sentry - routes & middlewares to axum + tests refactor

- middleware - auth - is_admin
- middleware - channel - channel_load
- middleware - campaign - called_by_campaign
- routes - channel - payout + tests refactor
- routes - channel - list tests refactor
- routes - campaign - campaign update
- routers - add new channels & campaign routes
- primitives - sentry - ChannelPayRequest derive Clone

Author: elpiel

primitives/src/sentry.rs

@@ -676,7 +676,7 @@ pub struct AllSpendersQuery {
 /// ```
 #[doc = include_str!("../examples/channel_pay_request.rs")]
 /// ```
-#[derive(Debug, Serialize, Deserialize)]
+#[derive(Debug, Serialize, Deserialize, Clone, PartialEq, Eq)]
 pub struct ChannelPayRequest {
     pub payouts: UnifiedMap,
 }

sentry/src/middleware/auth.rs

@@ -74,6 +74,27 @@ impl<C: Locked + 'static> Middleware<C> for IsAdmin {
     }
 }
 
+pub async fn is_admin<C: Locked + 'static, B>(
+    request: axum::http::Request<B>,
+    next: Next<B>,
+) -> Result<axum::response::Response, ResponseError> {
+    let auth = request
+        .extensions()
+        .get::<Auth>()
+        .ok_or(ResponseError::Unauthorized)?;
+
+    let config = &request
+        .extensions()
+        .get::<Arc<Application<C>>>()
+        .expect("Application should always be present")
+        .config;
+
+    if !config.admins.contains(auth.uid.as_address()) {
+        return Err(ResponseError::Unauthorized);
+    }
+    Ok(next.run(request).await)
+}
+
 pub async fn authentication_required<C: Locked + 'static, B>(
     request: axum::http::Request<B>,
     next: Next<B>,

sentry/src/middleware/campaign.rs

@@ -9,7 +9,7 @@ use axum::{
     middleware::Next,
 };
 use hyper::{Body, Request};
-use primitives::{campaign::Campaign, CampaignId};
+use primitives::{campaign::Campaign, CampaignId, ChainOf};
 
 #[derive(Debug)]
 pub struct CampaignLoad;
@@ -111,6 +111,34 @@ where
     Ok(next.run(request).await)
 }
 
+pub async fn called_by_campaign<C: Locked + 'static, B>(
+    request: axum::http::Request<B>,
+    next: Next<B>,
+) -> Result<axum::response::Response, ResponseError>
+where
+    B: Send,
+{
+    let campaign_context = request
+        .extensions()
+        .get::<ChainOf<Campaign>>()
+        .expect("We must have a campaign in extensions")
+        .to_owned();
+
+    let auth = request
+        .extensions()
+        .get::<Auth>()
+        .expect("request should have session")
+        .to_owned();
+
+    if auth.uid.to_address() != campaign_context.context.creator {
+        return Err(ResponseError::Forbidden(
+            "Request not sent by campaign creator".to_string(),
+        ));
+    }
+
+    Ok(next.run(request).await)
+}
+
 #[async_trait]
 impl<C: Locked + 'static> Middleware<C> for CalledByCreator {
     async fn call<'a>(
@@ -142,17 +170,13 @@ impl<C: Locked + 'static> Middleware<C> for CalledByCreator {
 
 #[cfg(test)]
 mod test {
-    use adapter::Dummy;
     use axum::{
-        body::{self, Body, BoxBody, Empty},
-        http::StatusCode,
-        middleware::from_fn,
-        response::Response,
-        routing::get,
-        Extension, Router,
+        body::Body, http::StatusCode, middleware::from_fn, routing::get, Extension, Router,
     };
+    use tower::Service;
+
+    use adapter::Dummy;
     use primitives::{test_util::DUMMY_CAMPAIGN, Campaign, ChainOf};
-    use tower::{Service, ServiceExt};
 
     use crate::{
         db::{insert_campaign, insert_channel},
@@ -180,10 +204,6 @@ mod test {
             "Ok".into()
         }
 
