Add end 2 end testing

.gitignore

@@ -11,7 +11,7 @@
 # Test binary, built with `go test -c`
 *.test
 bin/
-
+.DS_Store
 # Output of the go coverage tool, specifically when used with LiteIDE
 *.out
 

Makefile

@@ -18,7 +18,7 @@ VERSION   := $(shell git describe --tags || echo "v0.0.0")
 VER_CUT   := $(shell echo $(VERSION) | cut -c2-)
 
 # Dependency versions
-GOLANGCI_VERSION   = v1.56.2
+GOLANGCI_VERSION   = latest
 GQLGEN_VERSION     = $(shell go list -m -f '{{.Version}}' github.com/99designs/gqlgen)
 MODEL_GARAGE_VERSION = $(shell go list -m -f '{{.Version}}' github.com/DIMO-Network/model-garage)
 MOCKGEN_VERSION    = $(shell go list -m -f '{{.Version}}' go.uber.org/mock)

cmd/telemetry-api/main.go

@@ -1,108 +1,45 @@
 package main
 
 import (
-	"context"
-	"errors"
 	"flag"
 	"fmt"
 	"net/http"
 	"os"
 	"strconv"
 
-	"github.com/99designs/gqlgen/graphql"
-	"github.com/99designs/gqlgen/graphql/handler"
 	"github.com/99designs/gqlgen/graphql/playground"
-	"github.com/DIMO-Network/clickhouse-infra/pkg/connect"
 	"github.com/DIMO-Network/shared"
-	"github.com/DIMO-Network/telemetry-api/internal/auth"
+	"github.com/DIMO-Network/telemetry-api/internal/app"
 	"github.com/DIMO-Network/telemetry-api/internal/config"
-	"github.com/DIMO-Network/telemetry-api/internal/graph"
-	"github.com/DIMO-Network/telemetry-api/internal/limits"
-	"github.com/DIMO-Network/telemetry-api/internal/repositories"
-	"github.com/DIMO-Network/telemetry-api/internal/repositories/vc"
-	"github.com/DIMO-Network/telemetry-api/internal/service/ch"
-	"github.com/DIMO-Network/telemetry-api/internal/service/identity"
-	"github.com/aws/aws-sdk-go-v2/aws"
-	"github.com/aws/aws-sdk-go-v2/credentials"
-	"github.com/aws/aws-sdk-go-v2/service/s3"
-	"github.com/ethereum/go-ethereum/common"
 	"github.com/gofiber/fiber/v2"
 	"github.com/gofiber/fiber/v2/middleware/adaptor"
 	"github.com/prometheus/client_golang/prometheus/promhttp"
 	"github.com/rs/zerolog"
-	"github.com/vektah/gqlparser/v2/gqlerror"
 )
 
 func main() {
-	ctx := context.Background()
 	logger := zerolog.New(os.Stdout).With().Timestamp().Str("app", "telemetry-api").Logger()
-	// create a flag for the settings file
+
 	settingsFile := flag.String("settings", "settings.yaml", "settings file")
 	flag.Parse()
+
 	settings, err := shared.LoadConfig[config.Settings](*settingsFile)
 	if err != nil {
 		logger.Fatal().Err(err).Msg("Couldn't load settings.")
 	}
-	// create clickhouse connection
-	_ = ctx
 
-	idService := identity.NewService(settings.IdentityAPIURL, settings.IdentityAPIReqTimeoutSeconds)
-	repoLogger := logger.With().Str("component", "repository").Logger()
-	chService, err := ch.NewService(settings)
+	application, err := app.New(settings, &logger)
 	if err != nil {
-		logger.Fatal().Err(err).Msg("Couldn't create ClickHouse service.")
-	}
-	baseRepo, err := repositories.NewRepository(&repoLogger, chService, settings.DeviceLastSeenBinHrs)
-	if err != nil {
-		logger.Fatal().Err(err).Msg("Couldn't create base repository.")
-	}
-	vcRepo, err := newVinVCServiceFromSettings(settings, &logger)
-	if err != nil {
-		logger.Fatal().Err(err).Msg("Couldn't create VINVC repository.")
-	}
-	resolver := &graph.Resolver{
-		Repository:      baseRepo,
-		IdentityService: idService,
-		VCRepo:          vcRepo,
+		logger.Fatal().Err(err).Msg("Couldn't create application.")
 	}
-
-	cfg := graph.Config{Resolvers: resolver}
-	cfg.Directives.RequiresVehicleToken = auth.NewVehicleTokenCheck(settings.VehicleNFTAddress)
-	cfg.Directives.RequiresManufacturerToken = auth.NewManufacturerTokenCheck(settings.ManufacturerNFTAddress, idService)
-	cfg.Directives.RequiresPrivileges = auth.PrivilegeCheck
-	cfg.Directives.IsSignal = noOp
-	cfg.Directives.HasAggregation = noOp
-	cfg.Directives.OneOf = noOp
+	defer application.Cleanup()
 
 	serveMonitoring(strconv.Itoa(settings.MonPort), &logger)
 
