move default headers to rest template config

Author: snopoke

src/main/java/org/commcare/formplayer/services/RestoreFactory.java

@@ -1,10 +1,9 @@
 package org.commcare.formplayer.services;
 
-import static org.commcare.formplayer.util.Constants.TOGGLE_INCLUDE_STATE_HASH;
-
 import com.google.common.collect.ImmutableMap;
 import com.timgroup.statsd.StatsDClient;
-
+import datadog.trace.api.Trace;
+import io.sentry.SentryLevel;
 import org.apache.commons.io.IOUtils;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
@@ -25,14 +24,12 @@
 import org.commcare.formplayer.sqlitedb.UserDB;
 import org.commcare.formplayer.util.Constants;
 import org.commcare.formplayer.util.FormplayerSentry;
-import org.commcare.formplayer.util.RequestUtils;
 import org.commcare.formplayer.util.SimpleTimer;
 import org.commcare.formplayer.util.UserUtils;
 import org.commcare.formplayer.web.client.WebClient;
 import org.commcare.modern.database.TableBuilder;
 import org.javarosa.core.api.ClassNameHasher;
 import org.javarosa.core.model.User;
-import org.javarosa.core.util.PropertyUtils;
 import org.javarosa.core.util.externalizable.PrototypeFactory;
 import org.javarosa.xml.util.InvalidStructureException;
 import org.javarosa.xml.util.UnfullfilledRequirementsException;
@@ -55,27 +52,23 @@
 import org.xml.sax.SAXException;
 import org.xmlpull.v1.XmlPullParserException;
 
+import javax.annotation.PreDestroy;
+import javax.annotation.Resource;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.UnsupportedEncodingException;
 import java.net.URI;
 import java.sql.SQLException;
-import java.time.Duration;
-import java.util.Collections;
 import java.util.HashMap;
 import java.util.LinkedHashMap;
 import java.util.Map;
 import java.util.concurrent.TimeUnit;
 
-import javax.annotation.PreDestroy;
-import javax.annotation.Resource;
-import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
-import javax.xml.parsers.ParserConfigurationException;
-
-import datadog.trace.api.Trace;
-import io.sentry.SentryLevel;
+import static org.commcare.formplayer.util.Constants.TOGGLE_INCLUDE_STATE_HASH;
 
 
 /**
@@ -107,8 +100,6 @@ public class RestoreFactory {
 
     private static final String DEVICE_ID_SLUG = "WebAppsLogin";
 
-    private static final String ORIGIN_TOKEN_SLUG = "OriginToken";
-
     @Autowired
     protected StatsDClient datadogStatsDClient;
 
@@ -124,18 +115,9 @@ public class RestoreFactory {
     @Autowired
     private WebClient webClient;
 
-    @Autowired
-    private RedisTemplate redisTemplateLong;
-
     @Resource(name = "redisTemplateLong")
     private ValueOperations<String, Long> valueOperations;
 
-    @Autowired
-    private RedisTemplate redisTemplateString;
-
-    @Resource(name = "redisTemplateString")
-    private ValueOperations<String, String> originTokens;
-
     @Autowired
     private RedisTemplate redisSetTemplate;
 
@@ -593,17 +575,9 @@ private HttpHeaders getStandardHeaders() {
         if (syncToken != null) {
             headers.set("X-CommCareHQ-LastSyncToken", getSyncToken());
         }
-        headers.setAll(getOriginTokenHeader());
         return headers;
     }
 
