T1B0 commented on code in PR #2822: URL: https://github.com/apache/iggy/pull/2822#discussion_r2892352211
########## examples/node/src/tcp-tls/consumer.ts: ########## @@ -0,0 +1,146 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +// TCP/TLS Consumer Example +// +// Demonstrates consuming messages over a TLS-encrypted TCP connection +// using custom certificates from core/certs/. +// +// Prerequisites: +// Start the Iggy server with TLS enabled: +// IGGY_TCP_TLS_ENABLED=true \ +// IGGY_TCP_TLS_CERT_FILE=core/certs/iggy_cert.pem \ +// IGGY_TCP_TLS_KEY_FILE=core/certs/iggy_key.pem \ +// cargo r --bin iggy-server +// +// Run this example (from examples/node/): +// DEBUG=iggy:* npx tsx src/tcp-tls/consumer.ts + +import { readFileSync } from 'node:fs'; +import { Client, PollingStrategy, Consumer } from 'apache-iggy'; +import { BATCHES_LIMIT, log, MESSAGES_PER_BATCH, PARTITION_ID, STREAM_ID, TOPIC_ID } from '../utils'; + +async function consumeMessages(client: Client): Promise<void> { + const interval = 500; + log( + 'Messages will be consumed from stream: %d, topic: %d, partition: %d with interval %d ms.', + STREAM_ID, + TOPIC_ID, + PARTITION_ID, + interval, + ); + + let offset = 0; + let consumedBatches = 0; + + while (consumedBatches < BATCHES_LIMIT) { + try { + log('Polling for messages...'); + const polledMessages = await client.message.poll({ + streamId: STREAM_ID, + topicId: TOPIC_ID, + consumer: Consumer.Single, + partitionId: PARTITION_ID, + pollingStrategy: PollingStrategy.Offset(BigInt(offset)), + count: MESSAGES_PER_BATCH, + autocommit: false, + }); + + if (!polledMessages || polledMessages.messages.length === 0) { + log('No messages found.'); + consumedBatches++; + await new Promise(resolve => setTimeout(resolve, interval)); + continue; + } + + offset += polledMessages.messages.length; + + for (const message of polledMessages.messages) { + handleMessage(message); + } + + consumedBatches++; + log('Consumed %d message(s) in batch %d.', polledMessages.messages.length, consumedBatches); + + await new Promise(resolve => setTimeout(resolve, interval)); + } catch (error) { + log('Error consuming messages: %o', error); + throw error; + } + } + + log('Consumed %d batches of messages, exiting.', consumedBatches); +} + +function handleMessage(message: any): void { + const payload = message.payload.toString('utf8'); + log( + `Handling message at offset: ${message.headers.offset}, payload: %s...`, + payload, + ); +} + +async function main(): Promise<void> { + // Configure the client with TLS transport. + // transport: 'TLS' activates TLS on the TCP connection + // ca: readFileSync(...) provides the CA certificate to verify the server cert + // host: 'localhost' must match the server certificate CN/SAN + const client = new Client({ + transport: 'TLS', + options: { + port: 8090, + host: 'localhost', + ca: readFileSync('../../core/certs/iggy_ca_cert.pem'), + }, + credentials: { username: 'iggy', password: 'iggy' }, + }); + + try { + log('TLS consumer has started, selected transport: TLS'); + log('Connecting to Iggy server over TLS...'); + + log('Logging in user...'); + await client.session.login({ username: 'iggy', password: 'iggy' }); + log('Logged in successfully.'); + + await consumeMessages(client); + } catch (error) { + log('Error in main: %o', error); + process.exitCode = 1; + } finally { + await client.destroy(); + log('Disconnected from server.'); + } +} + +process.on('unhandledRejection', (reason, promise) => { + log('Unhandled Rejection at: %o, reason: %o', promise, reason); + process.exit(1); +}); + +if (import.meta.url === `file://${process.argv[1]}`) { + void (async () => { Review Comment: why do we need this void wrap here ? you don't do it in other example ########## examples/node/src/tcp-tls/consumer.ts: ########## @@ -0,0 +1,146 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +// TCP/TLS Consumer Example +// +// Demonstrates consuming messages over a TLS-encrypted TCP connection +// using custom certificates from core/certs/. +// +// Prerequisites: +// Start the Iggy server with TLS enabled: +// IGGY_TCP_TLS_ENABLED=true \ +// IGGY_TCP_TLS_CERT_FILE=core/certs/iggy_cert.pem \ +// IGGY_TCP_TLS_KEY_FILE=core/certs/iggy_key.pem \ +// cargo r --bin iggy-server +// +// Run this example (from examples/node/): +// DEBUG=iggy:* npx tsx src/tcp-tls/consumer.ts + +import { readFileSync } from 'node:fs'; +import { Client, PollingStrategy, Consumer } from 'apache-iggy'; +import { BATCHES_LIMIT, log, MESSAGES_PER_BATCH, PARTITION_ID, STREAM_ID, TOPIC_ID } from '../utils'; + +async function consumeMessages(client: Client): Promise<void> { + const interval = 500; + log( + 'Messages will be consumed from stream: %d, topic: %d, partition: %d with interval %d ms.', + STREAM_ID, + TOPIC_ID, + PARTITION_ID, + interval, + ); + + let offset = 0; + let consumedBatches = 0; + + while (consumedBatches < BATCHES_LIMIT) { + try { + log('Polling for messages...'); + const polledMessages = await client.message.poll({ + streamId: STREAM_ID, + topicId: TOPIC_ID, + consumer: Consumer.Single, + partitionId: PARTITION_ID, + pollingStrategy: PollingStrategy.Offset(BigInt(offset)), + count: MESSAGES_PER_BATCH, + autocommit: false, + }); + + if (!polledMessages || polledMessages.messages.length === 0) { + log('No messages found.'); + consumedBatches++; + await new Promise(resolve => setTimeout(resolve, interval)); + continue; + } + + offset += polledMessages.messages.length; + + for (const message of polledMessages.messages) { + handleMessage(message); + } + + consumedBatches++; + log('Consumed %d message(s) in batch %d.', polledMessages.messages.length, consumedBatches); + + await new Promise(resolve => setTimeout(resolve, interval)); + } catch (error) { + log('Error consuming messages: %o', error); + throw error; + } + } + + log('Consumed %d batches of messages, exiting.', consumedBatches); +} + +function handleMessage(message: any): void { Review Comment: no explicit any please ########## examples/node/src/tcp-tls/producer.ts: ########## @@ -0,0 +1,128 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +// TCP/TLS Producer Example +// +// Demonstrates producing messages over a TLS-encrypted TCP connection +// using custom certificates from core/certs/. +// +// Prerequisites: +// Start the Iggy server with TLS enabled: +// IGGY_TCP_TLS_ENABLED=true \ +// IGGY_TCP_TLS_CERT_FILE=core/certs/iggy_cert.pem \ +// IGGY_TCP_TLS_KEY_FILE=core/certs/iggy_key.pem \ +// cargo r --bin iggy-server +// +// Run this example (from examples/node/): +// DEBUG=iggy:* npx tsx src/tcp-tls/producer.ts + +import { readFileSync } from 'node:fs'; +import { Client, Partitioning } from 'apache-iggy'; +import { BATCHES_LIMIT, cleanup, initSystem, log, MESSAGES_PER_BATCH, sleep } from '../utils'; + +async function produceMessages( + client: Client, + stream: Awaited<ReturnType<typeof initSystem>>['stream'], Review Comment: just take a streamName and TopicName as string argument, code and signature would be much simpler. you should probably mirror this part of the signature on consumeMessage to keep example's api simple and consistent ########## examples/node/src/tcp-tls/consumer.ts: ########## @@ -0,0 +1,146 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +// TCP/TLS Consumer Example +// +// Demonstrates consuming messages over a TLS-encrypted TCP connection +// using custom certificates from core/certs/. +// +// Prerequisites: +// Start the Iggy server with TLS enabled: +// IGGY_TCP_TLS_ENABLED=true \ +// IGGY_TCP_TLS_CERT_FILE=core/certs/iggy_cert.pem \ +// IGGY_TCP_TLS_KEY_FILE=core/certs/iggy_key.pem \ +// cargo r --bin iggy-server +// +// Run this example (from examples/node/): +// DEBUG=iggy:* npx tsx src/tcp-tls/consumer.ts + +import { readFileSync } from 'node:fs'; +import { Client, PollingStrategy, Consumer } from 'apache-iggy'; +import { BATCHES_LIMIT, log, MESSAGES_PER_BATCH, PARTITION_ID, STREAM_ID, TOPIC_ID } from '../utils'; Review Comment: is this file/folder missing from MR ? ########## foreign/node/src/e2e/tls.system.e2e.ts: ########## @@ -0,0 +1,153 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +// TLS integration tests for the Node.js SDK. +// +// These tests require a TLS-enabled Iggy server and are skipped by default. +// To run them locally: +// +// 1. Start the server with TLS: +// IGGY_ROOT_USERNAME=iggy IGGY_ROOT_PASSWORD=iggy \ +// IGGY_TCP_TLS_ENABLED=true \ +// IGGY_TCP_TLS_CERT_FILE=core/certs/iggy_cert.pem \ +// IGGY_TCP_TLS_KEY_FILE=core/certs/iggy_key.pem \ +// cargo r --bin iggy-server +// +// 2. Run the tests: +// cd foreign/node +// IGGY_TCP_TLS_ENABLED=true IGGY_TCP_ADDRESS=127.0.0.1:8090 \ +// node --import @swc-node/register/esm-register --test src/e2e/tls.system.e2e.ts + +import { readFileSync } from 'node:fs'; +import { resolve } from 'node:path'; +import { after, describe, it } from 'node:test'; +import assert from 'node:assert/strict'; +import { Client } from '../client/client.js'; +import { Partitioning, Consumer, PollingStrategy } from '../wire/index.js'; +import { getIggyAddress } from '../tcp.sm.utils.js'; + +const tlsEnabled = process.env.IGGY_TCP_TLS_ENABLED === 'true'; + +// Walk up from cwd to find core/certs/ Review Comment: this recursive search sound overkill. getTlsClient could take caCertFilepath as params directly. maybe caller should accept some E2E_ROOT_CA_CERT from env, and fallback on relative default path like you did in examples ? ########## examples/node/src/tcp-tls/producer.ts: ########## @@ -0,0 +1,128 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +// TCP/TLS Producer Example +// +// Demonstrates producing messages over a TLS-encrypted TCP connection +// using custom certificates from core/certs/. +// +// Prerequisites: +// Start the Iggy server with TLS enabled: +// IGGY_TCP_TLS_ENABLED=true \ +// IGGY_TCP_TLS_CERT_FILE=core/certs/iggy_cert.pem \ +// IGGY_TCP_TLS_KEY_FILE=core/certs/iggy_key.pem \ +// cargo r --bin iggy-server +// +// Run this example (from examples/node/): +// DEBUG=iggy:* npx tsx src/tcp-tls/producer.ts + +import { readFileSync } from 'node:fs'; +import { Client, Partitioning } from 'apache-iggy'; +import { BATCHES_LIMIT, cleanup, initSystem, log, MESSAGES_PER_BATCH, sleep } from '../utils'; + +async function produceMessages( + client: Client, + stream: Awaited<ReturnType<typeof initSystem>>['stream'], + topic: Awaited<ReturnType<typeof initSystem>>['topic'], +) { + const interval = 500; + log( + 'Messages will be sent to stream: %d, topic: %d with interval %d ms.', + stream.id, + topic.id, + interval, + ); + + let currentId = 0; + let sentBatches = 0; + + for (; sentBatches < BATCHES_LIMIT;) { + const messages = Array.from({ length: MESSAGES_PER_BATCH }).map(() => { + currentId++; + return { + id: currentId, + headers: [], + payload: `message-${currentId}`, + }; + }); + + try { + await client.message.send({ + streamId: stream.id, + topicId: topic.id, + messages, + partition: Partitioning.PartitionId( + topic.partitions[Math.floor(Math.random() * topic.partitions.length)].id, + ), + }); + } catch (error) { + log('Error sending messages: %o', error); + } finally { + sentBatches++; + log('Sent messages: %o', messages); + await sleep(interval); + } + } + + log('Sent %d batches of messages, exiting.', sentBatches); +} + +async function main() { + // Configure the client with TLS transport. + // transport: 'TLS' activates TLS on the TCP connection + // ca: readFileSync(...) provides the CA certificate to verify the server cert + // host: 'localhost' must match the server certificate CN/SAN + const client = new Client({ + transport: 'TLS', + options: { + port: 8090, + host: 'localhost', + ca: readFileSync('../../core/certs/iggy_ca_cert.pem'), + }, + credentials: { username: 'iggy', password: 'iggy' }, + }); + + let streamId = null; + let topicId = 0; + try { + log('TLS producer has started, selected transport: TLS'); + log('Connecting to Iggy server over TLS...'); + + const { stream, topic } = await initSystem(client); Review Comment: where is initSystem defined ? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
