From 277b25a5d1b3600a1592028a08f09d821b4b32e1 Mon Sep 17 00:00:00 2001
From: Amaury <amaury.martiny@protonmail.com>
Date: Fri, 11 Dec 2020 20:44:38 +0100
Subject: [PATCH] chore: Temporarily allow Authorization header (#162)

* chore: Temporarily allow Authorization header

* Fix lint
---
 migrations/2020-08-02-220301_init/down.sql |  6 ---
 migrations/2020-08-02-220301_init/up.sql   | 29 ------------
 src/routes/check_email/header.rs           |  5 +++
 tests/check_email.rs                       | 51 +++++++++++++++-------
 4 files changed, 40 insertions(+), 51 deletions(-)
 delete mode 100644 migrations/2020-08-02-220301_init/down.sql
 delete mode 100644 migrations/2020-08-02-220301_init/up.sql

diff --git a/migrations/2020-08-02-220301_init/down.sql b/migrations/2020-08-02-220301_init/down.sql
deleted file mode 100644
index 3e08f56..0000000
--- a/migrations/2020-08-02-220301_init/down.sql
+++ /dev/null
@@ -1,6 +0,0 @@
--- This file should undo anything in `up.sql`
-
-
-DROP TABLE api_usage_records;
-DROP TABLE api_tokens;
-DROP TABLE users;
diff --git a/migrations/2020-08-02-220301_init/up.sql b/migrations/2020-08-02-220301_init/up.sql
deleted file mode 100644
index 78f8c33..0000000
--- a/migrations/2020-08-02-220301_init/up.sql
+++ /dev/null
@@ -1,29 +0,0 @@
-CREATE EXTENSION IF NOT EXISTS "uuid-ossp";
-
-CREATE TABLE users (
-    id UUID DEFAULT uuid_generate_v4() PRIMARY KEY,
-    stripe_customer VARCHAR(255) NOT NULL UNIQUE
-);
-
-CREATE TABLE api_tokens (
-    id INT GENERATED BY DEFAULT AS IDENTITY PRIMARY KEY,
-    api_token UUID DEFAULT uuid_generate_v4() NOT NULL UNIQUE,
-    stripe_subscription_item VARCHAR(255) NOT NULL UNIQUE,
-    user_id UUID NOT NULL,
-    CONSTRAINT fk_user
-      FOREIGN KEY(user_id) 
-	    REFERENCES users(id)
-        ON DELETE CASCADE
-);
-
-CREATE TABLE api_usage_records (
-    id INT GENERATED BY DEFAULT AS IDENTITY PRIMARY KEY,
-    api_token_id INT NOT NULL,
-    method VARCHAR(255) NOT NULL,
-    endpoint VARCHAR(255) NOT NULL,
-    created_at TIMESTAMP NOT NULL DEFAULT now(),
-    CONSTRAINT fk_api_token
-      FOREIGN KEY(api_token_id) 
-	    REFERENCES api_tokens(id)
-        ON DELETE CASCADE
-);
diff --git a/src/routes/check_email/header.rs b/src/routes/check_email/header.rs
index 34475fe..39e58b6 100644
--- a/src/routes/check_email/header.rs
+++ b/src/routes/check_email/header.rs
@@ -27,6 +27,7 @@ pub const DEFAULT_SAASIFY_SECRET: &str = "reacher_dev_secret";
 /// but there might be others in the future
 #[derive(Debug, PartialEq)]
 pub enum HeaderSecret {
+	Authorization,
 	Saasify,
 }
 
@@ -40,6 +41,8 @@ fn get_saasify_secret() -> String {
 /// for auth that match:
 /// - `x-saasify-proxy-secret`: this means auth is handled by saasify, we don't
 /// care about auth anymore.
+/// - `Authorization`: this is a temporary fix to allow all requests with this
+/// header.
 pub fn check_header(
 ) -> impl warp::Filter<Extract = (HeaderSecret,), Error = warp::Rejection> + Clone {
 	let saasify_secret = get_saasify_secret();
@@ -48,4 +51,6 @@ pub fn check_header(
 
 	warp::header::exact_ignore_case(SAASIFY_SECRET_HEADER, saasify_secret)
 		.map(|| HeaderSecret::Saasify)
+		.or(warp::header::<String>("authorization").map(|_| HeaderSecret::Authorization))
+		.unify()
 }
diff --git a/tests/check_email.rs b/tests/check_email.rs
index 40346d4..fb4fe54 100644
--- a/tests/check_email.rs
+++ b/tests/check_email.rs
@@ -25,6 +25,9 @@ use serde_json;
 use warp::http::StatusCode;
 use warp::test::request;
 