-    private Map<String, String> getOriginTokenHeader() {
-        String originToken = PropertyUtils.genUUID();
-        String redisKey = String.format("%s%s", ORIGIN_TOKEN_SLUG, originToken);
-        originTokens.set(redisKey, "valid", Duration.ofSeconds(60));
-        return Collections.singletonMap("X-CommCareHQ-Origin-Token", originToken);
-    }
-
     public URI getRestoreUrl(boolean skipFixtures) {
         // TODO: remove timing once the state hash rollout is complete
         return categoryTimingHelper.timed(Constants.TimingCategories.BUILD_RESTORE_URL, () -> {

src/main/java/org/commcare/formplayer/web/client/CommCareDefaultHeaders.java

@@ -0,0 +1,50 @@
+package org.commcare.formplayer.web.client;
+
+import org.commcare.formplayer.util.RequestUtils;
+import org.javarosa.core.util.PropertyUtils;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.boot.web.client.RestTemplateRequestCustomizer;
+import org.springframework.data.redis.core.ValueOperations;
+import org.springframework.http.client.ClientHttpRequest;
+import org.springframework.stereotype.Component;
+
+import javax.annotation.Resource;
+import java.time.Duration;
+
+
+/**
+ * Adds default headers to requests to CommCareHQ
+ */
+@Component
+public class CommCareDefaultHeaders implements RestTemplateRequestCustomizer {
+
+    private static final String ORIGIN_TOKEN_SLUG = "OriginToken";
+    private final CommCareRequestFilter requestFilter;
+
+    @Resource(name = "redisTemplateString")
+    private ValueOperations<String, String> originTokens;
+
+    public CommCareDefaultHeaders(@Value("${commcarehq.host}") String commcareHost) {
+        requestFilter = new CommCareRequestFilter(commcareHost);
+    }
+
+    @Override
+    public void customize(ClientHttpRequest request) {
+        if (!requestFilter.isMatch(request)) {
+            return;
+        }
+
+        String ipAddress = RequestUtils.getIpAddress();
+        if (ipAddress != null) {
+            request.getHeaders().add("X-CommCareHQ-Origin-IP", ipAddress);
+        }
+        request.getHeaders().add("X-CommCareHQ-Origin-Token", getOriginTokenHeader());
+    }
+
+    private String getOriginTokenHeader() {
+        String originToken = PropertyUtils.genUUID();
+        String redisKey = String.format("%s%s", ORIGIN_TOKEN_SLUG, originToken);
+        originTokens.set(redisKey, "valid", Duration.ofSeconds(60));
+        return originToken;
+    }
+}

src/main/java/org/commcare/formplayer/web/client/CommCareHmacRequestFilter.java

@@ -0,0 +1,22 @@
+package org.commcare.formplayer.web.client;
+
+import org.commcare.formplayer.util.RequestUtils;
+import org.springframework.http.HttpRequest;
+
+/**
+ * Filter to determine if a request is a request to CommCare. Additionally, filter based on
+ * whether the current Spring request was authenticated with HMAC or not.
+ */
+public class CommCareHmacRequestFilter extends CommCareRequestFilter {
+
+    private final boolean matchHmac;
+
+    public CommCareHmacRequestFilter(String commcareHost, boolean matchHmac) {
+        super(commcareHost);
+        this.matchHmac = matchHmac;
+    }
+
+    public boolean isMatch(HttpRequest request) {
+        return super.isMatch(request) && matchHmac == RequestUtils.requestAuthedWithHmac();
+    }
+}

src/main/java/org/commcare/formplayer/web/client/CommCareRequestFilter.java

@@ -6,22 +6,17 @@
 import java.util.function.Predicate;
 
 /**
- * Filter to determine if a request is a request to CommCare. Additionally, it can filter based on
- * whether the current Spring request was authenticated with HMAC.
+ * Filter to determine if a request is a request to CommCare.
  */
 public class CommCareRequestFilter {
 
     private final String commcareHost;
-    private final boolean matchHmac;
 
