Fix typo in env var

Merge pull request 'feat(test) #1 Ajout d'un test de charge' (#2 ) from issue-1 into develop
Reviewed-on: #2
2024-10-29 12:13:59 +01:00 · 2024-10-29 12:08:44 +01:00 · 2024-10-29 12:07:49 +01:00 · 2024-10-29 12:07:49 +01:00 · 2024-10-29 12:05:03 +01:00 · 2024-09-16 16:04:40 +02:00
11 changed files with 196 additions and 154 deletions
--- a/README.md
+++ b/README.md
@ -4,21 +4,27 @@ Serveur de génération de challenges altcha et de validation de la solution
 ## Utilisation
-### Depuis le binaire
+### Lancer le serveur
 Depuis le binaire
 ```sh
 $ ALTCHA_HMAC_KEY="CLÉ HMAC" bin/altcha run
 ```
-### Depuis l'image docker
+Depuis l'image docker
 ```sh
-$ docker run -e ALTCHA_HMAC_KEY="CLÉ HMAC" reg.cadoles.com/cadoles/altcha
+$ docker run -e ALTCHA_HMAC_KEY="CLÉ HMAC" -p 3333:3333 reg.cadoles.com/cadoles/altcha
 ```
-### Depuis les sources
+Depuis les sources
 ```sh
 $ ALTCHA_HMAC_KEY="CLÉ HMAC" go run ./cmd/altcha run
 ```
 Une fois le serveur lancé, se rendre sur localhost:3333/request pour effectuer une demande de challenge.
 Publier la solution sur localhost:3333/verify ou localhost:3333/verify-spam-filter
 Les détails sur le fonctionnement sont à retrouver sur la documentation d'altcha : https://altcha.org/fr/docs/get-started/
 ### Autres commandes
 Générer un challenge
 ```sh
@ -38,6 +44,7 @@ $ ALTCHA_HMAC_KEY="CLÉ HMAC" bin/altcha verify [CHALLENGE] [SALT] [SIGNATURE] [
 ## Variables d'environement
 | Nom                 | Description                                                                  | Valeur par défaut        | Requis |
 |---------------------|------------------------------------------------------------------------------|--------------------------|--------|
 | ALTCHA_BASE_URL     | Url de base du service                                                       |                          | Non    |
 | ALTCHA_PORT         | Port d'écoute du serveur                                                     | 3333                     | Non    |
 | ALTCHA_HMAC_KEY     | Clé d'encodage des signatures                                                |                          | Oui    |
 | ALTCHA_MAX_NUMBER   | Nombre d'itération maximum pour résoudre le challenge (défini la difficulté) | 1000000                  | Non    |
--- a/internal/api/server.go
+++ b/internal/api/server.go
@ -2,14 +2,15 @@ package api
 import (
 	"context"
 	"encoding/base64"
 	"encoding/json"
 	"fmt"
 	"log/slog"
 	"net/http"
 	"time"
 	"forge.cadoles.com/cadoles/altcha-server/internal/client"
 	"forge.cadoles.com/cadoles/altcha-server/internal/config"
 	"github.com/altcha-org/altcha-lib-go"
 	"github.com/go-chi/chi/v5"
 	"github.com/go-chi/chi/v5/middleware"
 	"github.com/go-chi/render"
@ -17,11 +18,17 @@ import (
 )
 type Server struct {
 	baseUrl	string
 	port	string
 	client	client.Client
 	config	config.Config
 }
 func (s *Server) Run(ctx context.Context) {
 	if s.config.Debug {
 		slog.SetLogLoggerLevel(slog.LevelDebug)
 	}
 	r := chi.NewRouter()
 	r.Use(middleware.Logger)
@ -32,10 +39,9 @@ func (s *Server) Run(ctx context.Context) {
 	r.Get("/", func(w http.ResponseWriter, r *http.Request) {
 		w.Write([]byte("root."))
