Author: momento-github-actions-machine-user

Makefile

@@ -205,6 +205,11 @@ endif
 test-http-service:
 	@echo "No tests for http service."
 
+# Run unit tests
+test-unit:
+	@echo "Running unit tests..."
+	@dotnet test ${TEST_LOGGER_OPTIONS} -f ${DOTNET_VERSION} --filter "FullyQualifiedName~Momento.Sdk.Tests.Unit"
+
 
 ## Run example applications and snippets
 run-examples:

src/Momento.Sdk/Auth/ApiKeyV2TokenProvider.cs

@@ -0,0 +1,59 @@
+namespace Momento.Sdk.Auth;
+
+using Momento.Sdk.Exceptions;
+using System;
+
+/// <summary>
+/// Reads a v2 api key and Momento service endpoint stored as strings.
+/// </summary>
+public class ApiKeyV2TokenProvider : ICredentialProvider
+{
+    // For v2 api keys, the original endpoint is necessary to reconstruct
+    // the provider in WithCacheEndpoint.
+    private readonly string origEndpoint;
+    /// <inheritdoc />
+    public string AuthToken { get; private set; }
+    /// <inheritdoc />
+    public string ControlEndpoint { get; private set; }
+    /// <inheritdoc />
+    public string CacheEndpoint { get; private set; }
+    /// <inheritdoc />
+    public string TokenEndpoint { get; private set; }
+    /// <inheritdoc />
+    public bool SecureEndpoints { get; private set; } = true;
+
+    /// <summary>
+    /// Constructs a ApiKeyV2TokenProvider from a v2 api key and endpoint.
+    /// </summary>
+    /// <param name="token">The v2 api key.</param>
+    /// <param name="endpoint">The Momento service endpoint.</param>
+    public ApiKeyV2TokenProvider(string token, string endpoint)
+    {
+        if (String.IsNullOrEmpty(endpoint))
+        {
+            throw new InvalidArgumentException($"Endpoint is empty or null.");
+        }
+        if (String.IsNullOrEmpty(token))
+        {
+            throw new InvalidArgumentException($"Auth token is empty or null.");
+        }
+        if (!AuthUtils.IsV2ApiKey(token))
+        {
+            throw new InvalidArgumentException("Received an invalid v2 API key. Are you using the correct key? Or did you mean to use `StringMomentoTokenProvider()` with a legacy key instead?");
+        }
+
+        AuthToken = token;
+        ControlEndpoint = "control." + endpoint;
+        CacheEndpoint = "cache." + endpoint;
+        TokenEndpoint = "token." + endpoint;
+        origEndpoint = endpoint;
+    }
+
+    /// <inheritdoc />
+    public ICredentialProvider WithCacheEndpoint(string cacheEndpoint)
+    {
+        var updated = new ApiKeyV2TokenProvider(this.AuthToken, this.origEndpoint);
+        updated.CacheEndpoint = cacheEndpoint;
+        return updated;
+    }
+}

src/Momento.Sdk/Auth/DisposableTokenProvider.cs

@@ -0,0 +1,52 @@
+namespace Momento.Sdk.Auth;
+
+using Momento.Sdk.Exceptions;
+using System;
+
+/// <summary>
+/// Reads and parses a JWT token stored as a string.
+/// </summary>
+public class DisposableTokenProvider : ICredentialProvider
+{
+    // For V1 tokens, the original token is necessary to reconstruct
+    // the provider in WithCacheEndpoint.
+    private readonly string origAuthToken;
+    /// <inheritdoc />
+    public string AuthToken { get; private set; }
+    /// <inheritdoc />
+    public string ControlEndpoint { get; private set; }
+    /// <inheritdoc />
+    public string CacheEndpoint { get; private set; }
+    /// <inheritdoc />
+    public string TokenEndpoint { get; private set; }
+    /// <inheritdoc />
+    public bool SecureEndpoints { get; private set; } = true;
+
+    /// <summary>
+    /// Reads and parses a JWT token from a string.
+    /// </summary>
+    /// <param name="token">The JWT token.</param>
+    public DisposableTokenProvider(string token)
+    {
+        origAuthToken = token;
+        AuthToken = token;
+        if (String.IsNullOrEmpty(AuthToken))
+        {
+            throw new InvalidArgumentException($"String '{token}' is empty or null.");
+        }
+
+        var tokenData = AuthUtils.TryDecodeAuthToken(AuthToken);
+        ControlEndpoint = tokenData.ControlEndpoint;
+        CacheEndpoint = tokenData.CacheEndpoint;
+        TokenEndpoint = tokenData.TokenEndpoint;
+        AuthToken = tokenData.AuthToken;
+    }
+
+    /// <inheritdoc />
+    public ICredentialProvider WithCacheEndpoint(string cacheEndpoint)
+    {
+        var updated = new DisposableTokenProvider(this.origAuthToken);
+        updated.CacheEndpoint = cacheEndpoint;
+        return updated;
+    }
+}

