testing signed cookie implementation

slacgismo · Jan 29, 2024 · 7db461d · 7db461d
1 parent 651ac18
commit 7db461d
Show file tree

Hide file tree

Showing 6 changed files with 96 additions and 24 deletions.
diff --git a/frontend/src/components/Developer/Report/report.jsx b/frontend/src/components/Developer/Report/report.jsx
@@ -1,6 +1,7 @@
 import * as React from 'react';
 import { useEffect, useState } from 'react';
 import { SubmissionService } from '../../../services/submission_service';
+import { CookieService } from '../../../services/cookie_service';
 import ImageList from '@mui/material/ImageList';
 import ImageListItem from '@mui/material/ImageListItem';
 import List from '@mui/material/List';
@@ -19,7 +20,21 @@ export default function SubmissionReport(props) {
       try {
         console.log(props.submissionId)
         const result = await SubmissionService.getSubmissionResults(props.submissionId);
+        console.log("result", result);
+        const cloudfront_cookie = result.cloudfront_cookie;
+        console.log("cookie", cloudfront_cookie);
+
         setImageUrls(result.file_urls);
+        // CookieService.setPrivateReportCookies(x,props.submissionId,cloudfront_cookie);
+        // Add cookie logic here
+        /*
+        const cookie = CookieService.getCookie('access_token');
+        if (user signed in) {
+          CookieService.setPrivateReportCookies(user_id, report_id, domainName, policy, signature, keyPairId);
+        } else {
+          console.log('Access Denied: User not signed in. How did you get here?);
+        }
+        */
       } catch (error) {
         console.error('Error fetching submission results:', error);
       }
@@ -44,7 +59,7 @@ export default function SubmissionReport(props) {
           ))}
         </ImageList>
       </ListItem>
-
+{/*
       <Divider sx={{margin: '5%'}}/>
 
       <ListItem disablePadding sx={{margin: '3%'}}>
@@ -67,6 +82,7 @@ export default function SubmissionReport(props) {
             </ImageListItem>
         </ImageList>
       </ListItem>
+          */}
     </List>
 
   )

diff --git a/frontend/src/services/cookie_service.js b/frontend/src/services/cookie_service.js
@@ -0,0 +1,35 @@
+// This file should handle cookie logic for user sessions and private report authentication/access
+
+import client from "./api_service";
+import { useEffect, useState } from "react";
+import Cookies from 'universal-cookie';
+
+export const CookieService = {
+    getUserCookie() {
+        const cookies = new Cookies();
+        return cookies.get('user');
+    },
+    setPrivateReportCookies(user_id, report_id, domainName, policy, signature, keyPairId) {
+        const cookies = new Cookies();
+        cookies.set('CloudFront-Policy', 
+            policy, 
+            { path: '/', 
+            domain: domainName, 
+            secure: true, 
+            httpOnly: true });
+        cookies.set('CloudFront-Signature', 
+            signature, 
+            { path: '/', 
+            domain: domainName, 
+            secure: true, 
+            httpOnly: true });
+        cookies.set('CloudFront-Key-Pair-Id', 
+        keyPairId, 
+        { path: '/', 
+        domain: domainName, 
+        secure: true, 
+        httpOnly: true });
+
+        return "Private Report Cookies set for user " + user_id + " and report " + report_id;
+    }
+}
diff --git a/frontend/src/services/dashboard_service.js b/frontend/src/services/dashboard_service.js
@@ -1,11 +1,9 @@
 import {
     create_fake_image_array_list,
-    fake_discussion_output,
-    create_fake_leaderboard_array
+    fake_discussion_output
 } from './fake_data_service';
 import client from './api_service';
 import { useEffect, useState } from 'react';
-import { faker } from '@faker-js/faker';
 
 
 export const DashboardService = {

diff --git a/valhub/Dockerfile.prod b/valhub/Dockerfile.prod
@@ -3,9 +3,12 @@ FROM python:3.10-slim
 
 WORKDIR /root
 
-# Copy AWS configuration if needed
+# Copy AWS and PEM configuration if needed
+# Manually add the files to copy if not included in the host system
 RUN mkdir -p .aws
+RUN mkdir -p .pem
 COPY .aws /root/.aws
+COPY .pem /root/.pem
 
