https to reactors

aep · aep · commit 53d0026c70bb · 2025-03-13T21:08:16.000+01:00
diff --git a/client/build.go b/client/build.go
@@ -131,6 +131,11 @@ type Document[Val any] struct {
 	Mut Mutations ` + "`json:\"mut\",omitempty`" + ` 
 }
 
+type ValidationRequest[Val any] struct {
+	Current *Document[Val] ` + "`json:\"current,omitempty\"`" + `
+	Pending *Document[Val] ` + "`json:\"pending,omitempty\"`" + ` 
+}
+
 {{range $t, $n := .Types}} 
 type {{$t}} Document[{{$t}}Val]
 {{end}} 
diff --git a/reactor/builtins.go b/reactor/builtins.go
@@ -15,14 +15,14 @@ func (*immutableReactor) Ready(model *openapi.Document, args interface{}) (inter
 
 func (*immutableReactor) Stop() {}
 
-func (*immutableReactor) Validate(ctx context.Context, old *openapi.Document, nuw *openapi.Document, args interface{}) (*openapi.Document, error) {
+func (*immutableReactor) Validate(ctx context.Context, ro *Reactor, old *openapi.Document, nuw *openapi.Document, args interface{}) (*openapi.Document, error) {
 	if old != nil && nuw != nil {
 		return nil, fmt.Errorf("Document is immutable")
 	}
 	return nuw, nil
 }
 
-func (*immutableReactor) Reconcile(ctx context.Context, old *openapi.Document, nuw *openapi.Document, args interface{}) error {
+func (*immutableReactor) Reconcile(ctx context.Context, ro *Reactor, old *openapi.Document, nuw *openapi.Document, args interface{}) error {
 	return nil
 }
 
diff --git a/reactor/cue.go b/reactor/cue.go
@@ -84,7 +84,7 @@ func (cr *cueReactor) Ready(model *openapi.Document, args interface{}) (interfac
 	return &cueReady{cctx: ctx, schema: schema2}, nil
 }
 
-func (jsr *cueReactor) Validate(ctx context.Context, old *openapi.Document, nuw *openapi.Document, args interface{}) (*openapi.Document, error) {
+func (jsr *cueReactor) Validate(ctx context.Context, ro *Reactor, old *openapi.Document, nuw *openapi.Document, args interface{}) (*openapi.Document, error) {
 
 	if nuw == nil {
 		return nil, nil
@@ -140,6 +140,6 @@ func (jsr *cueReactor) Validate(ctx context.Context, old *openapi.Document, nuw
 	return nuw, nil
 }
 
-func (cr *cueReactor) Reconcile(ctx context.Context, old *openapi.Document, nuw *openapi.Document, args interface{}) error {
+func (cr *cueReactor) Reconcile(ctx context.Context, ro *Reactor, old *openapi.Document, nuw *openapi.Document, args interface{}) error {
 	return nil
 }
diff --git a/reactor/http.go b/reactor/http.go
@@ -8,11 +8,13 @@ import (
 	openapi "github.com/aep/apogy/api/go"
 	"log/slog"
 	"net/http"
+	"strings"
 	"time"
 )
 
 type HttpReactor struct {
-	url string
+	validator  string
+	reconciler string
 }
 
 func StartHttpReactor(doc *openapi.Document) (Runtime, error) {
@@ -22,13 +24,15 @@ func StartHttpReactor(doc *openapi.Document) (Runtime, error) {
 		return nil, fmt.Errorf("val must not be empty")
 	}
 
-	url, ok := val["url"].(string)
-	if !ok || url == "" {
-		return nil, fmt.Errorf("val.url must be a non-empty string")
+	validator, _ := val["validator"].(string)
+	reconciler, _ := val["reconciler"].(string)
+	if validator == "" && reconciler == "" {
+		return nil, fmt.Errorf("set val.validator or val.reconciler to a url")
 	}
 
 	return &HttpReactor{
-		url: url,
+		validator:  validator,
+		reconciler: reconciler,
 	}, nil
 }
 
@@ -39,11 +43,57 @@ func (*HttpReactor) Ready(model *openapi.Document, args interface{}) (interface{
 	return nil, nil
 }
 
