feat: implement fastly:secret-store package

Author: Jake Champion

.github/workflows/main.yml

@@ -165,7 +165,7 @@ jobs:
   sdktest:
     if: github.ref != 'refs/heads/main'
     runs-on: ubuntu-latest
-    needs: [build]
+    needs: [build, ensure_cargo_installs]
     strategy:
       fail-fast: false
       matrix:
@@ -198,6 +198,7 @@ jobs:
           - request-upstream
           - response
           - response-headers
+          - secret-store
           - status
           - streaming-close
           - tee
@@ -213,7 +214,7 @@ jobs:
       uses: fastly/compute-actions/setup@v4
       with:
         token: ${{ secrets.GITHUB_TOKEN }}
-        cli_version: '4.3.0'
+        cli_version: '5.0.0'
 
     - name: Restore Viceroy from cache
       uses: actions/cache@v3

c-dependencies/js-compute-runtime/builtins/secret-store.cpp

@@ -0,0 +1,204 @@
+#include "secret-store.h"
+#include "host_call.h"
+
+namespace builtins {
+
+fastly_secret_handle_t SecretStoreEntry::secret_handle(JSObject *obj) {
+  JS::Value val = JS::GetReservedSlot(obj, SecretStoreEntry::Slots::Handle);
+  return static_cast<fastly_secret_handle_t>(val.toInt32());
+}
+
+bool SecretStoreEntry::plaintext(JSContext *cx, unsigned argc, JS::Value *vp) {
+  METHOD_HEADER(0)
+
+  fastly_option_string_t ret;
+  fastly_error_t err;
+  // Ensure that we throw an exception for all unexpected host errors.
+  if (!xqd_fastly_secret_store_plaintext(SecretStoreEntry::secret_handle(self), &ret, &err)) {
+    HANDLE_ERROR(cx, err);
+    return false;
+  }
+
+  JS::RootedString text(cx, JS_NewStringCopyUTF8N(cx, JS::UTF8Chars(ret.val.ptr, ret.val.len)));
+  JS_free(cx, ret.val.ptr);
+  if (!text) {
+    return false;
+  }
+
+  args.rval().setString(text);
+  return true;
+}
+
+const JSFunctionSpec SecretStoreEntry::methods[] = {
+    JS_FN("plaintext", plaintext, 0, JSPROP_ENUMERATE), JS_FS_END};
+
+const JSPropertySpec SecretStoreEntry::properties[] = {JS_PS_END};
+
+bool SecretStoreEntry::constructor(JSContext *cx, unsigned argc, JS::Value *vp) {
+  JS_ReportErrorUTF8(cx, "SecretStoreEntry can't be instantiated directly");
+  return false;
+}
+
+JSObject *SecretStoreEntry::create(JSContext *cx, fastly_secret_handle_t handle) {
+  JS::RootedObject entry(
+      cx, JS_NewObjectWithGivenProto(cx, &SecretStoreEntry::class_, SecretStoreEntry::proto_obj));
+  if (!entry) {
+    return nullptr;
+  }
+
+  JS::SetReservedSlot(entry, Slots::Handle, JS::Int32Value(handle));
+
+  return entry;
+}
+
+bool SecretStoreEntry::init_class(JSContext *cx, JS::HandleObject global) {
+  return BuiltinImpl<SecretStoreEntry>::init_class_impl(cx, global);
+}
+
+fastly_secret_store_handle_t SecretStore::secret_store_handle(JSObject *obj) {
+  JS::Value val = JS::GetReservedSlot(obj, SecretStore::Slots::Handle);
+  return static_cast<fastly_secret_store_handle_t>(val.toInt32());
+}
+
+bool SecretStore::get(JSContext *cx, unsigned argc, JS::Value *vp) {
+  METHOD_HEADER(1)
+
+  JS::RootedObject result_promise(cx, JS::NewPromiseObject(cx, nullptr));
+  if (!result_promise) {
+    return ReturnPromiseRejectedWithPendingError(cx, args);
+  }
+
+  size_t length;
+  JS::UniqueChars key = encode(cx, args[0], &length);
+  if (!key) {
+    return false;
+  }
+  // If the converted string has a length of 0 then we throw an Error
+  // because keys have to be at-least 1 character.
+  if (length == 0) {
+    JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_SECRET_STORE_KEY_EMPTY);
+    return ReturnPromiseRejectedWithPendingError(cx, args);
+  }
+
+  // key has to be less than 256
+  if (length > 255) {
+    JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_SECRET_STORE_KEY_TOO_LONG);
+    return ReturnPromiseRejectedWithPendingError(cx, args);
+  }
+
+  std::string_view keyView(key.get(), length);
+
+  // key must contain only letters, numbers, dashes (-), underscores (_), and periods (.).