 # Create and set up the application directory
 RUN mkdir valhub

diff --git a/valhub/base/utils.py b/valhub/base/utils.py
@@ -75,17 +75,14 @@ def rsa_signer(message):
         private_key = rsa.PrivateKey.load_pkcs1(key_file.read())
     return rsa.sign(message, private_key, 'SHA-1')
 
-def get_cloudfront_cookie(directory_path):
-    if is_emulation:
-        return None
-    else:
-        key_id = 'your-cloudfront-key-pair-id'
-        url = 'https://your-cloudfront-url' + directory_path
-        expiration = datetime.datetime.now() + datetime.timedelta(hours=1)
+def create_cloudfront_cookie(directory_path):
+
+        key_id = 'K38U4Q0ELOYHZ1'
+        url = 'https://drt7tcx7xxmuz.cloudfront.net' + directory_path
         cloudfront_signer = CloudFrontSigner(key_id, rsa_signer)
 
         # Create signed cookies
-        policy = cloudfront_signer.build_policy(url, expiration)
+        policy = cloudfront_signer.build_policy(url)
         signed_cookies = cloudfront_signer.generate_cookies(policy=policy)
 
         return signed_cookies
diff --git a/valhub/submissions/views.py b/valhub/submissions/views.py
@@ -19,7 +19,7 @@
 import logging
 
 from analyses.models import Analysis
-from base.utils import upload_to_s3_bucket, is_emulation
+from base.utils import upload_to_s3_bucket, is_emulation, get_cloudfront_cookie
 from accounts.models import Account
 from .models import Submission
 from urllib.parse import urljoin
@@ -306,6 +306,9 @@ def get_submission_results(request, submission_id):
     user_id = submission.created_by.uuid
     bucket_name = "pv-validation-hub-bucket"
     results_directory = f"submission_files/submission_user_{user_id}/submission_{submission_id}/results/"
+    cf_results_path = f"/submission_user_{user_id}/submission_{submission_id}/results/"
+    file_urls = []
+    ret = {}
 
     # Update for actual S3 usage as well
     if is_emulation:
@@ -336,16 +339,36 @@ def get_submission_results(request, submission_id):
     if not png_files:
         return JsonResponse({"error": "No .png files found in the results directory"}, status=status.HTTP_404_NOT_FOUND)
 
-    file_urls = []
-
-    for png_file in png_files:
-        file_url = urljoin(base_url, png_file)
-        if file_url:
-            file_urls.append(file_url)
-        else:
-            return JsonResponse({"error": f"Error retrieving .png file: {png_file}"}, status=status.HTTP_500_INTERNAL_SERVER_ERROR)
-
-    return JsonResponse({"file_urls": file_urls})
+    if is_emulation:
+        # create an emulated signed session cookie for the results directory
+        cloudfront_cookie = get_cloudfront_cookie(base_url)
+        file_urls = [urljoin(base_url, file) for file in file_urls]
+
+        for png_file in png_files:
+            file_url = urljoin(base_url, png_file)
+            if file_url:
+                file_urls.append(file_url)
+            else:
+                return JsonResponse({"error": f"Error retrieving .png file: {png_file}"}, status=status.HTTP_500_INTERNAL_SERVER_ERROR)
+
+    else:
+        # create a signed session cookie for the results directory
+        cloudfront_url = "https://drt7tcx7xxmuz.cloudfront.net" + cf_results_path
+        cloudfront_cookie = get_cloudfront_cookie(cloudfront_url)
+        file_urls = [urljoin(cloudfront_url, file) for file in file_urls]
+
+        for png_file in png_files:
+            file_url = urljoin(cloudfront_url, png_file)
+            if file_url:
+                file_urls.append(file_url)
+            else:
+                return JsonResponse({"error": f"Error retrieving .png file: {png_file}"}, status=status.HTTP_500_INTERNAL_SERVER_ERROR)
+
+    #set returns
+    ret.file_urls = file_urls
+    ret.cloudfront_cookie = cloudfront_cookie
+
+    return JsonResponse(ret, status=status.HTTP_200_OK)
 
 @api_view(["GET"])
 @csrf_exempt