merge to release (#173)

Author: nam20485

.github/workflows/cmake-multi-platform.yml

@@ -140,23 +140,40 @@ jobs:
       run: cmake --preset ${{matrix.preset}}    
 
     - name: CMake Build          
-      run: cmake --build --preset ${{matrix.preset}} 
+      run: cmake --build --preset ${{matrix.preset}}
 
-    # - name: CMake Test
-    #   id: cmake-test      
-    #   run: ctest --test-dir ./out/build/${{matrix.preset}}/OdbDesignTests --output-log ${{github.workspace}}/testlog.txt --output-junit ${{github.workspace}}/testlog.xml -V
-    #   # let the report step fail the job if it finds failed tests
-    #   continue-on-error: true
+    - name: Checkout OdbDesign Test Data Repository
+      uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1      
+      with:
+        repository: 'nam20485/OdbDesignTestData'
+        path: 'OdbDesignTestData'
+        ref: 'main'
+        token: ${{ secrets.ODBDESIGN_TESTDATA_ACCESS_TOKEN }}
+        
+    - name : Export ODB_TEST_DATA_DIR    
+      uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+      with:
+        script: core.exportVariable('ODB_TEST_DATA_DIR', "${{github.workspace}}/OdbDesignTestData/TEST_DATA" || '');                
 
-    # # report test results
-    # - name: Report Test Results
-    #   uses: dorny/[email protected]
-    #   if: ${{steps.cmake-test.outcome}} == 'success' || ${{steps.cmake-test.outcome}} == 'failure'      
-    #   with:
-    #     name: ${{ matrix.os }}_test-results
-    #     path: ${{github.workspace}}/testlog.xml
-    #     reporter: java-junit
-    #     fail-on-error: true
+    - name: CMake Test
+      id: cmake-test
+      env:
+        ODB_TEST_DATA_DIR: ${{github.workspace}}/OdbDesignTestData/TEST_DATA
+      run: ctest --test-dir ./out/build/${{matrix.preset}}/OdbDesignTests --output-log ${{github.workspace}}/testlog.txt --output-junit ${{github.workspace}}/testlog.xml --output-on-failure      
+      # let the report step fail the job if it finds failed tests...
+      continue-on-error: true
+           
+    # report test results
+    - name: Report Test Results
+      uses: dorny/[email protected]
+      if: steps.cmake-test.outcome == 'success' || steps.cmake-test.outcome == 'failure'
+      with:
+        name: ${{ matrix.os }}_test-results
+        path: ${{github.workspace}}/testlog.xml
+        reporter: java-junit
+        path-replace-backslashes: true
+        # fail job based on report results
+        fail-on-error: true     
 
     #
     #   Artifacts
@@ -190,7 +207,7 @@ jobs:
         Compress-Archive -Path "${{env.ARTIFACTS_DIR_WIN}}\*.dll","${{env.ARTIFACTS_DIR_WIN}}\*.exe"  -DestinationPath "${{env.ARTIFACTS_DIR_WIN}}\artifacts-${{matrix.os}}.zip" -Verbose -Force
 
     - name: Upload Artifacts
-      uses: actions/upload-artifact@1eb3cb2b3e0f29609092a73eb033bb759a334595 # v4.1.0
+      uses: actions/upload-artifact@694cdabd8bdb0f10b2cea11669e1bf5453eed0a6 # v4.2.0
       with:
         name: ${{ matrix.os }}-artifacts
         path: ${{ env.ARTIFACTS_DIR }}/artifacts-${{matrix.os}}.zip

.github/workflows/codeql.yml

@@ -47,7 +47,7 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@e5f05b81d5b6ff8cfa111c80c22c5fd02a384118 # v3.23.0
+      uses: github/codeql-action/init@0b21cf2492b6b02c465a3e5d7c473717ad7721ba # v3.23.1
       with:        
         languages: ${{ matrix.language }}
         config-file: ${{ github.workspace }}/.github/codeql-config.yml        
@@ -78,6 +78,6 @@ jobs:
       run: cmake --build --preset linux-release
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@e5f05b81d5b6ff8cfa111c80c22c5fd02a384118 # v3.23.0
+      uses: github/codeql-action/analyze@0b21cf2492b6b02c465a3e5d7c473717ad7721ba # v3.23.1
       with:
         category: "/language:${{matrix.language}}"

