merge to release (#173)

Author: nam20485

Diff for: .github/workflows/cmake-multi-platform.yml

@@ -140,23 +140,40 @@ jobs:
       run: cmake --preset ${{matrix.preset}}    
 
     - name: CMake Build          
-      run: cmake --build --preset ${{matrix.preset}} 
+      run: cmake --build --preset ${{matrix.preset}}
 
-    # - name: CMake Test
-    #   id: cmake-test      
-    #   run: ctest --test-dir ./out/build/${{matrix.preset}}/OdbDesignTests --output-log ${{github.workspace}}/testlog.txt --output-junit ${{github.workspace}}/testlog.xml -V
-    #   # let the report step fail the job if it finds failed tests
-    #   continue-on-error: true
+    - name: Checkout OdbDesign Test Data Repository
+      uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1      
+      with:
+        repository: 'nam20485/OdbDesignTestData'
+        path: 'OdbDesignTestData'
+        ref: 'main'
+        token: ${{ secrets.ODBDESIGN_TESTDATA_ACCESS_TOKEN }}
+        
+    - name : Export ODB_TEST_DATA_DIR    
+      uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+      with:
+        script: core.exportVariable('ODB_TEST_DATA_DIR', "${{github.workspace}}/OdbDesignTestData/TEST_DATA" || '');                
 
-    # # report test results
-    # - name: Report Test Results
-    #   uses: dorny/[email protected]
-    #   if: ${{steps.cmake-test.outcome}} == 'success' || ${{steps.cmake-test.outcome}} == 'failure'      
-    #   with:
-    #     name: ${{ matrix.os }}_test-results
-    #     path: ${{github.workspace}}/testlog.xml
-    #     reporter: java-junit
-    #     fail-on-error: true
+    - name: CMake Test
+      id: cmake-test
+      env:
+        ODB_TEST_DATA_DIR: ${{github.workspace}}/OdbDesignTestData/TEST_DATA
+      run: ctest --test-dir ./out/build/${{matrix.preset}}/OdbDesignTests --output-log ${{github.workspace}}/testlog.txt --output-junit ${{github.workspace}}/testlog.xml --output-on-failure      
+      # let the report step fail the job if it finds failed tests...
+      continue-on-error: true
+           
+    # report test results
+    - name: Report Test Results
+      uses: dorny/[email protected]
+      if: steps.cmake-test.outcome == 'success' || steps.cmake-test.outcome == 'failure'
+      with:
+        name: ${{ matrix.os }}_test-results
+        path: ${{github.workspace}}/testlog.xml
+        reporter: java-junit
+        path-replace-backslashes: true
+        # fail job based on report results
+        fail-on-error: true     
 
     #
     #   Artifacts
@@ -190,7 +207,7 @@ jobs:
         Compress-Archive -Path "${{env.ARTIFACTS_DIR_WIN}}\*.dll","${{env.ARTIFACTS_DIR_WIN}}\*.exe"  -DestinationPath "${{env.ARTIFACTS_DIR_WIN}}\artifacts-${{matrix.os}}.zip" -Verbose -Force
 
     - name: Upload Artifacts
-      uses: actions/upload-artifact@1eb3cb2b3e0f29609092a73eb033bb759a334595 # v4.1.0
+      uses: actions/upload-artifact@694cdabd8bdb0f10b2cea11669e1bf5453eed0a6 # v4.2.0
       with:
         name: ${{ matrix.os }}-artifacts
         path: ${{ env.ARTIFACTS_DIR }}/artifacts-${{matrix.os}}.zip

Diff for: .github/workflows/codeql.yml

@@ -47,7 +47,7 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@e5f05b81d5b6ff8cfa111c80c22c5fd02a384118 # v3.23.0
+      uses: github/codeql-action/init@0b21cf2492b6b02c465a3e5d7c473717ad7721ba # v3.23.1
       with:        
         languages: ${{ matrix.language }}
         config-file: ${{ github.workspace }}/.github/codeql-config.yml        
@@ -78,6 +78,6 @@ jobs:
       run: cmake --build --preset linux-release
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@e5f05b81d5b6ff8cfa111c80c22c5fd02a384118 # v3.23.0
+      uses: github/codeql-action/analyze@0b21cf2492b6b02c465a3e5d7c473717ad7721ba # v3.23.1
       with:
         category: "/language:${{matrix.language}}"

