Merge pull request #43 from G-Core/secrets

feat: ✨ Secret Storage accessor methods added

Author: godronus

create-wit-bindings.sh

@@ -0,0 +1,3 @@
+#!/usr/bin/env bash
+
+~/.cargo/bin/wit-bindgen c --out-dir runtime/fastedge/host-api/bindings --world bindings runtime/fastedge/host-api/wit

docs/examples/variables-and-secrets.js

@@ -0,0 +1,13 @@
+import { getEnv } from 'fastedge::env';
+import { getSecret } from 'fastedge::secret';
+
+async function eventHandler(event) {
+  const username = getEnv('USERNAME');
+  const password = getSecret('PASSWORD');
+
+  return new Response(`Username: ${username}, Password: ${password}`);
+}
+
+addEventListener('fetch', (event) => {
+  event.respondWith(eventHandler(event));
+});

docs/src/content/docs/examples/main-examples.mdx

@@ -27,4 +27,8 @@ as we build out more functionality.
     title='Header manipulation with environment variables'
     href='/FastEdge-sdk-js/examples/headers/'
   />
+  <LinkCard
+    title='Environment variables and secrets'
+    href='/FastEdge-sdk-js/examples/variables-and-secrets/'
+  />
 </CardGrid>

docs/src/content/docs/examples/variables-and-secrets.mdx

@@ -0,0 +1,12 @@
+---
+title: Environment Variables and Secrets
+description: An example using environment variables and secrets.
+prev:
+  link: /FastEdge-sdk-js/examples/main-examples/
+  label: Back to examples
+---
+
+import { Code } from '@astrojs/starlight/components';
+import importedCode from '/examples/variables-and-secrets.js?raw';
+
+<Code code={importedCode} lang='js' title='docs/examples/variables-and-secrets.js' />

docs/src/content/docs/reference/secrets.md

@@ -0,0 +1,35 @@
+---
+title: FastEdge::secret
+description: How to use FastEdge secret variables.
+---
+
+### Secret Variables
+
+To access secret variables, set during deployment on the FastEdge network.
+
+```js
+import { getSecret } from 'fastedge::secret';
+
+async function eventHandler(event) {
+  const secretToken = getSecret('MY_SECRET_TOKEN');
+  return new Response({ secretToken });
+}
+
+addEventListener('fetch', (event) => {
+  event.respondWith(eventHandler(event));
+});
+```
+
+```js title="SYNTAX"
+getSecret(secretName);
+```
+
+##### Parameters
+
+- `secretName` (required)
+
+  A string containing the name of the key you want to retrieve the value of.
+
+##### Return Value
+
+A string containing the value of the key. If the key does not exist, null is returned.

package.json

@@ -38,8 +38,7 @@
     "build:monkey:prod": "./runtime/fastedge/build.sh",
     "build:libs": "node esbuild/fastedge-libs.js",
     "build:types": "tsc -p ./src/static-server/tsconfig.json",
-    "FIX:build:wasm": "node build-examples-config.js",
-    "FIX:generate:wit-world": "make -j8 -C fastedge-runtime/cbindings generate-wit-bindgen",
+    "generate:wit-world": "./create-wit-bindings.sh",
     "lint": "npx eslint -c ./config/eslint/repo/.eslintrc.cjs .",
     "semantic-release": "semantic-release",
     "test:solo": "NODE_ENV=test jest -c ./config/jest/jest.config.js --",

runtime/fastedge/builtins/fastedge.cpp

@@ -25,6 +25,7 @@ namespace fastedge::fastedge {
 
 JS::PersistentRooted<JSObject *> FastEdge::env;
 JS::PersistentRooted<JSObject *> FastEdge::fs;
+JS::PersistentRooted<JSObject *> FastEdge::secret;
 
 bool FastEdge::getEnv(JSContext* cx, unsigned argc, JS::Value* vp) {
   JS::CallArgs args = JS::CallArgsFromVp(argc, vp);
@@ -96,6 +97,33 @@ bool FastEdge::readFileSync(JSContext *cx, unsigned argc, JS::Value *vp) {
   return true;
 }
 
