yoake/internal/twilio/verify.go

package twilio

import (
	"crypto/subtle"
	"fmt"
	"log"
	"net/http"
	"net/url"
	"path"
	"strings"

	"github.com/labstack/echo/v4"
	"github.com/labstack/echo/v4/middleware"

	"github.com/eternal-flame-AD/yoake/config"
	"github.com/eternal-flame-AD/yoake/internal/auth"
	"github.com/twilio/twilio-go/client"
)

func firstUrlValues(val url.Values) map[string]string {
	res := make(map[string]string)
	for k, v := range val {
		res[k] = v[0]
	}
	return res
}

func VerifyMiddleware(prefix string, baseurlS string) echo.MiddlewareFunc {
	baseURL, err := url.Parse(baseurlS)
	if err != nil {
		log.Fatalf("invalid twilio baseurl: %v", baseurlS)
	}
	log.Printf("twilio baseurl is %v", baseURL)
	var basicAuth echo.MiddlewareFunc
	if userpass := baseURL.User.String(); userpass != "" {
		basicAuth = middleware.BasicAuth(func(username, password string, c echo.Context) (bool, error) {
			ui := url.UserPassword(username, password)
			return subtle.ConstantTimeCompare([]byte(ui.String()), []byte(userpass)) == 1, nil
		})
	}
	return func(next echo.HandlerFunc) echo.HandlerFunc {
		verifySignature := func(c echo.Context) error {
			if reqAuth := auth.GetRequestAuth(c); reqAuth.Valid && reqAuth.HasRole(auth.RoleAdmin) {
				return next(c)
			}

			cleanPath := path.Clean(c.Request().URL.Path)
			//log.Printf("cleanPath: %s", cleanPath)
			if cleanPath == prefix || strings.HasPrefix(cleanPath, prefix+"/") {
				fullReq := c.Request().Clone(c.Request().Context())
				log.Printf("original request URL: %v, scheme=%s, host=%s, user=%s", c.Request().URL, c.Request().URL.Scheme, c.Request().URL.Host, c.Request().URL.User)
				fullReq.URL = baseURL.ResolveReference(c.Request().URL)
				fullReq.URL.User = nil
				if err := TwilioValidate(c, fullReq); err != nil {
					c.String(http.StatusOK, "We are sorry. Request Validation Failed. This is not your fault.")
					log.Printf("twilio verify failed: %v", err)
					return err
				}
			}
			return next(c)
		}
		if basicAuth != nil {
			return basicAuth(verifySignature)
		}
		return verifySignature
	}
}

func TwilioValidate(c echo.Context, req *http.Request) error {
	conf := config.Config().Twilio
	signature := req.Header.Get("X-Twilio-Signature")
	if signature == "" {
		if conf.SkipVerify {
			return nil
		}
		return fmt.Errorf("no twilio signature present")
	}
	requestValidator := client.NewRequestValidator(conf.AuthToken)
	if req.Method == "POST" {
		form, err := c.FormParams()
		if err != nil {
			return err
		}
		if !requestValidator.Validate(req.URL.String(), firstUrlValues(form), signature) {
			return fmt.Errorf("twilio signature verification failed")
		}
	} else if req.Method == "GET" {
		if !requestValidator.Validate(req.URL.String(), nil, signature) {
			return fmt.Errorf("twilio signature verification failed")
		}
	} else {
		return fmt.Errorf("twilio signature verification failed: unsupported method %s", req.Method)
	}

	return nil
}
init 2022-11-07 04:45:02 -06:00			`package twilio`

			`import (`
fix twilio authentication 2022-11-10 19:13:09 -06:00			`"crypto/subtle"`
init 2022-11-07 04:45:02 -06:00			`"fmt"`
			`"log"`
			`"net/http"`
			`"net/url"`
			`"path"`
			`"strings"`

			`"github.com/labstack/echo/v4"`
fix twilio authentication 2022-11-10 19:13:09 -06:00			`"github.com/labstack/echo/v4/middleware"`
init 2022-11-07 04:45:02 -06:00
			`"github.com/eternal-flame-AD/yoake/config"`
fix twilio authentication 2022-11-10 19:13:09 -06:00			`"github.com/eternal-flame-AD/yoake/internal/auth"`
init 2022-11-07 04:45:02 -06:00			`"github.com/twilio/twilio-go/client"`
			`)`

