol.googleapis.com/android_cert_fingerprint"
value: "AIzaSyB4Gz8nyaSaWo63IPUcy5d_L8dpKtOTSD0"
}
labels {
key: "servicecontrol.googleapis.com/android_package_name"
value: "com.google.cloud"
}
labels {
key: "servicecontrol.googleapis.com/caller_ip"
value: "1.2.3.4"
}
labels {
key: "servicecontrol.googleapis.com/ios_bundle_id"
value: "5b40ad6af9a806305a0a56d7cb91b82a27c26909"
}
labels {
key: "servicecontrol.googleapis.com/referer"
value: "referer"
}
labels {
key: "servicecontrol.googleapis.com/service_agent"
value: "ESP/{{service_agent_version}}"
}
labels {
key: "servicecontrol.googleapis.com/user_agent"
value: "ESP"
}
}
service_config_id: "2016-09-19r0"

0 comments on commit 557d0c6

Please sign in to comment.