Diff for: .github/workflows/dependency-review.yml

@@ -25,6 +25,6 @@ jobs:
       - name: 'Checkout Repository'
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
       - name: 'Dependency Review'
-        uses: actions/dependency-review-action@c74b580d73376b7750d3d2a50bfb8adc2c937507 # v3.1.5
+        uses: actions/dependency-review-action@4901385134134e04cec5fbe5ddfe3b2c5bd5d976 # v4.0.0
         with:
           comment-summary-in-pr: true

Diff for: .github/workflows/docker-publish.yml

@@ -41,14 +41,8 @@ jobs:
       - name: Add Problem Matchers
         uses: ammaraskar/gcc-problem-matcher@d1fed1fac9e94d30e23b5a82dba4e2963e71d2e7 # master
 
-      # # Install the cosign tool except on PR
-      # # https://github.com/sigstore/cosign-installer
-      # - name: Install cosign
-      #   if: github.event_name != 'pull_request'
-      #   uses: sigstore/cosign-installer@f3c664df7af409cb4873aa5068053ba9d61a57b6 #v2.6.0
-      #   # with:
-      #   #   cosign-release: 'v1.13.1'
-
+        # Install the cosign tool except on PR
+        # https://github.com/sigstore/cosign-installer
       - name: cosign-installer
         if: github.event_name != 'pull_request'
         uses: sigstore/cosign-installer@9614fae9e5c5eddabb09f90a270fcb487c9f7149 # v3.3.0
@@ -103,9 +97,7 @@ jobs:
       # transparency data even for private images, pass --force to cosign below.
       # https://github.com/sigstore/cosign
       - name: Sign the published Docker image
-        if: ${{ github.event_name != 'pull_request' }}
-        env:
-          COSIGN_EXPERIMENTAL: "true"
+        if: ${{ github.event_name != 'pull_request' }}    
         # This step uses the identity token to provision an ephemeral certificate
         # against the sigstore community Fulcio instance.
         run: echo "${{ steps.meta.outputs.tags }}" | xargs -I {} cosign sign --yes {}@${{ steps.build-and-push.outputs.digest }}

Diff for: .github/workflows/docker-scout-scan.yml

@@ -128,7 +128,7 @@ jobs:
       - name: Analyze for critical and high CVEs
         id: docker-scout-cves       
         # if: ${{ github.event_name != 'pull_request_target' }} 
-        uses: docker/scout-action@b7413c99043c2a9131c0fa39cedaece80f285788 # v1.2.2
+        uses: docker/scout-action@42a6acc319ac229f86e12bfca3b83de09fb058be # v1.3.0
         with:
           command: cves,recommendations
           image: ${{ steps.meta.outputs.tags }}
@@ -138,14 +138,14 @@ jobs:
 
       - name: Upload SARIF result
         id: upload-sarif
-        uses: github/codeql-action/upload-sarif@e5f05b81d5b6ff8cfa111c80c22c5fd02a384118 # v3.23.0
+        uses: github/codeql-action/upload-sarif@0b21cf2492b6b02c465a3e5d7c473717ad7721ba # v3.23.1
         with:
           sarif_file: sarif.output.json
 
       - name: Docker Scout Compare to Latest
         id: docker-scout
         if: ${{ github.event_name == 'pull_request' }}
-        uses: docker/scout-action@b7413c99043c2a9131c0fa39cedaece80f285788 # v1.2.2
+        uses: docker/scout-action@42a6acc319ac229f86e12bfca3b83de09fb058be # v1.3.0
         with:
           command: compare
           image: ${{ steps.meta.outputs.tags }}

Diff for: .github/workflows/scorecard.yml

@@ -61,14 +61,14 @@ jobs:
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: "Upload artifact"
-        uses: actions/upload-artifact@1eb3cb2b3e0f29609092a73eb033bb759a334595 # v4.1.0
+        uses: actions/upload-artifact@694cdabd8bdb0f10b2cea11669e1bf5453eed0a6 # v4.2.0
         with:
           name: SARIF file
           path: results.sarif
           retention-days: 5
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@e5f05b81d5b6ff8cfa111c80c22c5fd02a384118 # v3.23.0
+        uses: github/codeql-action/upload-sarif@0b21cf2492b6b02c465a3e5d7c473717ad7721ba # v3.23.1
         with:
           sarif_file: results.sarif