-        async fn body_to_string(response: Response<BoxBody>) -> String {
-            String::from_utf8(hyper::body::to_bytes(response).await.unwrap().to_vec()).unwrap()
-        }
-
         let mut router = Router::new()
             .route("/:id", get(handle))
             .layer(from_fn(campaign_load::<Dummy, _>));

sentry/src/middleware/channel.rs

@@ -1,8 +1,14 @@
+use std::sync::Arc;
+
 use crate::{
     db::get_channel_by_id, middleware::Middleware, response::ResponseError,
     routes::routers::RouteParams, Application, Auth,
 };
 use adapter::client::Locked;
+use axum::{
+    extract::{Path, RequestParts},
+    middleware::Next,
+};
 use futures::future::{BoxFuture, FutureExt};
 use hex::FromHex;
 use hyper::{Body, Request};
@@ -20,12 +26,12 @@ impl<C: Locked + 'static> Middleware<C> for ChannelLoad {
         request: Request<Body>,
         application: &'a Application<C>,
     ) -> Result<Request<Body>, ResponseError> {
-        channel_load(request, application).await
+        channel_load_old(request, application).await
     }
 }
 
 /// channel_load & channel_if_exist
-fn channel_load<C: Locked>(
+fn channel_load_old<C: Locked>(
     mut req: Request<Body>,
     app: &Application<C>,
 ) -> BoxFuture<'_, Result<Request<Body>, ResponseError>> {
@@ -63,3 +69,56 @@ fn channel_load<C: Locked>(
     }
     .boxed()
 }
+
+pub async fn channel_load<C: Locked + 'static, B>(
+    request: axum::http::Request<B>,
+    next: Next<B>,
+) -> Result<axum::response::Response, ResponseError>
+where
+    B: Send,
+{
+    let app = request
+        .extensions()
+        .get::<Arc<Application<C>>>()
+        .expect("Application should always be present")
+        .clone();
+
+    // running extractors requires a `RequestParts`
+    let mut request_parts = RequestParts::new(request);
+
+    let channel_id = request_parts
+        .extract::<Path<ChannelId>>()
+        .await
+        .map_err(|_| ResponseError::BadRequest("Bad Channel Id".to_string()))?;
+
+    let channel = get_channel_by_id(&app.pool, &channel_id)
+        .await?
+        .ok_or(ResponseError::NotFound)?;
+
+    let channel_context = app
+        .config
+        .find_chain_of(channel.token)
+        .ok_or_else(|| {
+            ResponseError::FailedValidation(
+                "Channel token is not whitelisted in this validator".into(),
+            )
+        })?
+        .with_channel(channel);
+
+    // If this is an authenticated call
+    // Check if the Channel context (Chain Id) aligns with the Authentication token Chain id
+    match request_parts.extensions().get::<Auth>() {
+            // If Chain Ids differ, the requester hasn't generated Auth token
+            // to access the Channel in it's Chain Id.
+            Some(auth) if auth.chain.chain_id != channel_context.chain.chain_id => {
+                return Err(ResponseError::Forbidden("Authentication token is generated for different Chain and differs from the Channel's Chain".into()))
+            }
+            _ => {},
+        }
+
+    request_parts.extensions_mut().insert(channel_context);
+
+    let request = request_parts.try_into_request().expect("Body extracted");
+
+    Ok(next.run(request).await)
+}

sentry/src/routes/campaign.rs

@@ -503,6 +503,26 @@ pub mod update_campaign {
 
     use super::*;
 
+    pub async fn handle_route_axum<C: Locked + 'static>(
+        Json(modify_campaign_fields): Json<ModifyCampaign>,
+        Extension(campaign_being_mutated): Extension<ChainOf<Campaign>>,
+        Extension(app): Extension<Arc<Application<C>>>,
+    ) -> Result<Json<Campaign>, ResponseError> {
+        // modify Campaign
+        let modified_campaign = modify_campaign(
+            app.adapter.clone(),
+            &app.pool,
+            &app.config,
+            &app.campaign_remaining,
+            &campaign_being_mutated,
+            modify_campaign_fields,
+        )
+        .await
+        .map_err(|err| ResponseError::BadRequest(err.to_string()))?;
+
+        Ok(Json(modified_campaign))
+    }
+
     /// POST `/v5/campaign/:id` (auth required)
     ///
     /// Request body (json): [`ModifyCampaign`](`primitives::sentry::campaign_modify::ModifyCampaign`)