feat: anonymous tokens

public/v1/components/schemas.yaml

@@ -75,7 +75,7 @@ components:
             Locations defined in a single string instead of the respective location properties.
             The API performs fuzzy matching on the `country`, `city`, `state`, `continent`, `region`, `asn` (using `AS` prefix, e.g., `AS123`), `tags`, and `network` values.
             Supports full names, ISO codes (where applicable), and common aliases.
-            Multiple conditions can be combined using the `+` character.
+            Multiple conditions can be combined using the `+` character, which behaves like a logical `AND`.
         limit:
           type: integer
           description: |

src/lib/http/auth.ts

@@ -13,7 +13,7 @@ const logger = scopedLogger('auth');
 const TOKEN_TTL = 2 * 60 * 1000;
 
 export type Token = {
-	user_created: string,
+	user_created?: string,
 	value: string,
 	expire: Date | null,
 	scopes: string[],
@@ -127,7 +127,7 @@ export class Auth {
 		}
 
 		await this.updateLastUsedDate(token);
-		return { userId: token.user_created, scopes: token.scopes };
+		return { userId: token.user_created, scopes: token.scopes, hashedToken: token.value };
 	}
 
 	private async updateLastUsedDate (token: Token) {

src/lib/http/middleware/authenticate.ts

@@ -37,7 +37,7 @@ export const authenticate = (): ExtendedMiddleware => {
 				return;
 			}
 
-			ctx.state.user = { id: result.userId, scopes: result.scopes, authMode: 'token' };
+			ctx.state.user = { id: result.userId, scopes: result.scopes, authMode: 'token', hashedToken: result.hashedToken };
 		} else if (sessionCookie) {
 			try {
 				const result = await jwtVerify<SessionCookiePayload>(sessionCookie, sessionKey);
@@ -53,4 +53,4 @@ export const authenticate = (): ExtendedMiddleware => {
 };
 
 export type AuthenticateOptions = { session: { cookieName: string, cookieSecret: string } };
-export type AuthenticateState = { user?: { id: string, scopes?: string[], authMode: 'cookie' | 'token' } };
+export type AuthenticateState = { user?: { id: string | undefined, scopes?: string[], hashedToken?: string, authMode: 'cookie' | 'token' } };

src/lib/rate-limiter/rate-limiter-post.ts

@@ -27,10 +27,10 @@ const getRateLimiter = (ctx: ExtendedContext): {
 	id: string,
 	rateLimiter: RateLimiterRedis
 } => {
-	if (ctx.state.user?.id) {
+	if (ctx.state.user) {
 		return {
 			type: 'user',
-			id: ctx.state.user.id,
+			id: ctx.state.user.id ?? ctx.state.user.hashedToken ?? '',
 			rateLimiter: authenticatedRateLimiter,
 		};
 	}

src/probe/probes-location-filter.ts

@@ -16,7 +16,7 @@ const locationKeyMap = [
 
 export class ProbesLocationFilter {
 	static magicFilter (probes: Probe[], magicLocation: string) {
-		let filteredProbes = probes;
+		let resultProbes = probes;
 		const keywords = magicLocation.split('+');
 
 		for (const keyword of keywords) {
@@ -31,26 +31,38 @@ export class ProbesLocationFilter {
 			}, Number.POSITIVE_INFINITY);
 			const noExactMatches = closestExactMatchPosition === Number.POSITIVE_INFINITY;
 
+			let filteredProbes = [];
+
 			if (noExactMatches) {
-				filteredProbes = filteredProbes.filter(probe => ProbesLocationFilter.getIndexPosition(probe, keyword) !== -1);
+				filteredProbes = resultProbes.filter(probe => ProbesLocationFilter.getIndexPosition(probe, keyword) !== -1);
 			} else {
-				filteredProbes = filteredProbes.filter(probe => ProbesLocationFilter.getExactIndexPosition(probe, keyword) === closestExactMatchPosition);
+				filteredProbes = resultProbes.filter(probe => ProbesLocationFilter.getExactIndexPosition(probe, keyword) === closestExactMatchPosition);
+			}
+
+			if (filteredProbes.length === 0) {
+				filteredProbes = resultProbes.filter(probe => ProbesLocationFilter.hasUserTag(probe, keyword.toLowerCase()));
 			}
+
+			resultProbes = filteredProbes;
 		}
 
