feat: obfuscated precomputed assignments

Makefile

@@ -36,6 +36,7 @@ test-data:
 	mkdir -p $(tempDir)
 	git clone -b ${branchName} --depth 1 --single-branch ${githubRepoLink} ${gitDataDir}
 	cp -r ${gitDataDir}ufc ${testDataDir}
+	cp -r ${gitDataDir}configuration-wire ${testDataDir}
 	rm -rf ${tempDir}
 
 ## prepare

src/client/eppo-precomputed-client.spec.ts

@@ -1,7 +1,12 @@
 import * as td from 'testdouble';
 
+import {
+  MOCK_PRECOMPUTED_WIRE_FILE,
+  readMockConfigurationWireResponse,
+} from '../../test/testHelpers';
 import ApiEndpoints from '../api-endpoints';
 import { IAssignmentLogger } from '../assignment-logger';
+import { IPrecomputedConfigurationResponse } from '../configuration';
 import { IConfigurationStore } from '../configuration-store/configuration-store';
 import { MemoryOnlyConfigurationStore } from '../configuration-store/memory.store';
 import { DEFAULT_POLL_INTERVAL_MS, MAX_EVENT_QUEUE_SIZE, POLL_JITTER_PCT } from '../constants';
@@ -15,61 +20,19 @@ import EppoPrecomputedClient, {
 } from './eppo-precomputed-client';
 
 describe('EppoPrecomputedClient E2E test', () => {
-  const precomputedFlags = {
-    createdAt: '2024-11-18T14:23:39.456Z',
-    format: 'PRECOMPUTED',
-    environment: {
-      name: 'Test',
-    },
-    flags: {
-      'string-flag': {
-        allocationKey: 'allocation-123',
-        variationKey: 'variation-123',
-        variationType: 'STRING',
-        variationValue: 'red',
-        extraLogging: {},
-        doLog: true,
-      },
-      'boolean-flag': {
-        allocationKey: 'allocation-124',
-        variationKey: 'variation-124',
-        variationType: 'BOOLEAN',
-        variationValue: true,
-        extraLogging: {},
-        doLog: true,
-      },
-      'integer-flag': {
-        allocationKey: 'allocation-125',
-        variationKey: 'variation-125',
-        variationType: 'INTEGER',
-        variationValue: 42,
-        extraLogging: {},
-        doLog: true,
-      },
-      'numeric-flag': {
-        allocationKey: 'allocation-126',
-        variationKey: 'variation-126',
-        variationType: 'NUMERIC',
-        variationValue: 3.14,
-        extraLogging: {},
-        doLog: true,
-      },
-      'json-flag': {
-        allocationKey: 'allocation-127',
-        variationKey: 'variation-127',
-        variationType: 'JSON',
-        variationValue: '{"key": "value", "number": 123}',
-        extraLogging: {},
-        doLog: true,
-      },
-    },
-  }; // TODO: readMockPrecomputedFlagsResponse(MOCK_PRECOMPUTED_FLAGS_RESPONSE_FILE);
+  const precomputedConfigurationWire = readMockConfigurationWireResponse(
+    MOCK_PRECOMPUTED_WIRE_FILE,
+  );
+  const unparsedPrecomputedResponse = JSON.parse(precomputedConfigurationWire).precomputed.response;
+  const precomputedResponse: IPrecomputedConfigurationResponse = JSON.parse(
+    unparsedPrecomputedResponse,
+  );
 
   global.fetch = jest.fn(() => {
     return Promise.resolve({
       ok: true,
       status: 200,
-      json: () => Promise.resolve(precomputedFlags),
+      json: () => Promise.resolve(precomputedResponse),
     });
   }) as jest.Mock;
   const storage = new MemoryOnlyConfigurationStore<PrecomputedFlag>();
@@ -382,7 +345,7 @@ describe('EppoPrecomputedClient E2E test', () => {
         return Promise.resolve({
           ok: true,
           status: 200,
-          json: () => Promise.resolve(precomputedFlags),
+          json: () => Promise.resolve(precomputedResponse),
         });
       }) as jest.Mock;
     });
@@ -431,7 +394,7 @@ describe('EppoPrecomputedClient E2E test', () => {
     });
 
