1use crate::prelude::*;
4use actix_http::Payload;
5use actix_web::{FromRequest, HttpRequest};
6use chrono::{DateTime, Duration, Utc};
7use futures::{
8 FutureExt,
9 future::{BoxFuture, Ready, ready},
10};
11use headless_lms_models::{
12 ModelError, ModelErrorType, ModelResult,
13 exercise_service_info::ExerciseServiceInfoApi,
14 exercise_task_gradings::{ExerciseTaskGradingRequest, ExerciseTaskGradingResult},
15 exercise_task_submissions::ExerciseTaskSubmission,
16 exercise_tasks::ExerciseTask,
17};
18use headless_lms_utils::error::backend_error::BackendError;
19use hmac::{Hmac, Mac};
20use jwt::{SignWithKey, VerifyWithKey};
21use models::SpecFetcher;
22use sha2::Sha256;
23use std::collections::HashMap;
24use std::sync::{Arc, Mutex};
25use std::{borrow::Cow, fmt::Debug};
26use url::Url;
27
28use super::error::{ControllerError, ControllerErrorType};
29
30const EXERCISE_SERVICE_GRADING_UPDATE_CLAIM_HEADER: &str = "exercise-service-grading-update-claim";
32const EXERCISE_SERVICE_UPLOAD_CLAIM_HEADER: &str = "exercise-service-upload-claim";
33
34type SpecCache = HashMap<(String, String, Option<String>), serde_json::Value>;
36
37#[derive(Clone, Debug)]
38pub struct JwtKey(Hmac<Sha256>);
39
40impl JwtKey {
41 pub fn try_from_env() -> anyhow::Result<Self> {
42 let jwt_password = std::env::var("JWT_PASSWORD").context("JWT_PASSWORD must be defined")?;
43 let jwt_key = Self::new(&jwt_password)?;
44 Ok(jwt_key)
45 }
46
47 pub fn new(key: &str) -> Result<Self, sha2::digest::InvalidLength> {
48 let key: Hmac<Sha256> = Hmac::new_from_slice(key.as_bytes())?;
49 Ok(Self(key))
50 }
51
52 #[cfg(test)]
53 pub fn test_key() -> Self {
54 let test_jwt_key = "sMG87WlKnNZoITzvL2+jczriTR7JRsCtGu/bSKaSIvw=asdfjklasd***FSDfsdASDFDS";
55 Self::new(test_jwt_key).unwrap()
56 }
57}
58
59#[derive(Debug, Serialize, Deserialize)]
60pub struct UploadClaim<'a> {
61 exercise_service_slug: Cow<'a, str>,
62 expiration_time: DateTime<Utc>,
63}
64
65impl<'a> UploadClaim<'a> {
66 pub fn exercise_service_slug(&self) -> &str {
67 self.exercise_service_slug.as_ref()
68 }
69
70 pub fn expiration_time(&self) -> &DateTime<Utc> {
71 &self.expiration_time
72 }
73
74 pub fn expiring_in_1_day(exercise_service_slug: Cow<'a, str>) -> Self {
75 Self {
76 exercise_service_slug,
77 expiration_time: Utc::now() + Duration::days(1),
78 }
79 }
80
81 pub fn sign(self, key: &JwtKey) -> String {
82 self.sign_with_key(&key.0).expect("should never fail")
83 }
84
85 pub fn validate(token: &str, key: &JwtKey) -> Result<Self, ControllerError> {
86 let claim: Self = token.verify_with_key(&key.0).map_err(|err| {
87 ControllerError::new(
88 ControllerErrorType::BadRequest,
89 format!("Invalid jwt key: {}", err),
90 Some(err.into()),
91 )
92 })?;
93 if claim.expiration_time < Utc::now() {
94 return Err(ControllerError::new(
95 ControllerErrorType::BadRequest,
96 "Upload claim has expired".to_string(),
97 None,
98 ));
99 }
100 Ok(claim)
101 }
102}
103
104impl FromRequest for UploadClaim<'_> {
105 type Error = ControllerError;
106 type Future = Ready<Result<Self, Self::Error>>;
107
108 fn from_request(req: &HttpRequest, _payload: &mut Payload) -> Self::Future {
109 let try_from_request = move || {
110 let jwt_key = req
