-
Notifications
You must be signed in to change notification settings - Fork 727
/
parse.go
256 lines (224 loc) · 7.24 KB
/
parse.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
package amp
import (
"errors"
"fmt"
"net/http"
"strconv"
"strings"
tcf2 "github.com/prebid/go-gdpr/vendorconsent/tcf2"
"github.com/prebid/openrtb/v19/openrtb2"
"github.com/prebid/prebid-server/errortypes"
"github.com/prebid/prebid-server/privacy"
"github.com/prebid/prebid-server/privacy/ccpa"
"github.com/prebid/prebid-server/privacy/gdpr"
)
// Params defines the parameters of an AMP request.
type Params struct {
Account string
AdditionalConsent string
CanonicalURL string
Consent string
ConsentType int64
Debug bool
GdprApplies *bool
Origin string
Size Size
Slot string
StoredRequestID string
Targeting string
Timeout *uint64
Trace string
}
// Size defines size information of an AMP request.
type Size struct {
Height int64
Multisize []openrtb2.Format
OverrideHeight int64
OverrideWidth int64
Width int64
}
// Policy consent types
const (
ConsentNone = 0
ConsentTCF1 = 1
ConsentTCF2 = 2
ConsentUSPrivacy = 3
)
// ReadPolicy returns a privacy writer in accordance to the query values consent, consent_type and gdpr_applies.
// Returned policy writer could either be GDPR, CCPA or NilPolicy. The second return value is a warning.
func ReadPolicy(ampParams Params, pbsConfigGDPREnabled bool) (privacy.PolicyWriter, error) {
if len(ampParams.Consent) == 0 {
return privacy.NilPolicyWriter{}, nil
}
var rv privacy.PolicyWriter = privacy.NilPolicyWriter{}
var warning error
var warningMsg string
// If consent_type was set to CCPA or GDPR TCF2, we return a valid writer even if the consent string is invalid
switch ampParams.ConsentType {
case ConsentTCF1:
warningMsg = "TCF1 consent is deprecated and no longer supported."
case ConsentTCF2:
if pbsConfigGDPREnabled {
rv = buildGdprTCF2ConsentWriter(ampParams)
// Log warning if GDPR consent string is invalid
warningMsg = validateTCf2ConsentString(ampParams.Consent)
}
case ConsentUSPrivacy:
rv = ccpa.ConsentWriter{ampParams.Consent}
if ccpa.ValidateConsent(ampParams.Consent) {
if parseGdprApplies(ampParams.GdprApplies) == 1 {
// Log warning because AMP request comes with both a valid CCPA string and gdpr_applies set to true
warningMsg = "AMP request gdpr_applies value was ignored because provided consent string is a CCPA consent string"
}
} else {
// Log warning if CCPA string is invalid
warningMsg = fmt.Sprintf("Consent string '%s' is not a valid CCPA consent string.", ampParams.Consent)
}
default:
if ccpa.ValidateConsent(ampParams.Consent) {
rv = ccpa.ConsentWriter{ampParams.Consent}
if parseGdprApplies(ampParams.GdprApplies) == 1 {
warningMsg = "AMP request gdpr_applies value was ignored because provided consent string is a CCPA consent string"
}
} else if pbsConfigGDPREnabled && len(validateTCf2ConsentString(ampParams.Consent)) == 0 {
rv = buildGdprTCF2ConsentWriter(ampParams)
} else {
warningMsg = fmt.Sprintf("Consent string '%s' is not recognized as one of the supported formats CCPA or TCF2.", ampParams.Consent)
}
}
if len(warningMsg) > 0 {
warning = &errortypes.Warning{
Message: warningMsg,
WarningCode: errortypes.InvalidPrivacyConsentWarningCode,
}
}
return rv, warning
}
// buildGdprTCF2ConsentWriter returns a gdpr.ConsentWriter that will set regs.ext.gdpr to the value
// of 1 if gdpr_applies wasn't defined. The reason for this is that this function gets called when
// GDPR applies, even if field gdpr_applies wasn't set in the AMP endpoint query.
