ic-http-certification 3.2.0

Certification for HTTP responses for the Internet Computer
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182

use super::{
    create_cel_expr, create_default_cel_expr, create_default_full_cel_expr,
    create_default_response_only_cel_expr,
};
use std::{
    borrow::Cow,
    fmt::{Display, Formatter},
};

/// A certification CEL expression defintion.
/// Contains an enum variant for each CEL function supported for certification.
/// Currently only one variant is supported: [CelExpression::Default].
#[derive(Debug, Clone, PartialEq, Eq)]
pub enum CelExpression<'a> {
    /// A certification CEL expression definition that uses the `default_certification` function.
    /// This is currently the only supported function.
    ///
    /// The enum's inner value is an [Option] to allow for opting in, or out of certification.
    /// Providing [None] will opt out of certification, while providing [Some] will opt in to certification.
    /// See [DefaultCelExpression] for more details on its available parameters.
    Default(DefaultCelExpression<'a>),
}

impl Display for CelExpression<'_> {
    fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result {
        write!(f, "{}", create_cel_expr(self))
    }
}

/// A certification CEL expression definition that uses the default CEL function.
///
/// This enum has three variants:
///
/// - The [Full](DefaultCelExpression::Full) variant includes both the [HttpRequest](crate::HttpRequest) and the
///   corresponding [HttpResponse](crate::HttpResponse) in certification. See the [DefaultFullCelExpression] struct
///   for details on how to configure this variant.
///
/// - The [ResponseOnly](DefaultCelExpression::ResponseOnly) variant includes the
///   [HttpResponse](crate::HttpResponse) in certification, but excludes the corresponding
///   [HttpRequest](crate::HttpRequest) from certification. See the [DefaultResponseOnlyCelExpression] struct for
///   details on how to configure this variant.
///
/// - The [Skip](DefaultCelExpression::Skip) variant excludes both the [HttpRequest](crate::HttpRequest) and the
///   corresponding [HttpResponse](crate::HttpResponse) from certification. This variant does not require any
///   configuration.
#[derive(Debug, Clone, PartialEq, Eq)]
pub enum DefaultCelExpression<'a> {
    /// Includes both the [HttpRequest](crate::HttpRequest) and the corresponding
    /// [HttpResponse](crate::HttpResponse) in certification.
    Full(DefaultFullCelExpression<'a>),

    /// Includes an [HttpResponse](crate::HttpResponse) in certification, but excludes the corresponding
    /// [HttpRequest](crate::HttpRequest) from certification.
    ResponseOnly(DefaultResponseOnlyCelExpression<'a>),

    /// Skips certification entirely by excluding both the [HttpRequest](crate::HttpRequest) and
    /// [HttpResponse](crate::HttpResponse) from certification.
    Skip,
}

impl Display for DefaultCelExpression<'_> {
    fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result {
        write!(f, "{}", create_default_cel_expr(self))
    }
}

/// Options for configuring a CEL expression that includes only the [HttpResponse](crate::HttpResponse) in
/// certification and excludes the [HttpRequest](crate::HttpRequest) from certification.
#[derive(Debug, Clone, PartialEq, Eq)]
pub struct DefaultResponseOnlyCelExpression<'a> {
    /// Options for configuring response certification for this CEL expression.
    /// See [DefaultResponseCertification] for details on how to configure response certification.
    pub response: DefaultResponseCertification<'a>,
}

impl Display for DefaultResponseOnlyCelExpression<'_> {
    fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result {
        write!(f, "{}", create_default_response_only_cel_expr(self))
    }
}

/// Options for configuring a CEL expression that includes both the [HttpResponse](crate::HttpResponse) and
/// [HttpRequest](crate::HttpRequest) in certification.
#[derive(Debug, Clone, PartialEq, Eq)]
pub struct DefaultFullCelExpression<'a> {
    /// Options for configuring request certification for this CEL expression.
    /// See [DefaultRequestCertification] for details on how to configure request certification.
    pub request: DefaultRequestCertification<'a>,

    /// Options for configuring response certification for this CEL expression.
    /// See [DefaultResponseCertification] for details on how to configure response certification.
    pub response: DefaultResponseCertification<'a>,
}

impl Display for DefaultFullCelExpression<'_> {
    fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result {
        write!(f, "{}", create_default_full_cel_expr(self))
    }
}

/// Options for configuring certification of a request.
///
/// The request method and body are always certified, but this struct allows configuring the
/// certification of request [headers](DefaultRequestCertification::headers) and
/// [query parameters](DefaultRequestCertification::query_parameters).
#[derive(Debug, Clone, PartialEq, Eq)]
pub struct DefaultRequestCertification<'a> {
    /// A list of request headers to include in certification.
    ///
    /// As many or as little headers can be provided as desired.
    /// Providing an empty list will result in no request headers being certified.
    pub headers: Cow<'a, [&'a str]>,

    /// A list of request query parameters to include in certification.
    ///
    /// As many or as little query parameters can be provided as desired.
    /// Providing an empty list will result in no request query parameters being certified.
    pub query_parameters: Cow<'a, [&'a str]>,
}

impl<'a> DefaultRequestCertification<'a> {
    /// Creates a new [DefaultRequestCertification] with the given `headers` and `query_parameters`.
    /// This is a convenience method for creating a [DefaultRequestCertification]
    /// without having to directly deal with the [Cow] type.
    pub fn new(
        headers: impl Into<Cow<'a, [&'a str]>>,
        query_parameters: impl Into<Cow<'a, [&'a str]>>,
    ) -> Self {
        Self {
            headers: headers.into(),
            query_parameters: query_parameters.into(),
        }
    }
}

#[derive(Debug, Clone, PartialEq, Eq)]
pub(crate) enum DefaultResponseCertificationType<'a> {
    CertifiedResponseHeaders(Cow<'a, [&'a str]>),
    ResponseHeaderExclusions(Cow<'a, [&'a str]>),
}

/// Options for configuring certification of a response.
///
/// The response body and status code are always certified, but this struct allows configuring the
/// certification of response headers. Response headers may be included using the
/// [certified_response_headers](DefaultResponseCertification::certified_response_headers) associated function,
/// and response headers may be excluded using the
/// [response_header_exclusions](DefaultResponseCertification::response_header_exclusions) associated function.
#[derive(Debug, Clone, PartialEq, Eq)]
pub struct DefaultResponseCertification<'a>(DefaultResponseCertificationType<'a>);

impl<'a> DefaultResponseCertification<'a> {
    /// A list of response headers to include in certification.
    ///
    /// As many or as little headers can be provided as desired.
    /// Providing an empty list will result in no response headers being certified.
    pub fn certified_response_headers(headers: impl Into<Cow<'a, [&'a str]>>) -> Self {
        Self(DefaultResponseCertificationType::CertifiedResponseHeaders(
            headers.into(),
        ))
    }

    /// A list of response headers to exclude from certification.
    ///
    /// As many or as little headers can be provided as desired.
    /// Providing an empty list will result in all response headers being certified.
    pub fn response_header_exclusions(headers: impl Into<Cow<'a, [&'a str]>>) -> Self {
        Self(DefaultResponseCertificationType::ResponseHeaderExclusions(
            headers.into(),
        ))
    }

    pub(crate) fn get_type(&self) -> &DefaultResponseCertificationType<'a> {
        &self.0
    }
}

impl Default for DefaultResponseCertification<'_> {
    fn default() -> Self {
        Self::certified_response_headers(vec![])
    }
}