src/Momento.Sdk/Auth/EnvMomentoTokenProvider.cs

@@ -7,6 +7,7 @@ namespace Momento.Sdk.Auth;
 /// <summary>
 /// Reads and parses a JWT token stored as an environment variable.
 /// </summary>
+[Obsolete("EnvMomentoTokenProvider is deprecated, please use EnvMomentoV2TokenProvider instead.")]
 public class EnvMomentoTokenProvider : ICredentialProvider
 {
     private readonly string envVarName;
@@ -26,6 +27,7 @@ public class EnvMomentoTokenProvider : ICredentialProvider
     /// Reads and parses a JWT token stored as an environment variable.
     /// </summary>
     /// <param name="name">Name of the environment variable that contains the JWT token.</param>
+    [Obsolete("EnvMomentoTokenProvider is deprecated, please use EnvMomentoV2TokenProvider instead.")]
     public EnvMomentoTokenProvider(string name)
     {
         this.envVarName = name;

src/Momento.Sdk/Auth/EnvMomentoV2TokenProvider.cs

@@ -0,0 +1,75 @@
+namespace Momento.Sdk.Auth;
+
+using Momento.Sdk.Exceptions;
+using Momento.Sdk.Internal;
+using System;
+
+/// <summary>
+/// Reads v2 api key and Momento service endpoint stored as environment variables.
+/// </summary>
+public class EnvMomentoV2TokenProvider : ICredentialProvider
+{
+    // The original environment variable names are required to reconstruct
+    // the provider when using WithCacheEndpoint.
+    private readonly string endpointEnvVarName;
+    private readonly string apiKeyEnvVarName;
+
+    /// <inheritdoc />
+    public string AuthToken { get; private set; }
+    /// <inheritdoc />
+    public string ControlEndpoint { get; private set; }
+    /// <inheritdoc />
+    public string CacheEndpoint { get; private set; }
+    /// <inheritdoc />
+    public string TokenEndpoint { get; private set; }
+    /// <inheritdoc />
+    public bool SecureEndpoints { get; private set; } = true;
+
+    /// <summary>
+    /// Constructs a EnvMomentoV2TokenProvider from a Momento service endpoint and a v2 api key stored as environment variables.
+    /// </summary>
+    /// <param name="apiKeyEnvVar">Name of the environment variable that contains the v2 api key.</param>
+    /// <param name="endpointEnvVar">Name of the environment variable that contains the Momento service endpoint.</param>
+    public EnvMomentoV2TokenProvider(string apiKeyEnvVar = "MOMENTO_API_KEY", string endpointEnvVar = "MOMENTO_ENDPOINT")
+    {
+        if (String.IsNullOrEmpty(endpointEnvVar))
+        {
+            throw new InvalidArgumentException($"Endpoint environment variable name is empty or null.");
+        }
+        var endpoint = Environment.GetEnvironmentVariable(endpointEnvVar);
+        if (String.IsNullOrEmpty(endpoint))
+        {
+            throw new InvalidArgumentException($"Endpoint is empty or null.");
+        }
+        this.endpointEnvVarName = endpointEnvVar;
+
+        if (String.IsNullOrEmpty(apiKeyEnvVar))
+        {
+            throw new InvalidArgumentException($"API key environment variable name is empty or null.");
+        }
+        var apiKey = Environment.GetEnvironmentVariable(apiKeyEnvVar);
+        if (String.IsNullOrEmpty(apiKey))
+        {
+            throw new InvalidArgumentException($"Environment variable '{apiKeyEnvVar}' is empty or null.");
+        }
+        this.apiKeyEnvVarName = apiKeyEnvVar;
+
+        AuthToken = apiKey;
+        if (!AuthUtils.IsV2ApiKey(AuthToken))
+        {
+            throw new InvalidArgumentException("Received an invalid v2 API key. Are you using the correct key? Or did you mean to use `StringMomentoTokenProvider()` with a legacy key instead?");
+        }
+
+        ControlEndpoint = "control." + endpoint;
+        CacheEndpoint = "cache." + endpoint;
+        TokenEndpoint = "token." + endpoint;
+    }
+
+    /// <inheritdoc />
+    public ICredentialProvider WithCacheEndpoint(string cacheEndpoint)
+    {
+        var updated = new EnvMomentoV2TokenProvider(this.apiKeyEnvVarName, this.endpointEnvVarName);
+        updated.CacheEndpoint = cacheEndpoint;
+        return updated;
+    }
+}

src/Momento.Sdk/Auth/StringMomentoTokenProvider.cs

@@ -6,6 +6,7 @@ namespace Momento.Sdk.Auth;
 /// <summary>
 /// Reads and parses a JWT token stored as a string.
 /// </summary>
+[Obsolete("StringMomentoTokenProvider is deprecated, please use ApiKeyV2TokenProvider or DisposableTokenProvider instead.")]
 public class StringMomentoTokenProvider : ICredentialProvider
 {
     // For V1 tokens, the original token is necessary to reconstruct
@@ -26,6 +27,7 @@ public class StringMomentoTokenProvider : ICredentialProvider
     /// Reads and parses a JWT token from a string.
     /// </summary>
     /// <param name="token">The JWT token.</param>
+    [Obsolete("StringMomentoTokenProvider is deprecated, please use ApiKeyV2TokenProvider or DisposableTokenProvider instead.")]
     public StringMomentoTokenProvider(string token)
     {
         origAuthToken = token;

