feat(api): enhance runtime data handling with encoding support

yousef-cohere · yousef-cohere · commit b56070c6c776 · 2026-04-08T15:53:14.000-04:00
Added support for encoding options in the runtime data parameter for the /aa/evidence and /aa/additional_evidence endpoints. The new implementation allows clients to specify 'hex', 'base64', or omit the encoding for raw UTF-8 strings. Updated the OpenAPI documentation and added a decoding function to handle the different formats.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/api-server-rest/Cargo.toml b/api-server-rest/Cargo.toml
@@ -11,6 +11,7 @@ async-trait.workspace = true
 base64.workspace = true
 clap = { workspace = true, features = ["derive"] }
 form_urlencoded = "1.2.2"
+hex.workspace = true
 hyper = { version = "0.14.27", features = ["server", "http1", "runtime"] }
 serde.workspace = true
 serde_json.workspace = true
diff --git a/api-server-rest/build.rs b/api-server-rest/build.rs
@@ -31,7 +31,8 @@ fn _token() {}
     get,
     path = "/aa/evidence",
     params(
-        ("runtime_data" = String, Query, description = "Runtime Data")
+        ("runtime_data" = String, Query, description = "Runtime Data"),
+        ("encoding" = Option<String>, Query, description = "Encoding of runtime_data: 'hex', 'base64', or omit for raw UTF-8 string")
     ),
     responses(
         (status = 200, description = "success response",
@@ -50,12 +51,14 @@ fn _evidence() {}
     get,
     path = "/aa/additional_evidence",
     params(
-        ("runtime_data" = String, Query, description = "Runtime Data")
+        ("runtime_data" = String, Query, description = "Runtime Data"),
+        ("encoding" = Option<String>, Query, description = "Encoding of runtime_data: 'hex', 'base64', or omit for raw UTF-8 string")
     ),
     responses(
         (status = 200, description = "success response",
                 content_type = "application/octet-stream",
-                body = String),
+                body = String,
+                example = json!({"svn":"1","report_data":"eHh4eA=="})),
         (status = 400, description = "bad request for invalid query param"),
         (status = 403, description = "forbid external access"),
         (status = 404, description = "resource not found"),
diff --git a/api-server-rest/openapi/api.json b/api-server-rest/openapi/api.json
@@ -62,6 +62,15 @@
             "schema": {
               "type": "string"
             }
+          },
+          {
+            "name": "encoding",
+            "in": "query",
+            "description": "Encoding of runtime_data: 'hex', 'base64', or omit for raw UTF-8 string",
+            "required": false,
+            "schema": {
+              "type": "string"
+            }
           }
         ],
         "responses": {
@@ -71,6 +80,10 @@
               "application/octet-stream": {
                 "schema": {
                   "type": "string"
+                },
+                "example": {
+                  "report_data": "eHh4eA==",
+                  "svn": "1"
                 }
               }
             }
@@ -103,6 +116,15 @@
             "schema": {
               "type": "string"
             }
+          },
+          {
+            "name": "encoding",
+            "in": "query",
+            "description": "Encoding of runtime_data: 'hex', 'base64', or omit for raw UTF-8 string",
+            "required": false,
+            "schema": {
+              "type": "string"
+            }
           }
         ],
         "responses": {
diff --git a/api-server-rest/src/router.rs b/api-server-rest/src/router.rs
@@ -4,13 +4,27 @@
 //
 
 use anyhow::*;
+use base64::Engine;
 use hyper::body::HttpBody;
 use hyper::{header, Body, Method, Request, Response, StatusCode};
 use serde::Serialize;
 use std::collections::HashMap;
 use std::net::SocketAddr;
 use tracing::{debug, info};
 
+fn decode_runtime_data(raw: &str, encoding: Option<&str>) -> Result<Vec<u8>> {
+    match encoding {
+        Some("hex") => {
+            hex::decode(raw).map_err(|e| anyhow!("invalid hex in runtime_data: {e}"))
+        }
+        Some("base64") => base64::engine::general_purpose::STANDARD
+            .decode(raw)
+            .map_err(|e| anyhow!("invalid base64 in runtime_data: {e}")),
+        Some(other) => bail!("unsupported encoding: {other} (expected hex, base64, or omit)"),
+        None => Ok(raw.as_bytes().to_vec()),
+    }
+}
+
 use crate::client::{
     aa::{
         AAClient, AaelEvent, AA_AAEL_URL, AA_ADDITIONAL_EVIDENCE_URL, AA_EVIDENCE_URL, AA_ROOT,
@@ -171,10 +185,14 @@ impl Router {
                             info!("Get evidence");
                             match params.get("runtime_data") {
                                 Some(runtime_data) => {
-                                    match client
-                                        .get_evidence(&runtime_data.clone().into_bytes())
-                                        .await
-                                    {
+                                    let data = match decode_runtime_data(
+                                        runtime_data,
+                                        params.get("encoding").map(|s| s.as_str()),
+                                    ) {
+                                        std::result::Result::Ok(d) => d,
+                                        Err(e) => return self.internal_error(e.to_string()),
+                                    };
+                                    match client.get_evidence(&data).await {
                                         std::result::Result::Ok(results) => {
                                             return self.octet_stream_response(results)
                                         }
@@ -188,10 +206,15 @@ impl Router {
                             info!("Get additional evidence");
                             match params.get("runtime_data") {
                                 Some(runtime_data) => {
+                                    let data = match decode_runtime_data(
+                                        runtime_data,
+                                        params.get("encoding").map(|s| s.as_str()),
+                                    ) {
+                                        std::result::Result::Ok(d) => d,
+                                        Err(e) => return self.internal_error(e.to_string()),
+                                    };
                                     match client
-                                        .get_additional_evidence(
-                                            &runtime_data.clone().into_bytes(),
-                                        )
+                                        .get_additional_evidence(&data)
                                         .await
                                     {
                                         std::result::Result::Ok(results) => {