+  auto is_valid_key = std::all_of(keyView.begin(), keyView.end(), [&](auto character) {
+    return std::isalnum(character) || character == '_' || character == '-' || character == '.';
+  });
+
+  if (!is_valid_key) {
+    JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr,
+                              JSMSG_SECRET_STORE_KEY_CONTAINS_INVALID_CHARACTER);
+    return ReturnPromiseRejectedWithPendingError(cx, args);
+  }
+
+  xqd_world_string_t key_str;
+  key_str.len = length;
+  key_str.ptr = key.get();
+  fastly_option_secret_handle_t secret;
+  fastly_error_t err;
+  // Ensure that we throw an exception for all unexpected host errors.
+  if (!xqd_fastly_secret_store_get(SecretStore::secret_store_handle(self), &key_str, &secret,
+                                   &err)) {
+    HANDLE_ERROR(cx, err);
+    return ReturnPromiseRejectedWithPendingError(cx, args);
+  }
+
+  // When no entry is found, we are going to resolve the Promise with `null`.
+  if (!secret.is_some) {
+    JS::RootedValue result(cx);
+    result.setNull();
+    JS::ResolvePromise(cx, result_promise, result);
+  } else {
+    JS::RootedObject entry(cx, SecretStoreEntry::create(cx, secret.val));
+    if (!entry) {
+      return ReturnPromiseRejectedWithPendingError(cx, args);
+    }
+    JS::RootedValue result(cx);
+    result.setObject(*entry);
+    JS::ResolvePromise(cx, result_promise, result);
+  }
+
+  args.rval().setObject(*result_promise);
+
+  return true;
+}
+
+const JSFunctionSpec SecretStore::methods[] = {JS_FN("get", get, 1, JSPROP_ENUMERATE), JS_FS_END};
+
+const JSPropertySpec SecretStore::properties[] = {JS_PS_END};
+
+bool SecretStore::constructor(JSContext *cx, unsigned argc, JS::Value *vp) {
+  REQUEST_HANDLER_ONLY("The SecretStore builtin");
+  CTOR_HEADER("SecretStore", 1);
+
+  size_t length;
+  JS::UniqueChars name_chars = encode(cx, args[0], &length);
+  if (!name_chars) {
+    return false;
+  }
+
+  // If the converted string has a length of 0 then we throw an Error
+  // because names have to be at-least 1 character.
+  if (length == 0) {
+    JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_SECRET_STORE_NAME_EMPTY);
+    return false;
+  }
+
+  // If the converted string has a length of more than 255 then we throw an Error
+  // because names have to be less than 255 characters.
+  if (length > 255) {
+    JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_SECRET_STORE_NAME_TOO_LONG);
+    return false;
+  }
+
+  std::string_view name(name_chars.get(), length);
+
+  // Name must contain only letters, numbers, dashes (-), underscores (_), and periods (.).
+  auto is_valid_name = std::all_of(name.begin(), name.end(), [&](auto character) {
+    return std::isalnum(character) || character == '_' || character == '-' || character == '.';
+  });
+
+  if (!is_valid_name) {
+    JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr,
+                              JSMSG_SECRET_STORE_NAME_CONTAINS_INVALID_CHARACTER);
+    return false;
+  }
+
+  JS::RootedObject secret_store(cx, JS_NewObjectForConstructor(cx, &class_, args));
+  if (!secret_store) {
+    return false;
+  }
+  xqd_world_string_t name_str;
+  name_str.ptr = name_chars.get();
+  name_str.len = length;
+  fastly_secret_store_handle_t handle = INVALID_HANDLE;
+  fastly_error_t err;
+  if (!xqd_fastly_secret_store_open(&name_str, &handle, &err)) {
+    if (err == FASTLY_ERROR_OPTIONAL_NONE) {
+      JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_SECRET_STORE_DOES_NOT_EXIST,
+                                name.data());
+      return false;
+    } else {
+      HANDLE_ERROR(cx, err);
+      return false;
+    }
+  }
+
+  JS::SetReservedSlot(secret_store, SecretStore::Slots::Handle, JS::Int32Value(handle));
+  args.rval().setObject(*secret_store);
+  return true;
+}
+
+bool SecretStore::init_class(JSContext *cx, JS::HandleObject global) {
+  return BuiltinImpl<SecretStore>::init_class_impl(cx, global);
+}
+
+} // namespace builtins

c-dependencies/js-compute-runtime/builtins/secret-store.h

@@ -0,0 +1,47 @@
+#ifndef JS_COMPUTE_RUNTIME_SECRET_STORE_H
+#define JS_COMPUTE_RUNTIME_SECRET_STORE_H
+
+#include "builtin.h"
+
+namespace builtins {
+
+class SecretStoreEntry : public BuiltinImpl<SecretStoreEntry> {
+private:
+public:
+  static constexpr const char *class_name = "SecretStoreEntry";
+  static const int ctor_length = 0;
+  enum Slots { Handle, Count };
+
+  static const JSFunctionSpec methods[];
+  static const JSPropertySpec properties[];
+
+  static bool plaintext(JSContext *cx, unsigned argc, JS::Value *vp);
+
+  static fastly_secret_handle_t secret_handle(JSObject *obj);
+  static bool constructor(JSContext *cx, unsigned argc, JS::Value *vp);
+  static JSObject *create(JSContext *cx, fastly_secret_handle_t handle);
+
+  static bool init_class(JSContext *cx, JS::HandleObject global);
+};
+
+class SecretStore : public BuiltinImpl<SecretStore> {
+private:
+public:
+  static constexpr const char *class_name = "SecretStore";
+  static const int ctor_length = 1;
+  enum Slots { Handle, Count };
+
+  static const JSFunctionSpec methods[];
+  static const JSPropertySpec properties[];
+
+  static bool get(JSContext *cx, unsigned argc, JS::Value *vp);
+
+  static fastly_secret_store_handle_t secret_store_handle(JSObject *obj);
+  static bool constructor(JSContext *cx, unsigned argc, JS::Value *vp);
+
+  static bool init_class(JSContext *cx, JS::HandleObject global);
+};
+
+} // namespace builtins
+
+#endif

c-dependencies/js-compute-runtime/error-numbers.msg

@@ -72,6 +72,14 @@ MSG_DEF(JSMSG_OBJECT_STORE_KEY_ACME,                           0, JSEXN_TYPEERR,
 MSG_DEF(JSMSG_OBJECT_STORE_KEY_RELATIVE,                       0, JSEXN_TYPEERR, "ObjectStore key can not be '.' or '..'")
 MSG_DEF(JSMSG_OBJECT_STORE_PUT_CONTENT_STREAM,                 0, JSEXN_TYPEERR, "Content-provided streams are not yet supported for streaming into ObjectStore")
 MSG_DEF(JSMSG_OBJECT_STORE_PUT_OVER_30_MB,                     0, JSEXN_TYPEERR, "ObjectStore value can not be more than 30 Megabytes in size")
+MSG_DEF(JSMSG_SECRET_STORE_DOES_NOT_EXIST,                     1, JSEXN_TYPEERR, "SecretStore constructor: No SecretStore named '{0}' exists")
+MSG_DEF(JSMSG_SECRET_STORE_KEY_EMPTY,                          0, JSEXN_TYPEERR, "SecretStore key can not be an empty string")
+MSG_DEF(JSMSG_SECRET_STORE_KEY_TOO_LONG,                       0, JSEXN_TYPEERR, "SecretStore key can not be more than 255 characters")
+MSG_DEF(JSMSG_SECRET_STORE_KEY_CONTAINS_INVALID_CHARACTER,     0, JSEXN_TYPEERR, "SecretStore key can contain only ascii alphanumeric characters, underscores, dashes, and ascii whitespace")
+MSG_DEF(JSMSG_SECRET_STORE_NAME_CONTAINS_INVALID_CHARACTER,    0, JSEXN_TYPEERR, "SecretStore constructor: name can contain only ascii alphanumeric characters, underscores, dashes, and ascii whitespace")
+MSG_DEF(JSMSG_SECRET_STORE_NAME_EMPTY,                         0, JSEXN_TYPEERR, "SecretStore constructor: name can not be an empty string")
+MSG_DEF(JSMSG_SECRET_STORE_NAME_START_WITH_ASCII_ALPHA,        0, JSEXN_TYPEERR, "SecretStore constructor: name must start with an ascii alpabetical character")
+MSG_DEF(JSMSG_SECRET_STORE_NAME_TOO_LONG,                      0, JSEXN_TYPEERR, "SecretStore constructor: name can not be more than 255 characters")
 MSG_DEF(JSMSG_READABLE_STREAM_LOCKED_OR_DISTRUBED,             0, JSEXN_TYPEERR, "Can't use a ReadableStream that's locked or has ever been read from or canceled")
 MSG_DEF(JSMSG_INVALID_CHARACTER_ERROR,                         0, JSEXN_ERR, "String contains an invalid character")
 MSG_DEF(JSMSG_BACKEND_PARAMETER_NOT_OBJECT,                    0, JSEXN_TYPEERR, "Backend constructor: configuration parameter must be an Object")

