@@ -1290,4 +1290,278 @@ mod test {
12901290 // Err(ResponseError::BadRequest(err_msg))
12911291 // ));
12921292 }
1293+
1294+ #[ tokio:: test]
1295+ async fn test_allowed_keys_for_guest ( ) {
1296+ let app_guard = setup_dummy_app ( ) . await ;
1297+ let app = Arc :: new ( app_guard. app ) ;
1298+
1299+ let allowed_keys = GET_ANALYTICS_ALLOWED_KEYS . clone ( ) ;
1300+ let base_datehour = DateHour :: from_ymdh ( 2022 , 1 , 17 , 14 ) ;
1301+
1302+ // Test for each allowed key
1303+ // Country
1304+ {
1305+ let query = AnalyticsQuery {
1306+ limit : 1000 ,
1307+ event_type : CLICK ,
1308+ metric : Metric :: Count ,
1309+ segment_by : None ,
1310+ time : Time {
1311+ timeframe : Timeframe :: Day ,
1312+ start : base_datehour - 1 ,
1313+ end : None ,
1314+ } ,
1315+ chains : vec ! [ GANACHE_1337 . chain_id] ,
1316+ country : Some ( "Bulgaria" . to_string ( ) ) ,
1317+ ..Default :: default ( )
1318+ } ;
1319+ let res = get_analytics (
1320+ Extension ( app. clone ( ) ) ,
1321+ None ,
1322+ Extension ( allowed_keys. clone ( ) ) ,
1323+ None ,
1324+ Qs ( query) ,
1325+ )
1326+ . await ;
1327+ assert ! ( res. is_ok( ) ) ;
1328+ }
1329+ // Ad Slot Type
1330+ {
1331+ let query = AnalyticsQuery {
1332+ limit : 1000 ,
1333+ event_type : CLICK ,
1334+ metric : Metric :: Count ,
1335+ segment_by : None ,
1336+ time : Time {
1337+ timeframe : Timeframe :: Day ,
1338+ start : base_datehour - 1 ,
1339+ end : None ,
1340+ } ,
1341+ chains : vec ! [ GANACHE_1337 . chain_id] ,
1342+ ad_slot_type : Some ( "legacy_300x100" . to_string ( ) ) ,
1343+ ..Default :: default ( )
1344+ } ;
1345+ let res = get_analytics (
1346+ Extension ( app. clone ( ) ) ,
1347+ None ,
1348+ Extension ( allowed_keys. clone ( ) ) ,
1349+ None ,
1350+ Qs ( query) ,
1351+ )
1352+ . await ;
1353+ assert ! ( res. is_ok( ) ) ;
1354+ }
1355+ // Test each not allowed key
1356+ // CampaignId
1357+ {
1358+ let query = AnalyticsQuery {
1359+ limit : 1000 ,
1360+ event_type : CLICK ,
1361+ metric : Metric :: Count ,
1362+ segment_by : None ,
1363+ time : Time {
1364+ timeframe : Timeframe :: Day ,
1365+ start : base_datehour - 1 ,
1366+ end : None ,
1367+ } ,
1368+ chains : vec ! [ GANACHE_1337 . chain_id] ,
1369+ campaign_id : Some ( DUMMY_CAMPAIGN . id ) ,
1370+ ..Default :: default ( )
1371+ } ;
1372+ let res = get_analytics (
1373+ Extension ( app. clone ( ) ) ,
1374+ None ,
1375+ Extension ( allowed_keys. clone ( ) ) ,
1376+ None ,
1377+ Qs ( query) ,
1378+ )
1379+ . await
1380+ . expect_err ( "should be an error" ) ;
1381+ assert_eq ! (
1382+ ResponseError :: Forbidden ( "Disallowed query key `campaignId`" . into( ) ) ,
1383+ res,
1384+ ) ;
1385+ }
1386+ // AdUnit
1387+ {
1388+ let query = AnalyticsQuery {
1389+ limit : 1000 ,
1390+ event_type : CLICK ,
1391+ metric : Metric :: Count ,
1392+ segment_by : None ,
1393+ time : Time {
1394+ timeframe : Timeframe :: Day ,
1395+ start : base_datehour - 1 ,
1396+ end : None ,
1397+ } ,
1398+ chains : vec ! [ GANACHE_1337 . chain_id] ,
1399+ ad_unit : Some ( DUMMY_IPFS [ 0 ] ) ,
1400+ ..Default :: default ( )
1401+ } ;
1402+ let res = get_analytics (
1403+ Extension ( app. clone ( ) ) ,
1404+ None ,
1405+ Extension ( allowed_keys. clone ( ) ) ,
1406+ None ,
1407+ Qs ( query) ,
1408+ )
1409+ . await
1410+ . expect_err ( "should be an error" ) ;
1411+ assert_eq ! (
1412+ ResponseError :: Forbidden ( "Disallowed query key `adUnit`" . into( ) ) ,
1413+ res,
1414+ ) ;
1415+ }
1416+ // AdSlot
1417+ {
1418+ let query = AnalyticsQuery {
1419+ limit : 1000 ,
1420+ event_type : CLICK ,
1421+ metric : Metric :: Count ,
1422+ segment_by : None ,
1423+ time : Time {
1424+ timeframe : Timeframe :: Day ,
1425+ start : base_datehour - 1 ,
1426+ end : None ,
1427+ } ,