111 .app_data::<web::Data<JwtKey>>()
112 .expect("Missing JwtKey in app data");
113 let header = req
114 .headers()
115 .get(EXERCISE_SERVICE_UPLOAD_CLAIM_HEADER)
116 .ok_or_else(|| {
117 ControllerError::new(
118 ControllerErrorType::BadRequest,
119 format!("Missing header {EXERCISE_SERVICE_UPLOAD_CLAIM_HEADER}",),
120 None,
121 )
122 })?;
123 let header = std::str::from_utf8(header.as_bytes()).map_err(|err| {
124 ControllerError::new(
125 ControllerErrorType::BadRequest,
126 format!(
127 "Invalid header {EXERCISE_SERVICE_UPLOAD_CLAIM_HEADER} = {}",
128 String::from_utf8_lossy(header.as_bytes())
129 ),
130 Some(err.into()),
131 )
132 })?;
133 let claim = UploadClaim::validate(header, jwt_key)?;
134 Result::<_, Self::Error>::Ok(claim)
135 };
136 ready(try_from_request())
137 }
138}
139
140#[derive(Debug, Serialize, Deserialize)]
141pub struct GradingUpdateClaim {
142 submission_id: Uuid,
143 expiration_time: DateTime<Utc>,
144}
145
146impl GradingUpdateClaim {
147 pub fn submission_id(&self) -> Uuid {
148 self.submission_id
149 }
150
151 pub fn expiration_time(&self) -> &DateTime<Utc> {
152 &self.expiration_time
153 }
154
155 pub fn expiring_in_1_day(submission_id: Uuid) -> Self {
156 Self {
157 submission_id,
158 expiration_time: Utc::now() + Duration::days(1),
159 }
160 }
161
162 pub fn sign(self, key: &JwtKey) -> String {
163 self.sign_with_key(&key.0).expect("should never fail")
164 }
165
166 pub fn validate(token: &str, key: &JwtKey) -> Result<Self, ControllerError> {
167 let claim: Self = token.verify_with_key(&key.0).map_err(|err| {
168 ControllerError::new(
169 ControllerErrorType::BadRequest,
170 format!("Invalid jwt key: {}", err),
171 Some(err.into()),
172 )
173 })?;
174 if claim.expiration_time < Utc::now() {
175 return Err(ControllerError::new(
176 ControllerErrorType::BadRequest,
177 "Grading update claim has expired".to_string(),
178 None,
179 ));
180 }
181 Ok(claim)
182 }
183}
184
185impl FromRequest for GradingUpdateClaim {
186 type Error = ControllerError;
187 type Future = Ready<Result<Self, Self::Error>>;
188
189 fn from_request(req: &HttpRequest, _payload: &mut Payload) -> Self::Future {
190 let try_from_request = move || {
191 let jwt_key = req
192 .app_data::<web::Data<JwtKey>>()
193 .expect("Missing JwtKey in app data");
194 let header = req
195 .headers()
196 .get(EXERCISE_SERVICE_GRADING_UPDATE_CLAIM_HEADER)
197 .ok_or_else(|| {
198 ControllerError::new(
199 ControllerErrorType::BadRequest,
200 format!("Missing header {EXERCISE_SERVICE_GRADING_UPDATE_CLAIM_HEADER}",),
201 None,
202 )
203 })?;
204 let header = std::str::from_utf8(header.as_bytes()).map_err(|err| {
205 ControllerError::new(
206 ControllerErrorType::BadRequest,
207 format!(
208 "Invalid header {EXERCISE_SERVICE_GRADING_UPDATE_CLAIM_HEADER} = {}",
209 String::from_utf8_lossy(header.as_bytes())
210 ),
211 Some(err.into()),
212 )
213 })?;
214 let claim = GradingUpdateClaim::validate(header, jwt_key)?;
215 Result::<_, Self::Error>::Ok(claim)
216 };
217 ready(try_from_request())
218 }
219}
220
221fn reqwest_err(err: reqwest::Error) -> ModelError {
222 ModelError::new(
223 ModelErrorType::Generic,
224 format!("Error during request: {err}"),
225 None,
