Giter Club home page Giter Club logo

Comments (3)

lilgallon avatar lilgallon commented on June 24, 2024

What do you mean exactly ? As of now, endpoints are secured by the implementation of Http4TransportServer. Example here:

ocpi-toolkit/ocpi-toolkit-2.2.1/src/test/kotlin/com/izivia/ocpi/toolkit/samples/common/Http4kTransportServer.kt

Lines 62 to 64 in 6f0acea

.also { httpRequest ->
if (secured) runBlocking { secureFilter(httpRequest) }
}

The secureFilter is that method in HttpUtils:

ocpi-toolkit/ocpi-toolkit-2.2.1/src/main/kotlin/com/izivia/ocpi/toolkit/common/HttpUtils.kt

Lines 261 to 284 in 6f0acea

suspend fun PartnerRepository.checkToken(
httpRequest: HttpRequest
) {
val token = httpRequest.parseAuthorizationHeader()
/**
* From OCPI 2.2.1 doc:
* When a server receives a request with a valid CREDENTIALS_TOKEN_A, on another module than: credentials or
* versions, the server SHALL respond with an HTTP 401 - Unauthorized status code.
*
* So, we allow token A only if we are in this case.
*/
val allowTokenA = httpRequest.path.contains("versions") ||
httpRequest.path.contains("/{versionNumber}") ||
httpRequest.path.contains("credentials")
val validToken = (allowTokenA && isCredentialsTokenAValid(token)) ||
isCredentialsServerTokenValid(token)
if (!validToken) {
throw OcpiClientInvalidParametersException("Invalid server token (token A allowed: $allowTokenA): $token")
}
}

The secured boolean is set to true by default in transportServer.handle().

ocpi-toolkit/transport/src/main/kotlin/com/izivia/ocpi/toolkit/transport/TransportServer.kt

Lines 17 to 24 in 6f0acea

suspend fun handle(
method: HttpMethod,
path: List<PathSegment>,
queryParams: List<String> = emptyList(),
secured: Boolean = true,
filters: List<(request: HttpRequest) -> Unit> = emptyList(),
callback: suspend (request: HttpRequest) -> HttpResponse
)

It is used by every OCPI module server implementation. Example in LocationsCpoServer.kt :

ocpi-toolkit/ocpi-toolkit-2.2.1/src/main/kotlin/com/izivia/ocpi/toolkit/modules/locations/LocationsCpoServer.kt

Lines 39 to 51 in 6f0acea

transportServer.handle(
method = HttpMethod.GET,
path = basePathSegments + listOf(
VariablePathSegment("locationId")
)
) { req ->
req.httpResponse {
service
.getLocation(
locationId = req.pathParams["locationId"]!!
)
}
}

from ocpi-toolkit.

andacata avatar andacata commented on June 24, 2024

Oh, sorry. I'm talking about the required endpoints from the other platform. From the documentation:

7.1.6. Required endpoints not available
When two platforms connect, it might happen that one of the platforms expects a certain endpoint to be available at the other platform.
For example: a Platform with a CPO role could only want to connect when the CDRs endpoint is available in an platform with an eMSP role.
In case the Sender (starting the credentials exchange process) cannot find the endpoints it expects, it is expected NOT to send the POST request with credentials to the Receiver. Log a message/notify the administrator to contact the administrator of the Receiver platform.
In case the Receiver platform that cannot find the endpoints it expects, then it is expected to respond to the request with the status code 3003.

from ocpi-toolkit.

lilgallon avatar lilgallon commented on June 24, 2024

For that to be implemented, we would need to add a nullable parameter that would be something like "expectedEndpoints". If this is set, during client registration, we need to stop it if the expected endpoints are not available on the receiver

from ocpi-toolkit.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.