Implemented HTTPS-based Czar front-end

Eliminated classes of the QHTTP-based version of the Czar frontend
lsst · Jul 5, 2024 · 2650595 · 2650595
1 parent 5c13233
commit 2650595
Show file tree

Hide file tree

Showing 15 changed files with 319 additions and 247 deletions.
diff --git a/src/admin/python/lsst/qserv/admin/cli/entrypoint.py b/src/admin/python/lsst/qserv/admin/cli/entrypoint.py
@@ -137,7 +137,13 @@ class CommandInfo:
         "--lua-cpath=/usr/local/lua/qserv/lib/czarProxy.so --defaults-file={{proxy_cfg_path}}",
     )),
     ("czar-http", CommandInfo(
-        "qserv-czar-http http {{czar_cfg_path}} {{http_frontend_port}} {{http_frontend_threads}} ",
+        "qserv-czar-http "
+        "http "
+        "{{czar_cfg_path}} "
+        "{{http_frontend_port}} "
+        "{{http_frontend_threads}} "
+        "{{http_ssl_cert_file}} "
+        "{{http_ssl_private_key_file}}",
     )),
     ("cmsd-manager", CommandInfo(
         "cmsd -c {{cmsd_manager_cfg_path}} -n manager -I v4",

diff --git a/src/czar/CMakeLists.txt b/src/czar/CMakeLists.txt
@@ -1,14 +1,15 @@
 add_library(czar OBJECT)
 
 target_sources(czar PRIVATE
+    ChttpModule.cc
     Czar.cc
     HttpCzarIngestModule.cc
-    HttpCzarSvc.cc
     HttpCzarQueryModule.cc
-    HttpModule.cc
+    HttpCzarSvc.cc
     HttpMonitorModule.cc
     HttpSvc.cc
     MessageTable.cc
+    QhttpModule.cc
 )
 
 target_include_directories(czar PRIVATE
@@ -23,6 +24,7 @@ target_link_libraries(czar PUBLIC
     util
     log
     XrdSsiLib
+    cpp-httplib
 )
 
 function(CZAR_UTILS)
@@ -51,4 +53,4 @@ endfunction()
 
 czar_utils(
     qserv-czar-http
-)
+)
diff --git a/src/czar/ChttpModule.cc b/src/czar/ChttpModule.cc
@@ -0,0 +1,67 @@
+/*
+ * LSST Data Management System
+ *
+ * This product includes software developed by the
+ * LSST Project (http://www.lsst.org/).
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the LSST License Statement and
+ * the GNU General Public License along with this program.  If not,
+ * see <http://www.lsstcorp.org/LegalNotices/>.
+ */
+
+// Class header
+#include "czar/ChttpModule.h"
+
+// System headers
+#include <stdexcept>
+
+// Qserv headers
+#include "cconfig/CzarConfig.h"
+#include "http/Exceptions.h"
+#include "http/RequestBodyJSON.h"
+#include "http/RequestQuery.h"
+
+using namespace std;
+
+namespace lsst::qserv::czar {
+
+ChttpModule::ChttpModule(string const& context, httplib::Request const& req, httplib::Response& resp)
+        : http::ChttpModule(cconfig::CzarConfig::instance()->replicationAuthKey(),
+                            cconfig::CzarConfig::instance()->replicationAdminAuthKey(), req, resp),
+          _context(context) {}
+
+string ChttpModule::context() const { return _context; }
+
+void ChttpModule::enforceCzarName(string const& func) const {
+    string const czarNameAttrName = "czar";
+    string czarName;
+    if (method() == "GET") {
+        if (!query().has(czarNameAttrName)) {
+            throw http::Error(func, "No Czar identifier was provided in the request query.");
+        }
+        czarName = query().requiredString(czarNameAttrName);
+    } else {
+        if (!body().has(czarNameAttrName)) {
+            throw http::Error(func, "No Czar identifier was provided in the request body.");
+        }
+        czarName = body().required<string>(czarNameAttrName);
+    }
+    string const expectedCzarName = cconfig::CzarConfig::instance()->name();
+    if (expectedCzarName != czarName) {
+        string const msg = "Requested Czar identifier '" + czarName + "' does not match the one '" +
+                           expectedCzarName + "' of the current Czar.";
+        throw http::Error(func, msg);
+    }
+}
+
+}  // namespace lsst::qserv::czar
diff --git a/src/czar/ChttpModule.h b/src/czar/ChttpModule.h
@@ -0,0 +1,69 @@
+/*
+ * LSST Data Management System
+ *
+ * This product includes software developed by the
+ * LSST Project (http://www.lsst.org/).
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the LSST License Statement and
+ * the GNU General Public License along with this program.  If not,
+ * see <http://www.lsstcorp.org/LegalNotices/>.
+ */
+#ifndef LSST_QSERV_CZAR_CHTTPMODULE_H
+#define LSST_QSERV_CZAR_CHTTPMODULE_H
+
+// System headers
+#include <string>
+
+// Qserv headers
+#include "http/ChttpModule.h"
+
+// Forward declarations
+namespace httplib {
+class Request;
+class Response;
+}  // namespace httplib
+
+// This header declarations
+namespace lsst::qserv::czar {
+
+/**
+ * Class ChttpModule is an intermediate base class of the Qserv Czar modules.
+ */
+class ChttpModule : public http::ChttpModule {
+public:
+    ChttpModule() = delete;
+    ChttpModule(ChttpModule const&) = delete;
+    ChttpModule& operator=(ChttpModule const&) = delete;
+
+    virtual ~ChttpModule() = default;
+
+protected:
+    ChttpModule(std::string const& context, httplib::Request const& req, httplib::Response& resp);
+
+    virtual std::string context() const final;
+
+    /**
+     * Check if Czar identifier is present in a request and if so then the identifier
+     * is the same as the one of the current Czar. Throw an exception in case of mismatch.
+     * @param func The name of the calling context (it's used for error reporting).
+     * @throws std::invalid_argument If the dentifiers didn't match.
+     */
+    void enforceCzarName(std::string const& func) const;
+
+private:
+    std::string const _context;
+};
+
+}  // namespace lsst::qserv::czar
+
+#endif  // LSST_QSERV_CZAR_CHTTPMODULE_H
diff --git a/src/czar/HttpCzarIngestModule.cc b/src/czar/HttpCzarIngestModule.cc
@@ -38,7 +38,6 @@
 #include "http/Exceptions.h"
 #include "http/MetaModule.h"
 #include "http/RequestBodyJSON.h"
-#include "qhttp/Request.h"
 #include "qhttp/Status.h"
 
