Issue #146: Added mandatory token verification to error reporting.

Author: alexmerlin

config/autoload/cli.global.php

@@ -4,6 +4,7 @@
 
 use Api\Admin\Command\AdminCreateCommand;
 use Api\App\Command\RouteListCommand;
+use Api\App\Command\TokenGenerateCommand;
 use Dot\Cli\Command\DemoCommand;
 use Dot\Cli\FileLockerInterface;
 
@@ -17,7 +18,8 @@
         'commands' => [
             DemoCommand::getDefaultName() => DemoCommand::class,
             RouteListCommand::getDefaultName() => RouteListCommand::class,
-            AdminCreateCommand::getDefaultName() => AdminCreateCommand::class
+            AdminCreateCommand::getDefaultName() => AdminCreateCommand::class,
+            TokenGenerateCommand::getDefaultName() => TokenGenerateCommand::class,
         ]
     ],
     FileLockerInterface::class => [

config/autoload/error-handling.global.php

@@ -40,13 +40,14 @@
 
     /**
      * Messages will be stored only if all the below conditions are met:
-     * enabled = true
-     * at least one of the domain_whitelist OR ip_whitelist checks passes
+     * - enabled = true
+     * - request headers contain a valid error reporting token
+     * - at least one of the domain_whitelist OR ip_whitelist checks passes
      */
     ErrorReportServiceInterface::class => [
         /**
          * Usage:
-         * If enabled is set to true, messages will be stored and an info message is returned.
+         * If enabled is set to true, further checks are performed and if all good, message is stored.
          * If enabled is set to false, no message is stored and an error message is returned.
          */
         'enabled' => true,
@@ -57,6 +58,13 @@
          */
         'path' => __DIR__ . '/../../log/error-report-endpoint-log.log',
 
+        /**
+         * In order to be eligible for storing messages, Requests sent to the error reporting endpoint, must contain a header having:
+         * - name: the value of \Api\App\Service\ErrorReportService::HEADER_NAME
+         * - value: one of the items in this array
+         */
+        'tokens' => [],
+
         /**
          * Usage:
          * 1. Missing/empty domain_whitelist => no domain is allowed to store messages.

documentation/DotKernel_API.postman_collection.json

@@ -1,9 +1,10 @@
 {
 	"info": {
-		"_postman_id": "cf252f36-e656-4d44-bafd-bddc3305b866",
+		"_postman_id": "5f4c1b92-b1e1-4f8e-840f-f92b6f4cb670",
 		"name": "DotKernel_API",
 		"description": "DotKernel API documentation.",
-		"schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json"
+		"schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json",
+		"_exporter_id": "3494496"
 	},
 	"item": [
 		{
@@ -1292,7 +1293,13 @@
 					"type": "noauth"
 				},
 				"method": "POST",
-				"header": [],
+				"header": [
+					{
+						"key": "Error-Reporting-Token",
+						"value": "",
+						"type": "text"
+					}
+				],
 				"body": {
 					"mode": "raw",
 					"raw": "{\r\n    \"message\": \"{{$randomLoremSentence}}\"\r\n}",

documentation/command/token-generate.md

@@ -0,0 +1,55 @@
+# Generating tokens in DotKernel API
+
+This is a multipurpose command that allows creating tokens required by different parts of the API.
+
+
+## Usage
+
+Go to your application's root directory.
+
+Run the token generator command by executing the following command:
+
+    php ./bin/cli.php token:generate <type>
+
+Where `<type>` is one of the following:
+* [error-reporting](#generate-error-reporting-token)
+
+If you need help using the command, execute the following command:
+
+    php ./bin/cli.php token:generate --help
+
+
+### Generate error reporting token
+
+You can generate an error reporting token by executing the following command:
+
+    php ./bin/cli.php token:generate error-reporting
+
+The output should look similar to this:
+
+    Error reporting token:
+    
+        0123456789abcdef0123456789abcdef01234567
+
+Copy the generated token.
+
+Open `config/autoload/error-handling.global.php` and paste the copied token as shown below:
+
+    return [
+        ...
+        ErrorReportServiceInterface::class => [
+            ...
+            'tokens' => [
+                '0123456789abcdef0123456789abcdef01234567',
+            ],
+            ...
+        ]
+    ]
+
+Save and close `config/autoload/error-handling.global.php`.
+
+**Note**:
+
+If your application is NOT in development mode, make sure you clear your config cache by executing:
+
+    php ./bin/clear-config-cache.php

