Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added TransmitPreciseGeo activity handling in modules #3348

Merged
merged 9 commits into from
Jan 16, 2024
Merged

Added TransmitPreciseGeo activity handling in modules #3348

Show file tree
Hide file tree
Changes from 7 commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
484e500
Added TransmitPreciseGeo activity handling in modules
VeronikaSolovei9 Dec 12, 2023
eb06682
Code refactoring
VeronikaSolovei9 Dec 14, 2023
bdfec58
Code clean up
VeronikaSolovei9 Dec 14, 2023
28396f8
Code clean up
VeronikaSolovei9 Dec 15, 2023
d409cf5
Code clean up
VeronikaSolovei9 Jan 9, 2024
7b67759
Merge branch 'master' into modules_transmitPreciseGeo
VeronikaSolovei9 Jan 9, 2024
26557fe
Code clean up
VeronikaSolovei9 Jan 10, 2024
f740479
Code clean up
VeronikaSolovei9 Jan 11, 2024
1df492e
Code clean up
VeronikaSolovei9 Jan 11, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions endpoints/openrtb2/amp_auction.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -235,6 +235,7 @@ func (deps *endpointDeps) AmpAuction(w http.ResponseWriter, r *http.Request, _ h
activityControl = privacy.NewActivityControl(&account.Privacy)

hookExecutor.SetActivityControl(activityControl)
hookExecutor.SetAccount(account)

secGPC := r.Header.Get("Sec-GPC")

Expand Down
1 change: 1 addition & 0 deletions endpoints/openrtb2/auction.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -206,6 +206,7 @@ func (deps *endpointDeps) Auction(w http.ResponseWriter, r *http.Request, _ http
activityControl = privacy.NewActivityControl(&account.Privacy)

hookExecutor.SetActivityControl(activityControl)
hookExecutor.SetAccount(account)

ctx := context.Background()

Expand Down
40 changes: 29 additions & 11 deletions hooks/hookexecution/execution.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,9 @@ package hookexecution
import (
"context"
"fmt"
"github.com/prebid/prebid-server/v2/config"
"github.com/prebid/prebid-server/v2/ortb"
"github.com/prebid/prebid-server/v2/util/iputil"
"strings"
"sync"
"time"
Expand Down Expand Up @@ -68,7 +70,7 @@ func executeGroup[H any, P any](

for _, hook := range group.Hooks {
mCtx := executionCtx.getModuleContext(hook.Module)
newPayload := handleModuleActivities(hook.Code, executionCtx.activityControl, payload)
newPayload := handleModuleActivities(hook.Code, executionCtx.activityControl, payload, executionCtx.account)
wg.Add(1)
go func(hw hooks.HookWrapper[H], moduleCtx hookstage.ModuleInvocationContext) {
defer wg.Done()
Expand Down Expand Up @@ -315,28 +317,44 @@ func handleHookMutations[P any](
return payload
}

func handleModuleActivities[P any](hookCode string, activityControl privacy.ActivityControl, payload P) P {
func handleModuleActivities[P any](hookCode string, activityControl privacy.ActivityControl, payload P, account *config.Account) P {
payloadData, ok := any(&payload).(hookstage.RequestUpdater)
if !ok {
return payload
}

scopeGeneral := privacy.Component{Type: privacy.ComponentTypeGeneral, Name: hookCode}
transmitUserFPDActivityAllowed := activityControl.Allow(privacy.ActivityTransmitUserFPD, scopeGeneral, privacy.ActivityRequest{})
transmitPreciseGeoActivityAllowed := activityControl.Allow(privacy.ActivityTransmitPreciseGeo, scopeGeneral, privacy.ActivityRequest{})

if !transmitUserFPDActivityAllowed {
// changes need to be applied to new payload and leave original payload unchanged
bidderReq := payloadData.GetBidderRequestPayload()
if transmitUserFPDActivityAllowed && transmitPreciseGeoActivityAllowed {
return payload
}

bidderReqCopy := ortb.CloneBidderReq(bidderReq.BidRequest)
// changes need to be applied to new payload and leave original payload unchanged
bidderReq := payloadData.GetBidderRequestPayload()

bidderReqCopy := ortb.CloneBidderReq(bidderReq.BidRequest)

if !transmitUserFPDActivityAllowed {
privacy.ScrubUserFPD(bidderReqCopy)
}
if !transmitPreciseGeoActivityAllowed {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In practice there should always be an account if we've gotten this far but perhaps we should add a check here to make sure the account is not nil just to be safe.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Correct, in practice we will always have an account because we call hookExecutor.SetAccount(account) in auction and amp_auction.
In order to add nil check for account, what do we expect to do if for some reason account is nil?

