Partner Token Verification Worker
Description
Implement a Sidekiq worker to handle partner token verification requests asynchronously with proper error handling and timeouts.
Acceptance Criteria
-
Create Security::SecretDetection::PartnerTokenVerificationWorker -
Implement idempotent behavior -
Set initial token status to 'pending' -
Generate JWT using the authentication service -
Send verification request to SDRS -
Handle SDRS errors gracefully (set status to 'error') -
Implement request timeout (30 seconds) -
Add retry logic with exponential backoff -
Include comprehensive error logging -
Add metrics for monitoring
Implementation Plan
module Security
module SecretDetection
class PartnerTokenVerificationWorker
include ApplicationWorker
SDRS_REQUEST_TIMEOUT = 30.seconds
MAX_RETRIES = 3
data_consistency :always
feature_category :secret_detection
urgency :low
defer_on_database_health_signal :gitlab_main
idempotent!
sidekiq_options retry: MAX_RETRIES
def perform(finding_id, user_id)
finding = Vulnerabilities::Finding.find_by_id(finding_id)
return unless finding
user = User.find_by_id(user_id)
return unless user
# Set initial status
update_token_status(finding, 'pending')
# Generate JWT
jwt_token = Auth::SecretDetectionResponseAuthenticationService.generate_token(
user: user,
project: finding.project,
finding_id: finding_id
)
# Send to SDRS
response = send_to_sdrs(finding, jwt_token)
# Handle immediate errors
update_token_status(finding, 'error') unless response.success?
rescue StandardError => e
Gitlab::ErrorTracking.track_exception(e, finding_id: finding_id)
update_token_status(finding, 'error')
end
private
def send_to_sdrs(finding, jwt_token)
Gitlab::HTTP.post(
"#{sdrs_url}/api/v1/token/verify",
headers: {
'Authorization' => "Bearer #{jwt_token}",
'Content-Type' => 'application/json'
},
body: {
token_type: finding.token_type,
token_value: extract_token_value(finding),
finding_id: finding.id,
callback_url: callback_url
}.to_json,
timeout: SDRS_REQUEST_TIMEOUT
)
end
end
end
endWeight: 3
Edited by Aditya Tiwari