 using namespace std;
@@ -106,17 +105,15 @@ void setProtocolFields(json& data) {
 namespace lsst::qserv::czar {
 
 void HttpCzarIngestModule::process(asio::io_service& io_service, string const& context,
-                                   shared_ptr<qhttp::Request> const& req,
-                                   shared_ptr<qhttp::Response> const& resp, string const& subModuleName,
-                                   http::AuthType const authType) {
+                                   httplib::Request const& req, httplib::Response& resp,
+                                   string const& subModuleName, http::AuthType const authType) {
     HttpCzarIngestModule module(io_service, context, req, resp);
     module.execute(subModuleName, authType);
 }
 
 HttpCzarIngestModule::HttpCzarIngestModule(asio::io_service& io_service, string const& context,
-                                           shared_ptr<qhttp::Request> const& req,
-                                           shared_ptr<qhttp::Response> const& resp)
-        : http::QhttpModule(cconfig::CzarConfig::instance()->replicationAuthKey(),
+                                           httplib::Request const& req, httplib::Response& resp)
+        : http::ChttpModule(cconfig::CzarConfig::instance()->replicationAuthKey(),
                             cconfig::CzarConfig::instance()->replicationAdminAuthKey(), req, resp),
           _io_service(io_service),
           _context(context),

diff --git a/src/czar/HttpCzarIngestModule.h b/src/czar/HttpCzarIngestModule.h
@@ -32,19 +32,19 @@
 #include "nlohmann/json.hpp"
 
 // Qserv headers
+#include "http/ChttpModule.h"
 #include "http/Method.h"
-#include "http/QhttpModule.h"
 
 // Forward declarations
 
 namespace lsst::qserv::http {
 class AsyncReq;
 }  // namespace lsst::qserv::http
 
-namespace lsst::qserv::qhttp {
+namespace httplib {
 class Request;
 class Response;
-}  // namespace lsst::qserv::qhttp
+}  // namespace httplib
 
 // This header declarations
 namespace lsst::qserv::czar {
@@ -53,7 +53,7 @@ namespace lsst::qserv::czar {
  * Class HttpCzarIngestModule implements a handler for processing requests for ingesting
  * user-generated data prodicts via the HTTP-based frontend.
  */
-class HttpCzarIngestModule : public http::QhttpModule {
+class HttpCzarIngestModule : public http::ChttpModule {
 public:
     /**
      * @note supported values for parameter 'subModuleName' are:
@@ -64,8 +64,8 @@ class HttpCzarIngestModule : public http::QhttpModule {
      * @throws std::invalid_argument for unknown values of parameter 'subModuleName'
      */
     static void process(boost::asio::io_service& io_service, std::string const& context,
-                        std::shared_ptr<qhttp::Request> const& req,
-                        std::shared_ptr<qhttp::Response> const& resp, std::string const& subModuleName,
+                        httplib::Request const& req, httplib::Response& resp,
+                        std::string const& subModuleName,
                         http::AuthType const authType = http::AuthType::NONE);
 