 	})
-	r.Get("/request", s.requestHandler)
+	r.Get(s.baseUrl+"/request", s.requestHandler)
-	r.Get("/verify", s.submitHandler)
+	r.Post(s.baseUrl+"/verify", s.submitHandler)
-	r.Get("/verify-spam-filter", s.submitSpamFilterHandler)
+
 	logger.Info(ctx, "altcha server listening on port "+s.port)
 	if err := http.ListenAndServe(":"+s.port, r); err != nil {
 		logger.Error(ctx, err.Error())
@ -46,95 +52,55 @@ func (s *Server) requestHandler(w http.ResponseWriter, r *http.Request) {
 	challenge, err := s.client.Generate()
 	if err != nil {
 		slog.Debug("Failed to create challenge,", "error", err)
 		http.Error(w, fmt.Sprintf("Failed to create challenge : %s", err), http.StatusInternalServerError)
 		return
 	}
-	writeJSON(w, challenge)
+	w.Header().Set("Content-Type", "application/json")
 	err = json.NewEncoder(w).Encode(challenge)
 	if err != nil {
 		slog.Debug("Failed to encode JSON", "error", err)
 		http.Error(w, "Failed to encode JSON", http.StatusInternalServerError)
 		return
 	}
 }
 func (s *Server) submitHandler(w http.ResponseWriter, r *http.Request) {
-	if r.Method != http.MethodPost {
+	var payload altcha.Payload
-		http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)
+	err := json.NewDecoder(r.Body).Decode(&payload)
 		return
 	}
 	formData := r.FormValue("altcha")
 	if formData == "" {
 		 http.Error(w, "Atlcha payload missing", http.StatusBadRequest)
 		 return
 	}
 	decodedPayload, err := base64.StdEncoding.DecodeString(formData)
 	if err != nil {
-		http.Error(w, "Failed to decode Altcha payload", http.StatusBadRequest)
+		slog.Debug("Failed to parse Altcha payload,", "error", err)
 		return
 	}
 	var payload map[string]interface{}
 	if err := json.Unmarshal(decodedPayload, &payload); err != nil {
 		http.Error(w, "Failed to parse Altcha payload", http.StatusBadRequest)
 		return
 	}
 	verified, err := s.client.VerifySolution(payload)
 	if err != nil || !verified {
 		http.Error(w, "Invalid Altcha payload", http.StatusBadRequest)
 		return
 	}
 	writeJSON(w, map[string]interface{}{
 		"success":	true,
 		"data":		formData,
 	})
 }
 func (s *Server) submitSpamFilterHandler(w http.ResponseWriter, r *http.Request) {
 	if r.Method != http.MethodPost {
 		http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)
 		return
 	}
 	formData, err := formToMap(r)
 	if err != nil {
-		http.Error(w, "Cannot read form data", http.StatusBadRequest)
+		slog.Debug("Invalid Altcha payload", "error", err)
-	}
+		http.Error(w, "Invalid Altcha payload,", http.StatusBadRequest)
 	payload := r.FormValue("altcha")
 	if payload == "" {
 		http.Error(w, "Atlcha payload missing", http.StatusBadRequest)
 	}
 	verified, verificationData, err := s.client.VerifyServerSignature(payload)
 	if err != nil || !verified {
 		http.Error(w, "Invalid Altcha payload", http.StatusBadRequest)
 		return
 	}
-	if verificationData.Verified && verificationData.Expire > time.Now().Unix() {
+	if !verified && !s.config.DisableValidation {
-		if verificationData.Classification == "BAD" {
+		slog.Debug("Invalid solution")
-			http.Error(w, "Classified as spam", http.StatusBadRequest)
+		http.Error(w, "Invalid solution", http.StatusBadRequest)
-			return
+		return
-		}
+	}
-
+	
-		if verificationData.FieldsHash != "" {
+	w.Header().Set("Content-Type", "application/json")
-			verified, err := s.client.VerifyFieldsHash(formData, verificationData.Fields, verificationData.FieldsHash)
+	err = json.NewEncoder(w).Encode(map[string]interface{}{
