|
| std::expected< CertInfo, std::string > | readCertInfo (const std::string &certPath) |
| | Parses a PEM file and extracts the leaf's validity window and the full certificate chain.
|
| |
| std::expected< void, std::string > | fetchAndSwapCert (const std::string &certPath, const std::string &keyPath, const std::string &certUrl, const std::string &keyUrl) |
| | Downloads a fresh certificate and key and atomically installs them.
|
| |
| ResolvedCert | resolveCertPaths (const std::string &configCertPath, const std::string &configKeyPath, const std::filesystem::path &defaultCertPath, const std::filesystem::path &defaultKeyPath) |
| | Resolve the TLS cert/key file paths, choosing by discovery when not configured.
|
| |
| std::expected< void, std::string > | healCertIfNeeded (const std::string &certPath, const std::string &keyPath, bool autoUpdate, const std::string &certUrl, const std::string &keyUrl) |
| | Assess the served TLS certificate and refresh it if missing, expired, or expiring soon (the startup "cert self-heal").
|
| |
| std::string | defaultCertUrl () |
| | Default rolling-release URL for the current TLS certificate.
|
| |
| std::string | defaultKeyUrl () |
| | Default rolling-release URL for the current TLS private key. See defaultCertUrl.
|
| |
| std::optional< WsCommand > | parseWsCommand (std::string_view message) |
| | Parses an inbound monitoring-WebSocket text message into a subscribe/unsubscribe command.
|
| |
| std::expected< mm::node::Monitoring, std::string > | parseMonitoringRequest (const nlohmann::json &body) |
| | Parses a POST /api/monitorings request body into a Monitoring config.
|
| |
| std::expected< void, std::string > mm::healCertIfNeeded |
( |
const std::string & |
certPath, |
|
|
const std::string & |
keyPath, |
|
|
bool |
autoUpdate, |
|
|
const std::string & |
certUrl, |
|
|
const std::string & |
keyUrl |
|
) |
| |
Assess the served TLS certificate and refresh it if missing, expired, or expiring soon (the startup "cert self-heal").
Inspects certPath: a missing cert, an expired one, or one expiring within kCertExpiringSoonDays triggers a fetch from certUrl / keyUrl via fetchAndSwapCert; a cert with ample life left is left alone, so a healthy boot makes no network call. Refreshing on imminent expiry — not just after it lapses — lets an ephemeral container (and the Docker entrypoint's 1-day self-signed fallback, which reads as expiring soon) self-heal to a fresh cert on start. The outcome is logged. When autoUpdate is false no fetch is attempted.
The fatal case is "no certificate that can be served": the cert is missing and either fetching is disabled or the fetch failed. A present cert (expired or expiring) is a degraded success — it still binds TLS, so it is served rather than failing when the fetch cannot run or fails.
- Parameters
-
| certPath | Path to the served certificate (overwritten on a successful fetch). |
| keyPath | Path to the served private key (overwritten on a successful fetch). |
| autoUpdate | Whether a missing/expired/expiring cert may be fetched. |
| certUrl | Source URL for the certificate fetch. |
| keyUrl | Source URL for the private-key fetch. |
- Returns
- Empty on success (including the present-but-served degraded case), or an error string when TLS cannot be served at all.
| std::expected< mm::node::Monitoring, std::string > mm::parseMonitoringRequest |
( |
const nlohmann::json & |
body | ) |
|
Parses a POST /api/monitorings request body into a Monitoring config.
Expected shape:
{ "topic": "left-leg", "name": "Left Leg" (optional),
"interval": 1000,
"parameters": [[devicePosition, index, subindex], ...] }
interval is the flush cadence in milliseconds. Each parameter is a three-element array of integers. This checks only the request shape (presence, JSON types, ranges) and converts it; semantic validation (URL-safe/reserved topic, interval bounds, parameter sourcing) is MonitoringManager::create's job. (A legacy bufferSize key, if present, is ignored.)
- Parameters
-
| body | The parsed request body. |
- Returns
- The configuration, or an error string naming the first shape problem.
| std::optional< WsCommand > mm::parseWsCommand |
( |
std::string_view |
message | ) |
|
Parses an inbound monitoring-WebSocket text message into a subscribe/unsubscribe command.
Accepts exactly {"subscribe":"<topic>"} or {"unsubscribe":"<topic>"} where <topic> is a URL-safe id. Anything else — malformed JSON, a non-object, an unknown key, a non-string or non-URL-safe topic — yields nullopt so the caller can simply ignore it. Pure (no I/O), so it is unit-tested directly; the server's message handler calls it and then ws->subscribe / ws->unsubscribe.
- Parameters
-
| message | The raw WebSocket text frame. |
- Returns
- The parsed command, or
nullopt if message is not a valid (un)subscribe request.