  1. skip activity execution: privacy.ScrubGeoAndDeviceIP(bidderReqCopy, ipConf)
  2. set default masking values(which also should be already set) and execute activity with default values:
    account.Privacy.IPv6Config.AnonKeepBits = iputil.IPv6DefaultMaskingBitSize and
    account.Privacy.IPv4Config.AnonKeepBits = iputil.IPv4DefaultMaskingBitSize

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I suggest option 2 so that we still scrub given the sensitive nature.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updated

ipConf := privacy.IPConf{}
if account != nil {
ipConf = privacy.IPConf{IPV6: account.Privacy.IPv6Config, IPV4: account.Privacy.IPv4Config}
} else {
ipConf = privacy.IPConf{
IPV6: config.IPv6{AnonKeepBits: iputil.IPv6DefaultMaskingBitSize},
IPV4: config.IPv4{AnonKeepBits: iputil.IPv4DefaultMaskingBitSize}}
}

var newPayload = payload
var np = any(&newPayload).(hookstage.RequestUpdater)
np.SetBidderRequestPayload(bidderReqCopy)
return newPayload
privacy.ScrubGeoAndDeviceIP(bidderReqCopy, ipConf)
}

return payload
var newPayload = payload
var np = any(&newPayload).(hookstage.RequestUpdater)
np.SetBidderRequestPayload(bidderReqCopy)
return newPayload

}
91 changes: 87 additions & 4 deletions hooks/hookexecution/execution_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,13 @@ import (
"testing"
)

const (
testIpv6 = "1111:2222:3333:4444:5555:6666:7777:8888"
testIPv6Scrubbed = "1111:2222::"
testIPv6ScrubbedDefault = "1111:2222:3333:4400::"
testIPv6ScrubBytes = 32
)

func TestHandleModuleActivitiesBidderRequestPayload(t *testing.T) {

testCases := []struct {
Expand Down Expand Up @@ -49,13 +56,43 @@ func TestHandleModuleActivitiesBidderRequestPayload(t *testing.T) {
}},
},
},
{
description: "payload should change when transmitPreciseGeo is blocked by activity",
hookCode: "foo",
inPayloadData: hookstage.BidderRequestPayload{
Request: &openrtb_ext.RequestWrapper{BidRequest: &openrtb2.BidRequest{
Device: &openrtb2.Device{IPv6: testIpv6},
}},
},
privacyConfig: getTransmitPreciseGeoActivityConfig("foo", false),
expectedPayloadData: hookstage.BidderRequestPayload{
Request: &openrtb_ext.RequestWrapper{BidRequest: &openrtb2.BidRequest{
Device: &openrtb2.Device{IPv6: testIPv6ScrubbedDefault},
},
}},
},
{
description: "payload should not change when transmitPreciseGeo is not blocked by activity",
hookCode: "foo",
inPayloadData: hookstage.BidderRequestPayload{
Request: &openrtb_ext.RequestWrapper{BidRequest: &openrtb2.BidRequest{
Device: &openrtb2.Device{IPv6: testIpv6},
}},
},
privacyConfig: getTransmitPreciseGeoActivityConfig("foo", true),
expectedPayloadData: hookstage.BidderRequestPayload{
Request: &openrtb_ext.RequestWrapper{BidRequest: &openrtb2.BidRequest{
Device: &openrtb2.Device{IPv6: testIpv6},
}},
},
},
}
for _, test := range testCases {
t.Run(test.description, func(t *testing.T) {
//check input payload didn't change
origInPayloadData := test.inPayloadData
activityControl := privacy.NewActivityControl(test.privacyConfig)
newPayload := handleModuleActivities(test.hookCode, activityControl, test.inPayloadData)
newPayload := handleModuleActivities(test.hookCode, activityControl, test.inPayloadData, nil)
assert.Equal(t, test.expectedPayloadData.Request.BidRequest, newPayload.Request.BidRequest)
assert.Equal(t, origInPayloadData, test.inPayloadData)
})
Expand Down Expand Up @@ -101,13 +138,45 @@ func TestHandleModuleActivitiesProcessedAuctionRequestPayload(t *testing.T) {
}},
},
},

