WIP: Add remote report authorization

csweichel · csweichel · commit 999a2a38b4d4 · 2023-07-01T22:42:02.000Z
diff --git a/cmd/build.go b/cmd/build.go
@@ -254,7 +254,7 @@ func getBuildOpts(cmd *cobra.Command) ([]leeway.BuildOption, *leeway.FilesystemC
 	if ep, err := cmd.Flags().GetString("remote-report"); err != nil {
 		log.Fatal(err)
 	} else if ep != "" {
-		reporter = append(reporter, remotereporter.NewReporter(ep))
+		reporter = append(reporter, remotereporter.NewReporter(ep, os.Getenv("LEEWAY_REMOTE_REPORT_TOKEN")))
 	}
 
 	dontTest, err := cmd.Flags().GetBool("dont-test")
diff --git a/pkg/remotereporter/reporter.go b/pkg/remotereporter/reporter.go
@@ -15,14 +15,21 @@ import (
 	"github.com/sirupsen/logrus"
 )
 
-func NewReporter(endpoint string) *Reporter {
+func NewReporter(endpoint, token string) *Reporter {
 	id, err := uuid.NewRandom()
 	if err != nil {
 		panic(fmt.Sprintf("cannot create remote reporting sesison UUID: %v.\nTry running without --remote-report", err))
 	}
 
 	httpclient := &http.Client{Timeout: 2 * time.Second}
-	client := v1connect.NewReporterServiceClient(httpclient, endpoint)
+	client := v1connect.NewReporterServiceClient(httpclient, endpoint, connect_go.WithInterceptors(connect_go.UnaryInterceptorFunc(func(uf connect_go.UnaryFunc) connect_go.UnaryFunc {
+		return func(ctx context.Context, req connect_go.AnyRequest) (connect_go.AnyResponse, error) {
+			if token != "" {
+				req.Header().Set("Authorization", token)
+			}
+			return uf(ctx, req)
+		}
+	})))
 	return &Reporter{
 		sessionID: id.String(),
 		times:     make(map[string]time.Time),
diff --git a/tracker/backend/ingestor/main.go b/tracker/backend/ingestor/main.go
@@ -3,6 +3,7 @@ package main
 import (
 	"context"
 	"flag"
+	"fmt"
 	"log"
 	"net/http"
 	"os"
@@ -13,6 +14,7 @@ import (
 	"github.com/aws/aws-sdk-go-v2/config"
 	"github.com/aws/aws-sdk-go-v2/service/cloudwatch"
 	"github.com/awslabs/aws-lambda-go-api-proxy/httpadapter"
+	"github.com/bufbuild/connect-go"
 	grpcreflect "github.com/bufbuild/connect-grpcreflect-go"
 	segment "github.com/segmentio/analytics-go/v3"
 	"github.com/sirupsen/logrus"
@@ -64,7 +66,15 @@ func main() {
 	default:
 		logrus.Fatalf("unsupported --sample-sink: %s", *sink)
 	}
-	mux.Handle(v1connect.NewReporterServiceHandler(handler.NewBuildReportHandler(store)))
+	mux.Handle(v1connect.NewReporterServiceHandler(handler.NewBuildReportHandler(store), connect.WithInterceptors(connect.UnaryInterceptorFunc(func(uf connect.UnaryFunc) connect.UnaryFunc {
+		return func(ctx context.Context, req connect.AnyRequest) (connect.AnyResponse, error) {
+			tkn := req.Header().Get("Authorization")
+			if tkn == "" {
+				return nil, connect.NewError(connect.CodePermissionDenied, fmt.Errorf("no token present"))
+			}
+			return uf(ctx, req)
+		}
+	}))))
 
 	reflector := grpcreflect.NewStaticReflector(
 		v1connect.ReporterServiceName,

Original file line number	Diff line number	Diff line change
`@@ -254,7 +254,7 @@ func getBuildOpts(cmd cobra.Command) ([]leeway.BuildOption, leeway.FilesystemC`
`254`	`254`	`if ep, err := cmd.Flags().GetString("remote-report"); err != nil {`
`255`	`255`	`log.Fatal(err)`
`256`	`256`	`} else if ep != "" {`
`257`		`- reporter = append(reporter, remotereporter.NewReporter(ep))`
	`257`	`+ reporter = append(reporter, remotereporter.NewReporter(ep, os.Getenv("LEEWAY_REMOTE_REPORT_TOKEN")))`
`258`	`258`	`}`
`259`	`259`
`260`	`260`	`dontTest, err := cmd.Flags().GetBool("dont-test")`