Shortcircuiters for CORS Preflight Support #118
Conversation
.vscode/settings.json
Outdated
| @@ -0,0 +1,72 @@ | |||
| { | |||
There was a problem hiding this comment.
please remove this directory. to avoid committing it in the future you could consider adding it to .gitignore
There was a problem hiding this comment.
you have to actually remove this directory from git though. git rm -rf .vscode and then commit that. this will also delete the contents of the directory so you should back it up first if you dont want to regenerate it with your IDE
ar-lib
Outdated
| @@ -0,0 +1,271 @@ | |||
| #! /bin/sh | |||
There was a problem hiding this comment.
this should also be removed
There was a problem hiding this comment.
I put it on .gitignore to avoid futher commits involving it. Is it ok ?!
|
please also remove |
rebuild.sh
Outdated
| @@ -0,0 +1,12 @@ | |||
| # dont forget submodules | |||
There was a problem hiding this comment.
you must git rm this file and commit to actually remove it
There was a problem hiding this comment.
also delete that binary file prime_testd
|
ive made some small comments so far and i am traveling a lot this week but by the end of the week i should be able to get you some good review comments |
prime_server/prime_server.hpp
Outdated
| @@ -59,8 +60,27 @@ constexpr uint32_t DEFAULT_REQUEST_TIMEOUT = -1; // infinity second | |||
| // TODO: bundle both request_containter_t (req, rep) and request_info_t into | |||
| // a single session_t that implements all the guts of the protocol | |||
|
|
|||
| // Struct that stores the a vector of shortcircuiter functions and its priorities | |||
| template <class request_container_t> | |||
| struct shortcircuiters_t { | |||
There was a problem hiding this comment.
i dont think we need a struct to encapsulate this idea. at least not in the public (header) interface. remember that in public interfaces we want to expose as little as possible. the more we put here the more we have to maintain.
all we need here is a single type alias for the functor:
using shortcircuiter_t = std::function<std::unique_ptr<zmq::message_t>(const request_container_t&)>;
then its up to any protocol to provide that optionally. so over in each protocols header you'd make a free function to return the shortcircuiter_t object. each protocol can have different arguments to this shortcircuiter generator function. http will want healthcheck path and options mask (with defaults) whereas netstring will just want healthcheck.
then you can hide the actual implementation of this inside of http_protocol.cpp and netstring_protocol.cpp respectively.
no need for keeping structs around or a complex interface. you just call a function from each protocol that returns a lambda that does the work. you dont even need vectors of shortcircuiters. each protocol just has their priority list hardcoded i suppose (probably makes sense since protocols have a protocol hahaha).
this might be a bit of an advance c++ pattern and im not sure how familiar you are with that so please let me know if any of this is making sense. if not i can write some sample code to show what i mean.
There was a problem hiding this comment.
I think with my last few commits i'm closer to that idea!!
|
by and large, you are in the right direction for sure, we'll get it cleaned up and get it working. once we like the design we can add unit tests |
|
Thank you very much for the enlightening answer as always! |
Co-authored-by: Kevin Kreiser <kevinkreiser@gmail.com>
Co-authored-by: Kevin Kreiser <kevinkreiser@gmail.com>
Co-authored-by: Kevin Kreiser <kevinkreiser@gmail.com>
|
@ldsmoreira i will finish the review tonight. hopefully just a few suggestions to the cors handling and then we are done. i think we can forget about the configuration stuff for now its not hugely important except for how we collect that info on the command line. i'll make a suggestion about that hopefully in the review too. anyway i have to do it later tonight |
|
going to work on some unit tests for the new functionality so we can get this merged |
Co-authored-by: Kevin Kreiser <kevinkreiser@gmail.com>
Co-authored-by: Kevin Kreiser <kevinkreiser@gmail.com>
Co-authored-by: Kevin Kreiser <kevinkreiser@gmail.com>
@kevinkreiser Next week I will be able to focus an entire day to adjust some details and make the unit tests :) I can't wait for this merge! |
|
if you are looking for examples, i think you could make a unit test for each scenario of the cors preflight shortcutting logic. each test case should look similar to this: Lines 421 to 443 in eaa3963 where you set up a request and then you have the response handler assert the correct response. i expect you should have at least 3 new tests there for 304 and for different header configurations |