-func (hr *HttpReactor) Validate(ctx context.Context, old *openapi.Document, nuw *openapi.Document, args interface{}) (*openapi.Document, error) {
+func (hr *HttpReactor) Validate(ctx context.Context, ro *Reactor, old *openapi.Document, nuw *openapi.Document, args interface{}) (*openapi.Document, error) {
+
+	if hr.validator == "" {
+		return nuw, nil
+	}
+
+	payload := openapi.ValidationRequest{
+		Current: old,
+		Pending: nuw,
+	}
+
+	payloadBytes, err := json.Marshal(payload)
+	if err != nil {
+		return nil, err
+	}
+
+	resp, err := hr.makeValidationRequest(ctx, hr.validator, payloadBytes, ro)
+	if err != nil {
+		return nil, fmt.Errorf("reconciler failed to respond in time: %w", err)
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode != http.StatusOK {
+		var errorResp openapi.ErrorResponse
+		decoder := json.NewDecoder(resp.Body)
+		if err := decoder.Decode(&errorResp); err != nil || errorResp.Message == nil {
+			return nil, fmt.Errorf("reconciler failed with status %d %s", resp.StatusCode, resp.Status)
+		}
+		return nil, fmt.Errorf("reconcilerfailed: %s", *errorResp.Message)
+	}
+
+	// Check for validation error in response
+	var response openapi.ValidationResponse
+	decoder := json.NewDecoder(resp.Body)
+	if err := decoder.Decode(&response); err != nil {
+		return nil, fmt.Errorf("reconciler responded with invalid body: %v", err)
+	}
+
+	if response.Reject != nil && response.Reject.Message != nil {
+		return nil, fmt.Errorf("reconciler rejected: %s", *response.Reject.Message)
+	}
+
 	return nuw, nil
 }
 
-func (hr *HttpReactor) Reconcile(ctx context.Context, old *openapi.Document, nuw *openapi.Document, args interface{}) error {
+func (hr *HttpReactor) Reconcile(ctx context.Context, ro *Reactor, old *openapi.Document, nuw *openapi.Document, args interface{}) error {
+
+	if hr.reconciler == "" {
+		return nil
+	}
+
 	payload := openapi.ValidationRequest{
 		Current: old,
 		Pending: nuw,
@@ -54,7 +104,7 @@ func (hr *HttpReactor) Reconcile(ctx context.Context, old *openapi.Document, nuw
 		return err
 	}
 
-	resp, err := hr.makeValidationRequest(ctx, hr.url, payloadBytes)
+	resp, err := hr.makeValidationRequest(ctx, hr.reconciler, payloadBytes, ro)
 	if err != nil {
 		return fmt.Errorf("reconciler failed to respond in time: %w", err)
 	}
@@ -73,7 +123,7 @@ func (hr *HttpReactor) Reconcile(ctx context.Context, old *openapi.Document, nuw
 	var response openapi.ValidationResponse
 	decoder := json.NewDecoder(resp.Body)
 	if err := decoder.Decode(&response); err != nil {
-		return fmt.Errorf("reconciler responded with invalid msgpack: %v", err)
+		return fmt.Errorf("reconciler responded with invalid body: %v", err)
 	}
 
 	if response.Reject != nil && response.Reject.Message != nil {
@@ -83,16 +133,33 @@ func (hr *HttpReactor) Reconcile(ctx context.Context, old *openapi.Document, nuw
 	return nil
 }
 
-func (hr *HttpReactor) makeValidationRequest(ctx context.Context, url string, payloadBytes []byte) (*http.Response, error) {
+func (hr *HttpReactor) makeValidationRequest(ctx context.Context, url string, payloadBytes []byte, ro *Reactor) (*http.Response, error) {
 	ctx, cancel := context.WithTimeout(ctx, time.Second)
 	defer cancel()
 
