add auth

6 years ago · fd18b89aaf
parent bac51ee183
commit fd18b89aaf
3 changed files with 88 additions and 1 deletions
--- a/apps/block_scout_web/config/config.exs
+++ b/apps/block_scout_web/config/config.exs
@ -10,7 +10,8 @@ config :block_scout_web,
  namespace: BlockScoutWeb,
  ecto_repos: [Explorer.Repo],
  version: System.get_env("BLOCKSCOUT_VERSION"),
-  release_link: System.get_env("RELEASE_LINK")
+  release_link: System.get_env("RELEASE_LINK"),
  decompiled_smart_contract_token: System.get_env("DECOMPILED_SMART_CONTRACT_TOKEN")
 config :block_scout_web, BlockScoutWeb.Chain,
  network: System.get_env("NETWORK"),
--- a/apps/block_scout_web/lib/block_scout_web/controllers/api/v1/decompiled_smart_contract_controller.ex
+++ b/apps/block_scout_web/lib/block_scout_web/controllers/api/v1/decompiled_smart_contract_controller.ex
@ -0,0 +1,30 @@
 defmodule BlockScoutWeb.API.V1.DecompiledSmartContractController do
  use BlockScoutWeb, :controller
  alias Explorer.Chain
  def create(conn, params) do
    if auth_token(conn) == actual_token() do
      case Chain.create_decompiled_smart_contract(params) do
        {:ok, _decompiled_source_code} ->
          put_status(conn, :created)
        {:error, _changeset} ->
          put_status(conn, :unprocessable_entity)
      end
    else
      put_status(conn, :forbidden)
    end
  end
  defp auth_token(conn) do
    case get_req_header(conn, "auth_token") do
      [token] -> token
      other -> other
    end
  end
  defp actual_token do
    Application.get_env(:block_scout_web, :decompiled_smart_contract_token)
  end
 end
--- a/apps/block_scout_web/test/block_scout_web/controllers/api/v1/decompiled_smart_contract_controller_test.exs
+++ b/apps/block_scout_web/test/block_scout_web/controllers/api/v1/decompiled_smart_contract_controller_test.exs
@ -0,0 +1,56 @@
 defmodule BlockScoutWeb.API.V1.DecompiledControllerTest do
  use BlockScoutWeb.ConnCase
  alias Explorer.Repo
  alias Explorer.Chain.DecompiledSmartContract
  import Ecto.Query,
    only: [from: 2]
  @secret "secret"
  describe "when used authorized" do
    setup %{conn: conn} = context do
      Application.put_env(:block_scout_web, :decompiled_smart_contract_token, @secret)
      auth_conn = conn |> put_req_header("auth_token", @secret)
      {:ok, Map.put(context, :conn, auth_conn)}
    end
    test "returns unprocessable_entity status when params are invalid", %{conn: conn} do
      request = post(conn, api_v1_decompiled_smart_contract_path(conn, :create))
      assert request.status == 422
    end
    test "creates decompiled smart contract", %{conn: conn} do
      address_hash = to_string(insert(:address).hash)
      decompiler_version = "test_decompiler"
      decompiled_source_code = "hello world"
      params = %{
        "address_hash" => address_hash,
        "decompiler_version" => decompiler_version,
        "decompiled_source_code" => decompiled_source_code
      }
      request = post(conn, api_v1_decompiled_smart_contract_path(conn, :create), params)
      assert request.status == 201
      decompiled_smart_contract = Repo.one!(from(d in DecompiledSmartContract, where: d.address_hash == ^address_hash))
      assert to_string(decompiled_smart_contract.address_hash) == address_hash
      assert decompiled_smart_contract.decompiler_version == decompiler_version
      assert decompiled_smart_contract.decompiled_source_code == decompiled_source_code
    end
  end
  describe "when user is not authorized" do
    test "returns forbedden", %{conn: conn} do
      request = post(conn, api_v1_decompiled_smart_contract_path(conn, :create))
      assert request.status == 403
    end
  end
 end