-    public CommCareRequestFilter(String commcareHost, boolean matchHmac) {
+    public CommCareRequestFilter(String commcareHost) {
         this.commcareHost = commcareHost;
-        this.matchHmac = matchHmac;
     }
 
     public boolean isMatch(HttpRequest request) {
-        boolean currentRequestUsedHMAC = RequestUtils.requestAuthedWithHmac();
-        boolean isCommCareRequest = request.getURI().toString().startsWith(commcareHost);
-        return isCommCareRequest && (matchHmac == currentRequestUsedHMAC);
+        return request.getURI().toString().startsWith(commcareHost);
     }
 }

src/main/java/org/commcare/formplayer/web/client/RestTemplateConfig.java

@@ -1,6 +1,7 @@
 package org.commcare.formplayer.web.client;
 
 import org.commcare.formplayer.util.Constants;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.boot.web.client.RestTemplateBuilder;
 import org.springframework.context.annotation.Bean;
@@ -19,6 +20,9 @@ public class RestTemplateConfig {
 
     public static String MODE_REPLACE_HOST = "replace-host";
 
+    @Autowired
+    private CommCareDefaultHeaders commCareDefaultHeaders;
+
     @Value("${formplayer.externalRequestMode}")
     private String externalRequestMode;
 
@@ -45,16 +49,17 @@ public RestTemplate restTemplate(RestTemplateBuilder builder) throws URISyntaxEx
         builder = builder
                 .setConnectTimeout(Duration.ofMillis(Constants.CONNECT_TIMEOUT))
                 .setReadTimeout(Duration.ofMillis(Constants.READ_TIMEOUT))
-                .requestFactory(OkHttp3ClientHttpRequestFactory.class);
+                .requestFactory(OkHttp3ClientHttpRequestFactory.class)
+                .additionalRequestCustomizers(commCareDefaultHeaders);
 
         if (externalRequestMode.equals(MODE_REPLACE_HOST)) {
             log.warn(String.format("RestTemplate configured in '%s' mode", externalRequestMode));
             builder = builder.additionalInterceptors(
                     new RewriteHostRequestInterceptor(commcareHost));
         }
 
-        CommCareRequestFilter hmacAuthFilter = new CommCareRequestFilter(commcareHost, true);
-        CommCareRequestFilter sessionAuthFilter = new CommCareRequestFilter(commcareHost, false);
+        CommCareRequestFilter hmacAuthFilter = new CommCareHmacRequestFilter(commcareHost, true);
+        CommCareRequestFilter sessionAuthFilter = new CommCareHmacRequestFilter(commcareHost, false);
         return builder.additionalInterceptors(
                 new HmacAuthInterceptor(hmacAuthFilter, formplayerAuthKey),
                 new SessionAuthInterceptor(sessionAuthFilter)

src/main/java/org/commcare/formplayer/web/client/WebClient.java

@@ -1,23 +1,16 @@
 package org.commcare.formplayer.web.client;
 
 import com.google.common.collect.Multimap;
-
+import lombok.extern.apachecommons.CommonsLog;
 import org.commcare.formplayer.services.RestoreFactory;
-import org.commcare.formplayer.util.RequestUtils;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.http.HttpHeaders;
-import org.springframework.http.HttpStatus;
-import org.springframework.http.MediaType;
-import org.springframework.http.RequestEntity;
-import org.springframework.http.ResponseEntity;
+import org.springframework.http.*;
 import org.springframework.stereotype.Component;
 import org.springframework.util.LinkedMultiValueMap;
 import org.springframework.web.client.RestTemplate;
 
 import java.net.URI;
 
-import lombok.extern.apachecommons.CommonsLog;
-
 @Component
 @CommonsLog
 public class WebClient {
@@ -63,10 +56,6 @@ public <T> String post(String url, T body, boolean isMultipart) {
         if (isMultipart) {
             headers.setContentType(MediaType.MULTIPART_FORM_DATA);
         }
-        String ipAddress = RequestUtils.getIpAddress();
-        if (ipAddress != null) {
-            headers.add("X-CommCareHQ-Origin-IP", ipAddress);
-        }
         return postRaw(uri, headers, body, String.class).getBody();
     }