From ce9b2eea2bf864e315f5861cb02f864570146115 Mon Sep 17 00:00:00 2001
From: Noah Botimer <botimer@umich.edu>
Date: Fri, 12 Jul 2024 16:38:07 -0400
Subject: [PATCH] Ensure that SSL support is enabled in HttpClient

The http-check tool was working fine with HTTPS because it enabled the
support before it included httplib.h. However, the HttpClient
implementation did not, which mean that the whole of the shared library
was not supporting HTTPS.

When using the API over HTTPS, this was silently crashing the module
because of an uncaught exception. This would normally produce stdout or
stderr output, but it is squelched by the Apache process management.

We add an additional api-check binary that enables a cursory check of
using the Authorizer against an HTTP or HTTPS API instance from the
command line.
---
 apache/client/meson.build                     | 38 +++++++++++++------
 apache/client/src/api_check.cpp               | 35 +++++++++++++++++
 apache/client/src/lauth/http_client.cpp       |  4 ++
 apache/client/test/lauth/http_client_test.cpp |  9 +++++
 4 files changed, 75 insertions(+), 11 deletions(-)
 create mode 100644 apache/client/src/api_check.cpp

diff --git a/apache/client/meson.build b/apache/client/meson.build
index 9c09ea8..90d8b9e 100644
--- a/apache/client/meson.build
+++ b/apache/client/meson.build
@@ -31,6 +31,13 @@ lauth_integration_tests = files([
   'test/lauth/http_client_test.cpp',
 ])
 
+os = host_machine.system()
+if os == 'darwin'
+  httplib_links = []
+else
+  httplib_links = ['-lssl', '-lcrypto']
+endif
+
 liblauth = shared_library(
   'lauth',
   lauth_sources,
@@ -39,9 +46,12 @@ liblauth = shared_library(
     cpp_httplib,
     json,
   ],
+  link_args: httplib_links,
   install: true,
 )
 
+liblauth_dep = declare_dependency(include_directories: lauth_includes, link_with: liblauth)
+
 install_headers(
   'include/lauth/api_client.hpp',
   'include/lauth/authorization_result.hpp',
@@ -64,8 +74,9 @@ if get_option('tests')
       cpp_httplib,
       json,
       gtest,
-      gmock
-    ]
+      gmock,
+    ],
+    link_args: httplib_links,
   )
   test('lauth-test', tests)
 endif
@@ -80,18 +91,12 @@ if get_option('integration-tests')
       json,
       gtest,
       gmock
-      ]
-    )
+    ],
+    link_args: httplib_links,
+  )
   test('lauth-integration-test', integration_tests)
 endif
 
-os = host_machine.system()
-if os == 'darwin'
-  httplib_links = []
-else
-  httplib_links = ['-lssl', '-lcrypto']
-endif
-
 executable(
   'http-service',
   files(['test/mock_service.cpp']),
@@ -110,3 +115,14 @@ executable(
   ],
   link_args: httplib_links
 )
+
+executable(
+  'api-check',
+  files(['src/api_check.cpp']),
+  include_directories: lauth_includes,
+  dependencies: [
+    cpp_httplib,
+    liblauth_dep,
+  ],
+  link_args: httplib_links,
+)
diff --git a/apache/client/src/api_check.cpp b/apache/client/src/api_check.cpp
new file mode 100644
index 0000000..340e0bc
--- /dev/null
+++ b/apache/client/src/api_check.cpp
@@ -0,0 +1,35 @@
+#include <exception>
+#include <iostream>
+#include <map>
+#include <memory>
+
+#include <lauth/authorizer.hpp>
+#include <lauth/logging.hpp>
+
+using namespace mlibrary::lauth;
+
+int main(int argc, char **argv) {
+  if (argc != 6) {
+    std::cout << "Usage: api-check <host> <token> <uri> <ip> <username>" << std::endl;
+    return -1;
+  }
+
+  auto host = std::string(argv[1]);
+  auto token = std::string(argv[2]);
+  auto uri = std::string(argv[3]);
+  auto ip = std::string(argv[4]);
+  auto user = std::string(argv[5]);
+  std::cout << "Authorizing (via " << host << ") --  uri: " << uri << ", ip: " << ip << ", user: " << user << std::endl;
+
+  Logger::set(std::make_shared<Logger>(std::make_unique<StdOut>()));
+  auto auth = Authorizer(host, token);
+  Request req = Request {
+	  .ip = ip,
+	  .uri = uri,
+	  .user = user
+  };
+
+  auto result = auth.authorize(req);
+  std::cout << "Authorizer worked... determination: " << result["determination"] << std::endl;
+  return 0;
+}
diff --git a/apache/client/src/lauth/http_client.cpp b/apache/client/src/lauth/http_client.cpp
index 4e122d0..a0d3432 100644
--- a/apache/client/src/lauth/http_client.cpp
+++ b/apache/client/src/lauth/http_client.cpp
@@ -2,6 +2,10 @@
 
 #include <optional>
 
+#ifndef CPPHTTPLIB_OPENSSL_SUPPORT
+#define CPPHTTPLIB_OPENSSL_SUPPORT 1
+#endif
+
 #include <httplib.h>
 
 #include "lauth/http_params.hpp"
diff --git a/apache/client/test/lauth/http_client_test.cpp b/apache/client/test/lauth/http_client_test.cpp
index 9d8a0d5..e556b29 100644
--- a/apache/client/test/lauth/http_client_test.cpp
+++ b/apache/client/test/lauth/http_client_test.cpp
@@ -14,6 +14,7 @@
 
 using testing::_;
 using testing::Eq;
+using testing::HasSubstr;
 using testing::IsTrue;
 
 using namespace mlibrary::lauth;
@@ -85,3 +86,11 @@ TEST(HttpClient, GetRequestWithAuthorizationHeaderEncodesIt) {
 
   EXPECT_THAT(*response, Eq(R"({"Bearer":"dGVzdA=="})"));
 }
+
+TEST(HttpClient, HttpsSchemeIsSupported) {
+  HttpClient client("https://example.com");
+
+  auto response = client.get("/");
+
+  EXPECT_THAT(*response, HasSubstr("Example Domain"));
+}