From 3eab259330b4154e4926070d034b9814d9467d4e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bart=C5=82omiej=20Klocek?= <bartlomiej.klocek@swmansion.com>
Date: Mon, 25 Sep 2023 14:13:02 +0200
Subject: [PATCH] [blob][reports] Provide identity service endpoint

Summary:
Provide identity service endpoint along with `AuthService` instance for blob and reports service. This is needed for service-to-service token auth and client verification.
Haven't touched backup service yet but it's subject to change as well (after client work is done).

Depends on D9280

Test Plan: Cargo check + ensured that CLI arg is read correctly in blob service

Reviewers: michal, varun, jon

Reviewed By: michal

Subscribers: ashoat, tomek

Differential Revision: https://phab.comm.dev/D9281
---
 services/blob/src/config.rs      | 4 ++++
 services/blob/src/http/mod.rs    | 7 ++++++-
 services/blob/src/main.rs        | 8 +++++---
 services/reports/src/config.rs   | 5 +++++
 services/reports/src/http/mod.rs | 9 +++++++--
 services/reports/src/main.rs     | 7 ++++---
 6 files changed, 31 insertions(+), 9 deletions(-)

diff --git a/services/blob/src/config.rs b/services/blob/src/config.rs
index 12dfe5622f..3899c1174f 100644
--- a/services/blob/src/config.rs
+++ b/services/blob/src/config.rs
@@ -20,6 +20,10 @@ pub struct AppConfig {
   #[arg(env = S3_BUCKET_ENV_VAR)]
   #[arg(long, default_value_t = DEFAULT_S3_BUCKET_NAME.to_string())]
   pub s3_bucket_name: String,
+  /// Identity service endpoint
+  #[arg(env = "IDENTITY_SERVICE_ENDPOINT")]
+  #[arg(long, default_value = "http://localhost:50054")]
+  pub identity_endpoint: String,
 }
 
 /// Stores configuration parsed from command-line arguments
diff --git a/services/blob/src/http/mod.rs b/services/blob/src/http/mod.rs
index a6e5772550..8d60e2ce29 100644
--- a/services/blob/src/http/mod.rs
+++ b/services/blob/src/http/mod.rs
@@ -2,6 +2,7 @@ use crate::{config::CONFIG, service::BlobService};
 
 use actix_web::{web, App, HttpServer};
 use anyhow::Result;
+use comm_services_lib::auth::AuthService;
 use tracing::info;
 
 mod errors;
@@ -11,7 +12,10 @@ mod handlers {
   pub(super) mod blob;
 }
 
-pub async fn run_http_server(blob_service: BlobService) -> Result<()> {
+pub async fn run_http_server(
+  blob_service: BlobService,
+  auth_service: AuthService,
+) -> Result<()> {
   info!(
     "Starting HTTP server listening at port {}",
     CONFIG.http_port
@@ -22,6 +26,7 @@ pub async fn run_http_server(blob_service: BlobService) -> Result<()> {
       .wrap(comm_services_lib::http::cors_config(
         CONFIG.localstack_endpoint.is_some(),
       ))
+      .app_data(auth_service.to_owned())
       .app_data(web::Data::new(blob_service.to_owned()))
       .service(
         web::resource("/blob/{holder}")
diff --git a/services/blob/src/main.rs b/services/blob/src/main.rs
index 05c888c9db..2f01c0e0a4 100644
--- a/services/blob/src/main.rs
+++ b/services/blob/src/main.rs
@@ -7,6 +7,7 @@ pub mod service;
 pub mod tools;
 
 use anyhow::Result;
+use comm_services_lib::auth::AuthService;
 use tracing_subscriber::filter::{EnvFilter, LevelFilter};
 
 use crate::service::BlobServiceConfig;
@@ -25,13 +26,14 @@ fn configure_logging() -> Result<()> {
 #[tokio::main]
 async fn main() -> Result<()> {
   configure_logging()?;
-  config::parse_cmdline_args()?;
+  let config = config::parse_cmdline_args()?;
 
   let aws_config = config::load_aws_config().await;
   let db = database::DatabaseClient::new(&aws_config);
   let s3 = s3::S3Client::new(&aws_config);
+  let auth_service = AuthService::new(&aws_config, &config.identity_endpoint);
 