+const FOO_BAR_RESPONSE: &str = r#"{"input":"foo@bar","is_reachable":"invalid","misc":{"is_disposable":false,"is_role_account":false},"mx":{"accepts_mail":false,"records":[]},"smtp":{"can_connect_smtp":false,"has_full_inbox":false,"is_catch_all":false,"is_deliverable":false,"is_disabled":false},"syntax":{"address":null,"domain":"","is_valid_syntax":false,"username":""}}"#;
+const FOO_BAR_BAZ_RESPONSE: &str = r#"{"input":"foo@bar.baz","is_reachable":"invalid","misc":{"is_disposable":false,"is_role_account":false},"mx":{"accepts_mail":false,"records":[]},"smtp":{"can_connect_smtp":false,"has_full_inbox":false,"is_catch_all":false,"is_deliverable":false,"is_disabled":false},"syntax":{"address":"foo@bar.baz","domain":"bar.baz","is_valid_syntax":true,"username":"foo"}}"#;
+
 #[tokio::test]
 async fn test_missing_header() {
 	let resp = request()
@@ -36,10 +39,7 @@ async fn test_missing_header() {
 
 	println!("{:?}", resp);
 	assert_eq!(resp.status(), StatusCode::BAD_REQUEST);
-	assert_eq!(
-		resp.body(),
-		r#"Missing request header "x-saasify-proxy-secret""#
-	);
+	assert_eq!(resp.body(), r#"Missing request header "authorization""#);
 }
 
 #[tokio::test]
@@ -54,10 +54,7 @@ async fn test_wrong_saasify_secret() {
 
 	println!("{:?}", resp);
 	assert_eq!(resp.status(), StatusCode::BAD_REQUEST);
-	assert_eq!(
-		resp.body(),
-		r#"Invalid request header "x-saasify-proxy-secret""#
-	);
+	assert_eq!(resp.body(), r#"Missing request header "authorization""#);
 }
 
 #[tokio::test]
@@ -71,10 +68,7 @@ async fn test_input_foo_bar() {
 		.await;
 
 	assert_eq!(resp.status(), StatusCode::OK);
-	assert_eq!(
-		resp.body(),
-		r#"{"input":"foo@bar","is_reachable":"invalid","misc":{"is_disposable":false,"is_role_account":false},"mx":{"accepts_mail":false,"records":[]},"smtp":{"can_connect_smtp":false,"has_full_inbox":false,"is_catch_all":false,"is_deliverable":false,"is_disabled":false},"syntax":{"address":null,"domain":"","is_valid_syntax":false,"username":""}}"#
-	);
+	assert_eq!(resp.body(), FOO_BAR_RESPONSE);
 }
 
 #[tokio::test]
@@ -88,8 +82,33 @@ async fn test_input_foo_bar_baz() {
 		.await;
 
 	assert_eq!(resp.status(), StatusCode::OK);
-	assert_eq!(
-		resp.body(),
-		r#"{"input":"foo@bar.baz","is_reachable":"invalid","misc":{"is_disposable":false,"is_role_account":false},"mx":{"accepts_mail":false,"records":[]},"smtp":{"can_connect_smtp":false,"has_full_inbox":false,"is_catch_all":false,"is_deliverable":false,"is_disabled":false},"syntax":{"address":"foo@bar.baz","domain":"bar.baz","is_valid_syntax":true,"username":"foo"}}"#
-	);
+	assert_eq!(resp.body(), FOO_BAR_BAZ_RESPONSE);
+}
+
+#[tokio::test]
+async fn test_authorization_header() {
+	let resp = request()
+		.path("/v0/check_email")
+		.method("POST")
+		.header("authorization", "foo")
+		.json(&serde_json::from_str::<EndpointRequest>(r#"{"to_email": "foo@bar.baz"}"#).unwrap())
+		.reply(&create_routes())
+		.await;
+
+	assert_eq!(resp.status(), StatusCode::OK);
+	assert_eq!(resp.body(), FOO_BAR_BAZ_RESPONSE);
+}
+
+#[tokio::test]
+async fn test_authorization_capital_header() {
+	let resp = request()
+		.path("/v0/check_email")
+		.method("POST")
+		.header("Authorization", "foo")
+		.json(&serde_json::from_str::<EndpointRequest>(r#"{"to_email": "foo@bar.baz"}"#).unwrap())
+		.reply(&create_routes())
+		.await;
+
+	assert_eq!(resp.status(), StatusCode::OK);
+	assert_eq!(resp.body(), FOO_BAR_BAZ_RESPONSE);
 }