Skip to content

Add AuthCtx to ReducerContext for rust #3288

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 16 commits into
base: master
Choose a base branch
from
Open

Add AuthCtx to ReducerContext for rust #3288

wants to merge 16 commits into from

Conversation

jsdt
Copy link
Contributor

@jsdt jsdt commented Sep 24, 2025

Description of Changes

This exposes client credentials in reducer calls for rust.

API and ABI breaking changes

API Changes:

The main API change is the addition of AuthCtx and the sender_auth in ReducerContext.

ABI Changes:

This adds two new functions jwt_len and get_jwt. These use st_connection_credentials to look up the credentials associated with a connection id. jwt_len can be used to figure out the size of the payload, so that get_jwt can provide a large enough buffer.

TODO: I assume I need to bump the ABI version in this PR.

Expected complexity level and risk

  1. This adds new ABI functions

Testing

I've done some manual testing with modified versions of the quickstart. We should add some examples that use the new API.

@jsdt jsdt requested a review from gefjon September 24, 2025 20:28
gefjon
gefjon reviewed Sep 24, 2025
View reviewed changes
gefjon
gefjon reviewed Sep 24, 2025
View reviewed changes
@Centril Centril self-requested a review September 25, 2025 09:59
gefjon
gefjon reviewed Sep 25, 2025
View reviewed changes
crates/core/src/host/wasm_common.rs Outdated
Comment on lines 395 to 396
"spacetime_10.0"::get_jwt,
"spacetime_10.0"::jwt_len,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These should be in a new ABI version and module, spacetime_11.0. See comment in bindings_sys/src/lib.rs around line 20.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah, looks like this should be spacetime_10.1, actually.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See #3294 for an example of adding a new host function with a new minor version. These can all go in 10.1 so long as we don't cut a release in between the two PRs.

@bfops bfops added the release-any To be landed in any release window label Sep 29, 2025
Centril
Centril requested changes Oct 1, 2025
View reviewed changes
crates/bindings-sys/src/lib.rs
/// Find the jwt payload for the given connection id, and write the
/// BytesSourceId to the given pointer.
/// If this is not found, BytesSourceId::INVALID (aka 0) will be written.
pub fn get_jwt(connection_id_ptr: *const u8, bytes_source_id: *mut BytesSource);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should follow the above documentation style in terms of ABI and traps and errors.

crates/core/src/host/wasmtime/wasm_instance_env.rs
})
}

pub fn get_jwt(
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This needs corresponding docs in the style of e.g., table_id_from_name including traps and errors (e.g., NOT_IN_TRANSACTION applies here).

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I updated it to clarify that it traps for errors. Returning an integer error code doesn't seem very useful.

crates/core/src/host/wasmtime/wasm_instance_env.rs
target_ptr: WasmPtr<u32>,
) -> RtResult<()> {
log::info!("Calling get_jwt");
Self::with_span(caller, AbiCall::GetJwt, |caller| {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like this could use cvt_ret

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It probably could, but it using that function just seemed to make the error handling more difficult to reason about.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gefjon gefjon gefjon left review comments

@Centril Centril Centril requested changes

@bfops bfops Awaiting requested review from bfops bfops is a code owner

@cloutiertyler cloutiertyler Awaiting requested review from cloutiertyler cloutiertyler is a code owner

@jdetter jdetter Awaiting requested review from jdetter jdetter is a code owner

Requested changes must be addressed to merge this pull request.

Assignees

@Centril Centril

Labels
release-any To be landed in any release window
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@jsdt @Centril @gefjon @bfops