1428+ chains : vec ! [ GANACHE_1337 . chain_id] ,
1429+ ad_slot : Some ( DUMMY_IPFS [ 1 ] ) ,
1430+ ..Default :: default ( )
1431+ } ;
1432+ let res = get_analytics (
1433+ Extension ( app. clone ( ) ) ,
1434+ None ,
1435+ Extension ( allowed_keys. clone ( ) ) ,
1436+ None ,
1437+ Qs ( query) ,
1438+ )
1439+ . await
1440+ . expect_err ( "should be an error" ) ;
1441+ assert_eq ! (
1442+ ResponseError :: Forbidden ( "Disallowed query key `adSlot`" . into( ) ) ,
1443+ res,
1444+ ) ;
1445+ }
1446+ // Advertiser
1447+ {
1448+ let query = AnalyticsQuery {
1449+ limit : 1000 ,
1450+ event_type : CLICK ,
1451+ metric : Metric :: Count ,
1452+ segment_by : None ,
1453+ time : Time {
1454+ timeframe : Timeframe :: Day ,
1455+ start : base_datehour - 1 ,
1456+ end : None ,
1457+ } ,
1458+ chains : vec ! [ GANACHE_1337 . chain_id] ,
1459+ advertiser : Some ( * ADVERTISER ) ,
1460+ ..Default :: default ( )
1461+ } ;
1462+ let res = get_analytics (
1463+ Extension ( app. clone ( ) ) ,
1464+ None ,
1465+ Extension ( allowed_keys. clone ( ) ) ,
1466+ None ,
1467+ Qs ( query) ,
1468+ )
1469+ . await
1470+ . expect_err ( "should throw an error" ) ;
1471+ assert_eq ! (
1472+ ResponseError :: Forbidden ( "Disallowed query key `advertiser`" . into( ) ) ,
1473+ res,
1474+ ) ;
1475+ }
1476+ // Publisher
1477+ {
1478+ let query = AnalyticsQuery {
1479+ limit : 1000 ,
1480+ event_type : CLICK ,
1481+ metric : Metric :: Count ,
1482+ segment_by : None ,
1483+ time : Time {
1484+ timeframe : Timeframe :: Day ,
1485+ start : base_datehour - 1 ,
1486+ end : None ,
1487+ } ,
1488+ chains : vec ! [ GANACHE_1337 . chain_id] ,
1489+ publisher : Some ( * PUBLISHER ) ,
1490+ ..Default :: default ( )
1491+ } ;
1492+ let res = get_analytics (
1493+ Extension ( app. clone ( ) ) ,
1494+ None ,
1495+ Extension ( allowed_keys. clone ( ) ) ,
1496+ None ,
1497+ Qs ( query) ,
1498+ )
1499+ . await
1500+ . expect_err ( "should throw an error" ) ;
1501+ assert_eq ! (
1502+ ResponseError :: Forbidden ( "Disallowed query key `publisher`" . into( ) ) ,
1503+ res,
1504+ ) ;
1505+ }
1506+ // Hostname
1507+ {
1508+ let query = AnalyticsQuery {
1509+ limit : 1000 ,
1510+ event_type : CLICK ,
1511+ metric : Metric :: Count ,
1512+ segment_by : None ,
1513+ time : Time {
1514+ timeframe : Timeframe :: Day ,
1515+ start : base_datehour - 1 ,
1516+ end : None ,
1517+ } ,
1518+ chains : vec ! [ GANACHE_1337 . chain_id] ,
1519+ hostname : Some ( "localhost" . to_string ( ) ) ,
1520+ ..Default :: default ( )
1521+ } ;
1522+ let res = get_analytics (
1523+ Extension ( app. clone ( ) ) ,
1524+ None ,
1525+ Extension ( allowed_keys. clone ( ) ) ,
1526+ None ,
1527+ Qs ( query) ,
1528+ )
1529+ . await
1530+ . expect_err ( "should throw an error" ) ;
1531+ assert_eq ! (
1532+ ResponseError :: Forbidden ( "Disallowed query key `hostname`" . into( ) ) ,
1533+ res,
1534+ ) ;
1535+ }
1536+ // OsName
1537+ {
1538+ let query = AnalyticsQuery {
1539+ limit : 1000 ,
1540+ event_type : CLICK ,
1541+ metric : Metric :: Count ,
1542+ segment_by : None ,
1543+ time : Time {
1544+ timeframe : Timeframe :: Day ,
1545+ start : base_datehour - 1 ,
1546+ end : None ,
1547+ } ,
1548+ chains : vec ! [ GANACHE_1337 . chain_id] ,
1549+ os_name : Some ( OperatingSystem :: map_os ( "Windows" ) ) ,
1550+ ..Default :: default ( )
1551+ } ;
1552+ let res = get_analytics (
1553+ Extension ( app. clone ( ) ) ,
1554+ None ,
1555+ Extension ( allowed_keys. clone ( ) ) ,
1556+ None ,
1557+ Qs ( query) ,
1558+ )
1559+ . await
1560+ . expect_err ( "should throw an error" ) ;
1561+ assert_eq ! (
1562+ ResponseError :: Forbidden ( "Disallowed query key `osName`" . into( ) ) ,
1563+ res,
1564+ ) ;
1565+ }
1566+ }
12931567}
0 commit comments