chore(http_endpoint): migrate call endpoint to axum

Author: tthebst

rs/http_endpoints/fuzz/fuzz_targets/execute_call_service.rs

@@ -216,7 +216,7 @@ fn new_call_service(
                     ingress_tx,
                 )
                 .with_logger(log.clone())
-                .build(),
+                .build_service(),
             ),
     );
     (ingress_filter_handle, call_service)

rs/http_endpoints/public/src/call.rs

@@ -1,16 +1,19 @@
 //! Module that deals with requests to /api/v2/canister/.../call
 
 use crate::{
-    common::{make_plaintext_response, make_response, remove_effective_principal_id},
-    receive_request_body,
-    validator_executor::ValidatorExecutor,
+    common::CborUserError, validator_executor::ValidatorExecutor, verify_cbor_content_header,
     HttpError, IngressFilterService,
 };
 
-use axum::body::Body;
+use axum::{
+    body::Body,
+    extract::State,
+    response::{IntoResponse, Response},
+    Router,
+};
+use bytes::Bytes;
 use http::Request;
-use http_body_util::BodyExt;
-use hyper::{Response, StatusCode};
+use hyper::StatusCode;
 use ic_crypto_interfaces_sig_verification::IngressSigVerifier;
 use ic_interfaces::ingress_pool::IngressPoolThrottler;
 use ic_interfaces_registry::RegistryClient;
@@ -28,12 +31,10 @@ use ic_types::{
     CanisterId, CountBytes, NodeId, RegistryVersion, SubnetId,
 };
 use std::convert::{Infallible, TryInto};
-use std::future::Future;
-use std::pin::Pin;
+use std::sync::Mutex;
 use std::sync::{Arc, RwLock};
-use std::task::{Context, Poll};
 use tokio::sync::mpsc::UnboundedSender;
-use tower::{BoxError, Service, ServiceExt};
+use tower::{util::BoxCloneService, ServiceBuilder, ServiceExt};
 
 #[derive(Clone)]
 pub struct CallService {
@@ -42,19 +43,25 @@ pub struct CallService {
     subnet_id: SubnetId,
     registry_client: Arc<dyn RegistryClient>,
     validator_executor: ValidatorExecutor<SignedIngressContent>,
-    ingress_filter: IngressFilterService,
+    ingress_filter: Arc<Mutex<IngressFilterService>>,
     ingress_throttler: Arc<RwLock<dyn IngressPoolThrottler + Send + Sync>>,
     ingress_tx: UnboundedSender<UnvalidatedArtifactMutation<IngressArtifact>>,
 }
 
+impl CallService {
+    pub(crate) fn route() -> &'static str {
+        "/api/v2/canister/:effective_canister_id/call"
+    }
+}
+
 pub struct CallServiceBuilder {
     log: Option<ReplicaLogger>,
     node_id: NodeId,
     subnet_id: SubnetId,
     malicious_flags: Option<MaliciousFlags>,
     ingress_verifier: Arc<dyn IngressSigVerifier + Send + Sync>,
     registry_client: Arc<dyn RegistryClient>,
-    ingress_filter: IngressFilterService,
+    ingress_filter: Arc<Mutex<IngressFilterService>>,
     ingress_throttler: Arc<RwLock<dyn IngressPoolThrottler + Send + Sync>>,
     ingress_tx: UnboundedSender<UnvalidatedArtifactMutation<IngressArtifact>>,
 }
@@ -76,7 +83,7 @@ impl CallServiceBuilder {
             malicious_flags: None,
             ingress_verifier,
             registry_client,
-            ingress_filter,
+            ingress_filter: Arc::new(Mutex::new(ingress_filter)),
             ingress_throttler,
             ingress_tx,
         }
@@ -92,9 +99,9 @@ impl CallServiceBuilder {
         self
     }
 
-    pub fn build(self) -> CallService {
+    pub(crate) fn build_router(self) -> Router {
         let log = self.log.unwrap_or(no_op_logger());
-        CallService {
+        let state = CallService {
             log: log.clone(),
             node_id: self.node_id,
             subnet_id: self.subnet_id,
@@ -108,7 +115,18 @@ impl CallServiceBuilder {
             ingress_filter: self.ingress_filter,
             ingress_throttler: self.ingress_throttler,
             ingress_tx: self.ingress_tx,
-        }
+        };
+        Router::new().route_service(
+            CallService::route(),
+            axum::routing::post(call).with_state(state).layer(
+                ServiceBuilder::new().layer(axum::middleware::from_fn(verify_cbor_content_header)),
+            ),
+        )
+    }
+
+    pub fn build_service(self) -> BoxCloneService<Request<Body>, Response, Infallible> {
+        let router = self.build_router();
+        BoxCloneService::new(router.into_service())
     }
 }
 