     it('Fetches initial configuration with parameters in constructor', async () => {
-      client = new EppoPrecomputedClient(precomputedFlagStore);
+      client = new EppoPrecomputedClient(precomputedFlagStore, true);
       client.setSubjectAndPrecomputedFlagsRequestParameters(requestParameters);
       // no configuration loaded
       let variation = client.getStringAssignment(precomputedFlagKey, 'default');
@@ -443,7 +406,7 @@ describe('EppoPrecomputedClient E2E test', () => {
     });
 
     it('Fetches initial configuration with parameters provided later', async () => {
-      client = new EppoPrecomputedClient(precomputedFlagStore);
+      client = new EppoPrecomputedClient(precomputedFlagStore, true);
       client.setSubjectAndPrecomputedFlagsRequestParameters(requestParameters);
       // no configuration loaded
       let variation = client.getStringAssignment(precomputedFlagKey, 'default');
@@ -464,7 +427,7 @@ describe('EppoPrecomputedClient E2E test', () => {
           }
         }
 
-        client = new EppoPrecomputedClient(new MockStore());
+        client = new EppoPrecomputedClient(new MockStore(), true);
         client.setSubjectAndPrecomputedFlagsRequestParameters({
           ...requestParameters,
           pollAfterSuccessfulInitialization: true,
@@ -509,7 +472,7 @@ describe('EppoPrecomputedClient E2E test', () => {
       let client: EppoPrecomputedClient;
 
       beforeEach(async () => {
-        client = new EppoPrecomputedClient(storage);
+        client = new EppoPrecomputedClient(storage, true);
         client.setSubjectAndPrecomputedFlagsRequestParameters(requestParameters);
         await client.fetchPrecomputedFlags();
       });
@@ -570,7 +533,7 @@ describe('EppoPrecomputedClient E2E test', () => {
             ok: true,
             status: 200,
             json: () => {
-              return precomputedFlags;
+              return precomputedResponse;
             },
           });
         }
@@ -581,7 +544,7 @@ describe('EppoPrecomputedClient E2E test', () => {
         ...requestParameters,
         pollAfterSuccessfulInitialization,
       };
-      client = new EppoPrecomputedClient(precomputedFlagStore);
+      client = new EppoPrecomputedClient(precomputedFlagStore, true);
       client.setSubjectAndPrecomputedFlagsRequestParameters(requestParameters);
       // no configuration loaded
       let variation = client.getStringAssignment(precomputedFlagKey, 'default');
@@ -629,7 +592,7 @@ describe('EppoPrecomputedClient E2E test', () => {
           return Promise.resolve({
             ok: true,
             status: 200,
-            json: () => Promise.resolve(precomputedFlags),
+            json: () => Promise.resolve(precomputedResponse),
           } as Response);
         }
       });
@@ -646,7 +609,7 @@ describe('EppoPrecomputedClient E2E test', () => {
         throwOnFailedInitialization,
         pollAfterFailedInitialization,
       };
-      client = new EppoPrecomputedClient(precomputedFlagStore);
+      client = new EppoPrecomputedClient(precomputedFlagStore, true);
       client.setSubjectAndPrecomputedFlagsRequestParameters(requestParameters);
       // no configuration loaded
       expect(client.getStringAssignment(precomputedFlagKey, 'default')).toBe('default');
@@ -673,29 +636,28 @@ describe('EppoPrecomputedClient E2E test', () => {
   });
 
   describe('Obfuscated precomputed flags', () => {
-    let client: EppoPrecomputedClient;
+    it('returns decoded variation value', () => {
+      const salt = 'sodium-chloride';
+      const saltedAndHashedFlagKey = getMD5Hash(precomputedFlagKey, salt);
 
-    beforeAll(() => {
       storage.setEntries({
-        [getMD5Hash(precomputedFlagKey)]: {
+        [saltedAndHashedFlagKey]: {
           ...mockPrecomputedFlag,
           allocationKey: encodeBase64(mockPrecomputedFlag.allocationKey),
           variationKey: encodeBase64(mockPrecomputedFlag.variationKey),
           variationValue: encodeBase64(mockPrecomputedFlag.variationValue),
           extraLogging: {},
         },
       });
-      client = new EppoPrecomputedClient(storage, true);
-    });
 