-		return filteredProbes;
+		return resultProbes;
+	}
+
+	static getExactIndexPosition (probe: Probe, filterValue: string) {
+		return probe.index.findIndex(category => category.some(index => index === filterValue.toLowerCase().replaceAll('-', ' ').trim()));
 	}
 
-	static getExactIndexPosition (probe: Probe, value: string) {
-		return probe.index.findIndex(category => category.some(index => index === value.toLowerCase().replaceAll('-', ' ').trim()));
+	static getIndexPosition (probe: Probe, filterValue: string) {
+		return probe.index.findIndex(category => category.some(index => index.includes(filterValue.toLowerCase().replaceAll('-', ' ').trim())));
 	}
 
-	static getIndexPosition (probe: Probe, value: string) {
-		return probe.index.findIndex(category => category.some(index => index.includes(value.toLowerCase().replaceAll('-', ' ').trim())));
+	static hasTag (probe: Probe, filterValue: string) {
+		return probe.tags.some(({ value }) => value.toLowerCase() === filterValue);
 	}
 
-	static hasTag (probe: Probe, tag: string) {
-		return probe.tags.some(({ value }) => value.toLowerCase() === tag);
+	static hasUserTag (probe: Probe, filterValue: string) {
+		return probe.tags.filter(({ type }) => type === 'user').some(({ value }) => value.toLowerCase() === filterValue);
 	}
 
 	public filterGloballyDistibuted (probes: Probe[], limit: number): Probe[] {

test/tests/integration/measurement/create-measurement.test.ts

@@ -6,19 +6,20 @@ import type { Socket } from 'socket.io-client';
 import nockGeoIpProviders from '../../../utils/nock-geo-ip.js';
 import { client } from '../../../../src/lib/sql/client.js';
 import type { ProbeOverride } from '../../../../src/lib/override/probe-override.js';
-import { waitForProbesUpdate } from '../../../utils/server.js';
+import geoIpMocks from '../../../mocks/nock-geoip.json' assert { type: 'json' };
 
 describe('Create measurement', () => {
 	let addFakeProbe: () => Promise<Socket>;
-	let deleteFakeProbes: () => Promise<void>;
+	let deleteFakeProbes: (probes?: Socket[]) => Promise<void>;
+	let waitForProbesUpdate: () => Promise<void>;
 	let getTestServer;
 	let requestAgent: Agent;
 	let probeOverride: ProbeOverride;
 	let ADOPTED_PROBES_TABLE: string;
 
 	before(async () => {
 		await td.replaceEsm('../../../../src/lib/ip-ranges.ts', { getRegion: () => 'gcp-us-west4', populateMemList: () => Promise.resolve() });
-		({ getTestServer, addFakeProbe, deleteFakeProbes } = await import('../../../utils/server.js'));
+		({ getTestServer, addFakeProbe, deleteFakeProbes, waitForProbesUpdate } = await import('../../../utils/server.js'));
 		({ ADOPTED_PROBES_TABLE } = await import('../../../../src/lib/override/adopted-probes.js'));
 		({ probeOverride } = await import('../../../../src/lib/ws/server.js'));
 		const app = await getTestServer();
@@ -754,15 +755,93 @@ describe('Create measurement', () => {
 					});
 			});
 
