canic-core 0.35.7

Canic — a canister orchestration and management toolkit for the Internet Computer
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101

use super::{
    RootCapabilityProofMode, project_replay_metadata, validate_nonroot_cycles_envelope,
    verify_nonroot_cycles_proof,
};
use crate::{
    dto::{
        capability::{NonrootCyclesCapabilityEnvelopeV1, NonrootCyclesCapabilityResponseV1},
        error::Error,
    },
    log,
    log::Topic,
    ops::{
        ic::IcOps,
        runtime::metrics::root_capability::{
            RootCapabilityMetricKey, RootCapabilityMetricOutcome, RootCapabilityMetrics,
        },
    },
    workflow::rpc::request::handler::NonrootCyclesCapabilityWorkflow,
};

/// Validate and execute the non-root request-cycles capability path.
pub(super) async fn response_capability_v1_nonroot(
    envelope: NonrootCyclesCapabilityEnvelopeV1,
) -> Result<NonrootCyclesCapabilityResponseV1, Error> {
    let NonrootCyclesCapabilityEnvelopeV1 {
        service,
        capability_version,
        capability,
        proof,
        metadata,
    } = envelope;

    let capability_key = RootCapabilityMetricKey::RequestCycles;
    let proof_mode = RootCapabilityProofMode::from_proof(&proof);
    let validated_proof = match validate_nonroot_cycles_envelope(
        service,
        capability_version,
        &proof,
    ) {
        Ok(proof) => proof,
        Err(err) => {
            RootCapabilityMetrics::record_envelope(
                capability_key,
                RootCapabilityMetricOutcome::Rejected,
                proof_mode.metric_key(),
            );
            log!(
                Topic::Rpc,
                Warn,
                "non-root capability envelope rejected (capability={}, caller={}, service={:?}, capability_version={}, proof_mode={}): {}",
                "RequestCycles",
                IcOps::msg_caller(),
                service,
                capability_version,
                proof_mode.label(),
                err
            );
            return Err(err);
        }
    };
    let proof_mode = validated_proof.mode();
    RootCapabilityMetrics::record_envelope(
        capability_key,
        RootCapabilityMetricOutcome::Accepted,
        proof_mode.metric_key(),
    );

    if let Err(err) = verify_nonroot_cycles_proof() {
        RootCapabilityMetrics::record_proof(
            capability_key,
            RootCapabilityMetricOutcome::Rejected,
            proof_mode.metric_key(),
        );
        log!(
            Topic::Rpc,
            Warn,
            "non-root capability proof rejected (capability={}, caller={}, service={:?}, capability_version={}, proof_mode={}): {}",
            "RequestCycles",
            IcOps::msg_caller(),
            service,
            capability_version,
            proof_mode.label(),
            err
        );
        return Err(err);
    }
    RootCapabilityMetrics::record_proof(
        capability_key,
        RootCapabilityMetricOutcome::Accepted,
        proof_mode.metric_key(),
    );

    let replay_metadata = project_replay_metadata(metadata, IcOps::now_secs())?;
    let mut request = capability;
    request.metadata = Some(replay_metadata);
    let response = NonrootCyclesCapabilityWorkflow::response_replay_first(request)
        .await
        .map_err(Error::from)?;

    Ok(NonrootCyclesCapabilityResponseV1 { response })
}