src/App/src/Command/TokenGenerateCommand.php

@@ -0,0 +1,90 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Api\App\Command;
+
+use Api\App\Service\ErrorReportServiceInterface;
+use Exception;
+use Symfony\Component\Console\Command\Command;
+use Symfony\Component\Console\Input\InputArgument;
+use Symfony\Component\Console\Input\InputInterface;
+use Symfony\Component\Console\Output\OutputInterface;
+
+/**
+ * Class TokenGenerateCommand
+ * @package Api\App\Command
+ */
+class TokenGenerateCommand extends Command
+{
+    protected static $defaultName = 'token:generate';
+    private string $typeErrorReporting = 'error-reporting';
+    private ErrorReportServiceInterface $errorReportService;
+
+    /**
+     * TokenGenerateCommand constructor.
+     */
+    public function __construct(ErrorReportServiceInterface $errorReportService)
+    {
+        parent::__construct(self::$defaultName);
+        $this->errorReportService = $errorReportService;
+    }
+
+    /**
+     * @return void
+     */
+    protected function configure(): void
+    {
+        $this
+            ->setName(self::$defaultName)
+            ->setDescription('Generic token generator.')
+            ->addArgument('type', InputArgument::REQUIRED, 'The type of token to be generated.')
+            ->addUsage($this->typeErrorReporting)
+            ->setHelp(<<<MSG
+<info>%command.name%</info> is a multipurpose command that allows creating tokens required by different parts of the API.
+
+Usage:
+1. Create token for the error reporting endpoint:
+* run: <info>%command.full_name% {$this->typeErrorReporting}</info>
+* copy the generated token
+* open <comment>config/autoload/error-handling.global.php</comment>
+* paste the copied string inside the <comment>tokens</comment> array found under the <comment>ErrorReportServiceInterface::class</comment> key.
+MSG
+            );
+    }
+
+    /**
+     * @param InputInterface $input
+     * @param OutputInterface $output
+     * @return int
+     * @throws Exception
+     */
+    protected function execute(InputInterface $input, OutputInterface $output): int
+    {
+        $type = $input->getArgument('type');
+        match($type) {
+            $this->typeErrorReporting => $this->generateErrorReportingToken($output),
+            default => throw new Exception(
+                sprintf('Unknown token type: %s', $type)
+            )
+        };
+
+        return Command::SUCCESS;
+    }
+
+    private function generateErrorReportingToken(OutputInterface $output): void
+    {
+        $token = $this->errorReportService->generateToken();
+
+        $output->writeln(<<<MSG
+Error reporting token:
+
+    <info>{$token}</info>
+
+* copy the generated token
+* open <comment>config/autoload/error-handling.global.php</comment>
+* paste the copied string inside the <comment>tokens</comment> array found under the <comment>ErrorReportServiceInterface::class</comment> key.
+MSG
+);
+    }
+}

src/App/src/ConfigProvider.php

@@ -5,9 +5,11 @@
 namespace Api\App;
 
 use Api\App\Command\RouteListCommand;
+use Api\App\Command\TokenGenerateCommand;
 use Api\App\Factory\AnnotationsCacheFactory;
 use Api\App\Factory\AuthenticationMiddlewareFactory;
 use Api\App\Factory\RouteListCommandFactory;
+use Api\App\Factory\TokenGenerateCommandFactory;
 use Api\App\Middleware\AuthenticationMiddleware;
 use Api\App\Middleware\AuthorizationMiddleware;
 use Api\App\Middleware\ErrorResponseMiddleware;
@@ -77,6 +79,7 @@ public function getDependencies(): array
                 TwigRenderer::class => TwigRendererFactory::class,
                 ErrorResponseMiddleware::class => AnnotatedServiceFactory::class,
                 RouteListCommand::class => RouteListCommandFactory::class,
+                TokenGenerateCommand::class => TokenGenerateCommandFactory::class,
                 ErrorReportService::class => AnnotatedServiceFactory::class,
             ],
             'aliases' => [

