Merge branch 'main' of github.com:dfinity/response-verification into nathan/allow-additional-headers-for-redirects

Author: nathanosdev

Cargo.lock

@@ -1,5 +1,5 @@
 {
-  "dfx": "0.23.0",
+  "dfx": "0.24.3",
   "output_env_file": ".env",
   "version": 1,
   "networks": {

dfx.json

@@ -76,7 +76,7 @@ fn post_upgrade() {
 
 ## Canister endpoints
 
-There is only one canister endpoint in this example to serve assets, `http_request` query endpoint. The `serve_metrics` and `serve_asset` functions will be covered in a later section.
+There is only one canister endpoint in this example to serve assets, the `http_request` query endpoint. The `http_request` handler uses two auxiliary functions, `serve_metrics` and `serve_asset`, which are covered in a later section.
 
 ```rust
 #[query]
@@ -160,18 +160,17 @@ The `certify_all_assets` function performs the following steps:
 4. Certify the assets using the `certify_assets` function from the `ic-asset-certification` crate.
 5. Set the canister's certified data.
 
-````rust
+```rust
 thread_local! {
     static HTTP_TREE: Rc<RefCell<HttpCertificationTree>> = Default::default();
 
+    static ASSET_ROUTER: RefCell<AssetRouter<'static>> = RefCell::new(AssetRouter::with_tree(HTTP_TREE.with(|tree| tree.clone())));
+
     // initializing the asset router with an HTTP certification tree is optional.
     // if direct access to the HTTP certification tree is not needed for certifying
     // requests and responses outside of the asset router, then this step can be skipped
     // and the asset router can be initialized like so:
-    // ```
-    // static ASSET_ROUTER: RefCell<AssetRouter<'static>> = Default::default();
-    // ```
-    static ASSET_ROUTER: RefCell<AssetRouter<'static>> = RefCell::new(AssetRouter::with_tree(HTTP_TREE.with(|tree| tree.clone())));
+    static ASSET_ROUTER: RefCell<AssetRouter<'static>> = Default::default();
 }
 
 const IMMUTABLE_ASSET_CACHE_CONTROL: &str = "public, max-age=31536000, immutable";
@@ -230,7 +229,13 @@ fn certify_all_assets() {
             from: "/old-url".to_string(),
             to: "/".to_string(),
             kind: AssetRedirectKind::Permanent,
-            headers: get_asset_headers(vec![]),
+            headers: get_asset_headers(vec![
+                ("content-type".to_string(), "text/plain".to_string()),
+                (
+                    "cache-control".to_string(),
+                    NO_CACHE_ASSET_CACHE_CONTROL.to_string(),
+                ),
+            ]),
         },
     ];
 
@@ -260,7 +265,7 @@ fn certify_all_assets() {
         set_certified_data(&asset_router.root_hash());
     });
 }
-````
+```
 
 ## Serving assets
 
@@ -349,13 +354,13 @@ Then, deploy the canister:
 dfx deploy http_certification_assets_backend
 ```
 
-You can now access the canister's assets by navigating to the canister's URL in a web browser. The URL can also be found using the following command, making sure to replace `backend` with the name of the canister:
+You can now access the canister's assets by navigating to the canister's URL in a web browser. The URL can also be found using the following command:
 
 ```shell
 echo "http://$(dfx canister id http_certification_assets_backend).localhost:$(dfx info webserver-port)"
 ```
 
-Alternatively, to make a request with cURL, again making sure to replace `backend` with the name of the canister:
+Alternatively, to make a request with `curl`:
 
 ```shell
 curl "http://$(dfx canister id http_certification_assets_backend).localhost:$(dfx info webserver-port)" --resolve "$(dfx canister id http_certification_assets_backend).localhost:$(dfx info webserver-port):127.0.0.1"

examples/http-certification/assets/README.md

@@ -67,7 +67,6 @@ The lifecycle hooks are set up similarly to the JSON API.
 ```rust
 #[init]
 fn init() {
-    prepare_cel_exprs();
     certify_all_assets();
 }
 