 	initialBackoff := 100 * time.Millisecond
 	maxAttempts := 5
 
+	// Create a custom client with mTLS for https URLs
+	client := &http.Client{}
+
 	backoff := initialBackoff
 	for attempt := 1; attempt <= maxAttempts; attempt++ {
-		resp, err := http.Post(url, "application/json", bytes.NewBuffer(payloadBytes))
+		req, err := http.NewRequestWithContext(ctx, "POST", url, bytes.NewBuffer(payloadBytes))
+		if err != nil {
+			return nil, err
+		}
+		req.Header.Set("Content-Type", "application/json")
+
+		var resp *http.Response
+
+		// If URL starts with https://, use mTLS
+		if strings.HasPrefix(url, "https://") {
+			resp, err = hr.doMTLSRequest(req, ro)
+		} else {
+			resp, err = client.Do(req)
+		}
+
 		if err != nil {
 			slog.Error("validator failed", "validator", url, "error", err)
 			if attempt == maxAttempts {
@@ -119,3 +186,13 @@ func (hr *HttpReactor) makeValidationRequest(ctx context.Context, url string, pa
 	}
 	return nil, fmt.Errorf("request failed after %d attempts", maxAttempts)
 }
+
+func (hr *HttpReactor) doMTLSRequest(req *http.Request, ro *Reactor) (*http.Response, error) {
+	// Check if TLS client is already created
+	if ro.tlsClient == nil {
+		return nil, fmt.Errorf("apogy cant make https request to reactor since its not running with tls")
+	}
+
+	// Use the pre-configured HTTP client
+	return ro.tlsClient.Do(req)
+}
diff --git a/reactor/reactor.go b/reactor/reactor.go
@@ -2,8 +2,12 @@ package reactor
 
 import (
 	"context"
+	"crypto/tls"
+	"crypto/x509"
 	"fmt"
 	"log/slog"
+	"net/http"
+	"os"
 	"sync"
 	"time"
 
@@ -12,8 +16,8 @@ import (
 
 type Runtime interface {
 	Ready(model *openapi.Document, arg interface{}) (interface{}, error)
-	Validate(ctx context.Context, old *openapi.Document, nuw *openapi.Document, args interface{}) (*openapi.Document, error)
-	Reconcile(ctx context.Context, old *openapi.Document, nuw *openapi.Document, args interface{}) error
+	Validate(ctx context.Context, ro *Reactor, old *openapi.Document, nuw *openapi.Document, args interface{}) (*openapi.Document, error)
+	Reconcile(ctx context.Context, ro *Reactor, old *openapi.Document, nuw *openapi.Document, args interface{}) error
 	Stop()
 }
 
@@ -26,13 +30,52 @@ type Reactor struct {
 	lock            sync.RWMutex
 	running         map[string]Runtime
 	models2reactors map[string][]reactorReadyArgs
+
+	tlsConfig *tls.Config
+	tlsClient *http.Client
 }
 
-func NewReactor() *Reactor {
+func NewReactor(caCertPath, serverCertPath, serverKeyPath string) *Reactor {
 	ro := &Reactor{
 		running:         make(map[string]Runtime),
 		models2reactors: make(map[string][]reactorReadyArgs),
 	}
+
+	// Load TLS configuration if paths are provided
+	if caCertPath != "" && serverCertPath != "" && serverKeyPath != "" {
+		// Load the CA cert
+		caCert, err := os.ReadFile(caCertPath)
+		if err != nil {
+			slog.Error("failed to read CA certificate", "error", err)
+		} else {
+			// Create a cert pool and add the CA cert
+			caCertPool := x509.NewCertPool()
+			if !caCertPool.AppendCertsFromPEM(caCert) {
+				slog.Error("failed to append CA certificate to pool")
+			} else {
+				// Load client certificate
+				cert, err := tls.LoadX509KeyPair(serverCertPath, serverKeyPath)
+				if err != nil {
+					slog.Error("failed to load client certificate/key", "error", err)
+				} else {
+					// Create a TLS config with the certificate and key
+					ro.tlsConfig = &tls.Config{
+						Certificates: []tls.Certificate{cert},
+						RootCAs:      caCertPool,
+					}
+
+					// Create a reusable HTTP client with TLS configuration
+					ro.tlsClient = &http.Client{
+						Transport: &http.Transport{
+							TLSClientConfig: ro.tlsConfig,
+						},
+					}
+					slog.Info("TLS configuration loaded successfully")
+				}
+			}
+		}
+	}
+
 	ro.startBuiltins()
 	return ro
 }
@@ -129,7 +172,7 @@ func (ro *Reactor) Validate(ctx context.Context, old *openapi.Document, nuw *ope
 
 		if rt != nil {
 			var err error
-			nuw, err = rt.Validate(ctx, old, nuw, runArgs.args)
+			nuw, err = rt.Validate(ctx, ro, old, nuw, runArgs.args)
 			if err != nil {
 				return nuw, fmt.Errorf("reactor %s rejected change: %w", runArgs.reactorName, err)
 			}
@@ -181,7 +224,7 @@ func (ro *Reactor) Reconcile(ctx context.Context, old *openapi.Document, nuw *op
 			var delay = 10 * time.Millisecond
 			for i := 0; ; i++ {
 