.github/workflows/dependency-review.yml

@@ -25,6 +25,6 @@ jobs:
       - name: 'Checkout Repository'
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
       - name: 'Dependency Review'
-        uses: actions/dependency-review-action@c74b580d73376b7750d3d2a50bfb8adc2c937507 # v3.1.5
+        uses: actions/dependency-review-action@4901385134134e04cec5fbe5ddfe3b2c5bd5d976 # v4.0.0
         with:
           comment-summary-in-pr: true

.github/workflows/docker-publish.yml

@@ -41,14 +41,8 @@ jobs:
       - name: Add Problem Matchers
         uses: ammaraskar/gcc-problem-matcher@d1fed1fac9e94d30e23b5a82dba4e2963e71d2e7 # master
 
-      # # Install the cosign tool except on PR
-      # # https://github.com/sigstore/cosign-installer
-      # - name: Install cosign
-      #   if: github.event_name != 'pull_request'
-      #   uses: sigstore/cosign-installer@f3c664df7af409cb4873aa5068053ba9d61a57b6 #v2.6.0
-      #   # with:
-      #   #   cosign-release: 'v1.13.1'
-
+        # Install the cosign tool except on PR
+        # https://github.com/sigstore/cosign-installer
       - name: cosign-installer
         if: github.event_name != 'pull_request'
         uses: sigstore/cosign-installer@9614fae9e5c5eddabb09f90a270fcb487c9f7149 # v3.3.0
@@ -103,9 +97,7 @@ jobs:
       # transparency data even for private images, pass --force to cosign below.
       # https://github.com/sigstore/cosign
       - name: Sign the published Docker image
-        if: ${{ github.event_name != 'pull_request' }}
-        env:
-          COSIGN_EXPERIMENTAL: "true"
+        if: ${{ github.event_name != 'pull_request' }}    
         # This step uses the identity token to provision an ephemeral certificate
         # against the sigstore community Fulcio instance.
         run: echo "${{ steps.meta.outputs.tags }}" | xargs -I {} cosign sign --yes {}@${{ steps.build-and-push.outputs.digest }}

.github/workflows/docker-scout-scan.yml

@@ -128,7 +128,7 @@ jobs:
       - name: Analyze for critical and high CVEs
         id: docker-scout-cves       
         # if: ${{ github.event_name != 'pull_request_target' }} 
-        uses: docker/scout-action@b7413c99043c2a9131c0fa39cedaece80f285788 # v1.2.2
+        uses: docker/scout-action@42a6acc319ac229f86e12bfca3b83de09fb058be # v1.3.0
         with:
           command: cves,recommendations
           image: ${{ steps.meta.outputs.tags }}
@@ -138,14 +138,14 @@ jobs:
 
       - name: Upload SARIF result
         id: upload-sarif
-        uses: github/codeql-action/upload-sarif@e5f05b81d5b6ff8cfa111c80c22c5fd02a384118 # v3.23.0
+        uses: github/codeql-action/upload-sarif@0b21cf2492b6b02c465a3e5d7c473717ad7721ba # v3.23.1
         with:
           sarif_file: sarif.output.json
 
       - name: Docker Scout Compare to Latest
         id: docker-scout
         if: ${{ github.event_name == 'pull_request' }}
-        uses: docker/scout-action@b7413c99043c2a9131c0fa39cedaece80f285788 # v1.2.2
+        uses: docker/scout-action@42a6acc319ac229f86e12bfca3b83de09fb058be # v1.3.0
         with:
           command: compare
           image: ${{ steps.meta.outputs.tags }}

.github/workflows/scorecard.yml

@@ -61,14 +61,14 @@ jobs:
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: "Upload artifact"
-        uses: actions/upload-artifact@1eb3cb2b3e0f29609092a73eb033bb759a334595 # v4.1.0
+        uses: actions/upload-artifact@694cdabd8bdb0f10b2cea11669e1bf5453eed0a6 # v4.2.0
         with:
           name: SARIF file
           path: results.sarif
           retention-days: 5
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@e5f05b81d5b6ff8cfa111c80c22c5fd02a384118 # v3.23.0
+        uses: github/codeql-action/upload-sarif@0b21cf2492b6b02c465a3e5d7c473717ad7721ba # v3.23.1
         with:
           sarif_file: results.sarif