-			it('should not use create measurement with adopted tag in magic field "magic: ["u-jsdelivr-dashboard-tag"]" location', async () => {
+			describe('user tag in magic field', () => {
+				let probe2: Socket;
+				before(async () => {
+					nock('https://ipmap-api.ripe.net/v1/locate/').get(/.*/).reply(400);
+					nock('https://api.ip2location.io').get(/.*/).reply(400);
+					nock('https://globalping-geoip.global.ssl.fastly.net').get(/.*/).reply(400);
+					nock('https://geoip.maxmind.com/geoip/v2.1/city/').get(/.*/).reply(400);
+
+					// Creating an AR probe which has a tag value inside of the content (network name).
+					nock('https://ipinfo.io').get(/.*/).reply(200, {
+						...geoIpMocks.ipinfo.argentina,
+						org: 'AS61004 InterBS u-jsdelivr-dashboard-tag S.R.L.',
+					});
+
+					probe2 = await addFakeProbe();
+					probe2.emit('probe:status:update', 'ready');
+					probe2.emit('probe:isIPv4Supported:update', true);
+					probe2.emit('probe:isIPv6Supported:update', true);
+					await waitForProbesUpdate();
+				});
+
+				after(() => {
+					deleteFakeProbes([ probe2 ]);
+				});
+
+				it('should prefer a probe with a match in other field over the probe with match in user tag', async () => {
+					let measurementId;
+					await requestAgent.post('/v1/measurements')
+						.send({
+							type: 'ping',
+							target: 'example.com',
+							locations: [{ magic: 'u-jsdelivr-dashboard-tag', limit: 2 }],
+						})
+						.expect(202)
+						.expect((response) => {
+							measurementId = response.body.id;
+							expect(response.body.id).to.exist;
+							expect(response.header['location']).to.exist;
+							expect(response.body.probesCount).to.equal(1);
+							expect(response).to.matchApiSchema();
+						});
+
+					await requestAgent.get(`/v1/measurements/${measurementId}`)
+						.expect(200)
+						.expect((response) => {
+							expect(response.body.results[0].probe.country).to.equal('AR');
+						});
+				});
+			});
+
+			it('should prefer a probe with user tag in a magic field if there are no matches in other fields', async () => {
+				let measurementId;
 				await requestAgent.post('/v1/measurements')
 					.send({
 						type: 'ping',
 						target: 'example.com',
 						locations: [{ magic: 'u-jsdelivr-dashboard-tag', limit: 2 }],
 					})
-					.expect(422).expect((response) => {
-						expect(response.body.error.message).to.equal('No suitable probes supporting IPv4 found.');
+					.expect(202)
+					.expect((response) => {
+						measurementId = response.body.id;
+						expect(response.body.id).to.exist;
+						expect(response.header['location']).to.exist;
+						expect(response.body.probesCount).to.equal(1);
+						expect(response).to.matchApiSchema();
+					});
+
+				await requestAgent.get(`/v1/measurements/${measurementId}`)
+					.expect(200)
+					.expect((response) => {
+						expect(response.body.results[0].probe.country).to.equal('US');
+					});
+			});
+
+			it('should prefer a probe with any-case user tag in a magic field if there are no matches in other fields', async () => {
+				await requestAgent.post('/v1/measurements')
+					.send({
+						type: 'ping',
+						target: 'example.com',
+						locations: [{ magic: 'U-JSdelivr-Dashboard-TAG', limit: 2 }],
+					})
+					.expect(202)
+					.expect((response) => {
+						expect(response.body.id).to.exist;
+						expect(response.header['location']).to.exist;
+						expect(response.body.probesCount).to.equal(1);
+						expect(response).to.matchApiSchema();
 					});
 			});
 		});

test/tests/integration/ratelimit.test.ts

@@ -40,11 +40,15 @@ describe('rate limiter', () => {
 
 		await waitForProbesUpdate();
 
-		await client(GP_TOKENS_TABLE).insert({
+		await client(GP_TOKENS_TABLE).insert([{
 			name: 'test token',
 			user_created: '89da69bd-a236-4ab7-9c5d-b5f52ce09959',
 			value: 'Xj6kuKFEQ6zI60mr+ckHG7yQcIFGMJFzvtK9PBQ69y8=', // token: qz5kdukfcr3vggv3xbujvjwvirkpkkpx
-		});
+		}, {
+			name: 'anon token',
+			user_created: null,
+			value: '1CJTN06QAyM2JYA3r2FwaSytXEWg1r50xNlUyC1G98w=', // token: t6jy4n6nw5jdqxhs5wlkvw7tqsabt734
+		}]);
 	});
 