-				err := rt.Reconcile(ctx, old, nuw, a.args)
+				err := rt.Reconcile(ctx, ro, old, nuw, a.args)
 
 				if err == nil {
 					break
diff --git a/reactor/yema.go b/reactor/yema.go
@@ -42,7 +42,7 @@ func (*yemaReactor) Ready(model *openapi.Document, args interface{}) (interface{
 func (cr *yemaReactor) Stop() {
 }
 
-func (yr *yemaReactor) Validate(ctx context.Context, old *openapi.Document, nuw *openapi.Document, args interface{}) (*openapi.Document, error) {
+func (yr *yemaReactor) Validate(ctx context.Context, ro *Reactor, old *openapi.Document, nuw *openapi.Document, args interface{}) (*openapi.Document, error) {
 
 	if nuw == nil {
 		return nil, nil
@@ -72,6 +72,6 @@ func (yr *yemaReactor) Validate(ctx context.Context, old *openapi.Document, nuw
 	return nuw, nil
 }
 
-func (cr *yemaReactor) Reconcile(ctx context.Context, old *openapi.Document, nuw *openapi.Document, args interface{}) error {
+func (cr *yemaReactor) Reconcile(ctx context.Context, ro *Reactor, old *openapi.Document, nuw *openapi.Document, args interface{}) error {
 	return nil
 }
diff --git a/server/crud.go b/server/crud.go
@@ -233,7 +233,6 @@ func (s *server) putDocument1(c echo.Context, ctx context.Context, doc_ *openapi
 	err = w2.Commit(ctx)
 	commitDuration := time.Since(commitStart)
 
-	// Always record the commit duration, even if it failed
 	kvCommitDuration.WithLabelValues("write_transaction").Observe(commitDuration.Seconds())
 
 	if err != nil {
@@ -253,7 +252,7 @@ func (s *server) putDocument1(c echo.Context, ctx context.Context, doc_ *openapi
 
 	err = s.ro.Reconcile(ctx, old, doc)
 	if err != nil {
-		return echo.NewHTTPError(http.StatusBadGateway, err.Error())
+		return echo.NewHTTPError(http.StatusUnprocessableEntity, err.Error())
 	}
 
 	return nil
diff --git a/server/crud_test.go b/server/crud_test.go
@@ -7,12 +7,15 @@ import (
 	"net/http/httptest"
 	"sync"
 	"testing"
+	"time"
 
 	"encoding/json"
 	openapi "github.com/aep/apogy/api/go"
 	"github.com/aep/apogy/bus"
 	"github.com/aep/apogy/kv"
+	"github.com/aep/apogy/reactor"
 	"github.com/labstack/echo/v4"
+	"github.com/maypok86/otter"
 	"github.com/stretchr/testify/assert"
 )
 
@@ -27,7 +30,20 @@ func setupTestServer(t *testing.T) (*echo.Echo, *server) {
 		t.Fatalf("Failed to create test bus: %v", err)
 	}
 
-	s := newServer(kv, bs)
+	cache, err := otter.MustBuilder[string, *Model](100000).
+		WithTTL(60 * time.Second).
+		Build()
+
+	if err != nil {
+		panic(err)
+	}
+
+	s := &server{
+		kv:         kv,
+		bs:         bs,
+		modelCache: cache,
+		ro:         reactor.NewReactor("", "", ""),
+	}
 	e := echo.New()
 	e.Binder = &Binder{
 		defaultBinder: &echo.DefaultBinder{},
@@ -140,10 +156,10 @@ func TestPutDocument_Reactor(t *testing.T) {
 		Model: "Reactor",
 		Id:    "asdasd.example.com",
 		Val: &map[string]interface{}{
-			"runtime": "http",
-			"url":     "https://google.com",
-			"name":    "Test Reactor",
-			"type":    "test",
+			"runtime":   "http",
+			"validator": "https://google.com",
+			"name":      "Test Reactor",
+			"type":      "test",
 		},
 	}
 