src/Momento.Sdk/Auth/Utils.cs

@@ -64,7 +64,11 @@ public static TokenAndEndpoints TryDecodeAuthToken(string authToken)
             }
             else
             {
-                var claims = JwtUtils.DecodeJwt(authToken);
+                if (IsV2ApiKey(authToken))
+                {
+                    throw new InvalidArgumentException("Received a v2 API key. Are you using the correct key? Or did you mean to use `ApiKeyV2TokenProvider()` or `EnvMomentoV2TokenProvider()` instead?");
+                }
+                var claims = JwtUtils.DecodeLegacyJwt(authToken);
                 return new TokenAndEndpoints(
                     authToken,
                     claims.ControlEndpoint,
@@ -78,4 +82,22 @@ public static TokenAndEndpoints TryDecodeAuthToken(string authToken)
             throw new InvalidArgumentException("The supplied Momento authToken is not valid.");
         }
     }
+
+    public static bool IsV2ApiKey(string authToken)
+    {
+        if (AuthUtils.IsBase64String(authToken))
+        {
+            return false;
+        }
+        try
+        {
+            var claims = JwtUtils.DecodeV2Jwt(authToken);
+            return claims.Type != null && claims.Type == "g";
+        }
+        catch
+        {
+            return false;
+        }
+
+    }
 }

src/Momento.Sdk/Internal/JwtUtils.cs

@@ -13,11 +13,11 @@ public class JwtUtils
 {
     /// <summary>
     /// extracts the controlEndpoint and cacheEndpoint
-    /// from the jwt
+    /// from the legacy jwt
     /// </summary>
     /// <param name="jwt"></param>
     /// <returns></returns>
-    public static Claims DecodeJwt(string jwt)
+    public static LegacyClaims DecodeLegacyJwt(string jwt)
     {
         IJsonSerializer serializer = new JsonNetSerializer();
 
@@ -26,7 +26,30 @@ public static Claims DecodeJwt(string jwt)
         try
         {
             var decodedJwt = decoder.Decode(jwt);
-            return JsonConvert.DeserializeObject<Claims>(decodedJwt);
+            return JsonConvert.DeserializeObject<LegacyClaims>(decodedJwt);
+        }
+        catch (Exception)
+        {
+            throw new InvalidArgumentException("invalid jwt passed");
+        }
+    }
+
+    /// <summary>
+    /// extracts the type, id, and optional expiration
+    /// from the v2 jwt
+    /// </summary>
+    /// <param name="jwt"></param>
+    /// <returns></returns>
+    public static V2Claims DecodeV2Jwt(string jwt)
+    {
+        IJsonSerializer serializer = new JsonNetSerializer();
+
+        IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder();
+        JwtDecoder decoder = new JwtDecoder(serializer, urlEncoder);
+        try
+        {
+            var decodedJwt = decoder.Decode(jwt);
+            return JsonConvert.DeserializeObject<V2Claims>(decodedJwt);
         }
         catch (Exception)
         {
@@ -36,10 +59,10 @@ public static Claims DecodeJwt(string jwt)
 }
 
 /// <summary>
-/// Encapsulates claims embedded in a JWT token that specify host endpoints
+/// Encapsulates claims embedded in a legacy JWT token that specify host endpoints
 /// for the control plane and the data plane.
 /// </summary>
-public class Claims
+public class LegacyClaims
 {
 
     /// <summary>
@@ -60,9 +83,32 @@ public class Claims
     /// </summary>
     /// <param name="cacheEndpoint">Data plane endpoint</param>
     /// <param name="controlEndpoint">Control plane endpoint</param>
-    public Claims(string cacheEndpoint, string controlEndpoint)
+    public LegacyClaims(string cacheEndpoint, string controlEndpoint)
     {
         this.CacheEndpoint = cacheEndpoint;
         this.ControlEndpoint = controlEndpoint;
     }
 }
+
+/// <summary>
+/// Encapsulates claims embedded in a v2 JWT token.
+/// </summary>
+public class V2Claims
+{
+
+    /// <summary>
+    /// Type of api key. "g" for global (v2) api keys.
+    /// </summary>
+    [JsonProperty(PropertyName = "t", Required = Required.Always)]
+    public string Type { get; private set; }
+
+    /// <summary>
+    /// Encapsulates claims embedded in a v2 JWT token that specify type of key,
+    /// key ID, and optional expiration.
+    /// </summary>
+    /// <param name="type">Type of api key</param>
+    public V2Claims(string type)
+    {
+        this.Type = type;
+    }
+}