226 )
227}
228
229#[derive(Debug, Serialize)]
231#[cfg_attr(feature = "ts_rs", derive(TS))]
232pub struct SpecRequest<'a> {
233 request_id: Uuid,
234 private_spec: Option<&'a serde_json::Value>,
235 upload_url: Option<String>,
236}
237
238pub fn make_spec_fetcher(
242 base_url: String,
243 request_id: Uuid,
244 jwt_key: Arc<JwtKey>,
245) -> impl SpecFetcher {
246 move |url, exercise_service_slug, private_spec| {
247 let client = reqwest::Client::new();
248 let upload_claim = UploadClaim::expiring_in_1_day(exercise_service_slug.into());
249 let upload_url = Some(format!("{base_url}/api/v0/files/{exercise_service_slug}"));
250 let req = client
251 .post(url.clone())
252 .header(
253 EXERCISE_SERVICE_UPLOAD_CLAIM_HEADER,
254 upload_claim.sign(&jwt_key),
255 )
256 .timeout(std::time::Duration::from_secs(120))
257 .json(&SpecRequest {
258 request_id,
259 private_spec,
260 upload_url,
261 })
262 .send();
263 async move {
264 let res = req.await.map_err(reqwest_err)?;
265 let status_code = res.status();
266 if !status_code.is_success() {
267 let error_text = res.text().await;
268 let error = error_text.as_deref().unwrap_or("(No text in response)");
269 error!(
270 ?url,
271 ?exercise_service_slug,
272 ?private_spec,
273 ?status_code,
274 "Exercise service returned an error while generating a spec: {}",
275 error
276 );
277 return Err(ModelError::new(
278 ModelErrorType::Generic,
279 format!(
280 "Failed to generate spec for exercise for {exercise_service_slug}: {error}."
281 ),
282 None,
283 ));
284 }
285 let json = res.json().await.map_err(reqwest_err)?;
286 Ok(json)
287 }
288 .boxed()
289 }
290}
291
292pub fn fetch_service_info(url: Url) -> BoxFuture<'static, ModelResult<ExerciseServiceInfoApi>> {
293 async {
294 let client = reqwest::Client::new();
295 let res = client
296 .get(url) .timeout(std::time::Duration::from_secs(120))
298 .send()
299 .await
300 .map_err(reqwest_err)?;
301 let status = res.status();
302 if !status.is_success() {
303 let response_url = res.url().to_string();
304 let body = res.text().await.map_err(reqwest_err)?;
305 warn!(url=?response_url, status=?status, body=?body, "Could not fetch service info.");
306 return Err(ModelError::new(
307 ModelErrorType::Generic,
308 "Could not fetch service info.".to_string(),
309 None,
310 ));
311 }
312 let res = res
313 .json::<ExerciseServiceInfoApi>()
314 .await
315 .map_err(reqwest_err)?;
316 Ok(res)
317 }
318 .boxed()
319}
320
321pub fn make_grading_request_sender(
322 jwt_key: Arc<JwtKey>,
323) -> impl Fn(
324 Url,
325 &ExerciseTask,
326 &ExerciseTaskSubmission,
327) -> BoxFuture<'static, ModelResult<ExerciseTaskGradingResult>> {
328 move |grade_url, exercise_task, submission| {
329 let client = reqwest::Client::new();
330 let grading_update_url = format!(
332 "http://project-331.local/api/v0/exercise-services/grading/grading-update/{}",
333 submission.id
334 );
335 let grading_update_claim = GradingUpdateClaim::expiring_in_1_day(submission.id);
336 let req = client
337 .post(grade_url)
338 .header(
339 EXERCISE_SERVICE_GRADING_UPDATE_CLAIM_HEADER,
340 grading_update_claim.sign(&jwt_key),
341 )
342 .timeout(std::time::Duration::from_secs(120))
343 .json(&ExerciseTaskGradingRequest {