c-dependencies/js-compute-runtime/js-compute-builtins.cpp

@@ -55,6 +55,7 @@
 #include "builtins/native-stream-source.h"
 #include "builtins/object-store.h"
 #include "builtins/shared/console.h"
+#include "builtins/secret-store.h"
 #include "builtins/subtle-crypto.h"
 #include "builtins/transform-stream-default-controller.h"
 #include "builtins/transform-stream.h"
@@ -5314,6 +5315,10 @@ bool define_fastly_sys(JSContext *cx, HandleObject global) {
     return false;
   if (!ObjectStoreEntry::init_class(cx, global))
     return false;
+  if (!builtins::SecretStore::init_class(cx, global))
+    return false;
+  if (!builtins::SecretStoreEntry::init_class(cx, global))
+    return false;
 
   pending_async_tasks = new JS::PersistentRootedObjectVector(cx);
 

c-dependencies/js-compute-runtime/xqd-world/xqd_world_adapter.cpp

@@ -594,6 +594,43 @@ bool xqd_fastly_dictionary_get(fastly_dictionary_handle_t h, xqd_world_string_t
   return true;
 }
 
+bool xqd_fastly_secret_store_open(xqd_world_string_t *name, fastly_secret_store_handle_t *ret,
+                                  fastly_error_t *err) {
+  return convert_result(xqd_secret_store_open(name->ptr, name->len, ret), err);
+}
+
+bool xqd_fastly_secret_store_get(fastly_secret_store_handle_t store, xqd_world_string_t *key,
+                                 fastly_option_secret_handle_t *ret, fastly_error_t *err) {
+  ret->val = INVALID_HANDLE;
+  bool ok = convert_result(xqd_secret_store_get(store, key->ptr, key->len, &ret->val), err);
+  if ((!ok && *err == FASTLY_ERROR_OPTIONAL_NONE) || ret->val == INVALID_HANDLE) {
+    ret->is_some = false;
+    return true;
+  }
+  ret->is_some = true;
+  return ok;
+}
+
+bool xqd_fastly_secret_store_plaintext(fastly_dictionary_handle_t h, fastly_option_string_t *ret,
+                                       fastly_error_t *err) {
+  ret->val.ptr = static_cast<char *>(JS_malloc(CONTEXT, DICTIONARY_ENTRY_MAX_LEN));
+  if (!convert_result(
+          xqd_secret_store_plaintext(h, ret->val.ptr, DICTIONARY_ENTRY_MAX_LEN, &ret->val.len),
+          err)) {
+    if (*err == FASTLY_ERROR_OPTIONAL_NONE) {
+      ret->is_some = false;
+      return true;
+    } else {
+      JS_free(CONTEXT, ret->val.ptr);
+      return false;
+    }
+  }
+  ret->is_some = true;
+  ret->val.ptr = static_cast<char *>(
+      JS_realloc(CONTEXT, ret->val.ptr, DICTIONARY_ENTRY_MAX_LEN, ret->val.len));
+  return true;
+}
+
 bool xqd_fastly_geo_lookup(fastly_list_u8_t *addr_octets, xqd_world_string_t *ret,
                            fastly_error_t *err) {
   ret->ptr = static_cast<char *>(cabi_malloc(HOSTCALL_BUFFER_LEN, 1));

c-dependencies/js-compute-runtime/xqd.h

@@ -314,6 +314,19 @@ WASM_IMPORT("fastly_dictionary", "get")
 int xqd_dictionary_get(fastly_dictionary_handle_t dict_handle, const char *key, size_t key_len,
                        char *value, size_t value_max_len, size_t *nwritten);
 
+// Module fastly_secret_store
+WASM_IMPORT("fastly_secret_store", "open")
+int xqd_secret_store_open(const char *name, size_t name_len,
+                          fastly_secret_store_handle_t *dict_handle_out);
+
+WASM_IMPORT("fastly_secret_store", "get")
+int xqd_secret_store_get(fastly_secret_store_handle_t dict_handle, const char *key, size_t key_len,
+                         fastly_secret_handle_t *opt_secret_handle_out);
+
+WASM_IMPORT("fastly_secret_store", "plaintext")
+int xqd_secret_store_plaintext(fastly_secret_handle_t secret_handle, char *buf, size_t buf_len,
+                               size_t *nwritten);
+
 // Module fastly_object_store
 WASM_IMPORT("fastly_object_store", "open")
 int xqd_object_store_open(const char *name, size_t name_len,