-
Notifications
You must be signed in to change notification settings - Fork 272
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Lay foundation of crypto module in Rhai #2025
Comments
+1 Currently need this for a customer, and has been brought up in the past. But given Rhai is positioned to reduce the path of resistance for folks moving from gateway with limited Rust expertise. It should be able handle common customizations seamlessly (i.e. header manipulation), so we should at least provide base64 decode/encode and sha-256. |
partially fixes: #2025 - 2 new functions which work on ImmutableString
- Partially Fix #2025 Add support for base64 decode/encode to rhai **Checklist** Complete the checklist (and note appropriate exceptions) before a final PR is raised. - [x] Changes are compatible[^1] - [x] Documentation[^2] completed - [x] Performance impact assessed and acceptable - Tests added and passing[^3] - [x] Unit Tests ~~- [ ] Integration Tests~~ ~~- [ ] Manual Tests~~ **Exceptions** No Exceptions **Notes** [^1]. It may be appropriate to bring upcoming changes to the attention of other (impacted) groups. Please endeavour to do this before seeking PR approval. The mechanism for doing this will vary considerably, so use your judgement as to how and when to do this. [^2]. Configuration is an important part of many changes. Where applicable please try to document configuration examples. [^3]. Tick whichever testing boxes are applicable. If you are adding Manual Tests: - please document the manual testing (extensively) in the Exceptions. - please raise a separate issue to automate the test and label it (or ask for it to be labeled) as `manual test`
It's not complete. Just the base64 part, so re-opening. |
@abernix @chandrikas see related AWS Signaturev4 subgraph fetch signing in: |
Sigv4 support just landed, but it looks orthogonal to this issue, so we'll keep it open. |
Given that SigV4 and Base64 Encode/Decode are done, I'm going to go ahead and close this as it's less visionary at this point and more just an omnibus ticket that doesn't add quite as much value. Concrete asks for more functions can be opened as new issues. Thanks! |
When communicating with some subgraphs, it is necessary to sign the requests — for example various Google Cloud and AWS functions have their own HMAC requirements:
Google
AWS
When building your own native Rust plugin, this isn't particularly challenging (in fact, there are off the shelf AWS and GCP specific Crates that can make it even easier), but should we consider exposing such functionality in Rhai directly?
Perhaps something off-the-shelf that is relatively full-featured along the lines of the Node.js
crypto
stdlib? (No strong feelings on what — e.g., sodium, orion, etc.; figuring that out would be part of the task.)Alternatives
The alternative here is that we just bake-in utility functions that do these for you for providers who are big enough to warrant it (I'm largely thinking about AWS, Google, Azure). It will take a non-zero amount of time, effort and code for someone to implement those with just basic crypto functions, but maybe we still enable folks to do something more ad-hoc by having the functions there anyhow.
Basic Requirements
Lay the foundation for a set of crypto helpers. Let's just start with some simple things for now but be open to more:
The text was updated successfully, but these errors were encountered: