Add endpoint for verifying codility webhooks

This probably shouldn't live on this particular server, but it's a
convenient place to have some code, so...

Author: illicitonion

Cargo.lock

@@ -33,6 +33,7 @@ hyper-util = "0.1.14"
 indexmap = { version = "2.9.0", features = ["serde"] }
 itertools = "0.14.0"
 maplit = "1.0.2"
+md5 = "0.8.0"
 moka = { version = "0.12.10", features = ["future"] }
 octocrab = "0.44.1"
 octocrab-rate-limiter = "0.1.0"

Cargo.toml

@@ -1,4 +1,4 @@
-use axum::routing::get;
+use axum::routing::{get, post};
 use dotenv::dotenv;
 use tower_sessions::{Expiry, MemoryStore, SessionManagerLayer};
 use tracing::info;
@@ -115,6 +115,10 @@ async fn main() {
             "/api/expected-attendance",
             get(trainee_tracker::endpoints::expected_attendance),
         )
+        .route(
+            "/codility/verify-webhook",
+            post(trainee_tracker::codility::verify_webhook),
+        )
         .layer(session_layer)
         .with_state(server_state);
 

src/bin/trainee-tracker.rs

@@ -0,0 +1,38 @@
+use axum::{Json, body::Body, extract::Request};
+use futures::StreamExt;
+use http::HeaderMap;
+
+use crate::Error;
+
+// See Callback Authentication section of https://codility.com/api-documentation/#/operations/tests_invite_create
+pub async fn verify_webhook(
+    header_map: HeaderMap,
+    body: Request<Body>,
+) -> Result<Json<bool>, Error> {
+    let Some(auth_header) = header_map.get("authorization") else {
+        return Err(Error::UserFacing("Missing authorization header".to_owned()));
+    };
+    let Some(token) = auth_header.as_bytes().strip_prefix(b"Bearer ") else {
+        return Err(Error::UserFacing("Invalid authorization header".to_owned()));
+    };
+    let Some(posted_checksum) = header_map.get("checksum") else {
+        return Err(Error::UserFacing("Missing checksum header".to_owned()));
+    };
+
+    let mut hasher = md5::Context::new();
+
+    let mut data_stream = body.into_body().into_data_stream();
+    while let Some(chunk) = data_stream.next().await {
+        if let Ok(chunk) = chunk {
+            hasher.consume(chunk);
+        } else {
+            return Err(Error::UserFacing("Failed to read request body".to_owned()));
+        }
+    }
+    hasher.consume(token);
+    let digest = hasher.finalize();
+    let formatted_digest = format!("{:x}", digest);
+    Ok(Json(
+        formatted_digest.as_bytes() == posted_checksum.as_bytes(),
+    ))
+}

src/codility.rs

@@ -14,6 +14,7 @@ pub mod config;
 pub use config::Config;
 
 use crate::google_auth::GoogleScope;
+pub mod codility;
 pub mod course;
 pub mod endpoints;
 pub mod frontend;