[Anchor-418] Support auth with SEP10 in SEP38 (#1130)

### Description Add sep38.requires_sep10 configuration with default value to FALSE ### Context Currently, according to the SEP-38 spec, some of the SEP38 endpoints have SEP-10 as optional. This task seeks ensure we support this optionality by add configurability to these endpoints' SEP-10 requirements. ### Testing Tests were added to verify endpoints url pattern was added to filter if auth is required
stellar · Oct 3, 2023 · 84811bd · 84811bd
1 parent 625e469
commit 84811bd
Show file tree

Hide file tree

Showing 9 changed files with 68 additions and 4 deletions.
diff --git a/core/src/main/java/org/stellar/anchor/config/Sep38Config.java b/core/src/main/java/org/stellar/anchor/config/Sep38Config.java
@@ -3,4 +3,6 @@
 @SuppressWarnings("SameReturnValue")
 public interface Sep38Config {
   boolean isEnabled();
+
+  boolean isSep10Enforced();
 }
diff --git a/core/src/test/kotlin/org/stellar/anchor/sep38/Sep38ServiceTest.kt b/core/src/test/kotlin/org/stellar/anchor/sep38/Sep38ServiceTest.kt
@@ -41,6 +41,10 @@ class Sep38ServiceTest {
     override fun isEnabled(): Boolean {
       return true
     }
+
+    override fun isSep10Enforced(): Boolean {
+      return false
+    }
   }
 
   companion object {

diff --git a/integration-tests/src/main/kotlin/org/stellar/anchor/platform/Sep38Client.kt b/integration-tests/src/main/kotlin/org/stellar/anchor/platform/Sep38Client.kt
@@ -13,7 +13,7 @@ import org.stellar.anchor.api.sep.sep38.Sep38QuoteResponse
 class Sep38Client(private val endpoint: String, private val jwt: String) : SepClient() {
   fun getInfo(): InfoResponse {
     println("GET $endpoint/info")
-    val responseBody = httpGet("$endpoint/info")
+    val responseBody = httpGet("$endpoint/info", jwt)
     return gson.fromJson(responseBody, InfoResponse::class.java)
   }
 
@@ -28,7 +28,7 @@ class Sep38Client(private val endpoint: String, private val jwt: String) : SepCl
         .addQueryParameter("sell_amount", sellAmount)
     println(urlBuilder.build().toString())
 
-    val responseBody = httpGet(urlBuilder.build().toString())
+    val responseBody = httpGet(urlBuilder.build().toString(), jwt)
     return gson.fromJson(responseBody, GetPricesResponse::class.java)
   }
 
@@ -50,7 +50,7 @@ class Sep38Client(private val endpoint: String, private val jwt: String) : SepCl
         .addQueryParameter("context", context.toString())
     println(urlBuilder.build().toString())
 
-    val responseBody = httpGet(urlBuilder.build().toString())
+    val responseBody = httpGet(urlBuilder.build().toString(), jwt)
     return gson.fromJson(responseBody, GetPriceResponse::class.java)
   }
 

diff --git a/integration-tests/src/test/kotlin/org/stellar/anchor/platform/test/Sep38Tests.kt b/integration-tests/src/test/kotlin/org/stellar/anchor/platform/test/Sep38Tests.kt
@@ -84,6 +84,7 @@ class Sep38Tests(config: TestConfig, toml: TomlContent, jwt: String) {
       )
     }
   }
+
   fun testAll() {
     println("Performing SEP38 tests...")
     `test sep38 info, price and prices endpoints`()

diff --git a/platform/src/main/java/org/stellar/anchor/platform/component/sep/SepBeans.java b/platform/src/main/java/org/stellar/anchor/platform/component/sep/SepBeans.java
@@ -92,7 +92,8 @@ Sep38Config sep38Config() {
    * @return Spring Filter Registration Bean
    */
   @Bean
-  public FilterRegistrationBean<Filter> sep10TokenFilter(JwtService jwtService) {
+  public FilterRegistrationBean<Filter> sep10TokenFilter(
+      JwtService jwtService, Sep38Config sep38Config) {
     FilterRegistrationBean<Filter> registrationBean = new FilterRegistrationBean<>();
     registrationBean.setFilter(new Sep10JwtFilter(jwtService));
     registrationBean.addUrlPatterns("/sep6/transaction");
@@ -106,6 +107,11 @@ public FilterRegistrationBean<Filter> sep10TokenFilter(JwtService jwtService) {
     registrationBean.addUrlPatterns("/sep31/transactions/*");
     registrationBean.addUrlPatterns("/sep38/quote");
     registrationBean.addUrlPatterns("/sep38/quote/*");
+    if (sep38Config.isSep10Enforced()) {
+      registrationBean.addUrlPatterns("/sep38/info");
+      registrationBean.addUrlPatterns("/sep38/price");
+      registrationBean.addUrlPatterns("/sep38/prices");
+    }
     return registrationBean;
   }
 

