require user hash

cenkalti · cenkalti · commit 3af795013877 · 2018-09-05T10:27:01.000+03:00
diff --git a/config.go b/config.go
@@ -13,6 +13,8 @@ type Config struct {
 	ShutdownTimeout uint
 	// MySQL database DSN.
 	MySQLDSN string
+	// Secret for signing user IDs.
+	Secret string
 }
 
 func NewConfig() (*Config, error) {
diff --git a/internal/pas/event.go b/internal/pas/event.go
@@ -9,6 +9,7 @@ import (
 
 type Event struct {
 	UserID     UserID     `json:"user_id"`
+	UserHash   string     `json:"user_hash"`
 	Timestamp  *time.Time `json:"timestamp"`
 	Name       EventName  `json:"name"`
 	Properties []Property `json:"properties"`
diff --git a/internal/pas/handler.go b/internal/pas/handler.go
@@ -1,18 +1,23 @@
 package pas
 
 import (
+	"crypto/hmac"
+	"crypto/sha256"
+	"encoding/hex"
 	"encoding/json"
 	"net/http"
 )
 
 type Handler struct {
 	http.Handler
 	analytics *Analytics
+	secret    []byte
 }
 
-func NewHandler(analytics *Analytics) *Handler {
+func NewHandler(analytics *Analytics, secret string) *Handler {
 	h := &Handler{
 		analytics: analytics,
+		secret:    []byte(secret),
 	}
 	mux := http.NewServeMux()
 	mux.HandleFunc("/api/events", h.handleEvents)
@@ -34,6 +39,17 @@ func (s *Handler) handleEvents(w http.ResponseWriter, r *http.Request) {
 		http.Error(w, err.Error(), http.StatusBadRequest)
 		return
 	}
+	if len(s.secret) > 0 {
+		hash := hmac.New(sha256.New, s.secret)
+		for _, e := range events.Events {
+			hash.Write([]byte(e.UserID))
+			if hex.EncodeToString(hash.Sum(nil)) != e.UserHash {
+				http.Error(w, "invalid user_hash", http.StatusBadRequest)
+				return
+			}
+			hash.Reset()
+		}
+	}
 	_, err = s.analytics.InsertEvents(events.Events)
 	if err != nil {
 		http.Error(w, err.Error(), http.StatusInternalServerError)
@@ -53,6 +69,17 @@ func (s *Handler) handleUsers(w http.ResponseWriter, r *http.Request) {
 		http.Error(w, err.Error(), http.StatusBadRequest)
 		return
 	}
+	if len(s.secret) > 0 {
+		hash := hmac.New(sha256.New, s.secret)
+		for _, u := range users.Users {
+			hash.Write([]byte(u.ID))
+			if hex.EncodeToString(hash.Sum(nil)) != u.Hash {
+				http.Error(w, "invalid user_hash", http.StatusBadRequest)
+				return
+			}
+			hash.Reset()
+		}
+	}
 	_, err = s.analytics.UpdateUsers(users.Users)
 	if err != nil {
 		http.Error(w, err.Error(), http.StatusInternalServerError)
diff --git a/internal/pas/handler_test.go b/internal/pas/handler_test.go
@@ -2,7 +2,11 @@ package pas_test
 
 import (
 	"bytes"
+	"crypto/hmac"
+	"crypto/sha256"
 	"database/sql"
+	"encoding/hex"
+	"fmt"
 	"log"
 	"net/http"
 	"net/http/httptest"
@@ -23,7 +27,7 @@ func init() {
 
 	analytics := pas.NewAnalytics(db)
 
-	handler = pas.NewHandler(analytics)
+	handler = pas.NewHandler(analytics, "")
 }
 
 func TestPostEvents(t *testing.T) {
@@ -67,3 +71,60 @@ func TestPostUsers(t *testing.T) {
 			status, http.StatusOK)
 	}
 }
+
+func TestUserHash(t *testing.T) {
+	const secret = "foobar"
+
+	db, err := sql.Open("mysql", localDSN)
+	if err != nil {
+		log.Fatal(err)
+	}
+	defer db.Close()
+
+	analytics := pas.NewAnalytics(db)
+
+	handler := pas.NewHandler(analytics, secret)
+
+	s0 := `{
+		"events": [
+		{"name": "test_done", "user_id": "1234", "user_hash": "%s", "timestamp": "2000-01-01T01:02:03Z", "properties": [
+				{"name": "foo", "value": "bar", "type": "string"}
+		]}]}
+	`
+
+	// Test invalid secret
+	s := fmt.Sprintf(s0, generateUserHash("1234", "invalid"))
+	var postBody = bytes.NewBufferString(s)
+	req, err := http.NewRequest("POST", "/api/events", postBody)
+	if err != nil {
+		t.Fatal(err)
+	}
+	rr := httptest.NewRecorder()
+	handler.ServeHTTP(rr, req)
+	if status := rr.Code; status != http.StatusBadRequest {
+		t.Log(rr.Body.String())
+		t.Errorf("handler returned wrong status code: got %v want %v",
+			status, http.StatusOK)
+	}
+
+	// Test correct secret
+	s = fmt.Sprintf(s0, generateUserHash("1234", secret))
+	postBody = bytes.NewBufferString(s)
+	req, err = http.NewRequest("POST", "/api/events", postBody)
+	if err != nil {
+		t.Fatal(err)
+	}
+	rr = httptest.NewRecorder()
+	handler.ServeHTTP(rr, req)
+	if status := rr.Code; status != http.StatusOK {
+		t.Log(rr.Body.String())
+		t.Errorf("handler returned wrong status code: got %v want %v",
+			status, http.StatusOK)
+	}
+}
+
+func generateUserHash(userID, secret string) string {
+	hash := hmac.New(sha256.New, []byte(secret))
+	hash.Write([]byte(userID))
+	return hex.EncodeToString(hash.Sum(nil))
+}
diff --git a/internal/pas/user.go b/internal/pas/user.go
@@ -7,6 +7,7 @@ import (
 
 type User struct {
 	ID         UserID     `json:"id"`
+	Hash       string     `json:"hash"`
 	Properties []Property `json:"properties"`
 }
 
diff --git a/main.go b/main.go
@@ -52,7 +52,7 @@ func main() {
 	}()
 
 	analytics := pas.NewAnalytics(db)
-	handler := pas.NewHandler(analytics)
+	handler := pas.NewHandler(analytics, config.Secret)
 	server := pas.NewServer(config.ListenAddress, handler)
 
 	go server.ListenAndServe()

Original file line number	Diff line number	Diff line change
`@@ -13,6 +13,8 @@ type Config struct {`
`13`	`13`	`ShutdownTimeout uint`
`14`	`14`	`// MySQL database DSN.`
`15`	`15`	`MySQLDSN string`
	`16`	`+ // Secret for signing user IDs.`
	`17`	`+ Secret string`
`16`	`18`	`}`
`17`	`19`
`18`	`20`	`func NewConfig() (*Config, error) {`
Original file line number	Diff line number	Diff line change
`@@ -7,6 +7,7 @@ import (`
`7`	`7`
`8`	`8`	`type User struct {`
`9`	`9`	ID UserID `json:"id"`
	`10`	+ Hash string `json:"hash"`
`10`	`11`	Properties []Property `json:"properties"`
`11`	`12`	`}`
`12`	`13`