@@ -161,154 +179,109 @@ fn get_registry_data(
 }
 
 /// Handles a call to /api/v2/canister/../call
-impl Service<Request<Body>> for CallService {
-    type Response = Response<Body>;
-    type Error = Infallible;
-    #[allow(clippy::type_complexity)]
-    type Future = Pin<Box<dyn Future<Output = Result<Self::Response, Self::Error>> + Send>>;
+pub(crate) async fn call(
+    axum::extract::Path(effective_canister_id): axum::extract::Path<CanisterId>,
+    State(CallService {
+        log,
+        node_id,
+        subnet_id,
+        registry_client,
+        validator_executor,
+        ingress_filter,
+        ingress_throttler,
+        ingress_tx,
+    }): State<CallService>,
+    body: Bytes,
+) -> impl IntoResponse {
+    let msg: SignedIngress = match SignedRequestBytes::from(body.to_vec()).try_into() {
+        Ok(msg) => msg,
+        Err(e) => {
+            let status = StatusCode::BAD_REQUEST;
+            let text = format!("Could not parse body as call message: {}", e);
+            return (status, text).into_response();
+        }
+    };
 
-    fn poll_ready(&mut self, _cx: &mut Context<'_>) -> Poll<Result<(), Self::Error>> {
-        Poll::Ready(Ok(()))
+    // Reject requests where `canister_id` != `effective_canister_id` for non mgmt canister calls.
+    // This needs to be enforced because boundary nodes block access based on the `effective_canister_id`
+    // in the url and the replica processes the request based on the `canister_id`.
+    // If this is not enforced, a blocked canisters can still be accessed by specifying
+    // a non-blocked `effective_canister_id` and a blocked `canister_id`.
+    if msg.canister_id() != CanisterId::ic_00() && msg.canister_id() != effective_canister_id {
+        let status = StatusCode::BAD_REQUEST;
+        let text = format!(
+            "Specified CanisterId {} does not match effective canister id in URL {}",
+            msg.canister_id(),
+            effective_canister_id
+        );
+        return (status, text).into_response();
     }
 
-    fn call(&mut self, request: Request<Body>) -> Self::Future {
-        let ingress_tx = self.ingress_tx.clone();
-        let ingress_filter = self.ingress_filter.clone();
-        let log = self.log.clone();
-        let validator_executor = self.validator_executor.clone();
-        let node_id = self.node_id;
-        let ingress_throttler = self.ingress_throttler.clone();
-        let registry_client = self.registry_client.clone();
-        let subnet_id = self.subnet_id;
-        Box::pin(async move {
-            let (mut parts, body) = request.into_parts();
-            let body = match receive_request_body(body).await {
-                Ok(bytes) => bytes,
-                Err(e) => return Ok(e),
-            };
-            let msg: SignedIngress = match SignedRequestBytes::from(body.to_vec()).try_into() {
-                Ok(msg) => msg,
-                Err(e) => {
-                    let res = make_plaintext_response(
-                        StatusCode::BAD_REQUEST,
-                        format!("Could not parse body as call message: {}", e),
-                    );
-                    return Ok(res);
-                }
-            };
-
-            let effective_principal_id = match remove_effective_principal_id(&mut parts) {
-                Ok(principal_id) => principal_id,
-                Err(res) => {
-                    error!(
-                        log,
-                        "Effective canister ID is not attached to call request. This is a bug."
-                    );
-                    return Ok(res);
-                }
-            };
-
-            let effective_canister_id =
-                CanisterId::unchecked_from_principal(effective_principal_id);
-
-            // Reject requests where `canister_id` != `effective_canister_id` for non mgmt canister calls.
-            // This needs to be enforced because boundary nodes block access based on the `effective_canister_id`
-            // in the url and the replica processes the request based on the `canister_id`.
-            // If this is not enforced, a blocked canisters can still be accessed by specifying
-            // a non-blocked `effective_canister_id` and a blocked `canister_id`.
-            if msg.canister_id() != CanisterId::ic_00()
-                && msg.canister_id() != effective_canister_id
-            {
-                let res = make_plaintext_response(
-                    StatusCode::BAD_REQUEST,
-                    format!(
-                        "Specified CanisterId {} does not match effective canister id in URL {}",
-                        msg.canister_id(),
-                        effective_canister_id
-                    ),
-                );
-                return Ok(res);
+    let message_id = msg.id();
+    let registry_version = registry_client.get_latest_version();
+    let (ingress_registry_settings, provisional_whitelist) =
+        match get_registry_data(&log, subnet_id, registry_version, registry_client.as_ref()) {
+            Ok((s, p)) => (s, p),
+            Err(HttpError { status, message }) => {
+                return (status, message).into_response();
             }
+        };
+    if msg.count_bytes() > ingress_registry_settings.max_ingress_bytes_per_message {
+        let status = StatusCode::PAYLOAD_TOO_LARGE;
+        let text = format!(
+            "Request {} is too large. Message byte size {} is larger than the max allowed {}.",
+            message_id,
+            msg.count_bytes(),
+            ingress_registry_settings.max_ingress_bytes_per_message
+        );
+        return (status, text).into_response();
+    }
 