-			if err != nil || !verified {
+		"success":	true,
-				http.Error(w, "Invalid fields hash", http.StatusBadRequest)
+		"data":		payload,
-				return
+	})
-			}
+	if err != nil {
-		}
+		if s.config.Debug {
-
+			slog.Debug("Failed to encode JSON", "error", err)
-		writeJSON(w, map[string]interface{}{
+		}
-			"success":			true,
+		http.Error(w, "Failed to encode JSON", http.StatusInternalServerError)
 			"data":				formData,
 			"verificationData":	verificationData,
 		})
 		return
 	}
 	http.Error(w, "Invalid Altcha payload", http.StatusBadRequest)
 }
 func corsMiddleware(next http.Handler) http.Handler {
@ -152,26 +118,22 @@ func corsMiddleware(next http.Handler) http.Handler {
 	})
 }
-func writeJSON(w http.ResponseWriter, data interface{}) {
+func NewServer(cfg config.Config) (*Server, error) {
-	w.Header().Set("Content-Type", "application/json")
+	expirationDuration, err := time.ParseDuration(cfg.Expire+"s")
-	if err := json.NewEncoder(w).Encode(data); err != nil {
+	if err != nil {
-		http.Error(w, "Failed to encode JSON", http.StatusInternalServerError)
+		fmt.Printf("%+v\n", err)
 	}
 }
 func formToMap(r *http.Request) (map[string][]string, error) {
 	if err := r.ParseForm(); err != nil {
 		return nil, err
 	}
-	return r.Form, nil
+	client, err := client.New(cfg.HmacKey, cfg.MaxNumber, cfg.Algorithm, cfg.Salt, expirationDuration, cfg.CheckExpire)
 }
-func NewServer(cfg config.Config) *Server {
+	if err != nil {
-	client := *client.NewClient(cfg.HmacKey, cfg.MaxNumber, cfg.Algorithm, cfg.Salt, cfg.Expire, cfg.CheckExpire)
+		return &Server{}, err
 	}
 	return &Server {
 		baseUrl: cfg.BaseUrl,
 		port:	cfg.Port,
-		client:	client,
+		client:	*client,
-	}
+		config: cfg,
 	}, nil
 }
--- a/internal/client/client.go
+++ b/internal/client/client.go
@ -1,6 +1,7 @@
 package client
 import (
 	"errors"
 	"time"
 	"github.com/altcha-org/altcha-lib-go"
@ -11,11 +12,14 @@ type Client struct {
 	maxNumber	int64
 	algorithm	altcha.Algorithm
 	salt		string
-	expire		string
+	expire		time.Duration
 	checkExpire	bool
 }
-func NewClient(hmacKey string, maxNumber int64, algorithm string, salt string, expire string, checkExpire bool) *Client {
+func New(hmacKey string, maxNumber int64, algorithm string, salt string, expire time.Duration, checkExpire bool) (*Client, error) {
 	if len(hmacKey) == 0 {
 		return &Client{}, errors.New("HMAC key not found")
 	}
 	return &Client {
 		hmacKey:		hmacKey,
 		maxNumber:		maxNumber,
@ -23,12 +27,11 @@ func NewClient(hmacKey string, maxNumber int64, algorithm string, salt string, e
 		salt:			salt,
 		expire:			expire,
 		checkExpire:	checkExpire,
-	}
+	}, nil
 }
 func (c *Client) Generate() (altcha.Challenge, error) {
-	expirationDuration, _ := time.ParseDuration(c.expire+"s")
+	expiration := time.Now().Add(c.expire)
 	expiration := time.Now().Add(expirationDuration)
 	options := altcha.ChallengeOptions{
 		HMACKey:	c.hmacKey,
--- a/internal/command/generate.go
+++ b/internal/command/generate.go
@ -2,6 +2,7 @@ package command
 import (
 	"fmt"
 	"time"
 	"forge.cadoles.com/cadoles/altcha-server/internal/client"
 	"forge.cadoles.com/cadoles/altcha-server/internal/command/common"
@ -21,12 +22,23 @@ func GenerateCommand() *cli.Command {
 		Action:	func(ctx *cli.Context) error {
 			cfg := config.Config{}
 			if err := env.Parse(&cfg); err != nil {
-				fmt.Printf("%+v\n", err)
+				logger.Error(ctx.Context, err.Error())
 				return err
 			}
-			c := client.NewClient(cfg.HmacKey, cfg.MaxNumber, cfg.Algorithm, cfg.Salt, cfg.Expire, cfg.CheckExpire)
+			expirationDuration, err := time.ParseDuration(cfg.Expire+"s")
-			
+			if err != nil {
-			challenge, err := c.Generate()
+				logger.Error(ctx.Context, err.Error())
 				return err
 			}
 			client, err := client.New(cfg.HmacKey, cfg.MaxNumber, cfg.Algorithm, cfg.Salt, expirationDuration, cfg.CheckExpire)
 			if err != nil {
 				logger.Error(ctx.Context, err.Error())
 				return err
 			}
 			challenge, err := client.Generate()
 			if err != nil {
 				logger.Error(ctx.Context, err.Error())
 				return err
--- a/internal/command/main.go
+++ b/internal/command/main.go
@ -2,7 +2,6 @@ package command
 import (
 	"context"
 	"fmt"
 	"os"
 	"sort"
@ -17,27 +16,6 @@ func Main(commands ...*cli.Command) {
 		Name: 		"altcha-server",
 		Usage:		"create challenges and validate solutions for atlcha captcha",
 		Commands: commands,
 		Flags: []cli.Flag{
 			&cli.BoolFlag{
 				Name:		"debug",
 				EnvVars:	[]string{"ALTCHA_DEBUG"},
 				Value: 		false,
 			},
 		},
 	}
 	app.ExitErrHandler = func (ctx *cli.Context, err error) {
 		if err == nil {
 			return
 		}
 		debug := ctx.Bool("debug")
 		if !debug {
 			fmt.Printf("[ERROR] %v\n", err)
 		} else {
 			fmt.Printf("%+v", err)
 		}
 	}
 	sort.Sort(cli.FlagsByName(app.Flags))
--- a/internal/command/run.go
+++ b/internal/command/run.go
@ -1,29 +1,30 @@
 package command
 import (
 	"fmt"
 	"forge.cadoles.com/cadoles/altcha-server/internal/api"
 	"forge.cadoles.com/cadoles/altcha-server/internal/command/common"
 	"forge.cadoles.com/cadoles/altcha-server/internal/config"
 	"github.com/caarlos0/env/v11"
 	"github.com/urfave/cli/v2"
 	"gitlab.com/wpetit/goweb/logger"
 )
 func RunCommand() *cli.Command {
 	flags := common.Flags()
 	return &cli.Command{
 		Name:	"run",
 		Usage:	"run the atlcha api server",
 		Flags:	flags,
 		Action:	func(ctx *cli.Context) error {
 			cfg := config.Config{}
 			if err := env.Parse(&cfg); err != nil {
-				fmt.Printf("%+v\n", err)
+				logger.Error(ctx.Context, err.Error())
 				return err
 			}
 			server, err := api.NewServer(cfg)
 			if err != nil {
 				logger.Error(ctx.Context, err.Error())
 				return err
 			}
-			api.NewServer(cfg).Run(ctx.Context)
+			server.Run(ctx.Context)
 			return nil
 		},
 	}
--- a/internal/command/solve.go
+++ b/internal/command/solve.go
@ -2,9 +2,9 @@ package command
 import (
 	"fmt"
 	"time"
 	"forge.cadoles.com/cadoles/altcha-server/internal/client"
 	"forge.cadoles.com/cadoles/altcha-server/internal/command/common"
 	"forge.cadoles.com/cadoles/altcha-server/internal/config"
 	"github.com/caarlos0/env/v11"
 	"github.com/urfave/cli/v2"
@ -12,27 +12,34 @@ import (
 )
 func SolveCommand() *cli.Command {
 	flags := common.Flags()
 	return &cli.Command{
 		Name:		"solve",
 		Usage:		"solve the challenge and return the solution",
 		Flags:		flags,
 		Args: 		true,
 		ArgsUsage:	"[CHALLENGE] [SALT]",
 		Action:	func(ctx *cli.Context) error {
 			cfg := config.Config{}
 			if err := env.Parse(&cfg); err != nil {
-				fmt.Printf("%+v\n", err)
+				logger.Error(ctx.Context, err.Error())
 				return err
 			}
 			challenge := ctx.Args().Get(0)
 			salt := ctx.Args().Get(1)
-			c := client.NewClient(cfg.HmacKey, cfg.MaxNumber, cfg.Algorithm, salt, cfg.Expire, cfg.CheckExpire)
+			expirationDuration, err := time.ParseDuration(cfg.Expire+"s")
 			if err != nil {
 				logger.Error(ctx.Context, err.Error())
 				return err
 			}