{
description: "payload should change when transmitPreciseGeo is blocked by activity",
hookCode: "foo",
inPayloadData: hookstage.ProcessedAuctionRequestPayload{
Request: &openrtb_ext.RequestWrapper{BidRequest: &openrtb2.BidRequest{
Device: &openrtb2.Device{IPv6: testIpv6},
}},
},
privacyConfig: getTransmitPreciseGeoActivityConfig("foo", false),
expectedPayloadData: hookstage.ProcessedAuctionRequestPayload{
Request: &openrtb_ext.RequestWrapper{BidRequest: &openrtb2.BidRequest{
Device: &openrtb2.Device{IPv6: testIPv6Scrubbed},
}},
},
},
{
description: "payload should not change when transmitPreciseGeo is not blocked by activity",
hookCode: "foo",
inPayloadData: hookstage.ProcessedAuctionRequestPayload{
Request: &openrtb_ext.RequestWrapper{BidRequest: &openrtb2.BidRequest{
Device: &openrtb2.Device{IPv6: testIpv6},
}},
},
privacyConfig: getTransmitPreciseGeoActivityConfig("foo", true),
expectedPayloadData: hookstage.ProcessedAuctionRequestPayload{
Request: &openrtb_ext.RequestWrapper{BidRequest: &openrtb2.BidRequest{
Device: &openrtb2.Device{IPv6: testIpv6},
}},
},
},
}
for _, test := range testCases {
t.Run(test.description, func(t *testing.T) {
//check input payload didn't change
origInPayloadData := test.inPayloadData
activityControl := privacy.NewActivityControl(test.privacyConfig)
newPayload := handleModuleActivities(test.hookCode, activityControl, test.inPayloadData)
account := &config.Account{Privacy: config.AccountPrivacy{IPv6Config: config.IPv6{testIPv6ScrubBytes}}}
newPayload := handleModuleActivities(test.hookCode, activityControl, test.inPayloadData, account)
assert.Equal(t, test.expectedPayloadData.Request.BidRequest, newPayload.Request.BidRequest)
assert.Equal(t, origInPayloadData, test.inPayloadData)
})
Expand All @@ -124,7 +193,7 @@ func TestHandleModuleActivitiesNoBidderRequestPayload(t *testing.T) {
expectedPayloadData hookstage.RawAuctionRequestPayload
}{
{
description: "payload should change when userFPD is blocked by activity",
description: "payload should not change when userFPD is blocked by activity",
hookCode: "foo",
inPayloadData: hookstage.RawAuctionRequestPayload{},
privacyConfig: getTransmitUFPDActivityConfig("foo", false),
Expand All @@ -137,13 +206,27 @@ func TestHandleModuleActivitiesNoBidderRequestPayload(t *testing.T) {
privacyConfig: getTransmitUFPDActivityConfig("foo", true),
expectedPayloadData: hookstage.RawAuctionRequestPayload{},
},
{
description: "payload should not change when transmitPreciseGeo is blocked by activity",
hookCode: "foo",
inPayloadData: hookstage.RawAuctionRequestPayload{},
privacyConfig: getTransmitPreciseGeoActivityConfig("foo", false),
expectedPayloadData: hookstage.RawAuctionRequestPayload{},
},
{
description: "payload should not change when transmitPreciseGeo is not blocked by activity",
hookCode: "foo",
inPayloadData: hookstage.RawAuctionRequestPayload{},
privacyConfig: getTransmitPreciseGeoActivityConfig("foo", true),
expectedPayloadData: hookstage.RawAuctionRequestPayload{},
},
}
for _, test := range testCases {
t.Run(test.description, func(t *testing.T) {
//check input payload didn't change
origInPayloadData := test.inPayloadData
activityControl := privacy.NewActivityControl(test.privacyConfig)
newPayload := handleModuleActivities(test.hookCode, activityControl, test.inPayloadData)
newPayload := handleModuleActivities(test.hookCode, activityControl, test.inPayloadData, &config.Account{})
assert.Equal(t, test.expectedPayloadData, newPayload)
assert.Equal(t, origInPayloadData, test.inPayloadData)
})
Expand Down
Loading
Loading