-	server := handler.NewDefaultServer(graph.NewExecutableSchema(cfg))
-	errLogger := logger.With().Str("component", "gql").Logger()
-	server.SetErrorPresenter(errorHandler(errLogger))
-
-	logger.Info().Str("jwksUrl", settings.TokenExchangeJWTKeySetURL).Str("issuerURL", settings.TokenExchangeIssuer).Str("vehicleAddr", settings.VehicleNFTAddress).Msg("Privileges enabled.")
-
-	authMiddleware, err := auth.NewJWTMiddleware(settings.TokenExchangeIssuer, settings.TokenExchangeJWTKeySetURL, settings.VehicleNFTAddress, settings.ManufacturerNFTAddress, &logger)
-	if err != nil {
-		logger.Fatal().Err(err).Msg("Couldn't create JWT middleware.")
-	}
-
-	limiter, err := limits.New(settings.MaxRequestDuration)
-	if err != nil {
-		logger.Fatal().Err(err).Msg("Couldn't create request time limit middleware.")
-	}
-
 	http.Handle("/", playground.Handler("GraphQL playground", "/query"))
-
-	authedHandler := limiter.AddRequestTimeout(
-		authMiddleware.CheckJWT(
-			auth.AddClaimHandler(server, &logger, settings.VehicleNFTAddress, settings.ManufacturerNFTAddress),
-		),
-	)
-	http.Handle("/query", authedHandler)
+	http.Handle("/query", application.Handler)
 
 	logger.Info().Msgf("Server started on port: %d", settings.Port)
-
 	logger.Fatal().Err(http.ListenAndServe(fmt.Sprintf(":%d", settings.Port), nil)).Msg("Server shut down.")
 }
 
@@ -122,52 +59,3 @@ func serveMonitoring(port string, logger *zerolog.Logger) *fiber.App {
 
 	return monApp
 }
-
-// errorHandler is a custom error handler for gqlgen
-func errorHandler(log zerolog.Logger) func(ctx context.Context, e error) *gqlerror.Error {
-	return func(ctx context.Context, e error) *gqlerror.Error {
-		var gqlErr *gqlerror.Error
-		if errors.As(e, &gqlErr) {
-			return gqlErr
-		}
-		log.Error().Err(e).Msg("Internal server error")
-		return gqlerror.Errorf("internal server error")
-	}
-}
-
-func noOp(ctx context.Context, obj interface{}, next graphql.Resolver) (res interface{}, err error) {
-	return next(ctx)
-}
-
-func newVinVCServiceFromSettings(settings config.Settings, parentLogger *zerolog.Logger) (*vc.Repository, error) {
-	chConfig := settings.CLickhouse
-	chConfig.Database = settings.ClickhouseFileIndexDatabase
-	chConn, err := connect.GetClickhouseConn(&chConfig)
-	if err != nil {
-		return nil, fmt.Errorf("failed to get clickhouse connection: %w", err)
-	}
-	s3Client, err := s3ClientFromSettings(&settings)
-	if err != nil {
-		return nil, fmt.Errorf("failed to create s3 client: %w", err)
-	}
-	vinvcLogger := parentLogger.With().Str("component", "vinvc").Logger()
-	if !common.IsHexAddress(settings.VehicleNFTAddress) {
-		return nil, fmt.Errorf("invalid vehicle address: %s", settings.VehicleNFTAddress)
-	}
-	vehicleAddr := common.HexToAddress(settings.VehicleNFTAddress)
-	return vc.New(chConn, s3Client, settings.VCBucket, settings.VINVCDataType, settings.POMVCDataType, uint64(settings.ChainID), vehicleAddr, &vinvcLogger), nil
-}
-
-// s3ClientFromSettings creates an S3 client from the given settings.
-func s3ClientFromSettings(settings *config.Settings) (*s3.Client, error) {
-	// Create an AWS session
-	conf := aws.Config{
-		Region: settings.S3AWSRegion,
-		Credentials: credentials.NewStaticCredentialsProvider(
-			settings.S3AWSAccessKeyID,
-			settings.S3AWSSecretAccessKey,
-			"",
-		),
-	}
-	return s3.NewFromConfig(conf), nil
-}

