Adding custom filter for Request Header validation before the request…

… is pre-processed by the controller
AnanyaBanerjee01 · Sep 8, 2021 · 326c7e2 · 326c7e2
1 parent cc83eab
commit 326c7e2
Show file tree

Hide file tree

Showing 5 changed files with 104 additions and 69 deletions.
diff --git a/src/main/java/com/hyland/webhook/WebhookApplication.java b/src/main/java/com/hyland/webhook/WebhookApplication.java
@@ -1,7 +1,10 @@
 package com.hyland.webhook;
 
+import com.hyland.webhook.filter.HeaderValidatorFilter;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.boot.web.servlet.FilterRegistrationBean;
+import org.springframework.context.annotation.Bean;
 
 @SpringBootApplication
 public class WebhookApplication {
@@ -10,4 +13,12 @@ public static void main(String[] args) {
 		SpringApplication.run(WebhookApplication.class, args);
 	}
 
+	@Bean
+	public FilterRegistrationBean<HeaderValidatorFilter> headerValidatorFilter() {
+		FilterRegistrationBean<HeaderValidatorFilter> registrationBean = new FilterRegistrationBean<>();
+		registrationBean.setFilter(new HeaderValidatorFilter());
+		registrationBean.addUrlPatterns("*");
+		return registrationBean;
+	}
+
 }
diff --git a/src/main/java/com/hyland/webhook/controller/WebhookController.java b/src/main/java/com/hyland/webhook/controller/WebhookController.java
@@ -4,7 +4,6 @@
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.hyland.webhook.DTO.gen.RecordingCompletedSchema;
 import com.hyland.webhook.constants.WebHookConstants;
-import org.springframework.beans.factory.annotation.Value;
 import lombok.extern.log4j.Log4j2;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
@@ -15,27 +14,19 @@
 @Log4j2
 public class WebhookController {
 
-    @Value("${zoom.verification.token}")
-    private String verificationToken;
 
-    @RequestMapping("/get")
+    @RequestMapping("/fetch")
     public String getNotification() {
         log.info("#### Hello Webhooks ##### ");
         return "Hello Webhooks!!!";
     }
 
-
-    @PostMapping
-    public ResponseEntity<String> onRecordingCompleted(@RequestBody String requestBody, @RequestHeader(value = WebHookConstants.HOST) String host, @RequestHeader(value = WebHookConstants.USER_AGENT) String userAgent, @RequestHeader(value = WebHookConstants.AUTHORIZATION) String authToken) {
+    @PostMapping("/get")
+    public ResponseEntity<String> onRecordingEventConsumption(@RequestBody String requestBody, @RequestHeader(value = WebHookConstants.HOST) String host, @RequestHeader(value = WebHookConstants.USER_AGENT) String userAgent) {
         log.debug("#### Incoming Webhook Notification from Zoom API ##### {}", requestBody);
         log.debug("#### Request Header Information #####  Host :: User Agent :: {}   {} ", host, userAgent);
 
         try {
-            // verify if the event notification originated from Zoom
-            if (null != authToken && !authToken.equals(verificationToken)) {
-                log.debug("Invalid Verification Token");
-                return new ResponseEntity<>(requestBody, HttpStatus.FORBIDDEN);
-            }
             //Convert JSON object to Java POJO
             ObjectMapper mapper = new ObjectMapper();
             RecordingCompletedSchema recordingObject = mapper.readValue(requestBody, RecordingCompletedSchema.class);
@@ -44,10 +35,6 @@ public ResponseEntity<String> onRecordingCompleted(@RequestBody String requestBo
             // Validate if the event notification is for Recording Completed event subscribed
             if (recordingObject.getEvent().equals(WebHookConstants.RECORDING_COMPLETED)) {
                 log.debug("Recording Completed Event Payload {} ::", recordingObject);
-                String contributor = "admin";
-                String library = "XXXX";
-                String licenseKey = "XXXX";
-
             }
 
         } catch (Exception e) {

diff --git a/src/main/java/com/hyland/webhook/filter/HeaderValidatorFilter.java b/src/main/java/com/hyland/webhook/filter/HeaderValidatorFilter.java
@@ -0,0 +1,42 @@
+package com.hyland.webhook.filter;
+
+import com.hyland.webhook.constants.WebHookConstants;
+import lombok.extern.log4j.Log4j2;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.http.HttpStatus;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+@Log4j2
+public class HeaderValidatorFilter extends OncePerRequestFilter {
+
+    @Value("${zoom.verification.token}")
+    private String verificationToken;
+
+    @Override
+    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,
+                                    FilterChain filterChain) throws ServletException, IOException {
+
+        String path = request.getRequestURI();
+        log.info("#### path {} ##### ", path);
+        if ("/api/webhook/fetch".equals(path)) {
+            filterChain.doFilter(request, response);
+            return;
+        }
+        String authToken = request.getHeader(WebHookConstants.AUTHORIZATION);
+        log.info("#### validateToken {} ##### ", authToken);
+
+        if (null != authToken && !authToken.equals(verificationToken)) {
+            response.sendError(HttpStatus.FORBIDDEN.value(), "Invalid Verification Token");
+            log.debug("Invalid Verification Token");
+            return;
+        }
+
+        filterChain.doFilter(request, response);
+    }
+}
diff --git a/src/main/resources/log4j2.xml b/src/main/resources/log4j2.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Configuration status="WARN" monitorInterval="30">
+    <Properties>
+        <Property name="LOG_PATTERN">%d{yyyy-MM-dd'T'HH:mm:ss.SSSZ} %p %C{1.} [%t] %m%n</Property>
+        <property name="name" value="Zoom-Twistage-integration"/>
+        <property name="log.name" value="${name}.log"/>
+        <property name="log.base" value="/var/log/${name}"/>
+    </Properties>
+    <Appenders>
+        <Console name="Console" target="SYSTEM_OUT" follow="true">
+            <PatternLayout pattern="${LOG_PATTERN}" />
+        </Console>
+
+        <RollingFile name="appLog"
+                     fileName="${log.base}/${name}_application.log"
+                     filePattern="${log.base}/${name}-%d{yyyy-MM-dd}-%i.log">
+            <PatternLayout pattern="${LOG_PATTERN}" />
+            <Policies>
+                <SizeBasedTriggeringPolicy size="19500KB" />
+                <maxFileSize>50MB</maxFileSize>
+                <maxHistory>30</maxHistory>
+                <totalSizeCap>3GB</totalSizeCap>
+            </Policies>
+            <encoder>
+                <charset>UTF-8</charset>
+                <pattern>%date [%thread] [%X{X-B3-TraceId:-}.%X{X-B3-ParentSpanId:-}] %-5p %class{0}:%L %M - %m%n</pattern>
+            </encoder>
+            <DefaultRolloverStrategy max="1" />
+        </RollingFile>
+
+    </Appenders>
+    <root level="INFO">
+        <appender-ref ref="FILE"/>
+        <appender-ref ref="ERROR"/>
+        <appender-ref ref="STDOUT"/>
+    </root>
+    <Loggers>
+
+        <Logger name="com.hyland.webhook" additivity="false">
+            <AppenderRef ref="appLog" />
+            <AppenderRef ref="Console" />
+        </Logger>
+
+        <Root level="debug">
+            <AppenderRef ref="Console" />
+        </Root>
+    </Loggers>
+</Configuration>
diff --git a/src/main/resources/logback.xml b/src/main/resources/logback.xml