func buildGdprTCF2ConsentWriter(ampParams Params) gdpr.ConsentWriter {
writer := gdpr.ConsentWriter{Consent: ampParams.Consent}
// If gdpr_applies was not set, regs.ext.gdpr must equal 1
var gdprValue int8 = 1
if ampParams.GdprApplies != nil {
// set regs.ext.gdpr if non-nil gdpr_applies was set to true
gdprValue = parseGdprApplies(ampParams.GdprApplies)
}
writer.RegExtGDPR = &gdprValue
return writer
}
// parseGdprApplies returns a 0 if gdprApplies was not set or if false, and a 1 if
// gdprApplies was set to true
func parseGdprApplies(gdprApplies *bool) int8 {
gdpr := int8(0)
if gdprApplies != nil && *gdprApplies {
gdpr = int8(1)
}
return gdpr
}
// ParseParams parses the AMP parameters from a HTTP request.
func validateTCf2ConsentString(consent string) string {
if tcf2.IsConsentV2(consent) {
if _, err := tcf2.ParseString(consent); err != nil {
return err.Error()
}
} else {
return fmt.Sprintf("Consent string '%s' is not a valid TCF2 consent string.", consent)
}
return ""
}
// ParseParams parses the AMP parameters from a HTTP request.
func ParseParams(httpRequest *http.Request) (Params, error) {
query := httpRequest.URL.Query()
tagID := query.Get("tag_id")
if len(tagID) == 0 {
return Params{}, errors.New("AMP requests require an AMP tag_id")
}
params := Params{
Account: query.Get("account"),
AdditionalConsent: query.Get("addtl_consent"),
CanonicalURL: query.Get("curl"),
Consent: chooseConsent(query.Get("consent_string"), query.Get("gdpr_consent")),
ConsentType: parseInt(query.Get("consent_type")),
Debug: query.Get("debug") == "1",
Origin: query.Get("__amp_source_origin"),
Size: Size{
Height: parseInt(query.Get("h")),
Multisize: parseMultisize(query.Get("ms")),
OverrideHeight: parseInt(query.Get("oh")),
OverrideWidth: parseInt(query.Get("ow")),
Width: parseInt(query.Get("w")),
},
Slot: query.Get("slot"),
StoredRequestID: tagID,
Targeting: query.Get("targeting"),
Trace: query.Get("trace"),
}
var err error
urlQueryGdprApplies := query.Get("gdpr_applies")
if len(urlQueryGdprApplies) > 0 {
if params.GdprApplies, err = parseBoolPtr(urlQueryGdprApplies); err != nil {
return params, err
}
}
urlQueryTimeout := query.Get("timeout")
if len(urlQueryTimeout) > 0 {
if params.Timeout, err = parseIntPtr(urlQueryTimeout); err != nil {
return params, err
}
}
return params, nil
}
func parseIntPtr(value string) (*uint64, error) {
var rv uint64
var err error
if rv, err = strconv.ParseUint(value, 10, 64); err != nil {
return nil, err
}
return &rv, nil
}
func parseInt(value string) int64 {
if parsed, err := strconv.ParseInt(value, 10, 64); err == nil {
return parsed
}
return 0
}
func parseBoolPtr(value string) (*bool, error) {
var rv bool
var err error
if rv, err = strconv.ParseBool(value); err != nil {
return nil, err
}
return &rv, nil
}
func parseMultisize(multisize string) []openrtb2.Format {
if multisize == "" {
return nil
}
sizeStrings := strings.Split(multisize, ",")
sizes := make([]openrtb2.Format, 0, len(sizeStrings))
for _, sizeString := range sizeStrings {
wh := strings.Split(sizeString, "x")
if len(wh) != 2 {
return nil
}
f := openrtb2.Format{
W: parseInt(wh[0]),
H: parseInt(wh[1]),
}
if f.W == 0 && f.H == 0 {
return nil
}
sizes = append(sizes, f)
}
return sizes
}
func chooseConsent(consent, gdprConsent string) string {
if len(consent) > 0 {
return consent
}
// Fallback to 'gdpr_consent' for compatibility until it's no longer used. This was our original
// implementation before the same AMP macro was reused for CCPA.
return gdprConsent
}