e2e/auth_server_test.go

@@ -0,0 +1,168 @@
+package e2e_test
+
+import (
+	"crypto/rand"
+	"crypto/rsa"
+	"encoding/hex"
+	"encoding/json"
+	"fmt"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+
+	"github.com/go-jose/go-jose/v4"
+)
+
+type mockAuthServer struct {
+	server                      *httptest.Server
+	signer                      jose.Signer
+	jwks                        jose.JSONWebKey
+	defaultClaims               map[string]any
+	VehicleContractAddress      string
+	ManufacturerContractAddress string
+}
+
+func setupAuthServer(t *testing.T, vehicleContractAddress, manufacturerContractAddress string) *mockAuthServer {
+	t.Helper()
+
+	// Generate RSA key
+	sk, err := rsa.GenerateKey(rand.Reader, 2048)
+	if err != nil {
+		t.Fatalf("Failed to generate RSA key: %v", err)
+	}
+
+	// Generate key ID
+	b := make([]byte, 20)
+	if _, err := rand.Read(b); err != nil {
+		t.Fatalf("Failed to generate key ID: %v", err)
+	}
+	keyID := hex.EncodeToString(b)
+
+	// Create JWK
+	jwk := jose.JSONWebKey{
+		Key:       sk.Public(),
+		KeyID:     keyID,
+		Algorithm: string(jose.RS256),
+		Use:       "sig",
+	}
+
+	// Create signer
+	sig, err := jose.NewSigner(jose.SigningKey{
+		Algorithm: jose.RS256,
+		Key:       sk,
+	}, &jose.SignerOptions{
+		ExtraHeaders: map[jose.HeaderKey]any{
+			"kid": keyID,
+		},
+	})
+	if err != nil {
+		t.Fatalf("Failed to create signer: %v", err)
+	}
+
+	defaultClaims := map[string]any{
+		"aud": []string{
+			"dimo.zone",
+		},
+		"exp": 9722006230,
+		"iat": 1721833430,
+		"iss": "http://127.0.0.1:3003",
+		"sub": "0xbA5738a18d83D41847dfFbDC6101d37C69c9B0cF/39718",
+	}
+
+	auth := &mockAuthServer{
+		signer:                      sig,
+		jwks:                        jwk,
+		defaultClaims:               defaultClaims,
+		VehicleContractAddress:      vehicleContractAddress,
+		ManufacturerContractAddress: manufacturerContractAddress,
+	}
+
+	// Create test server with only JWKS endpoint
+	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if r.URL.Path != "/keys" {
+			http.NotFound(w, r)
+			return
+		}
+		err := json.NewEncoder(w).Encode(jose.JSONWebKeySet{
+			Keys: []jose.JSONWebKey{jwk},
+		})
+		if err != nil {
+			http.Error(w, "Failed to encode JWKS", http.StatusInternalServerError)
+		}
+	}))
+
+	auth.server = server
+	return auth
+}
+
+func (m *mockAuthServer) sign(claims map[string]interface{}) (string, error) {
+	b, err := json.Marshal(claims)
+	if err != nil {
+		return "", fmt.Errorf("failed to marshal claims: %w", err)
+	}
+
+	out, err := m.signer.Sign(b)
+	if err != nil {
+		return "", fmt.Errorf("failed to sign claims: %w", err)
+	}
+
+	token, err := out.CompactSerialize()
+	if err != nil {
+		return "", fmt.Errorf("failed to serialize token: %w", err)
+	}
+
+	return token, nil
+}
+
+func (m *mockAuthServer) CreateToken(t *testing.T, customClaims map[string]interface{}, privileges []int) string {
+	t.Helper()
+
+	claims := make(map[string]interface{})
+	for k, v := range m.defaultClaims {
+		claims[k] = v
+	}
+	for k, v := range customClaims {
+		claims[k] = v
+	}
+
+	// Add privileges if provided
+	if privileges != nil {
+		claims["privilege_ids"] = privileges
+	}
+
+	token, err := m.sign(claims)
+	if err != nil {
+		t.Fatalf("Failed to create token: %v", err)
+	}
+
+	return token
+}
+
+func (m *mockAuthServer) URL() string {
+	return m.server.URL
+}
+
+func (m *mockAuthServer) Close() {
+	m.server.Close()
+}
+
+// Helper function to create test tokens with specific claims and privileges
+func (m *mockAuthServer) CreateVehicleToken(t *testing.T, tokenID string, privileges []int) string {
+	return m.CreateToken(t, map[string]interface{}{
+		"token_id":         tokenID,
+		"contract_address": m.VehicleContractAddress,
+	}, privileges)
+}
+
+func (m *mockAuthServer) CreateManufacturerToken(t *testing.T, tokenID string, privileges []int) string {
+	return m.CreateToken(t, map[string]interface{}{
+		"contract_address": m.ManufacturerContractAddress,
+		"token_id":         tokenID,
+	}, privileges)
+}
+
+func (m *mockAuthServer) CreateUserToken(t *testing.T, userID string, privileges []int) string {
+	return m.CreateToken(t, map[string]interface{}{
+		"sub": userID,
+	}, privileges)
+}