 			client, err := client.New(cfg.HmacKey, cfg.MaxNumber, cfg.Algorithm, salt, expirationDuration, cfg.CheckExpire)
 			if err != nil {
 				logger.Error(ctx.Context, err.Error())
 				return err
 			}
-			solution, err := c.Solve(challenge)
+			solution, err := client.Solve(challenge)
 			if err != nil {
 				logger.Error(ctx.Context, err.Error())
--- a/internal/command/verify.go
+++ b/internal/command/verify.go
@ -3,28 +3,27 @@ package command
 import (
 	"fmt"
 	"strconv"
 	"time"
 	"forge.cadoles.com/cadoles/altcha-server/internal/client"
 	"forge.cadoles.com/cadoles/altcha-server/internal/command/common"
 	"forge.cadoles.com/cadoles/altcha-server/internal/config"
 	"github.com/altcha-org/altcha-lib-go"
 	"github.com/caarlos0/env/v11"
 	"github.com/urfave/cli/v2"
 	"gitlab.com/wpetit/goweb/logger"
 )
 func VerifyCommand() *cli.Command {
 	flags := common.Flags()
 	return &cli.Command{
 		Name:	"verify",
 		Usage:	"verify the solution",
 		Flags:	flags,
 		Args:	true,
 		ArgsUsage: "[challenge] [salt] [signature] [solution]",
 		Action: func(ctx *cli.Context) error {
 			cfg := config.Config{}
 			if err := env.Parse(&cfg); err != nil {
-				fmt.Printf("%+v\n", err)
+				logger.Error(ctx.Context, err.Error())
 				return err
 			}
 			challenge := ctx.Args().Get(0)
@ -32,7 +31,17 @@ func VerifyCommand() *cli.Command {
 			signature := ctx.Args().Get(2)
 			solution, _ := strconv.ParseInt(ctx.Args().Get(3), 10, 64)
-			c := client.NewClient(cfg.HmacKey, cfg.MaxNumber, cfg.Algorithm, cfg.Salt, cfg.Expire, cfg.CheckExpire)
+			expirationDuration, err := time.ParseDuration(cfg.Expire+"s")
 			if err != nil {
 				logger.Error(ctx.Context, err.Error())
 				return err
 			}
 			client, err := client.New(cfg.HmacKey, cfg.MaxNumber, cfg.Algorithm, cfg.Salt, expirationDuration, cfg.CheckExpire)
 			if err != nil {
 				logger.Error(ctx.Context, err.Error())
 				return err
 			}
 			payload := altcha.Payload{
 				Algorithm:	cfg.Algorithm,
@ -42,9 +51,10 @@ func VerifyCommand() *cli.Command {
 				Signature:	signature,
 			}
-			verified, err := c.VerifySolution(payload)
+			verified, err := client.VerifySolution(payload)
 			if err != nil {
 				logger.Error(ctx.Context, err.Error())
 				return err
 			}
--- a/internal/config/config.go
+++ b/internal/config/config.go
@ -1,11 +1,14 @@
 package config
 type Config struct {
-	Port 		string	`env:"ALTCHA_PORT" envDefault:"3333"`
+	BaseUrl				string	`env:"ALTCHA_BASE_URL" envDefault:""`
-	HmacKey		string	`env:"ALTCHA_HMAC_KEY"`
+	Port 				string	`env:"ALTCHA_PORT" envDefault:"3333"`
-	MaxNumber	int64	`env:"ALTCHA_MAX_NUMBER" envDefault:"1000000"`
+	HmacKey				string	`env:"ALTCHA_HMAC_KEY"`
-	Algorithm	string	`env:"ALTCHA_ALGORITHM" envDefault:"SHA-256"`
+	MaxNumber			int64	`env:"ALTCHA_MAX_NUMBER" envDefault:"1000000"`
-	Salt		string	`env:"ALTCHA_SALT"`
+	Algorithm			string	`env:"ALTCHA_ALGORITHM" envDefault:"SHA-256"`
-	Expire		string	`env:"ALTCHA_EXPIRE" envDefault:"600"`
+	Salt				string	`env:"ALTCHA_SALT"`
-	CheckExpire	bool	`env:"ALTCHA_CHECK_EXPIRE" envDefault:"1"`
+	Expire				string	`env:"ALTCHA_EXPIRE" envDefault:"600"`
 	CheckExpire			bool	`env:"ALTCHA_CHECK_EXPIRE" envDefault:"1"`
 	Debug				bool	`env:"ALTCHA_DEBUG" envDefault:"false"`
 	DisableValidation	bool	`env:"ALTCHA_DISABLE_VALIDATION" envDefault:"false"`
 }
--- a/misc/k6/README.md
+++ b/misc/k6/README.md
@ -0,0 +1,9 @@
 # K6 - Load Test
 Very basic load testing script for [k6](https://k6.io/).