344 grading_update_url: &grading_update_url,
345 exercise_spec: &exercise_task.private_spec,
346 submission_data: &submission.data_json,
347 });
348 async move {
349 let res = req.send().await.map_err(reqwest_err)?;
350 let status = res.status();
351 if !status.is_success() {
352 let response_body = res.text().await;
353 error!(
354 ?response_body,
355 "Grading request returned an unsuccesful status code"
356 );
357 let source_error = ModelError::new(
358 ModelErrorType::Generic,
359 format!("{:?}", response_body),
360 None,
361 );
362 return Err(ModelError::new(
363 ModelErrorType::Generic,
364 "Grading failed".to_string(),
365 Some(source_error.into()),
366 ));
367 }
368 let obj = res
369 .json::<ExerciseTaskGradingResult>()
370 .await
371 .map_err(reqwest_err)?;
372 info!("Received a grading result: {:#?}", &obj);
373 Ok(obj)
374 }
375 .boxed()
376 }
377}
378
379#[derive(Debug, Serialize, Deserialize)]
380pub struct GivePeerReviewClaim {
381 pub exercise_slide_submission_id: Uuid,
382 pub peer_or_self_review_config_id: Uuid,
383 expiration_time: DateTime<Utc>,
384}
385
386impl GivePeerReviewClaim {
387 pub fn expiring_in_1_day(
388 exercise_slide_submission_id: Uuid,
389 peer_or_self_review_config_id: Uuid,
390 ) -> Self {
391 Self {
392 exercise_slide_submission_id,
393 peer_or_self_review_config_id,
394 expiration_time: Utc::now() + Duration::days(1),
395 }
396 }
397
398 pub fn sign(self, key: &JwtKey) -> String {
399 self.sign_with_key(&key.0).expect("should never fail")
400 }
401
402 pub fn validate(token: &str, key: &JwtKey) -> Result<Self, ControllerError> {
403 let claim: Self = token.verify_with_key(&key.0).map_err(|err| {
404 ControllerError::new(
405 ControllerErrorType::BadRequest,
406 format!("Invalid claim: {}", err),
407 Some(err.into()),
408 )
409 })?;
410 if claim.expiration_time < Utc::now() {
411 return Err(ControllerError::new(
412 ControllerErrorType::BadRequest,
413 "The review has expired.".to_string(),
414 None,
415 ));
416 }
417 Ok(claim)
418 }
419}
420
421pub fn make_seed_spec_fetcher_with_cache(
425 base_url: String,
426 request_id: Uuid,
427 jwt_key: Arc<JwtKey>,
428) -> impl SpecFetcher {
429 let cache: Arc<Mutex<SpecCache>> = Arc::new(Mutex::new(HashMap::new()));
431
432 let base_fetcher = Arc::new(make_spec_fetcher(base_url, request_id, jwt_key));
434
435 move |url, exercise_service_slug, private_spec| {
436 let url_str = url.to_string();
437 let service_slug = exercise_service_slug.to_string();
438 let private_spec_str =
440 private_spec.map(|spec| serde_json::to_string(&spec).unwrap_or_default());
441 let key = (url_str.clone(), service_slug.clone(), private_spec_str);
442 let cache = Arc::clone(&cache);
443 let base_fetcher = Arc::clone(&base_fetcher);
444
445 async move {
446 if let Some(cached_spec) = cache
448 .lock()
449 .expect("Seed spec fetcher cache lock poisoned")
450 .get(&key)
451 {
452 return Ok(cached_spec.clone());
453 }
454
455 let fetched_spec = base_fetcher(url, exercise_service_slug, private_spec).await?;
457
458 cache
460 .lock()
461 .expect("Seed spec fetcher cache lock poisoned")
462 .insert(key, fetched_spec.clone());
463
464 Ok(fetched_spec)
465 }
466 .boxed()
467 }
468}