use /auditor/ prefix for Auditor API

GrapheneOS · Oct 1, 2024 · c902001 · c902001
1 parent 225e2ae
commit c902001
Show file tree

Hide file tree

Showing 3 changed files with 37 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -97,7 +97,7 @@ The scanned QR code contains space-separated values in plain-text: `<domain> <us
 <subscribeKey> <verifyInterval>`. The `subscribeKey` should be treated as an opaque string rather
 than assuming base64 encoding. Additional fields may be added in the future.
 
-### /challenge
+### /auditor/challenge
 
 * Request method: POST
 * Request headers: n/a
@@ -109,7 +109,7 @@ can only be used once and expires in 1 minute.
 
 The server challenge index is always zeroed out and the userId should be used instead.
 
-### /verify
+### /auditor/verify
 
 * Request method: POST
 * Request headers:

diff --git a/nginx/nginx.conf b/nginx/nginx.conf
@@ -256,6 +256,38 @@ http {
             brotli_static off;
         }
 
+        location = /auditor/submit {
+            if ($request_method != POST) {
+                return 405;
+            }
+            client_max_body_size 64k;
+            client_body_buffer_size 16k;
+            proxy_pass http://backend;
+            limit_req zone=backend-limit burst=32 nodelay;
+            limit_req zone=sample-limit burst=10 nodelay;
+            max_ranges 0;
+        }
+
+        location = /auditor/challenge {
+            if ($request_method != POST) {
+                return 405;
+            }
+            proxy_pass http://backend;
+            limit_req zone=backend-limit burst=32 nodelay;
+            max_ranges 0;
+        }
+
+        location = /auditor/verify {
+            if ($request_method != POST) {
+                return 405;
+            }
+            client_max_body_size 4k;
+            client_body_buffer_size 4k;
+            proxy_pass http://backend;
+            limit_req zone=backend-limit burst=32 nodelay;
+            max_ranges 0;
+        }
+
         location = /submit {
             if ($request_method != POST) {
                 return 405;

diff --git a/src/main/java/app/attestation/server/AttestationServer.java b/src/main/java/app/attestation/server/AttestationServer.java
@@ -619,6 +619,9 @@ public static void main(final String[] args) {
             server.createContext("/api/delete-device", new DeleteDeviceHandler());
             server.createContext("/api/devices.json", new DevicesHandler());
             server.createContext("/api/attestation-history.json", new AttestationHistoryHandler());
+            server.createContext("/auditor/challenge", new ChallengeHandler());
+            server.createContext("/auditor/verify", new VerifyHandler());
+            server.createContext("/auditor/submit", new SubmitHandler());
             server.createContext("/challenge", new ChallengeHandler());
             server.createContext("/verify", new VerifyHandler());
             server.createContext("/submit", new SubmitHandler());