+bool FastEdge::getSecret(JSContext* cx, unsigned argc, JS::Value* vp) {
+  JS::CallArgs args = JS::CallArgsFromVp(argc, vp);
+  if (!args.requireAtLeast(cx, "getSecret", 1)) {
+    JS_ReportErrorUTF8(cx, "getSecret() -> requires at least 1 argument");
+    return false;
+  }
+  // Convert the first argument to a string
+  JS::RootedString jsKey(cx, JS::ToString(cx, args[0]));
+  if (!jsKey) {
+    return false;
+  }
+  // Encode the JS string to a C++ string
+  JS::UniqueChars keyChars = JS_EncodeStringToUTF8(cx, jsKey);
+  if (!keyChars) {
+    return false;
+  }
+  auto secretValue = host_api::get_secret_vars(keyChars.get());
+  if (!secretValue.size()) {
+    args.rval().setNull();
+    return true;
+  }
+
+  JS::RootedString secretValueStr(cx, JS_NewStringCopyUTF8N(cx, JS::UTF8Chars(secretValue.begin(), secretValue.size())));
+  args.rval().setString(secretValueStr);
+  return true;
+}
+
 const JSPropertySpec FastEdge::properties[] = {
     JS_PSG("env", getEnv, JSPROP_ENUMERATE),
     JS_PS_END
@@ -118,6 +146,7 @@ bool install(api::Engine *engine) {
   const JSFunctionSpec methods[] = {
       JS_FN("getEnv", FastEdge::getEnv, 1, JSPROP_ENUMERATE),
       JS_FN("readFileSync", FastEdge::readFileSync, 1, JSPROP_ENUMERATE),
+      JS_FN("getSecret", FastEdge::getSecret, 1, JSPROP_ENUMERATE),
       JS_FS_END
   };
 
@@ -156,6 +185,20 @@ bool install(api::Engine *engine) {
     return false;
   }
 
+  // fastedge:secret
+  RootedValue get_secret_val(engine->cx());
+  if (!JS_GetProperty(engine->cx(), fastedge, "getSecret", &get_secret_val)) {
+    return false;
+  }
+  RootedObject secret_builtin(engine->cx(), JS_NewObject(engine->cx(), nullptr));
+  if (!JS_SetProperty(engine->cx(), secret_builtin, "getSecret", get_secret_val)) {
+    return false;
+  }
+  RootedValue secret_builtin_val(engine->cx(), JS::ObjectValue(*secret_builtin));
+  if (!engine->define_builtin_module("fastedge::secret", secret_builtin_val)) {
+    return false;
+  }
+
   return true;
 }
 

runtime/fastedge/builtins/fastedge.h

@@ -23,11 +23,13 @@ class FastEdge : public builtins::BuiltinNoConstructor<FastEdge> {
 
   static JS::PersistentRooted<JSObject *> env;
   static JS::PersistentRooted<JSObject *> fs;
+  static JS::PersistentRooted<JSObject *> secret;
 
   static const JSPropertySpec properties[];
 
   static bool readFileSync(JSContext *cx, unsigned argc, JS::Value *vp);
   static bool getEnv(JSContext *cx, unsigned argc, JS::Value *vp);
+  static bool getSecret(JSContext *cx, unsigned argc, JS::Value *vp);
 
 };
 

runtime/fastedge/host-api/bindings/bindings.c

@@ -5,6 +5,9 @@
 __attribute__((__import_module__("gcore:fastedge/dictionary"), __import_name__("get")))
 extern void __wasm_import_gcore_fastedge_dictionary_get(int32_t, int32_t, int32_t);
 
+__attribute__((__import_module__("gcore:fastedge/secret"), __import_name__("get")))
+extern void __wasm_import_gcore_fastedge_secret_get(int32_t, int32_t, int32_t);
+
 __attribute__((__import_module__("wasi:cli/environment@0.2.0"), __import_name__("get-environment")))
 extern void __wasm_import_wasi_cli_0_2_0_environment_get_environment(int32_t);
 
@@ -544,6 +547,23 @@ void gcore_fastedge_dictionary_option_string_free(gcore_fastedge_dictionary_opti
   }
 }
 