			`func firstUrlValues(val url.Values) map[string]string {`
			`res := make(map[string]string)`
			`for k, v := range val {`
			`res[k] = v[0]`
			`}`
			`return res`
			`}`

fix twilio authentication 2022-11-10 19:13:09 -06:00			`func VerifyMiddleware(prefix string, baseurlS string) echo.MiddlewareFunc {`
			`baseURL, err := url.Parse(baseurlS)`
			`if err != nil {`
			`log.Fatalf("invalid twilio baseurl: %v", baseurlS)`
			`}`
			`log.Printf("twilio baseurl is %v", baseURL)`
			`var basicAuth echo.MiddlewareFunc`
			`if userpass := baseURL.User.String(); userpass != "" {`
			`basicAuth = middleware.BasicAuth(func(username, password string, c echo.Context) (bool, error) {`
			`ui := url.UserPassword(username, password)`
			`return subtle.ConstantTimeCompare([]byte(ui.String()), []byte(userpass)) == 1, nil`
			`})`
			`}`
init 2022-11-07 04:45:02 -06:00			`return func(next echo.HandlerFunc) echo.HandlerFunc {`
fix twilio authentication 2022-11-10 19:13:09 -06:00			`verifySignature := func(c echo.Context) error {`
			`if reqAuth := auth.GetRequestAuth(c); reqAuth.Valid && reqAuth.HasRole(auth.RoleAdmin) {`
			`return next(c)`
			`}`
init 2022-11-07 04:45:02 -06:00
			`cleanPath := path.Clean(c.Request().URL.Path)`
			`//log.Printf("cleanPath: %s", cleanPath)`
			`if cleanPath == prefix \|\| strings.HasPrefix(cleanPath, prefix+"/") {`
fix twilio authentication 2022-11-10 19:13:09 -06:00			`fullReq := c.Request().Clone(c.Request().Context())`
			`log.Printf("original request URL: %v, scheme=%s, host=%s, user=%s", c.Request().URL, c.Request().URL.Scheme, c.Request().URL.Host, c.Request().URL.User)`
			`fullReq.URL = baseURL.ResolveReference(c.Request().URL)`
			`fullReq.URL.User = nil`
			`if err := TwilioValidate(c, fullReq); err != nil {`
init 2022-11-07 04:45:02 -06:00			`c.String(http.StatusOK, "We are sorry. Request Validation Failed. This is not your fault.")`
			`log.Printf("twilio verify failed: %v", err)`
			`return err`
			`}`
			`}`
			`return next(c)`
			`}`
fix twilio authentication 2022-11-10 19:13:09 -06:00			`if basicAuth != nil {`
			`return basicAuth(verifySignature)`
			`}`
			`return verifySignature`
init 2022-11-07 04:45:02 -06:00			`}`
			`}`

fix twilio authentication 2022-11-10 19:13:09 -06:00			`func TwilioValidate(c echo.Context, req *http.Request) error {`
init 2022-11-07 04:45:02 -06:00			`conf := config.Config().Twilio`
			`signature := req.Header.Get("X-Twilio-Signature")`
			`if signature == "" {`
			`if conf.SkipVerify {`
			`return nil`
			`}`
			`return fmt.Errorf("no twilio signature present")`
			`}`
			`requestValidator := client.NewRequestValidator(conf.AuthToken)`
			`if req.Method == "POST" {`
fix twilio authentication 2022-11-10 19:13:09 -06:00			`form, err := c.FormParams()`
			`if err != nil {`
			`return err`
			`}`
			`if !requestValidator.Validate(req.URL.String(), firstUrlValues(form), signature) {`
init 2022-11-07 04:45:02 -06:00			`return fmt.Errorf("twilio signature verification failed")`
			`}`
			`} else if req.Method == "GET" {`
			`if !requestValidator.Validate(req.URL.String(), nil, signature) {`
			`return fmt.Errorf("twilio signature verification failed")`
			`}`
			`} else {`
			`return fmt.Errorf("twilio signature verification failed: unsupported method %s", req.Method)`
			`}`

			`return nil`
			`}`