Diff for: OdbDesignLib/App/BasicRequestAuthentication.cpp

@@ -0,0 +1,47 @@
+#include "BasicRequestAuthentication.h"
+#include <string>
+
+namespace Odb::Lib::App
+{
+	crow::response BasicRequestAuthentication::AuthenticateRequest(const crow::request& req)
+	{
+		const auto& authHeader = req.get_header_value("Authorization");
+		if (authHeader.empty()) return crow::response(401, "Unauthorized");
+
+		auto authValue = authHeader.substr(6);
+		if (authValue.empty()) return crow::response(401, "Unauthorized");
+		
+		auto authValueDecoded = crow::utility::base64decode(authValue, authValue.size());
+		if (authValueDecoded.empty()) return crow::response(401, "Unauthorized");
+
+		auto seperatorPos = authValueDecoded.find(':');
+		if (seperatorPos == std::string::npos) return crow::response(401, "Unauthorized");
+
+		auto username = authValueDecoded.substr(0, seperatorPos);
+		auto password = authValueDecoded.substr(seperatorPos + 1);
+
+		//if (! VerifyCredentials(username, password)) return crow::response(403, "Invalid username or password");
+		auto resp = VerifyCredentials(username, password);		
+		return resp;
+	}
+
+	crow::response BasicRequestAuthentication::VerifyCredentials(const std::string& username, const std::string& password)
+	{
+		// 500 - Internal Server Error
+		auto validUsername = std::getenv(USERNAME_ENV_NAME);
+		if (validUsername == nullptr) return crow::response(500, "Server failed retrieving credentials");
+
+		auto validPassword = std::getenv(PASSWORD_ENV_NAME);
+		if (validPassword == nullptr) return crow::response(500, "Server failed retrieving credentials");
+		
+		// 403 - Forbidden
+		if (username != validUsername ||
+			password != validPassword)
+		{
+			return crow::response(403, "Invalid username or password");
+		}
+
+		// 200 Authorized!
+		return crow::response(200, "Authorized");
+	}
+}

Diff for: OdbDesignLib/App/BasicRequestAuthentication.h

@@ -0,0 +1,26 @@
+#pragma once
+
+#include "IRequestAuthentication.h"
+#include "../odbdesign_export.h"
+
+namespace Odb::Lib::App
+{
+	class ODBDESIGN_EXPORT BasicRequestAuthentication : public IRequestAuthentication
+	{
+	public:
+		//BasicRequestAuthentication()
+		//{
+		//}
+
+		// Inherited via IRequestAuthentication
+		crow::response AuthenticateRequest(const crow::request& req) override;
+
+	private:
+
+		crow::response VerifyCredentials(const std::string& username, const std::string& password);
+
+		const inline static char USERNAME_ENV_NAME[] = "ODBDESIGN_SERVER_REQUEST_USERNAME";
+		const inline static char PASSWORD_ENV_NAME[] = "ODBDESIGN_SERVER_REQUEST_PASSWORD";
+
+	};
+}

Diff for: OdbDesignLib/App/IOdbServerApp.h

@@ -2,6 +2,7 @@
 
 #include "IOdbApp.h"
 #include "../odbdesign_export.h"
+#include "IRequestAuthentication.h"
 
 namespace Odb::Lib::App
 {
@@ -11,6 +12,8 @@ namespace Odb::Lib::App
 		virtual ~IOdbServerApp() {}
 
 		virtual CrowApp& crow_app() = 0;
+		virtual IRequestAuthentication& request_auth() = 0;
+		virtual void request_auth(std::unique_ptr<IRequestAuthentication> requestAuthentication) = 0;
 
 	protected:
 		IOdbServerApp() = default;

Diff for: OdbDesignLib/App/IRequestAuthentication.cpp

@@ -0,0 +1,6 @@
+#include "IRequestAuthentication.h"
+
+namespace Odb::Lib::App
+{
+	
+}