-  let service = service::BlobService::new(
+  let blob_service = service::BlobService::new(
     db,
     s3,
     BlobServiceConfig {
@@ -40,5 +42,5 @@ async fn main() -> Result<()> {
     },
   );
 
-  crate::http::run_http_server(service).await
+  crate::http::run_http_server(blob_service, auth_service).await
 }
diff --git a/services/reports/src/config.rs b/services/reports/src/config.rs
index e8b26e1ca5..b6e4ecd4f1 100644
--- a/services/reports/src/config.rs
+++ b/services/reports/src/config.rs
@@ -31,6 +31,11 @@ pub struct AppConfig {
   #[arg(long, default_value = "http://localhost:50053")]
   pub blob_service_url: Url,
 
+  /// Identity service endpoint
+  #[arg(env = "IDENTITY_SERVICE_ENDPOINT")]
+  #[arg(long, default_value = "http://localhost:50054")]
+  pub identity_endpoint: String,
+
   /// Should reports be encrypted? Note that this flag disables encryption
   /// which is enabled by default.
   #[arg(long = "no-encrypt", action = ArgAction::SetFalse)]
diff --git a/services/reports/src/http/mod.rs b/services/reports/src/http/mod.rs
index 524d095ae9..8caccae05c 100644
--- a/services/reports/src/http/mod.rs
+++ b/services/reports/src/http/mod.rs
@@ -4,6 +4,7 @@ use actix_web::error::{
 };
 use actix_web::{web, App, HttpResponse, HttpServer, ResponseError};
 use anyhow::Result;
+use comm_services_lib::auth::AuthService;
 use http::StatusCode;
 use tracing::{debug, error, info, trace, warn};
 
@@ -13,7 +14,10 @@ use crate::service::{ReportsService, ReportsServiceError};
 
 mod handlers;
 
-pub async fn run_http_server(service: ReportsService) -> Result<()> {
+pub async fn run_http_server(
+  reports_service: ReportsService,
+  auth_service: AuthService,
+) -> Result<()> {
   use actix_web::middleware::{Logger, NormalizePath};
   use comm_services_lib::http::cors_config;
   use tracing_actix_web::TracingLogger;
@@ -27,7 +31,8 @@ pub async fn run_http_server(service: ReportsService) -> Result<()> {
       web::JsonConfig::default().limit(REQUEST_BODY_JSON_SIZE_LIMIT);
     App::new()
       .app_data(json_cfg)
-      .app_data(service.to_owned())
+      .app_data(reports_service.to_owned())
+      .app_data(auth_service.to_owned())
       .wrap(Logger::default())
       .wrap(TracingLogger::default())
       .wrap(NormalizePath::trim())
diff --git a/services/reports/src/main.rs b/services/reports/src/main.rs
index fefdb80f2f..967d6c118a 100644
--- a/services/reports/src/main.rs
+++ b/services/reports/src/main.rs
@@ -8,7 +8,7 @@ pub mod report_utils;
 pub mod service;
 
 use anyhow::Result;
-use comm_services_lib::blob::client::BlobServiceClient;
+use comm_services_lib::{auth::AuthService, blob::client::BlobServiceClient};
 use service::ReportsService;
 use tracing_subscriber::filter::{EnvFilter, LevelFilter};
 
@@ -36,7 +36,8 @@ async fn main() -> Result<()> {
 
   let db = database::client::DatabaseClient::new(&aws_config);
   let blob_client = BlobServiceClient::new(cfg.blob_service_url.clone());
-  let service = ReportsService::new(db, blob_client, email_config);
+  let reports_service = ReportsService::new(db, blob_client, email_config);
+  let auth_service = AuthService::new(&aws_config, &cfg.identity_endpoint);
 
-  crate::http::run_http_server(service).await
+  crate::http::run_http_server(reports_service, auth_service).await
 }