@@ -79,30 +78,17 @@ fn post_upgrade() {
 
 ## CEL Expressions
 
-CEL expressions are also stored similarly to the [JSON API example](https://internetcomputer.org/docs/current/developer-docs/http-compatible-canisters/serving-json-over-http).
+The CEL expression definition is simpler in the case of assets compared to the [JSON API example](https://internetcomputer.org/docs/current/developer-docs/http-compatible-canisters/serving-json-over-http) as the same CEL expression is used for every asset, including the fallback response.
 
 ```rust
-thread_local! {
-    static CEL_EXPRS: RefCell<HashMap<String, (DefaultResponseOnlyCelExpression<'static>, String)>> = RefCell::new(HashMap::new());
-}
-```
-
-The CEL expression definition is simpler in the case of assets as the same CEL expression is used for every asset, including the fallback response.
-
-```rust
-fn prepare_cel_exprs() {
-    let asset_cel_expr_def = DefaultCelBuilder::response_only_certification()
-        .with_response_certification(DefaultResponseCertification::response_header_exclusions(vec![]))
-        .build();
-
-    let asset_cel_expr = asset_cel_expr_def.to_string();
-
-    CEL_EXPRS.with_borrow_mut(|exprs| {
-        exprs.insert(
-            ASSET_CEL_EXPR_PATH.to_string(),
-            (asset_cel_expr_def, asset_cel_expr),
-        );
-    });
+lazy_static! {
+    static ref ASSET_CEL_EXPR_DEF: DefaultResponseOnlyCelExpression<'static> =
+        DefaultCelBuilder::response_only_certification()
+            .with_response_certification(DefaultResponseCertification::response_header_exclusions(
+                vec![],
+            ))
+            .build();
+    static ref ASSET_CEL_EXPR: String = ASSET_CEL_EXPR_DEF.to_string();
 }
 ```
 
@@ -172,11 +158,7 @@ fn create_asset_response(
 ) -> HttpResponse {
     let headers = get_asset_headers(additional_headers, body.len(), cel_expr);
 
-    HttpResponse::builder()
-        .with_status_code(200)
-        .with_headers(headers)
-        .with_body(body)
-        .build()
+    HttpResponse::ok(body, headers).build()
 }
 ```
 
@@ -189,35 +171,30 @@ fn certify_asset_response(
     asset_tree_path: &HttpCertificationPath,
     asset_req_path: String,
 ) {
-    CEL_EXPRS.with_borrow(|cel_exprs| {
-        // get the relevant CEL expression
-        let (cel_expr_def, cel_expr_str) = cel_exprs.get(*ASSET_CEL_EXPR_PATH).unwrap();
+    // create the response
+    let response = create_asset_response(additional_headers, body, ASSET_CEL_EXPR.clone());
 
-        // create the response
-        let response = create_asset_response(additional_headers, body, cel_expr_str.to_string());
-
-        // certify the response
-        let certification =
-            HttpCertification::response_only(cel_expr_def, &response, None).unwrap();
+    // certify the response
+    let certification =
+        HttpCertification::response_only(&ASSET_CEL_EXPR_DEF, &response, None).unwrap();
 
-        HTTP_TREE.with_borrow_mut(|http_tree| {
-            // add the certification to the certification tree
-            http_tree.insert(&HttpCertificationTreeEntry::new(
-                asset_tree_path,
-                &certification,
-            ));
-        });
+    HTTP_TREE.with_borrow_mut(|http_tree| {
+        // add the certification to the certification tree
+        http_tree.insert(&HttpCertificationTreeEntry::new(
+            asset_tree_path,
+            &certification,
+        ));
+    });
 
-        RESPONSES.with_borrow_mut(|responses| {
-            // store the response for later retrieval
-            responses.insert(
-                asset_req_path,
-                CertifiedHttpResponse {
-                    response,
-                    certification,
-                },
-            );
-        });
+    RESPONSES.with_borrow_mut(|responses| {
+        // store the response for later retrieval
+        responses.insert(
+            asset_req_path,
+            CertifiedHttpResponse {
+                response,
+                certification,
+            },
+        );
     });
 }
 ```
@@ -244,35 +221,30 @@ fn certify_asset_with_encoding(
         let mut headers = vec![("content-encoding".to_string(), encoding.to_string())];
         headers.extend(additional_headers);
 