-            let message_id = msg.id();
-            let registry_version = registry_client.get_latest_version();
-            let (ingress_registry_settings, provisional_whitelist) = match get_registry_data(
-                &log,
-                subnet_id,
-                registry_version,
-                registry_client.as_ref(),
-            ) {
-                Ok((s, p)) => (s, p),
-                Err(HttpError { status, message }) => {
-                    return Ok(make_plaintext_response(status, message));
-                }
-            };
-            if msg.count_bytes() > ingress_registry_settings.max_ingress_bytes_per_message {
-                let res = make_plaintext_response(
-                StatusCode::PAYLOAD_TOO_LARGE,
-                format!(
-                    "Request {} is too large. Message byte size {} is larger than the max allowed {}.",
-                    message_id,
-                    msg.count_bytes(),
-                    ingress_registry_settings.max_ingress_bytes_per_message
-                ),
-            );
-                return Ok(res);
-            }
+    if let Err(http_err) = validator_executor
+        .validate_request(msg.as_ref().clone(), registry_version)
+        .await
+    {
+        return (http_err.status, http_err.message).into_response();
+    }
 
-            if let Err(http_err) = validator_executor
-                .validate_request(msg.as_ref().clone(), registry_version)
-                .await
-            {
-                let res = make_plaintext_response(http_err.status, http_err.message);
-                return Ok(res);
-            }
+    let ingress_filter = ingress_filter.lock().unwrap().clone();
 
-            match ingress_filter
-                .oneshot((provisional_whitelist, msg.content().clone()))
-                .await
-            {
-                Err(_) => panic!("Can't panic on Infallible"),
-                Ok(Err(err)) => {
-                    return Ok(make_response(err));
-                }
-                Ok(Ok(())) => (),
-            }
+    match ingress_filter
+        .oneshot((provisional_whitelist, msg.content().clone()))
+        .await
+    {
+        Err(_) => panic!("Can't panic on Infallible"),
+        Ok(Err(err)) => {
+            return CborUserError(err).into_response();
+        }
+        Ok(Ok(())) => (),
+    }
 
-            let ingress_log_entry = msg.log_entry();
+    let ingress_log_entry = msg.log_entry();
 
-            let is_overloaded = ingress_throttler.read().unwrap().exceeds_threshold()
-                || ingress_tx
-                    .send(UnvalidatedArtifactMutation::Insert((msg, node_id)))
-                    .is_err();
+    let is_overloaded = ingress_throttler.read().unwrap().exceeds_threshold()
+        || ingress_tx
+            .send(UnvalidatedArtifactMutation::Insert((msg, node_id)))
+            .is_err();
 
-            let response = if is_overloaded {
-                make_plaintext_response(
-                    StatusCode::TOO_MANY_REQUESTS,
-                    "Service is overloaded, try again later.".to_string(),
-                )
-            } else {
-                // We're pretty much done, just need to send the message to ingress and
-                // make_response to the client
-                info_sample!(
-                    "message_id" => &message_id,
-                    log,
-                    "ingress_message_submit";
-                    ingress_message => ingress_log_entry
-                );
-                make_accepted_response()
-            };
-            Ok(response)
-        })
+    if is_overloaded {
+        let status = StatusCode::TOO_MANY_REQUESTS;
+        let text = "Service is overloaded, try again later.".to_string();
+        (status, text).into_response()
+    } else {
+        // We're pretty much done, just need to send the message to ingress and
+        // make_response to the client
+        info_sample!(
+            "message_id" => &message_id,
+            log,
+            "ingress_message_submit";
+            ingress_message => ingress_log_entry
+        );
+        let status = StatusCode::ACCEPTED;
+        (status, "").into_response()
     }
 }
 
-fn make_accepted_response() -> Response<Body> {
-    let mut response = Response::new(Body::new(String::new().map_err(BoxError::from)));
-    *response.status_mut() = StatusCode::ACCEPTED;
-    response
-}
-
 #[cfg(test)]
 mod test {
     use super::*;