Diff for: OdbDesignLib/App/IRequestAuthentication.h

@@ -0,0 +1,18 @@
+#pragma once
+
+#include "../odbdesign_export.h"
+#include "crow_win.h"
+
+namespace Odb::Lib::App
+{
+	class ODBDESIGN_EXPORT IRequestAuthentication
+	{
+	public:
+		virtual crow::response AuthenticateRequest(const crow::request& req) = 0;
+
+	protected:
+		// pure virtual interface
+		IRequestAuthentication() = default;
+
+	};
+}

Diff for: OdbDesignLib/App/OdbServerAppBase.cpp

@@ -1,4 +1,5 @@
 #include "OdbServerAppBase.h"
+#include "OdbServerAppBase.h"
 #include "Logger.h"
 
 using namespace Utils;
@@ -7,8 +8,20 @@ using namespace std::filesystem;
 namespace Odb::Lib::App
 {
 	OdbServerAppBase::OdbServerAppBase(int argc, char* argv[])
-		: OdbAppBase(argc, argv)
+		: OdbAppBase(argc, argv)		
+	{
+	}
+
+	bool OdbServerAppBase::preServerRun()
 	{
+		// override in extended class to configure server or run custom code
+		return true;
+	}
+
+	bool OdbServerAppBase::postServerRun()
+	{
+		// override in extended class to cleanup server or run custom code
+		return true;
 	}
 
 	OdbServerAppBase::~OdbServerAppBase()
@@ -70,9 +83,13 @@ namespace Odb::Lib::App
 		// set server to use multiple threads
 		m_crowApp.multithreaded();
 
+		if (!preServerRun()) return ExitCode::PreServerRunFailed;
+
 		// run the Crow server
 		m_crowApp.run();
 
+		if (!postServerRun()) return ExitCode::PostServerRunFailed;
+
 		// success!
 		return ExitCode::Success;
 	}
@@ -82,6 +99,16 @@ namespace Odb::Lib::App
 		return m_crowApp;
 	}
 
+	IRequestAuthentication& OdbServerAppBase::request_auth()
+	{
+		return *m_pRequestAuthentication;
+	}
+
+	void OdbServerAppBase::request_auth(std::unique_ptr<IRequestAuthentication> pRequestAuthentication)
+	{
+		m_pRequestAuthentication = std::move(pRequestAuthentication);
+	}
+
 	void OdbServerAppBase::register_routes()
 	{
 		for (const auto& pController : m_vecControllers)

Diff for: OdbDesignLib/App/OdbServerAppBase.h

@@ -4,28 +4,38 @@
 #include "OdbAppBase.h"
 #include "RouteController.h"
 #include "../odbdesign_export.h"
+#include "IRequestAuthentication.h"
+#include "BasicRequestAuthentication.h"
 
 namespace Odb::Lib::App
 {
 	class ODBDESIGN_EXPORT OdbServerAppBase : public OdbAppBase, public IOdbServerApp
 	{
-	public:
-		OdbServerAppBase(int argc, char* argv[]);
+	public:		
 		virtual ~OdbServerAppBase();
 
 		CrowApp& crow_app() override;
 
+		IRequestAuthentication& request_auth() override;
+		void request_auth(std::unique_ptr<IRequestAuthentication> pRequestAuthentication) override;
+
 		Utils::ExitCode Run() override;		
 
 	protected:		
+		OdbServerAppBase(int argc, char* argv[]);
+
 		RouteController::Vector m_vecControllers;
 
 		// implement in subclasses to add route controllers
 		virtual void add_controllers() = 0;
 
+		virtual bool preServerRun();
+		virtual bool postServerRun();
+
 	private:
 		CrowApp m_crowApp;
 		//crow::SimpleApp m_crowApp;
+		std::unique_ptr<IRequestAuthentication> m_pRequestAuthentication;
 
 		void register_routes();
 

Diff for: OdbDesignLib/App/RouteController.cpp

@@ -11,8 +11,15 @@ namespace Odb::Lib::App
 	void RouteController::register_route_handler(std::string route, TRouteHandlerFunction handler)
 	{				
 		m_serverApp.crow_app().route_dynamic(std::move(route))
-			([handler](const crow::request& req)
+			([/*&,*/ handler](const crow::request& req)
 				{
+					//// authenticate request before sending to handler
+					//auto authResp = m_serverApp.request_auth().AuthenticateRequest(req);
+					//if (authResp.code != crow::status::OK)
+					//{
+					//	return authResp;
+					//}
+
 					return handler(req);
 				});