Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support apikey based traffic restriction #189

Merged
merged 4 commits into from
Mar 20, 2017
Merged
Show file tree
Hide file tree
Changes from 2 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 14 additions & 0 deletions contrib/endpoints/src/api_manager/context/request_context.cc
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,16 @@ const char kDefaultApiKeyQueryName1[] = "key";
const char kDefaultApiKeyQueryName2[] = "api_key";
const char kDefaultApiKeyHeaderName[] = "x-api-key";

// Header for android package name, used for api key restriction check.
const char kXAndroidPackage[] = "x-android-package";

// Header for android certificate fingerprint, used for api key restriction
// check.
const char kXAndroidCert[] = "x-android-cert";

// Header for IOS bundle identifier, used for api key restriction check.
const char kXIosBundleId[] = "x-ios-bundle-identifier";

// Default location
const char kDefaultLocation[] = "us-central1";

Expand Down Expand Up @@ -225,6 +235,10 @@ void RequestContext::FillCheckRequestInfo(
service_control::CheckRequestInfo *info) {
FillOperationInfo(info);
info->allow_unregistered_calls = method()->allow_unregistered_calls();

request_->FindHeader(kXAndroidPackage, &info->android_package_name);
request_->FindHeader(kXAndroidCert, &info->android_cert_fingerprint);
request_->FindHeader(kXIosBundleId, &info->ios_bundle_id);
}

void RequestContext::FillReportRequestInfo(
Expand Down
5 changes: 5 additions & 0 deletions contrib/endpoints/src/api_manager/service_control/info.h
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,11 @@ struct CheckRequestInfo : public OperationInfo {
// Whether the method allow unregistered calls.
bool allow_unregistered_calls;

// used for api key restriction check
std::string android_package_name;
std::string android_cert_fingerprint;
std::string ios_bundle_id;

CheckRequestInfo() : allow_unregistered_calls(false) {}
};

Expand Down
18 changes: 18 additions & 0 deletions contrib/endpoints/src/api_manager/service_control/proto.cc
Original file line number Diff line number Diff line change
Expand Up @@ -420,6 +420,12 @@ const char kServiceControlServiceAgent[] =
const char kServiceControlUserAgent[] =
"servicecontrol.googleapis.com/user_agent";
const char kServiceControlPlatform[] = "servicecontrol.googleapis.com/platform";
const char kServiceControlAndroidPackageName[] =
"servicecontrol.googleapis.com/android_package_name";
const char kServiceControlAndroidCertFingerprint[] =
"servicecontrol.googleapis.com/android_cert_fingerprint";
const char kServiceControlIosBundleId[] =
"servicecontrol.googleapis.com/ios_bundle_id";

// User agent label value
// The value for kUserAgent should be configured at service control server.
Expand Down Expand Up @@ -928,6 +934,18 @@ Status Proto::FillCheckRequest(const CheckRequestInfo& info,
(*labels)[kServiceControlUserAgent] = kUserAgent;
(*labels)[kServiceControlServiceAgent] =
kServiceAgentPrefix + utils::Version::instance().get();

if (!info.android_package_name.empty()) {
(*labels)[kServiceControlAndroidPackageName] = info.android_package_name;
}
if (!info.android_cert_fingerprint.empty()) {
(*labels)[kServiceControlAndroidCertFingerprint] =
info.android_cert_fingerprint;
}
if (!info.ios_bundle_id.empty()) {
(*labels)[kServiceControlIosBundleId] = info.ios_bundle_id;
}

return Status::OK;
}

Expand Down
17 changes: 17 additions & 0 deletions contrib/endpoints/src/api_manager/service_control/proto_test.cc
Original file line number Diff line number Diff line change
Expand Up @@ -161,6 +161,23 @@ TEST_F(ProtoTest, FillGoodCheckRequestTest) {
ASSERT_EQ(expected_text, text);
}

TEST_F(ProtoTest, FillGoodCheckRequestAndroidIosTest) {
CheckRequestInfo info;
FillOperationInfo(&info);
FillCheckRequestInfo(&info);

info.android_package_name = "com.google.cloud";
info.android_cert_fingerprint = "AIzaSyB4Gz8nyaSaWo63IPUcy5d_L8dpKtOTSD0";
info.ios_bundle_id = "5b40ad6af9a806305a0a56d7cb91b82a27c26909";

gasv1::CheckRequest request;
ASSERT_TRUE(scp_.FillCheckRequest(info, &request).ok());

std::string text = CheckRequestToString(&request);
std::string expected_text = ReadTestBaseline("check_request_android_ios.golden");
ASSERT_EQ(expected_text, text);
}

TEST_F(ProtoTest, FillNoApiKeyCheckRequestTest) {
CheckRequestInfo info;
info.operation_id = "operation_id";
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
service_name: "test_service"
operation {
operation_id: "operation_id"
operation_name: "operation_name"
consumer_id: "api_key:api_key_x"
start_time {
seconds: 100000
nanos: 100000
}
end_time {
seconds: 100000
nanos: 100000
}
labels {
key: "servicecontrol.googleapis.com/android_cert_fingerprint"
value: "AIzaSyB4Gz8nyaSaWo63IPUcy5d_L8dpKtOTSD0"
}
labels {
key: "servicecontrol.googleapis.com/android_package_name"
value: "com.google.cloud"
}
labels {
key: "servicecontrol.googleapis.com/caller_ip"
value: "1.2.3.4"
}
labels {
key: "servicecontrol.googleapis.com/ios_bundle_id"
value: "5b40ad6af9a806305a0a56d7cb91b82a27c26909"
}
labels {
key: "servicecontrol.googleapis.com/referer"
value: "referer"
}
labels {
key: "servicecontrol.googleapis.com/service_agent"
value: "ESP/{{service_agent_version}}"
}
labels {
key: "servicecontrol.googleapis.com/user_agent"
value: "ESP"
}
}
service_config_id: "2016-09-19r0"