 ## How to run
 ```shell
 k6 run -e LOAD_TEST_URL={altcha-api-url} TestChallenge.js
 ```
--- a/misc/k6/TestChallenge.js
+++ b/misc/k6/TestChallenge.js
@ -0,0 +1,50 @@
 import { check, group } from 'k6';
 import http from 'k6/http'
 export const options = {
  scenarios: {
    load: {
      vus: 10,
      iterations: 10,
      executor: 'per-vu-iterations',
      options: {
        browser: {
          type: 'chromium',
        },
      },
    },
  }
 };
 http.setResponseCallback(
    http.expectedStatuses(200)
 );
 export default function () {
    let response;
    group('Request challenge', function () {
        response = http.get(`${__ENV.LOAD_TEST_URL}request`);
        check(response, {
            'is status 200': (r) => r.status === 200, 
            'Contenu souhaité': r => r.body.includes('algorithm') && r.body.includes('challenge') && r.body.includes('maxNumber') && r.body.includes('salt') && r.body.includes('signature'),
        });
    })
    group('Verify challenge', function () {
        const data = {"challenge":"d5656d52c5eadce5117024fbcafc706aad397c7befa17804d73c992d966012a8","salt":"8ec1b7ed694331baeb7416d9?expires=1727963398","signature":"781014d0a7ace7e7ae9d12e2d5c0204b60a8dbf42daa352ab40ab582b03a9dc6","number":219718,};
        response = http.post(`${__ENV.LOAD_TEST_URL}verify`, JSON.stringify(data),
        {
          headers: { 'Content-Type': 'application/json' },
        });
        check(response, {
            'is status 200': (r) => r.status === 200,
            'Challenge verified': (r) => r.body.includes('true'),
        });
    })
 }
Author	SHA1	Message	Date
vcarroy	22e038bac1	Fix typo in env var	2024-10-29 12:13:59 +01:00
Valentin Carroy	7ab48e5079	Merge pull request 'feat(test) #1 Ajout d'un test de charge' (#2 ) from issue-1 into develop Reviewed-on: #2	2024-10-29 12:08:44 +01:00
aardouin	082ab9a7ea	fix(test) #1 Correction scenario	2024-10-29 12:07:49 +01:00
aardouin	8ce504a593	feat(test) #1 Ajout d'un test de charge	2024-10-29 12:07:49 +01:00
vcarroy	bc3a0886b0	feat : option to disable validation for load testing purpose	2024-10-29 12:05:03 +01:00
vcarroy	f4c0eec360	Fix submit payload type	2024-09-16 16:04:40 +02:00
vcarroy	efa824357f	Ajout de la variable d'environnement debug	2024-09-16 15:27:29 +02:00
vcarroy	5c070dc16d	Mise à jour du handle de /verify et suppression de la route /verify-spam-filter	2024-09-16 15:06:49 +02:00
vcarroy	e90b6a57d8	divers refacto	2024-09-13 09:12:16 +02:00
vcarroy	1139bfe73f	Ajout du paramètre base url	2024-09-11 12:09:43 +02:00
vcarroy	ca1d3810a8	Maj readme	2024-09-11 10:23:54 +02:00
vcarroy	1c0b02c9b4	Ajout d'une panic en cas de clé hmac non renseignée	2024-09-11 10:18:18 +02:00