-    afterAll(() => {
-      td.reset();
-    });
+      const client = new EppoPrecomputedClient(storage, true);
+      client.setDecodedFlagKeySalt(salt);
 
-    it('returns decoded variation value', () => {
       expect(client.getStringAssignment(precomputedFlagKey, 'default')).toBe(
         mockPrecomputedFlag.variationValue,
       );
+
+      td.reset();
     });
   });
 

src/client/eppo-precomputed-client.ts

@@ -16,14 +16,16 @@ import {
 import { decodePrecomputedFlag } from '../decoding';
 import { FlagEvaluationWithoutDetails } from '../evaluator';
 import FetchHttpClient from '../http-client';
-import { PrecomputedFlag, VariationType } from '../interfaces';
+import { DecodedPrecomputedFlag, PrecomputedFlag, VariationType } from '../interfaces';
 import { getMD5Hash } from '../obfuscation';
 import initPoller, { IPoller } from '../poller';
 import PrecomputedRequestor from '../precomputed-requestor';
 import { Attributes } from '../types';
 import { validateNotBlank } from '../validation';
 import { LIB_VERSION } from '../version';
 
+import { checkTypeMatch } from './eppo-client';
+
 export type PrecomputedFlagsRequestParameters = {
   apiKey: string;
   sdkVersion: string;
@@ -51,32 +53,36 @@ export default class EppoPrecomputedClient {
   private precomputedFlagsRequestParameters?: PrecomputedFlagsRequestParameters;
   private subjectKey?: string;
   private subjectAttributes?: Attributes;
+  private decodedFlagKeySalt = '';
 
   constructor(
     private precomputedFlagStore: IConfigurationStore<PrecomputedFlag>,
     private isObfuscated = false,
   ) {}
 
-  public setPrecomputedFlagsRequestParameters(
-    precomputedFlagsRequestParameters: PrecomputedFlagsRequestParameters,
-  ) {
-    this.precomputedFlagsRequestParameters = precomputedFlagsRequestParameters;
+  public setIsObfuscated(isObfuscated: boolean) {
+    this.isObfuscated = isObfuscated;
   }
 
-  public setSubjectAndPrecomputedFlagsRequestParameters(
-    precomputedFlagsRequestParameters: PrecomputedFlagsRequestParameters,
-  ) {
-    this.setPrecomputedFlagsRequestParameters(precomputedFlagsRequestParameters);
-    this.subjectKey = precomputedFlagsRequestParameters.precompute.subjectKey;
-    this.subjectAttributes = precomputedFlagsRequestParameters.precompute.subjectAttributes;
+  public setDecodedFlagKeySalt(salt: string) {
+    this.decodedFlagKeySalt = salt;
+  }
+  // Individual methods for single responsibility
+  public setPrecomputedFlagsRequestParameters(parameters: PrecomputedFlagsRequestParameters) {
+    this.precomputedFlagsRequestParameters = parameters;
   }
 
-  public setPrecomputedFlagStore(precomputedFlagStore: IConfigurationStore<PrecomputedFlag>) {
-    this.precomputedFlagStore = precomputedFlagStore;
+  public setSubjectData(subjectKey: string, subjectAttributes: Attributes) {
+    this.subjectKey = subjectKey;
+    this.subjectAttributes = subjectAttributes;
   }
 
-  public setIsObfuscated(isObfuscated: boolean) {
-    this.isObfuscated = isObfuscated;
+  // Convenience method that combines both since they are expected to be set together
+  public setSubjectAndPrecomputedFlagsRequestParameters(
+    parameters: PrecomputedFlagsRequestParameters,
+  ) {
+    this.setPrecomputedFlagsRequestParameters(parameters);
+    this.setSubjectData(parameters.precompute.subjectKey, parameters.precompute.subjectAttributes);
   }
 
   public async fetchPrecomputedFlags() {
@@ -120,6 +126,16 @@ export default class EppoPrecomputedClient {
       subjectAttributes,
     );
 