diff --git a/platform/src/main/java/org/stellar/anchor/platform/config/PropertySep38Config.java b/platform/src/main/java/org/stellar/anchor/platform/config/PropertySep38Config.java
@@ -1,9 +1,13 @@
 package org.stellar.anchor.platform.config;
 
+import com.google.gson.annotations.SerializedName;
 import lombok.Data;
 import org.stellar.anchor.config.Sep38Config;
 
 @Data
 public class PropertySep38Config implements Sep38Config {
   boolean enabled;
+
+  @SerializedName("sep10_enforced")
+  boolean sep10Enforced;
 }
diff --git a/platform/src/main/resources/config/anchor-config-default-values.yaml b/platform/src/main/resources/config/anchor-config-default-values.yaml
@@ -451,6 +451,8 @@ sep38:
   # Whether to enable SEP-38
   #
   enabled: false
+  # Whether to enforce SEP-10 authentication for SEP-38 /info, /price, /prices endpoints.
+  sep10_enforced: false
 
 ######################
 ## Custody Server configuration

diff --git a/platform/src/main/resources/config/anchor-config-schema-v1.yaml b/platform/src/main/resources/config/anchor-config-schema-v1.yaml
@@ -93,6 +93,7 @@ sep31.deposit_info_generator_type:
 sep31.enabled:
 sep31.payment_type:
 sep38.enabled:
+sep38.sep10_enforced:
 sep6.enabled:
 sep6.features.account_creation:
 sep6.features.claimable_balances:

diff --git a/platform/src/test/kotlin/org/stellar/anchor/platform/component/SepBeansTest.kt b/platform/src/test/kotlin/org/stellar/anchor/platform/component/SepBeansTest.kt
@@ -0,0 +1,44 @@
+package org.stellar.anchor.platform.component
+
+import io.mockk.every
+import io.mockk.impl.annotations.MockK
+import io.mockk.mockk
+import org.junit.jupiter.api.BeforeEach
+import org.junit.jupiter.api.Test
+import org.stellar.anchor.auth.JwtService
+import org.stellar.anchor.config.*
+import org.stellar.anchor.platform.component.sep.SepBeans
+
+class SepBeansTest {
+  @MockK(relaxed = true) private lateinit var secretConfig: SecretConfig
+  @MockK(relaxed = true) lateinit var custodySecretConfig: CustodySecretConfig
+  @MockK(relaxed = true) lateinit var sep38Config: Sep38Config
+  private lateinit var jwtService: JwtService
+  private lateinit var sepBeans: SepBeans
+
+  @BeforeEach
+  fun setUp() {
+    secretConfig = mockk(relaxed = true)
+    custodySecretConfig = mockk(relaxed = true)
+    sep38Config = mockk(relaxed = true)
+    jwtService = JwtService(secretConfig, custodySecretConfig)
+    sepBeans = SepBeans()
+  }
+
+  @Test
+  fun `test info, price, prices were excluded in filter when auth not required`() {
+    val sep10TokenFilter = sepBeans.sep10TokenFilter(jwtService, sep38Config)
+    assert(!sep10TokenFilter.urlPatterns.contains("/sep38/info"))
+    assert(!sep10TokenFilter.urlPatterns.contains("/sep38/price"))
+    assert(!sep10TokenFilter.urlPatterns.contains("/sep38/prices"))
+  }
+
+  @Test
+  fun `test info, price, prices endpoints were included in filter when auth required`() {
+    every { sep38Config.isSep10Enforced } returns true
+    val sep10TokenFilter = sepBeans.sep10TokenFilter(jwtService, sep38Config)
+    assert(sep10TokenFilter.urlPatterns.contains("/sep38/info"))
+    assert(sep10TokenFilter.urlPatterns.contains("/sep38/price"))
+    assert(sep10TokenFilter.urlPatterns.contains("/sep38/prices"))
+  }
+}
-Original file line number
+Diff line change
@@ Expand Up @@
           )
         }
       }
       fun testAll() {
         println("Performing SEP38 tests...")
         `test sep38 info, price and prices endpoints`()
@@ Expand Down @@