Feat: Log Request IP (#203)

* Add filter to put Request IP in MDC

* Fix Checkstyle

* Fix DI for Auth-Filter

src/main/java/eu/europa/ec/dgc/gateway/repository/SignerInformationRepository.java

@@ -77,13 +77,13 @@ List<SignerInformationEntity> getByCertificateTypeAndCountryAndDeletedAtIsNull(
 
     @Query(SELECT_BY_TYPE_SINCE)
     List<SignerInformationEntity> getByCertificateTypeIsSince(
-      @Param("certType") SignerInformationEntity.CertificateType type,
-      @Param("since") ZonedDateTime since);
+        @Param("certType") SignerInformationEntity.CertificateType type,
+        @Param("since") ZonedDateTime since);
 
     @Query(SELECT_BY_TYPE_SINCE)
     List<SignerInformationEntity> getByCertificateTypeIsSince(
-      @Param("certType") SignerInformationEntity.CertificateType type,
-      @Param("since") ZonedDateTime since, Pageable pageable);
+        @Param("certType") SignerInformationEntity.CertificateType type,
+        @Param("since") ZonedDateTime since, Pageable pageable);
 
     @Query(SELECT_BY_TYPE_AND_COUNTRY_SINCE)
     List<SignerInformationEntity> getByCertificateTypeAndCountryIsSince(

src/main/java/eu/europa/ec/dgc/gateway/repository/TrustedPartyRepository.java

@@ -55,13 +55,13 @@ Optional<TrustedPartyEntity> getFirstByThumbprintAndCertificateType(
 
     @Query(SELECT_BY_TYPE_SINCE)
     List<TrustedPartyEntity> getByCertificateTypeIsSince(
-      @Param("certType") TrustedPartyEntity.CertificateType type,
-      @Param("since") ZonedDateTime since);
+        @Param("certType") TrustedPartyEntity.CertificateType type,
+        @Param("since") ZonedDateTime since);
 
     @Query(SELECT_BY_TYPE_AND_COUNTRY_SINCE)
     List<TrustedPartyEntity> getByCountryAndCertificateTypeIsSince(
-      @Param("country") String countryCode,
-      @Param("certType") TrustedPartyEntity.CertificateType type,
-      @Param("since") ZonedDateTime since);
+        @Param("country") String countryCode,
+        @Param("certType") TrustedPartyEntity.CertificateType type,
+        @Param("since") ZonedDateTime since);
 
 }

src/main/java/eu/europa/ec/dgc/gateway/restapi/controller/CertificateRevocationListController.java

@@ -76,7 +76,7 @@ public class CertificateRevocationListController {
     private final RevocationBatchMapper revocationBatchMapper;
 
     public static final String UUID_REGEX =
-      "^[0-9a-f]{8}\\b-[0-9a-f]{4}\\b-[0-9a-f]{4}\\b-[0-9a-f]{4}\\b-[0-9a-f]{12}$";
+        "^[0-9a-f]{8}\\b-[0-9a-f]{4}\\b-[0-9a-f]{4}\\b-[0-9a-f]{4}\\b-[0-9a-f]{12}$";
 
     private static final String MDC_DOWNLOADER_COUNTRY = "downloaderCountry";
     private static final String MDC_DOWNLOADED_COUNTRY = "downloadedCountry";
@@ -88,19 +88,19 @@ public class CertificateRevocationListController {
     @CertificateAuthenticationRequired(requiredRoles = CertificateAuthenticationRole.RevocationListReader)
     @GetMapping(path = "", produces = MediaType.APPLICATION_JSON_VALUE)
     @Operation(
-      security = {
-        @SecurityRequirement(name = OpenApiConfig.SECURITY_SCHEMA_HASH),
-        @SecurityRequirement(name = OpenApiConfig.SECURITY_SCHEMA_DISTINGUISH_NAME)
-      },
-      tags = {"Revocation"},
-      summary = "Download Batch List",
-      description = "Returning a list of batches with a small wrapper providing metadata."
-        + " The batches are sorted by date in ascending (chronological) order.",
-      parameters = {
-        @Parameter(
-          in = ParameterIn.HEADER,
-          name = HttpHeaders.IF_MODIFIED_SINCE,
-          description = "This header contains the last downloaded date to get just the latest results. "
+        security = {
+            @SecurityRequirement(name = OpenApiConfig.SECURITY_SCHEMA_HASH),
+            @SecurityRequirement(name = OpenApiConfig.SECURITY_SCHEMA_DISTINGUISH_NAME)
+        },
+        tags = {"Revocation"},
+        summary = "Download Batch List",
+        description = "Returning a list of batches with a small wrapper providing metadata."
+            + " The batches are sorted by date in ascending (chronological) order.",
+        parameters = {
+            @Parameter(
+                in = ParameterIn.HEADER,
+                name = HttpHeaders.IF_MODIFIED_SINCE,
+                description = "This header contains the last downloaded date to get just the latest results. "
                     + "On the initial call the header should be the set to ‘2021-06-01T00:00:00Z’",
                 required = true)
         },
@@ -155,22 +155,22 @@ public ResponseEntity<RevocationBatchListDto> downloadBatchList(
                 required = true)
         },
         responses = {
-          @ApiResponse(
-            responseCode = "200",
-            description = "Response contains the batch.",
-            content = @Content(schema = @Schema(implementation = RevocationBatchDto.class)),
-            headers = @Header(name = HttpHeaders.ETAG, description = "Batch ID")),
-          @ApiResponse(
-            responseCode = "404",
-            description = "Batch does not exist."),
-          @ApiResponse(
-            responseCode = "410",
-            description = "Batch already deleted.")
+            @ApiResponse(
+                responseCode = "200",
+                description = "Response contains the batch.",
+                content = @Content(schema = @Schema(implementation = RevocationBatchDto.class)),
+                headers = @Header(name = HttpHeaders.ETAG, description = "Batch ID")),
+            @ApiResponse(
+                responseCode = "404",
+                description = "Batch does not exist."),
+            @ApiResponse(
+                responseCode = "410",
+                description = "Batch already deleted.")
         }
     )
     public ResponseEntity<String> downloadBatch(
-      @Valid @PathVariable("batchId") @Pattern(regexp = UUID_REGEX) String batchId,
-      @RequestAttribute(CertificateAuthenticationFilter.REQUEST_PROP_COUNTRY) String downloaderCountry) {
+        @Valid @PathVariable("batchId") @Pattern(regexp = UUID_REGEX) String batchId,
+        @RequestAttribute(CertificateAuthenticationFilter.REQUEST_PROP_COUNTRY) String downloaderCountry) {
 
