Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

RFQ API Auth Cache #3007

Merged
merged 4 commits into from
Aug 15, 2024
Merged
Show file tree
Hide file tree
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 10 additions & 6 deletions services/rfq/api/rest/server.go
Original file line number Diff line number Diff line change
Expand Up @@ -278,18 +278,22 @@ func (r *QuoterAPIServer) checkRole(c *gin.Context, destChainID uint32) (address

if hasRole == nil || hasRole.IsExpired() {
has, roleErr := bridge.HasRole(ops, relayerRole, addressRecovered)
if roleErr == nil {
r.roleCache[destChainID].Set(addressRecovered.Hex(), has, cacheInterval)
}

if roleErr != nil {
err = fmt.Errorf("unable to check relayer role on-chain")
return addressRecovered, err
} else if !has {
err = fmt.Errorf("q.Relayer not an on-chain relayer")
}

r.roleCache[destChainID].Set(addressRecovered.Hex(), has, cacheInterval)

if !has {
err = fmt.Errorf("relayer not an on-chain relayer")
return addressRecovered, err
}
} else if !hasRole.Value() {
err = fmt.Errorf("relayer not an on-chain relayer")
return addressRecovered, err
ChiTimesChi marked this conversation as resolved.
Show resolved Hide resolved
}

return addressRecovered, nil
}

Expand Down
47 changes: 46 additions & 1 deletion services/rfq/api/rest/server_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -4,12 +4,13 @@ import (
"bytes"
"encoding/json"
"fmt"
apiClient "github.com/synapsecns/sanguine/services/rfq/api/client"
"io"
"net/http"
"strconv"
"time"

apiClient "github.com/synapsecns/sanguine/services/rfq/api/client"

"github.com/ethereum/go-ethereum/common/hexutil"
"github.com/ethereum/go-ethereum/crypto"
"github.com/synapsecns/sanguine/ethergo/signer/wallet"
Expand Down Expand Up @@ -205,6 +206,50 @@ func (c *ServerSuite) TestPutAndGetQuoteByRelayer() {
c.Assert().True(found, "Newly added quote not found")
}

func (c *ServerSuite) TestMultiplePutRequestsWithIncorrectAuth() {
// Start the API server in a separate goroutine and wait for it to initialize.
c.startQuoterAPIServer()

// Create a random wallet for incorrect authorization
randomWallet, err := wallet.FromRandom()
c.Require().NoError(err)

// Prepare the authorization header with a signed timestamp using the incorrect wallet
header, err := c.prepareAuthHeader(randomWallet)
c.Require().NoError(err)

// Perform multiple PUT requests to the API server with the incorrect authorization header
for i := 0; i < 3; i++ {
resp, err := c.sendPutQuoteRequest(header)
c.Require().NoError(err)
defer func() {
err = resp.Body.Close()
c.Require().NoError(err)
}()

// Read the response body
body, err := io.ReadAll(resp.Body)
c.Require().NoError(err)

// Log the response body for debugging
fmt.Printf("Request %d response: Status: %d, Body: %s\n", i+1, resp.StatusCode, string(body))

switch resp.StatusCode {
case http.StatusBadRequest, http.StatusUnauthorized, http.StatusForbidden:
// These are acceptable error status codes for failed authentication
c.Assert().True(true, "Request %d correctly failed with status %d", i+1, resp.StatusCode)
case http.StatusOK:
// The ModifyQuote method returns 200 OK with an empty body on success
c.Assert().Empty(string(body), "Request %d should return an empty body on success", i+1)

// Since this shouldn't happen with incorrect auth, fail the test
c.Fail("Request %d unexpectedly succeeded, while submitting incorrect authentication", i+1)
default:
c.Fail("Unexpected status code %d for request %d", resp.StatusCode, i+1)
}
}
}

func (c *ServerSuite) TestPutAck() {
c.startQuoterAPIServer()

Expand Down
Loading