Hello @kevinkreiser, I'm trying to understand the unit testing logic in the context of prime_server, as I'm relatively new to unit testing in C++. I have a few questions that I hope you can help clarify: 1 - In the example you provided earlier, it seems that a client is connecting to the ipc:///tmp/test_http_server endpoint and receiving responses. Is there a server running specifically for testing purposes in this case, or is the communication being simulated in some other way? If so, could you please explain how that's achieved? 2 - Regarding the shortcircuiter behavior, which is coupled with a server instance, would I need to start multiple servers with different configurations to test all possible scenarios? If you could share any resources or insights about the testing architecture being used in prime_server, I would greatly appreciate it! I apologize in advance for my limited knowledge in this area, and I'm looking forward to learning more. Thank you! |
|
yep happy to help @ldsmoreira regarding question number 1 above, yep exactly, we start an http server at the beginning of the test just for this purpose of testing regarding question number 2 above, yep you will need to. i think you you might need to do about 4 different test cases: no cors allowed, all cors allowed, specific cors allowed, wrong cors not allowed. the already running server could be configured for testing maybe the last two since they are both supported by the same server config but that would still mean you need to run two more servers. to test the all and no cors variants. it is possible to test this stuff in a weaker way (not end to end) by calling methods on the server class directly. you see at the top of the test file we make a testable http server with an exposed enqueue method. you could call this directly but you'd need to be able to see what the former is more of a pain in the butt but it does an end to end test while the latter is quite a lot less annoying to deal with. let me know what you think! |
|
@kevinkreiser I initially thought that the line below was responsible for instantiating the server, but interestingly, the tests still passed even after I commented it out hahah. I believe I just need some guidance to locate where the server configuration and startup are defined so that I can better understand the entire process! Line 514 in eaa3963 |
|
Lines 300 to 309 in eaa3963 that is where the server is started, you can see at the bottom the tests are broken into two groups, ones that dont rely on an actual running server and ones that do, the first one of the ones that do starts the server. given the annoyance of testing this way it might be better to go with the other option of expanding the testable http server and capturing what comes out of dequeue |
|
Hello @kevinkreiser, I'm currently examining a piece of code that you've merged into the master branch and I've come across an unusual behavior that I hope you could help me understand. What's intriguing is that when I input the shortcircuit parameter at server, the application throws a "host unreachable" error and the test fails. However, when I run the application such as prime_serverd, it is working as expected! Would you have any insights into why this might be happening? |
|
i think its happening because in this type of testing we dont actually connect a client that the server can send the shortcircuit reply to. maybe the right thing for me to do in my previous pr was to catch the exception in my testing dequeue function, assert that its the right kind of expected exception and swallow it. if i catch somethign that isnt the right exception then i throw it again. i think that sounds right.. i can pr that |
I will take another look later to completely understand this flow. |
@kevinkreiser, I have just committed some tests. I believe I'm heading in the right direction. P.S. Should we restrict CORS outside of the preflight request context? Specifically, should we block all requests originating from sources not on our whitelist and using methods other than OPTIONS? |
|
yep i think for me the only thing we need to worry about at this point is that the behavior is as it was before so that people who are using this will not have to make a non obvious code change to upgrade. i think we should default to allowing all origins (meaning we dont even set the shortcircuiter, which i think is what we have by default). to your specific question, the way i understood the spec, if the preflight origin is not in the whitelist we should return a 403 and none of the access-control headers. |
|
Hello @kevinkreiser , I apologize for not being able to work here for the past couple of weeks. I'm looking forward to finishing it this weekend!! |
kevinkreiser
changed the title
Hello everyone!
I hope you are doing well. I would like to open this pull request to show you the progress I have made so far. I named it "Work In Progress" since there are still unit tests to be added.
I would appreciate it if you could take a look and let me know if I am going in the right direction. I am open to feedback on how to improve the code to match your standards.
Thank you for your time and consideration.
PS.: There is some files related to my development environment.
PS2.: This pull request is related to the valhalla issue #117