 
@@ -279,6 +283,18 @@ describe('rate limiter', () => {
 
 			expect(response.headers['retry-after']).to.equal('5');
 		});
+
+		it('should use hashed token as a key for anonymous tokens', async () => {
+			await requestAgent.post('/v1/measurements')
+				.set('Authorization', 'Bearer t6jy4n6nw5jdqxhs5wlkvw7tqsabt734')
+				.send({
+					type: 'ping',
+					target: 'jsdelivr.com',
+				}).expect(202) as Response;
+
+			const rateLimiterRes = await authenticatedPostRateLimiter.get(`1CJTN06QAyM2JYA3r2FwaSytXEWg1r50xNlUyC1G98w=`);
+			expect(rateLimiterRes?.remainingPoints).to.equal(249);
+		});
 	});
 
 	describe('access with credits', () => {

test/tests/unit/auth.test.ts

@@ -37,7 +37,12 @@ describe('Auth', () => {
 		await clock.tickAsync(60_000);
 
 		const user1 = await auth.validate('hf2fnprguymlgliirdk7qv23664c2xcr', 'https://jsdelivr.com');
-		expect(user1).to.deep.equal({ userId: 'user1', scopes: [] });
+		expect(user1).to.deep.equal({
+			userId: 'user1',
+			scopes: [],
+			hashedToken: '/bSluuDrAPX9zIiZZ/hxEKARwOg+e//EdJgCFpmApbg=',
+		});
+
 		const user2 = await auth.validate('vumzijbzihrskmc2hj34yw22batpibmt', 'https://jsdelivr.com');
 		expect(user2).to.equal(null);
 
@@ -53,7 +58,12 @@ describe('Auth', () => {
 		const user1afterSync = await auth.validate('hf2fnprguymlgliirdk7qv23664c2xcr', 'https://jsdelivr.com');
 		expect(user1afterSync).to.equal(null);
 		const user2afterSync = await auth.validate('vumzijbzihrskmc2hj34yw22batpibmt', 'https://jsdelivr.com');
-		expect(user2afterSync).to.deep.equal({ userId: 'user2', scopes: [] });
+		expect(user2afterSync).to.deep.equal({
+			userId: 'user2',
+			scopes: [],
+			hashedToken: '8YZ2pZoGQxfOeEGvUUkagX1yizZckq3weL+IN0chvU0=',
+		});
+
 		auth.unscheduleSync();
 	});
 
@@ -72,7 +82,12 @@ describe('Auth', () => {
 		await auth.validate('hf2fnprguymlgliirdk7qv23664c2xcr', 'https://jsdelivr.com');
 		await auth.validate('hf2fnprguymlgliirdk7qv23664c2xcr', 'https://jsdelivr.com');
 
-		expect(user).to.deep.equal({ userId: 'user1', scopes: [] });
+		expect(user).to.deep.equal({
+			userId: 'user1',
+			scopes: [],
+			hashedToken: '/bSluuDrAPX9zIiZZ/hxEKARwOg+e//EdJgCFpmApbg=',
+		});
+
 		expect(selectStub.callCount).to.equal(1);
 	});
 
@@ -89,7 +104,12 @@ describe('Auth', () => {
 		await auth.validate('hf2fnprguymlgliirdk7qv23664c2xcr', 'https://jsdelivr.com');
 		await auth.validate('hf2fnprguymlgliirdk7qv23664c2xcr', 'https://jsdelivr.com');
 
-		expect(user).to.deep.equal({ userId: 'user1', scopes: [] });
+		expect(user).to.deep.equal({
+			userId: 'user1',
+			scopes: [],
+			hashedToken: '/bSluuDrAPX9zIiZZ/hxEKARwOg+e//EdJgCFpmApbg=',
+		});
+
 		expect(selectStub.callCount).to.equal(1);
 	});
 

test/utils/server.ts

@@ -72,8 +72,8 @@ export const addFakeProbes = async (count: number, events: object = {}, options:
 	});
 };
 
-export const deleteFakeProbes = async (): Promise<void> => {
-	const sockets = await fetchRawSockets();
+export const deleteFakeProbes = async (socketsToDelete?: Socket[]): Promise<void> => {
+	const sockets = socketsToDelete?.length ? socketsToDelete : await fetchRawSockets();
 
 	for (const socket of sockets) {
 		socket.disconnect(true);