     HttpCzarIngestModule() = delete;
@@ -80,8 +80,7 @@ class HttpCzarIngestModule : public http::QhttpModule {
 
 private:
     HttpCzarIngestModule(boost::asio::io_service& io_service, std::string const& context,
-                         std::shared_ptr<qhttp::Request> const& req,
-                         std::shared_ptr<qhttp::Response> const& resp);
+                         httplib::Request const& req, httplib::Response& resp);
 
     nlohmann::json _ingestData();
     nlohmann::json _deleteDatabase();

diff --git a/src/czar/HttpCzarQueryModule.cc b/src/czar/HttpCzarQueryModule.cc
@@ -52,16 +52,15 @@ vector<string> const binTypes = {"BIT", "BINARY", "VARBINARY", "TINYBLOB", "BLOB
 
 namespace lsst::qserv::czar {
 
-void HttpCzarQueryModule::process(string const& context, shared_ptr<qhttp::Request> const& req,
-                                  shared_ptr<qhttp::Response> const& resp, string const& subModuleName,
-                                  http::AuthType const authType) {
+void HttpCzarQueryModule::process(string const& context, httplib::Request const& req, httplib::Response& resp,
+                                  string const& subModuleName, http::AuthType const authType) {
     HttpCzarQueryModule module(context, req, resp);
     module.execute(subModuleName, authType);
 }
 
-HttpCzarQueryModule::HttpCzarQueryModule(string const& context, shared_ptr<qhttp::Request> const& req,
-                                         shared_ptr<qhttp::Response> const& resp)
-        : HttpModule(context, req, resp) {}
+HttpCzarQueryModule::HttpCzarQueryModule(string const& context, httplib::Request const& req,
+                                         httplib::Response& resp)
+        : ChttpModule(context, req, resp) {}
 
 json HttpCzarQueryModule::executeImpl(string const& subModuleName) {
     string const func = string(__func__) + "[sub-module='" + subModuleName + "']";

diff --git a/src/czar/HttpCzarQueryModule.h b/src/czar/HttpCzarQueryModule.h
@@ -29,7 +29,7 @@
 #include "nlohmann/json.hpp"
 
 // Qserv headers
-#include "czar/HttpModule.h"
+#include "czar/ChttpModule.h"
 #include "global/intTypes.h"
 #include "http/BinaryEncoding.h"
 
@@ -39,10 +39,10 @@ namespace lsst::qserv::czar {
 struct SubmitResult;
 }  // namespace lsst::qserv::czar
 
-namespace lsst::qserv::qhttp {
+namespace httplib {
 class Request;
 class Response;
-}  // namespace lsst::qserv::qhttp
+}  // namespace httplib
 
 namespace lsst::qserv::sql {
 class SqlResults;
@@ -56,7 +56,7 @@ namespace lsst::qserv::czar {
  * Class HttpCzarQueryModule implements a handler for processing user
  * queries submitted to Czar via the HTTP-based frontend.
  */
-class HttpCzarQueryModule : public czar::HttpModule {
+class HttpCzarQueryModule : public czar::ChttpModule {
 public:
     /**
      * @note supported values for parameter 'subModuleName' are:
@@ -68,8 +68,8 @@ class HttpCzarQueryModule : public czar::HttpModule {
      *
      * @throws std::invalid_argument for unknown values of parameter 'subModuleName'
      */
-    static void process(std::string const& context, std::shared_ptr<qhttp::Request> const& req,
-                        std::shared_ptr<qhttp::Response> const& resp, std::string const& subModuleName,
+    static void process(std::string const& context, httplib::Request const& req, httplib::Response& resp,
+                        std::string const& subModuleName,
                         http::AuthType const authType = http::AuthType::NONE);
 
     HttpCzarQueryModule() = delete;
@@ -82,8 +82,7 @@ class HttpCzarQueryModule : public czar::HttpModule {
     virtual nlohmann::json executeImpl(std::string const& subModuleName) final;
 
 private:
-    HttpCzarQueryModule(std::string const& context, std::shared_ptr<qhttp::Request> const& req,
-                        std::shared_ptr<qhttp::Response> const& resp);
+    HttpCzarQueryModule(std::string const& context, httplib::Request const& req, httplib::Response& resp);
 
     nlohmann::json _submit();
     nlohmann::json _submitAsync();