+    // A callback to capture the salt and subject information
+    precomputedRequestor.onPrecomputedResponse = (responseData) => {
+      if (responseData.decodedSalt) {
+        this.setDecodedFlagKeySalt(responseData.decodedSalt);
+      }
+      if (responseData.subjectKey && responseData.subjectAttributes) {
+        this.setSubjectData(responseData.subjectKey, responseData.subjectAttributes);
+      }
+    };
+
     const pollingCallback = async () => {
       if (await this.precomputedFlagStore.isExpired()) {
         return precomputedRequestor.fetchAndStorePrecomputedFlags();
@@ -144,17 +160,19 @@ export default class EppoPrecomputedClient {
     }
   }
 
+  public setPrecomputedFlagStore(store: IConfigurationStore<PrecomputedFlag>) {
+    this.requestPoller?.stop();
+    this.precomputedFlagStore = store;
+  }
+
+  // Convenience method that combines both since they are expected to be set together
   public setSubjectAndPrecomputedFlagStore(
     subjectKey: string,
     subjectAttributes: Attributes,
     precomputedFlagStore: IConfigurationStore<PrecomputedFlag>,
   ) {
-    // Save the new subject data and precomputed flag store together because they are related
-    // Stop any polling process if it exists from previous subject data to protect consistency
-    this.requestPoller?.stop();
     this.setPrecomputedFlagStore(precomputedFlagStore);
-    this.subjectKey = subjectKey;
-    this.subjectAttributes = subjectAttributes;
+    this.setSubjectData(subjectKey, subjectAttributes);
   }
 
   private getPrecomputedAssignment<T>(
@@ -172,11 +190,10 @@ export default class EppoPrecomputedClient {
       return defaultValue;
     }
 
-    // Check variation type
-    if (preComputedFlag.variationType !== expectedType) {
-      logger.error(
-        `[Eppo SDK] Type mismatch: expected ${expectedType} but flag ${flagKey} has type ${preComputedFlag.variationType}`,
-      );
+    // Add type checking before proceeding
+    if (!checkTypeMatch(expectedType, preComputedFlag.variationType)) {
+      const errorMessage = `[Eppo SDK] Type mismatch: expected ${expectedType} but flag ${flagKey} has type ${preComputedFlag.variationType}`;
+      logger.error(errorMessage);
       return defaultValue;
     }
 
@@ -274,15 +291,16 @@ export default class EppoPrecomputedClient {
     );
   }
 
-  private getPrecomputedFlag(flagKey: string): PrecomputedFlag | null {
+  private getPrecomputedFlag(flagKey: string): DecodedPrecomputedFlag | null {
     return this.isObfuscated
       ? this.getObfuscatedFlag(flagKey)
       : this.precomputedFlagStore.get(flagKey);
   }
 
-  private getObfuscatedFlag(flagKey: string): PrecomputedFlag | null {
+  private getObfuscatedFlag(flagKey: string): DecodedPrecomputedFlag | null {
+    const saltedAndHashedFlagKey = getMD5Hash(flagKey, this.decodedFlagKeySalt);
     const precomputedFlag: PrecomputedFlag | null = this.precomputedFlagStore.get(
-      getMD5Hash(flagKey),
+      saltedAndHashedFlagKey,
     ) as PrecomputedFlag;
     return precomputedFlag ? decodePrecomputedFlag(precomputedFlag) : null;
   }

src/decoding.ts

@@ -10,6 +10,7 @@ import {
   Shard,
   ObfuscatedSplit,
   PrecomputedFlag,
+  DecodedPrecomputedFlag,
 } from './interfaces';
 import { decodeBase64 } from './obfuscation';
 
@@ -78,12 +79,12 @@ export function decodeObject(obj: Record<string, string>): Record<string, string
   );
 }
 
-export function decodePrecomputedFlag(precomputedFlag: PrecomputedFlag): PrecomputedFlag {
+export function decodePrecomputedFlag(precomputedFlag: PrecomputedFlag): DecodedPrecomputedFlag {
   return {
     ...precomputedFlag,
     allocationKey: decodeBase64(precomputedFlag.allocationKey),
     variationKey: decodeBase64(precomputedFlag.variationKey),
-    variationValue: decodeBase64(precomputedFlag.variationValue),
+    variationValue: decodeValue(precomputedFlag.variationValue, precomputedFlag.variationType),
     extraLogging: decodeObject(precomputedFlag.extraLogging),
   };
 }