         try {
             RevocationBatchDownload download = revocationListService.getRevocationBatch(batchId);
@@ -183,9 +183,9 @@ public ResponseEntity<String> downloadBatch(
             log.info("Revocation Batch downloaded.");
 
             return ResponseEntity
-              .ok()
-              .header(HttpHeaders.ETAG, download.getBatchId())
-              .body(download.getSignedCms());
+                .ok()
+                .header(HttpHeaders.ETAG, download.getBatchId())
+                .body(download.getSignedCms());
 
         } catch (RevocationListService.RevocationBatchServiceException e) {
             switch (e.getReason()) {

src/main/java/eu/europa/ec/dgc/gateway/restapi/filter/CertificateAuthenticationFilter.java

@@ -42,6 +42,7 @@
 import lombok.extern.slf4j.Slf4j;
 import org.bouncycastle.util.encoders.DecoderException;
 import org.bouncycastle.util.encoders.Hex;
+import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.http.HttpStatus;
 import org.springframework.stereotype.Component;
 import org.springframework.web.filter.OncePerRequestFilter;
@@ -58,6 +59,7 @@ public class CertificateAuthenticationFilter extends OncePerRequestFilter {
     public static final String REQUEST_PROP_COUNTRY = "reqPropCountry";
     public static final String REQUEST_PROP_THUMBPRINT = "reqPropCertThumbprint";
 
+    @Qualifier("requestMappingHandlerMapping")
     private final RequestMappingHandlerMapping requestMap;
 
     private final DgcConfigProperties properties;

src/main/java/eu/europa/ec/dgc/gateway/restapi/filter/IpLoggingFilter.java

@@ -0,0 +1,62 @@
+/*-
+ * ---license-start
+ * EU Digital Green Certificate Gateway Service / dgc-gateway
+ * ---
+ * Copyright (C) 2021 - 2022 T-Systems International GmbH and all other contributors
+ * ---
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ---license-end
+ */
+
+package eu.europa.ec.dgc.gateway.restapi.filter;
+
+import eu.europa.ec.dgc.gateway.utils.DgcMdc;
+import java.io.IOException;
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import lombok.AllArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.stereotype.Component;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+@Slf4j
+@Component
+@AllArgsConstructor
+public class IpLoggingFilter extends OncePerRequestFilter {
+
+    public static final String MDC_PROPERTY_SOURCE_IP = "sourceIP";
+
+    public static final String HTTP_HEADER_FORWARDED_FOR = "X-Forwarded-For";
+
+    @Override
+    protected void doFilterInternal(
+        HttpServletRequest httpServletRequest,
+        HttpServletResponse httpServletResponse,
+        FilterChain filterChain
+    ) throws ServletException, IOException {
+        logger.debug("Checking request for X-Forwarded-For headers");
+
+        String headerForwardedFor =
+            httpServletRequest.getHeader(HTTP_HEADER_FORWARDED_FOR);
+
+        if (headerForwardedFor == null) {
+            log.error("No source IP in request");
+        } else {
+            DgcMdc.put(MDC_PROPERTY_SOURCE_IP, headerForwardedFor);
+        }
+
+        filterChain.doFilter(httpServletRequest, httpServletResponse);
+    }
+}