refactor: [torrust#1275] move announce authentication in http tracker to core

Author: josecelano

packages/http-protocol/src/v1/responses/error.rs

@@ -79,6 +79,14 @@ impl From<bittorrent_tracker_core::error::WhitelistError> for Error {
     }
 }
 
+impl From<bittorrent_tracker_core::authentication::Error> for Error {
+    fn from(err: bittorrent_tracker_core::authentication::Error) -> Self {
+        Error {
+            failure_reason: format!("Tracker authentication error: {err}"),
+        }
+    }
+}
+
 #[cfg(test)]
 mod tests {
 

packages/tracker-core/src/authentication/key/mod.rs

@@ -185,6 +185,10 @@ pub enum Error {
     /// Indicates that the key has expired.
     #[error("Key has expired, {location}")]
     KeyExpired { location: &'static Location<'static> },
+
+    /// Indicates that the required key for authentication was not provided.
+    #[error("Missing authentication key, {location}")]
+    MissingAuthKey { location: &'static Location<'static> },
 }
 
 impl From<r2d2_sqlite::rusqlite::Error> for Error {

src/packages/http_tracker_core/services/announce.rs

@@ -8,13 +8,15 @@
 //! It also sends an [`http_tracker_core::statistics::event::Event`]
 //! because events are specific for the HTTP tracker.
 use std::net::IpAddr;
+use std::panic::Location;
 use std::sync::Arc;
 
 use bittorrent_http_protocol::v1::requests::announce::{peer_from_request, Announce};
 use bittorrent_http_protocol::v1::responses;
 use bittorrent_http_protocol::v1::services::peer_ip_resolver::{self, ClientIpSources};
 use bittorrent_tracker_core::announce_handler::{AnnounceHandler, PeersWanted};
 use bittorrent_tracker_core::authentication::service::AuthenticationService;
+use bittorrent_tracker_core::authentication::{self, Key};
 use bittorrent_tracker_core::whitelist;
 use torrust_tracker_configuration::Core;
 use torrust_tracker_primitives::core::AnnounceData;
@@ -42,12 +44,28 @@ use crate::packages::http_tracker_core;
 pub async fn handle_announce(
     core_config: &Arc<Core>,
     announce_handler: &Arc<AnnounceHandler>,
-    _authentication_service: &Arc<AuthenticationService>,
+    authentication_service: &Arc<AuthenticationService>,
     whitelist_authorization: &Arc<whitelist::authorization::WhitelistAuthorization>,
     opt_http_stats_event_sender: &Arc<Option<Box<dyn http_tracker_core::statistics::event::sender::Sender>>>,
     announce_request: &Announce,
     client_ip_sources: &ClientIpSources,
+    maybe_key: Option<Key>,
 ) -> Result<AnnounceData, responses::error::Error> {
+    // Authentication
+    if core_config.private {
+        match maybe_key {
+            Some(key) => match authentication_service.authenticate(&key).await {
+                Ok(()) => (),
+                Err(error) => return Err(error.into()),
+            },
+            None => {
+                return Err(responses::error::Error::from(authentication::key::Error::MissingAuthKey {
+                    location: Location::caller(),
+                }))
+            }
+        }
+    }
+
     // Authorization
     match whitelist_authorization.authorize(&announce_request.info_hash).await {
         Ok(()) => (),
@@ -257,6 +275,7 @@ mod tests {
                 &core_http_tracker_services.http_stats_event_sender,
                 &announce_request,
                 &client_ip_sources,
+                None,
             )
             .await
             .unwrap();
@@ -300,6 +319,7 @@ mod tests {
                 &core_http_tracker_services.http_stats_event_sender,
                 &announce_request,
                 &client_ip_sources,
+                None,
             )
             .await
             .unwrap();
@@ -351,6 +371,7 @@ mod tests {
                 &core_http_tracker_services.http_stats_event_sender,
                 &announce_request,
                 &client_ip_sources,
+                None,
             )
             .await
             .unwrap();
@@ -383,6 +404,7 @@ mod tests {
                 &core_http_tracker_services.http_stats_event_sender,
                 &announce_request,
                 &client_ip_sources,
+                None,
             )
             .await
             .unwrap();

src/servers/http/v1/extractors/authentication_key.rs

@@ -117,11 +117,6 @@ fn custom_error(rejection: &PathRejection) -> responses::error::Error {
                 location: Location::caller(),
             })
         }
-        axum::extract::rejection::PathRejection::MissingPathParams(_) => {
-            responses::error::Error::from(auth::Error::MissingAuthKey {
-                location: Location::caller(),
-            })
-        }
         _ => responses::error::Error::from(auth::Error::CannotExtractKeyParam {
             location: Location::caller(),
         }),
@@ -148,6 +143,9 @@ mod tests {
 
         let response = parse_key(invalid_key).unwrap_err();
 