+void gcore_fastedge_secret_error_free(gcore_fastedge_secret_error_t *ptr) {
+  switch ((int32_t) ptr->tag) {
+    case 2: {
+      bindings_string_free(&ptr->val.other);
+      break;
+    }
+  }
+}
+
+void gcore_fastedge_secret_result_option_string_error_free(gcore_fastedge_secret_result_option_string_error_t *ptr) {
+  if (!ptr->is_err) {
+    gcore_fastedge_dictionary_option_string_free(&ptr->val.ok);
+  } else {
+    gcore_fastedge_secret_error_free(&ptr->val.err);
+  }
+}
+
 void wasi_cli_0_2_0_environment_tuple2_string_string_free(wasi_cli_0_2_0_environment_tuple2_string_string_t *ptr) {
   bindings_string_free(&ptr->f0);
   bindings_string_free(&ptr->f1);
@@ -1718,6 +1738,61 @@ bool gcore_fastedge_dictionary_get(bindings_string_t *name, bindings_string_t *r
   return option.is_some;
 }
 
+bool gcore_fastedge_secret_get(bindings_string_t *key, gcore_fastedge_dictionary_option_string_t *ret, gcore_fastedge_secret_error_t *err) {
+  __attribute__((__aligned__(4)))
+  uint8_t ret_area[16];
+  int32_t ptr = (int32_t) &ret_area;
+  __wasm_import_gcore_fastedge_secret_get((int32_t) (*key).ptr, (int32_t) (*key).len, ptr);
+  gcore_fastedge_secret_result_option_string_error_t result;
+  switch ((int32_t) (*((uint8_t*) (ptr + 0)))) {
+    case 0: {
+      result.is_err = false;
+      gcore_fastedge_dictionary_option_string_t option;
+      switch ((int32_t) (*((uint8_t*) (ptr + 4)))) {
+        case 0: {
+          option.is_some = false;
+          break;
+        }
+        case 1: {
+          option.is_some = true;
+          option.val = (bindings_string_t) { (uint8_t*)(*((int32_t*) (ptr + 8))), (size_t)(*((int32_t*) (ptr + 12))) };
+          break;
+        }
+      }
+      
+      result.val.ok = option;
+      break;
+    }
+    case 1: {
+      result.is_err = true;
+      gcore_fastedge_secret_error_t variant;
+      variant.tag = (int32_t) (*((uint8_t*) (ptr + 4)));
+      switch ((int32_t) variant.tag) {
+        case 0: {
+          break;
+        }
+        case 1: {
+          break;
+        }
+        case 2: {
+          variant.val.other = (bindings_string_t) { (uint8_t*)(*((int32_t*) (ptr + 8))), (size_t)(*((int32_t*) (ptr + 12))) };
+          break;
+        }
+      }
+      
+      result.val.err = variant;
+      break;
+    }
+  }
+  if (!result.is_err) {
+    *ret = result.val.ok;
+    return 1;
+  } else {
+    *err = result.val.err;
+    return 0;
+  }
+}
+
 void wasi_cli_0_2_0_environment_get_environment(wasi_cli_0_2_0_environment_list_tuple2_string_string_t *ret) {
   __attribute__((__aligned__(4)))
   uint8_t ret_area[8];

runtime/fastedge/host-api/bindings/bindings.h

@@ -20,6 +20,30 @@ typedef struct {
   bindings_string_t val;
 } gcore_fastedge_dictionary_option_string_t;
 
+// The set of errors which may be raised by functions in this interface
+typedef struct {
+  uint8_t tag;
+  union {
+    bindings_string_t other;
+  } val;
+} gcore_fastedge_secret_error_t;
+
+// The requesting component does not have access to the specified key
+// (which may or may not exist).
+#define GCORE_FASTEDGE_SECRET_ERROR_ACCESS_DENIED 0
+// Decryption error.
+#define GCORE_FASTEDGE_SECRET_ERROR_DECRYPT_ERROR 1
+// Some implementation-specific error has occurred (e.g. I/O)
+#define GCORE_FASTEDGE_SECRET_ERROR_OTHER 2
+
+typedef struct {
+  bool is_err;
+  union {
+    gcore_fastedge_dictionary_option_string_t ok;
+    gcore_fastedge_secret_error_t err;
+  } val;
+} gcore_fastedge_secret_result_option_string_error_t;
+
 typedef struct {
   bindings_string_t f0;
   bindings_string_t f1;
@@ -1538,6 +1562,11 @@ typedef wasi_http_0_2_0_types_own_response_outparam_t exports_wasi_http_0_2_0_in
 // Returns `ok(none)` if the key does not exist.
 extern bool gcore_fastedge_dictionary_get(bindings_string_t *name, bindings_string_t *ret);
 