-        CEL_EXPRS.with_borrow(|cel_exprs| {
-            // get the relevant CEL expression
-            let (cel_expr_def, cel_expr_str) = cel_exprs.get(*ASSET_CEL_EXPR_PATH).unwrap();
-
-            // create the response
-            let response = create_asset_response(headers, body, cel_expr_str.to_string());
+        // create the response
+        let response = create_asset_response(headers, body, ASSET_CEL_EXPR.clone());
 
-            // certify the response
-            let certification =
-                HttpCertification::response_only(cel_expr_def, &response, None).unwrap();
+        // certify the response
+        let certification =
+            HttpCertification::response_only(&ASSET_CEL_EXPR_DEF, &response, None).unwrap();
 
-            HTTP_TREE.with_borrow_mut(|http_tree| {
-                // add the certification to the certification tree
-                http_tree.insert(&HttpCertificationTreeEntry::new(
-                    asset_tree_path,
-                    &certification,
-                ));
-            });
+        HTTP_TREE.with_borrow_mut(|http_tree| {
+            // add the certification to the certification tree
+            http_tree.insert(&HttpCertificationTreeEntry::new(
+                asset_tree_path,
+                &certification,
+            ));
+        });
 
-            ENCODED_RESPONSES.with_borrow_mut(|responses| {
-                // store the response for later retrieval
-                responses.insert(
-                    (asset_req_path, encoding.to_string()),
-                    CertifiedHttpResponse {
-                        response,
-                        certification,
-                    },
-                );
-            });
+        ENCODED_RESPONSES.with_borrow_mut(|responses| {
+            // store the response for later retrieval
+            responses.insert(
+                (asset_req_path, encoding.to_string()),
+                CertifiedHttpResponse {
+                    response,
+                    certification,
+                },
+            );
         });
     };
 }
@@ -388,7 +360,7 @@ fn certify_index_asset() {
 }
 ```
 
-It's also possible to skip certification for certain routes. This can be useful for scenarios where it's difficult to predict what the response will look like for a certain route and the content is not very security sensitive. This can be done as follows:
+It's also possible to skip certification for certain routes. This can be useful for scenarios where it's difficult to predict what the response will look like for a certain route and the content is not very security sensitive. This can be done for example with metrics served on the `/metrics` route as follows:
 
 ```rust
 const METRICS_REQ_PATH: &str = "/metrics";
@@ -561,11 +533,7 @@ fn create_metrics_response() -> HttpResponse<'static> {
         DefaultCelBuilder::skip_certification().to_string(),
     );
 
-    HttpResponse::builder()
-        .with_status_code(200)
-        .with_headers(headers)
-        .with_body(body)
-        .build()
+    HttpResponse::ok(body, headers).build()
 }
 ```
 
@@ -594,13 +562,13 @@ Then, deploy the canister:
 dfx deploy http_certification_custom_assets_backend
 ```
 
-You can now access the canister's assets by navigating to the canister's URL in a web browser. The URL can also be found using the following command, making sure to replace `backend` with the name of the canister:
+You can now access the canister's assets by navigating to the canister's URL in a web browser. The URL can also be found using the following command:
 
 ```shell
 echo "http://$(dfx canister id http_certification_custom_assets_backend).localhost:$(dfx info webserver-port)"
 ```
 
-Alternatively, to make a request with cURL, again making sure to replace `backend` with the name of the canister:
+Alternatively, to make a request with `curl`:
 
 ```shell
 curl "http://$(dfx canister id http_certification_custom_assets_backend).localhost:$(dfx info webserver-port)" --resolve "$(dfx canister id http_certification_custom_assets_backend).localhost:$(dfx info webserver-port):127.0.0.1"