-        assert_error_response(&response, "Authentication error: Invalid format for authentication key param");
+        assert_error_response(
+            &response,
+            "Tracker authentication error: Invalid format for authentication key param",
+        );
     }
 }

src/servers/http/v1/handlers/announce.rs

@@ -5,7 +5,6 @@
 //!
 //! The handlers perform the authentication and authorization of the request,
 //! and resolve the client IP address.
-use std::panic::Location;
 use std::sync::Arc;
 
 use aquatic_udp_protocol::AnnounceEvent;
@@ -22,12 +21,10 @@ use hyper::StatusCode;
 use torrust_tracker_configuration::Core;
 use torrust_tracker_primitives::core::AnnounceData;
 
-use super::common::auth::map_auth_error_to_error_response;
 use crate::packages::http_tracker_core;
 use crate::servers::http::v1::extractors::announce_request::ExtractRequest;
 use crate::servers::http::v1::extractors::authentication_key::Extract as ExtractKey;
 use crate::servers::http::v1::extractors::client_ip_sources::Extract as ExtractClientIpSources;
-use crate::servers::http::v1::handlers::common::auth;
 
 /// It handles the `announce` request when the HTTP tracker does not require
 /// authentication (no PATH `key` parameter required).
@@ -134,23 +131,6 @@ async fn handle_announce(
     client_ip_sources: &ClientIpSources,
     maybe_key: Option<Key>,
 ) -> Result<AnnounceData, responses::error::Error> {
-    // todo: move authentication inside `http_tracker_core::services::announce::handle_announce`
-
-    // Authentication
-    if core_config.private {
-        match maybe_key {
-            Some(key) => match authentication_service.authenticate(&key).await {
-                Ok(()) => (),
-                Err(error) => return Err(map_auth_error_to_error_response(&error)),
-            },
-            None => {
-                return Err(responses::error::Error::from(auth::Error::MissingAuthKey {
-                    location: Location::caller(),
-                }))
-            }
-        }
-    }
-
     http_tracker_core::services::announce::handle_announce(
         &core_config.clone(),
         &announce_handler.clone(),
@@ -159,6 +139,7 @@ async fn handle_announce(
         &opt_http_stats_event_sender.clone(),
         announce_request,
         client_ip_sources,
+        maybe_key,
     )
     .await
 }
@@ -339,10 +320,7 @@ mod tests {
             .await
             .unwrap_err();
 
-            assert_error_response(
-                &response,
-                "Authentication error: Missing authentication key param for private tracker",
-            );
+            assert_error_response(&response, "Tracker authentication error: Missing authentication key");
         }
 
         #[tokio::test]
@@ -366,7 +344,10 @@ mod tests {
             .await
             .unwrap_err();
 
-            assert_error_response(&response, "Authentication error: Failed to read key");
+            assert_error_response(
+                &response,
+                "Tracker authentication error: Failed to read key: YZSl4lMZupRuOpSRC3krIKR5BPB14nrJ",
+            );
         }
     }
 

src/servers/http/v1/handlers/common/auth.rs

@@ -14,18 +14,17 @@ use thiserror::Error;
 /// from the URL path.
 #[derive(Debug, Error)]
 pub enum Error {
-    #[error("Missing authentication key param for private tracker. Error in {location}")]
-    MissingAuthKey { location: &'static Location<'static> },
     #[error("Invalid format for authentication key param. Error in {location}")]
     InvalidKeyFormat { location: &'static Location<'static> },
+
     #[error("Cannot extract authentication key param from URL path. Error in {location}")]
     CannotExtractKeyParam { location: &'static Location<'static> },
 }
 
 impl From<Error> for responses::error::Error {
     fn from(err: Error) -> Self {
         responses::error::Error {
-            failure_reason: format!("Authentication error: {err}"),
+            failure_reason: format!("Tracker authentication error: {err}"),
         }
     }
 }
@@ -36,6 +35,6 @@ pub fn map_auth_error_to_error_response(err: &authentication::Error) -> response
     // impl From<authentication::Error> for responses::error::Error
     // Consider moving the trait implementation to the http-protocol package.
     responses::error::Error {
-        failure_reason: format!("Authentication error: {err}"),
+        failure_reason: format!("Tracker authentication error: {err}"),
     }
 }

tests/servers/http/asserts.rs

@@ -141,5 +141,9 @@ pub async fn assert_cannot_parse_query_params_error_response(response: Response,
 pub async fn assert_authentication_error_response(response: Response) {
     assert_eq!(response.status(), 200);
 
-    assert_bencoded_error(&response.text().await.unwrap(), "Authentication error", Location::caller());
+    assert_bencoded_error(
+        &response.text().await.unwrap(),
+        "Tracker authentication error",
+        Location::caller(),
+    );
 }