diff --git a/server/server.go b/server/server.go

Original file line number	Diff line number	Diff line change
`@@ -15,14 +15,14 @@ func (immutableReactor) Ready(model openapi.Document, args interface{}) (inter`
`15`	`15`
`16`	`16`	`func (*immutableReactor) Stop() {}`
`17`	`17`
`18`		`-func (immutableReactor) Validate(ctx context.Context, old openapi.Document, nuw openapi.Document, args interface{}) (openapi.Document, error) {`
	`18`	`+func (immutableReactor) Validate(ctx context.Context, ro Reactor, old openapi.Document, nuw openapi.Document, args interface{}) (*openapi.Document, error) {`
`19`	`19`	`if old != nil && nuw != nil {`
`20`	`20`	`return nil, fmt.Errorf("Document is immutable")`
`21`	`21`	`}`
`22`	`22`	`return nuw, nil`
`23`	`23`	`}`
`24`	`24`
`25`		`-func (immutableReactor) Reconcile(ctx context.Context, old openapi.Document, nuw *openapi.Document, args interface{}) error {`
	`25`	`+func (immutableReactor) Reconcile(ctx context.Context, ro Reactor, old openapi.Document, nuw openapi.Document, args interface{}) error {`
`26`	`26`	`return nil`
`27`	`27`	`}`
`28`	`28`
Original file line number	Diff line number	Diff line change
`@@ -84,7 +84,7 @@ func (cr cueReactor) Ready(model openapi.Document, args interface{}) (interfac`
`84`	`84`	`return &cueReady{cctx: ctx, schema: schema2}, nil`
`85`	`85`	`}`
`86`	`86`
`87`		`-func (jsr cueReactor) Validate(ctx context.Context, old openapi.Document, nuw openapi.Document, args interface{}) (openapi.Document, error) {`
	`87`	`+func (jsr cueReactor) Validate(ctx context.Context, ro Reactor, old openapi.Document, nuw openapi.Document, args interface{}) (*openapi.Document, error) {`
`88`	`88`
`89`	`89`	`if nuw == nil {`
`90`	`90`	`return nil, nil`
`@@ -140,6 +140,6 @@ func (jsr cueReactor) Validate(ctx context.Context, old openapi.Document, nuw`
`140`	`140`	`return nuw, nil`
`141`	`141`	`}`
`142`	`142`
`143`		`-func (cr cueReactor) Reconcile(ctx context.Context, old openapi.Document, nuw *openapi.Document, args interface{}) error {`
	`143`	`+func (cr cueReactor) Reconcile(ctx context.Context, ro Reactor, old openapi.Document, nuw openapi.Document, args interface{}) error {`
`144`	`144`	`return nil`
`145`	`145`	`}`
Original file line number	Diff line number	Diff line change
`@@ -42,7 +42,7 @@ func (yemaReactor) Ready(model openapi.Document, args interface{}) (interface{`
`42`	`42`	`func (cr *yemaReactor) Stop() {`
`43`	`43`	`}`
`44`	`44`
`45`		`-func (yr yemaReactor) Validate(ctx context.Context, old openapi.Document, nuw openapi.Document, args interface{}) (openapi.Document, error) {`
	`45`	`+func (yr yemaReactor) Validate(ctx context.Context, ro Reactor, old openapi.Document, nuw openapi.Document, args interface{}) (*openapi.Document, error) {`
`46`	`46`
`47`	`47`	`if nuw == nil {`
`48`	`48`	`return nil, nil`
`@@ -72,6 +72,6 @@ func (yr yemaReactor) Validate(ctx context.Context, old openapi.Document, nuw`
`72`	`72`	`return nuw, nil`
`73`	`73`	`}`
`74`	`74`
`75`		`-func (cr yemaReactor) Reconcile(ctx context.Context, old openapi.Document, nuw *openapi.Document, args interface{}) error {`
	`75`	`+func (cr yemaReactor) Reconcile(ctx context.Context, ro Reactor, old openapi.Document, nuw openapi.Document, args interface{}) error {`
`76`	`76`	`return nil`
`77`	`77`	`}`