OdbDesignLib/App/BasicRequestAuthentication.cpp

@@ -0,0 +1,47 @@
+#include "BasicRequestAuthentication.h"
+#include <string>
+
+namespace Odb::Lib::App
+{
+	crow::response BasicRequestAuthentication::AuthenticateRequest(const crow::request& req)
+	{
+		const auto& authHeader = req.get_header_value("Authorization");
+		if (authHeader.empty()) return crow::response(401, "Unauthorized");
+
+		auto authValue = authHeader.substr(6);
+		if (authValue.empty()) return crow::response(401, "Unauthorized");
+		
+		auto authValueDecoded = crow::utility::base64decode(authValue, authValue.size());
+		if (authValueDecoded.empty()) return crow::response(401, "Unauthorized");
+
+		auto seperatorPos = authValueDecoded.find(':');
+		if (seperatorPos == std::string::npos) return crow::response(401, "Unauthorized");
+
+		auto username = authValueDecoded.substr(0, seperatorPos);
+		auto password = authValueDecoded.substr(seperatorPos + 1);
+
+		//if (! VerifyCredentials(username, password)) return crow::response(403, "Invalid username or password");
+		auto resp = VerifyCredentials(username, password);		
+		return resp;
+	}
+
+	crow::response BasicRequestAuthentication::VerifyCredentials(const std::string& username, const std::string& password)
+	{
+		// 500 - Internal Server Error
+		auto validUsername = std::getenv(USERNAME_ENV_NAME);
+		if (validUsername == nullptr) return crow::response(500, "Server failed retrieving credentials");
+
+		auto validPassword = std::getenv(PASSWORD_ENV_NAME);
+		if (validPassword == nullptr) return crow::response(500, "Server failed retrieving credentials");
+		
+		// 403 - Forbidden
+		if (username != validUsername ||
+			password != validPassword)
+		{
+			return crow::response(403, "Invalid username or password");
+		}
+
+		// 200 Authorized!
+		return crow::response(200, "Authorized");
+	}
+}

OdbDesignLib/App/BasicRequestAuthentication.h

@@ -0,0 +1,26 @@
+#pragma once
+
+#include "IRequestAuthentication.h"
+#include "../odbdesign_export.h"
+
+namespace Odb::Lib::App
+{
+	class ODBDESIGN_EXPORT BasicRequestAuthentication : public IRequestAuthentication
+	{
+	public:
+		//BasicRequestAuthentication()
+		//{
+		//}
+
+		// Inherited via IRequestAuthentication
+		crow::response AuthenticateRequest(const crow::request& req) override;
+
+	private:
+
+		crow::response VerifyCredentials(const std::string& username, const std::string& password);
+
+		const inline static char USERNAME_ENV_NAME[] = "ODBDESIGN_SERVER_REQUEST_USERNAME";
+		const inline static char PASSWORD_ENV_NAME[] = "ODBDESIGN_SERVER_REQUEST_PASSWORD";
+
+	};
+}

OdbDesignLib/App/IOdbServerApp.h

@@ -2,6 +2,7 @@
 
 #include "IOdbApp.h"
 #include "../odbdesign_export.h"
+#include "IRequestAuthentication.h"
 
 namespace Odb::Lib::App
 {
@@ -11,6 +12,8 @@ namespace Odb::Lib::App
 		virtual ~IOdbServerApp() {}
 
 		virtual CrowApp& crow_app() = 0;
+		virtual IRequestAuthentication& request_auth() = 0;
+		virtual void request_auth(std::unique_ptr<IRequestAuthentication> requestAuthentication) = 0;
 
 	protected:
 		IOdbServerApp() = default;

OdbDesignLib/App/IRequestAuthentication.cpp

@@ -0,0 +1,6 @@
+#include "IRequestAuthentication.h"
+
+namespace Odb::Lib::App
+{
+	
+}