src/App/src/Exception/ForbiddenException.php

@@ -0,0 +1,16 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Api\App\Exception;
+
+use Exception;
+use Throwable;
+
+class ForbiddenException extends Exception
+{
+    public function __construct(string $message = "", int $code = 0, ?Throwable $previous = null)
+    {
+        parent::__construct($message, $code, $previous);
+    }
+}

src/App/src/Factory/TokenGenerateCommandFactory.php

@@ -0,0 +1,27 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Api\App\Factory;
+
+use Api\App\Command\TokenGenerateCommand;
+use Api\App\Service\ErrorReportServiceInterface;
+use Psr\Container\ContainerExceptionInterface;
+use Psr\Container\ContainerInterface;
+use Psr\Container\NotFoundExceptionInterface;
+
+class TokenGenerateCommandFactory
+{
+    /**
+     * @param ContainerInterface $container
+     * @return TokenGenerateCommand
+     * @throws ContainerExceptionInterface
+     * @throws NotFoundExceptionInterface
+     */
+    public function __invoke(ContainerInterface $container): TokenGenerateCommand
+    {
+        return new TokenGenerateCommand(
+            $container->get(ErrorReportServiceInterface::class)
+        );
+    }
+}

src/App/src/Log/Handler/ErrorReportHandler.php

@@ -4,11 +4,13 @@
 
 namespace Api\App\Log\Handler;
 
+use Api\App\Exception\ForbiddenException;
 use Api\App\Handler\DefaultHandler;
 use Api\App\Message;
 use Api\App\Service\ErrorReportServiceInterface;
 use Dot\AnnotatedServices\Annotation\Inject;
 use Dot\AnnotatedServices\Annotation\Service;
+use Laminas\Http\Response;
 use Mezzio\Hal\HalResponseFactory;
 use Mezzio\Hal\ResourceGenerator;
 use Psr\Http\Message\ResponseInterface;
@@ -56,14 +58,15 @@ public function post(ServerRequestInterface $request): ResponseInterface
     {
         try {
             $this->errorReportService
-                ->checkStatus()
                 ->checkRequest($request)
                 ->appendMessage(
                     $request->getParsedBody()['message'] ?? ''
                 );
             return $this->infoResponse(Message::ERROR_REPORT_OK);
+        } catch (ForbiddenException $exception) {
+            return $this->errorResponse($exception->getMessage(), Response::STATUS_CODE_403);
         } catch (Throwable $exception) {
-            return $this->errorResponse($exception->getMessage());
+            return $this->errorResponse($exception->getMessage(), Response::STATUS_CODE_500);
         }
     }
 }

src/App/src/Message.php

@@ -20,10 +20,11 @@ class Message
     public const DUPLICATE_EMAIL = 'An account with this email address already exists.';
     public const DUPLICATE_IDENTITY = 'An account with this identity already exists.';
     public const ERROR_REPORT_OK = 'Error report successfully saved.';
-    public const ERROR_REPORT_NOT_ALLOWED = 'This host is not allowed to report logs.';
+    public const ERROR_REPORT_NOT_ALLOWED = 'You are not allowed to report errors.';
     public const ERROR_REPORT_NOT_ENABLED = 'Remote error reporting is not enabled.';
     public const INVALID_ACTIVATION_CODE = 'Invalid activation code.';
     public const INVALID_CLIENT_ID = 'Invalid client_id.';
+    public const INVALID_CONFIG = 'Invalid configuration value: \'%s\'';
     public const INVALID_EMAIL = 'Invalid email.';
     public const INVALID_VALUE = 'The value specified for \'%s\' is invalid.';
     public const INVALID_IDENTIFIER = 'User cannot be found by supplied identifier.';