doxygen/html/a03986_source.html

/* -*- mode: c++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-

 *

 * Copyright (C) 2026 Marco Craveiro <marco.craveiro@gmail.com>

 *

 * This program is free software; you can redistribute it and/or modify it under

 * the terms of the GNU General Public License as published by the Free Software

 * Foundation; either version 3 of the License, or (at your option) any later

 * version.

 *

 * This program is distributed in the hope that it will be useful, but WITHOUT

 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS

 * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more

 * details.

 *

 * You should have received a copy of the GNU General Public License along with

 * this program; if not, write to the Free Software Foundation, Inc., 51

 * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.

 *

 */

#ifndef ORES_SERVICE_MESSAGING_HANDLER_HELPERS_HPP

#define ORES_SERVICE_MESSAGING_HANDLER_HELPERS_HPP


#include <optional>

#include <span>

#include <string_view>

#include <boost/uuid/uuid.hpp>

#include <rfl/json.hpp>

#include "ores.nats/domain/message.hpp"

#include "ores.nats/service/client.hpp"

#include "ores.database/domain/context.hpp"

#include "ores.utility/rfl/reflectors.hpp"

#include "ores.service/error_code.hpp"


namespace ores::service::messaging {


namespace change_reasons {

    inline constexpr std::string_view new_record = "system.new_record";

    inline constexpr std::string_view update = "system.update";

} // namespace change_reasons


template<typename T>

void stamp(T& obj, const ores::database::context& ctx,

    std::string_view change_reason = change_reasons::new_record) {

    // tenant_id is a security boundary — always derived from the validated JWT,

    // never from client-supplied data.

    if constexpr (requires { obj.tenant_id; }) {

        if constexpr (std::is_assignable_v<decltype(obj.tenant_id)&, std::string>)

            obj.tenant_id = ctx.tenant_id().to_string();

        else if constexpr (std::is_assignable_v<decltype(obj.tenant_id)&,

                boost::uuids::uuid>)

            obj.tenant_id = ctx.tenant_id().to_uuid();

        else

            obj.tenant_id = ctx.tenant_id();

    }

    const auto& actor = ctx.actor();

    const auto& svc = ctx.service_account();

    if constexpr (requires { obj.modified_by; }) {

        if (!actor.empty())

            obj.modified_by = actor;

        else if (!svc.empty())

            obj.modified_by = svc;

    }

    if (!svc.empty()) {

        if constexpr (requires { obj.performed_by; })

            obj.performed_by = svc;

    }

    if constexpr (requires { obj.change_reason_code; }) {

        if (obj.change_reason_code.empty())

            obj.change_reason_code = std::string(change_reason);

    }

}


// Serialise resp to JSON and publish to the message's reply subject.

// No-op if the message has no reply subject.

template<typename Resp>

void reply(ores::nats::service::client& nats,

    const ores::nats::message& msg,

    const Resp& resp) {

    if (msg.reply_subject.empty()) return;

    const auto json = rfl::json::write(resp);

    const auto* p = reinterpret_cast<const std::byte*>(json.data());

    nats.publish(msg.reply_subject, std::span<const std::byte>(p, json.size()));

}


inline bool has_permission(const ores::database::context& ctx,

    std::string_view required_permission) {

    const auto& perms = ctx.roles();

    // Empty list: token predates RBAC — allow to preserve backward compat.

    if (perms.empty()) return true;

    // Exact match or component-level wildcard

    for (const auto& p : perms) {

        if (p == "*" || p == required_permission) return true;

        // Component-level wildcard: "iam::*" satisfies "iam::accounts:create"

        if (p.size() >= 2 && p.ends_with("::*")) {

            const auto prefix = std::string_view(p).substr(0, p.size() - 1);

            if (required_permission.starts_with(prefix)) return true;

        }

    }

    return false;

}


// Publish an error reply with an X-Error header.

// The reply subject is used if present; no-op otherwise.

inline void error_reply(ores::nats::service::client& nats,

    const ores::nats::message& msg,

    ores::service::error_code code) {

    if (msg.reply_subject.empty()) return;

    std::string_view error_str;

    switch (code) {

        case ores::service::error_code::token_expired: error_str = "token_expired"; break;

        case ores::service::error_code::forbidden:     error_str = "forbidden";     break;

        default:                                       error_str = "unauthorized";  break;

    }

    nats.publish(msg.reply_subject, std::span<const std::byte>{},

        {{"X-Error", std::string(error_str)}});

}


// Deserialise the message payload from JSON into Req.

// Returns nullopt on parse failure.

template<typename Req>

std::optional<Req> decode(const ores::nats::message& msg) {

    const std::string_view sv(

        reinterpret_cast<const char*>(msg.data.data()), msg.data.size());

    auto r = rfl::json::read<Req>(sv);

    if (!r) return std::nullopt;

    return *r;

}


} // namespace ores::service::messaging


#endif

ores::service::error_code
error_code
Error codes returned by service-layer request helpers.
Definition error_code.hpp:28

ores::service::error_code::forbidden
@ forbidden
The caller is authenticated but lacks the required permission.

ores::service::error_code::token_expired
@ token_expired
The JWT token has expired.

ores::database::context
Context for the operations on a postgres database.
Definition context.hpp:47

ores::database::context::service_account
const std::string & service_account() const
Gets the service account for this context.
Definition context.hpp:127

ores::database::context::roles
const std::vector< std::string > & roles() const
Gets the permission codes carried in this context.
Definition context.hpp:142

ores::database::context::actor
const std::string & actor() const
Gets the current actor (end-user) for this context.
Definition context.hpp:118

ores::database::context::tenant_id
const utility::uuid::tenant_id & tenant_id() const
Gets the tenant ID for this context.
Definition context.hpp:94

ores::nats::message
A received NATS message.
Definition message.hpp:40

ores::nats::message::reply_subject
std::string reply_subject
The reply-to subject, empty for one-way publishes.
Definition message.hpp:51

ores::nats::message::data
std::vector< std::byte > data
The message payload bytes.
Definition message.hpp:58

ores::nats::service::client
NATS client: connection, pub/sub, request/reply, and JetStream.
Definition client.hpp:73

ores::nats::service::client::publish
void publish(std::string_view subject, std::span< const std::byte > data, std::unordered_map< std::string, std::string > headers={})
Publish a message to a subject.
Definition client.cpp:298

ores::utility::uuid::tenant_id::to_uuid
const boost::uuids::uuid & to_uuid() const noexcept
Returns the underlying boost UUID.
Definition tenant_id.cpp:77

ores::utility::uuid::tenant_id::to_string
std::string to_string() const
Converts the tenant_id to its string representation.
Definition tenant_id.cpp:81