+// Imported Functions from `gcore:fastedge/secret`
+// Get the secret associated with the specified `key`
+// Returns `ok(none)` if the key does not exist.
+extern bool gcore_fastedge_secret_get(bindings_string_t *key, gcore_fastedge_dictionary_option_string_t *ret, gcore_fastedge_secret_error_t *err);
+
 // Imported Functions from `wasi:cli/environment@0.2.0`
 // Get the POSIX-style environment variables.
 // 
@@ -3040,6 +3069,10 @@ extern bool wasi_io_0_2_0_streams_method_output_stream_write(wasi_io_0_2_0_strea
 
         void gcore_fastedge_dictionary_option_string_free(gcore_fastedge_dictionary_option_string_t *ptr);
 
+        void gcore_fastedge_secret_error_free(gcore_fastedge_secret_error_t *ptr);
+        
+        void gcore_fastedge_secret_result_option_string_error_free(gcore_fastedge_secret_result_option_string_error_t *ptr);
+        
         void wasi_cli_0_2_0_environment_tuple2_string_string_free(wasi_cli_0_2_0_environment_tuple2_string_string_t *ptr);
 
         void wasi_cli_0_2_0_environment_list_tuple2_string_string_free(wasi_cli_0_2_0_environment_list_tuple2_string_string_t *ptr);

runtime/fastedge/host-api/bindings/bindings_component_type.o

@@ -1260,6 +1260,18 @@ HostString get_env_vars(std::string_view name) {
   return bindings_string_to_host_string(value_str);
 }
 
+HostString get_secret_vars(std::string_view name) {
+  auto key_str = string_view_to_world_string(name);
+  gcore_fastedge_dictionary_option_string_t ret{};
+  gcore_fastedge_secret_error_t err;
+  auto has_value = gcore_fastedge_secret_get(&key_str, &ret, &err);
+  if (has_value && ret.is_some) {
+    return bindings_string_to_host_string(ret.val);
+  }
+  return nullptr;
+}
+
+
 } // namespace host_api
 
 static host_api::HttpIncomingRequest::RequestHandler REQUEST_HANDLER = nullptr;

runtime/fastedge/host-api/host_api.cpp

@@ -31,6 +31,7 @@ struct JSErrorFormatString;
 namespace host_api {
 
 HostString get_env_vars(std::string_view name);
+HostString get_secret_vars(std::string_view name);
 
 } // namespace host_api
 

runtime/fastedge/host-api/host_api_fastedge.h

@@ -0,0 +1,16 @@
+interface secret {
+  /// Get the secret associated with the specified `key`
+  /// Returns `ok(none)` if the key does not exist.
+  get: func(key: string) -> result<option<string>, error>;
+
+  /// The set of errors which may be raised by functions in this interface
+  variant error {
+    /// The requesting component does not have access to the specified key
+    /// (which may or may not exist).
+    access-denied,
+    /// Decryption error.
+    decrypt-error,
+    /// Some implementation-specific error has occurred (e.g. I/O)
+    other(string)
+  }
+}

runtime/fastedge/host-api/wit/deps/fastedge/secret.wit

@@ -2,4 +2,5 @@ package gcore:fastedge;
 
 world imports {
     import dictionary;
+    import secret;
 }

runtime/fastedge/host-api/wit/deps/fastedge/world.wit

@@ -15,6 +15,9 @@ const fastedgePackagePlugin = {
         case 'fs': {
           return { contents: `export const readFileSync = globalThis.fastedge.readFileSync;` };
         }
+        case 'secret': {
+          return { contents: `export const getSecret = globalThis.fastedge.getSecret;` };
+        }
         default: {
           return { contents: '' };
         }