Add JavaScript sample app (#8)

Author: jumaffre

.github/workflows/ci.yml

@@ -7,7 +7,7 @@ on:
     branches: [main]
 
 jobs:
-  build-app:
+  build-cpp-app:
     runs-on: ubuntu-20.04
     container: mcr.microsoft.com/ccf/app/dev:lts-devcontainer
 
@@ -17,6 +17,7 @@ jobs:
 
       - name: Build app
         run: mkdir -p build && cd build && CC="/opt/oe_lvi/clang-10" CXX="/opt/oe_lvi/clang++-10" cmake -GNinja .. && ninja
+        working-directory: cpp
 
   build-containers:
     runs-on: ubuntu-20.04
@@ -26,8 +27,14 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@v3
 
-      - name: Build enclave container
-        run: docker build -t ccf-app-template:enclave -f docker/ccf_app.enclave .
+      - name: Build C++ enclave container
+        run: docker build -t ccf-app-template:cpp-enclave -f docker/ccf_app_cpp.enclave .
 
-      - name: Build virtual container
-        run: docker build -t ccf-app-template:virtual -f docker/ccf_app.virtual .
+      - name: Build C++ virtual container
+        run: docker build -t ccf-app-template:cpp-virtual -f docker/ccf_app_cpp.virtual .
+
+      - name: Build JS enclave container
+        run: docker build -t ccf-app-template:js-enclave -f docker/ccf_app_js.enclave .
+
+      - name: Build JS virtual container
+        run: docker build -t ccf-app-template:js-virtual -f docker/ccf_app_js.virtual .

.gitignore

@@ -1,2 +1,4 @@
-build/**
-*.deb
+**/build/**
+*.deb
+/.venv_ccf_sandbox/
+**/workspace/

.tours/sample-cpp-app.tour

@@ -3,12 +3,12 @@
   "title": "Sample C++ App Tour",
   "steps": [
     {
-      "file": "src/app/app.cpp",
+      "file": "cpp/app/app.cpp",
       "description": "This file defines a sample CCF C++ application. \n\nThe sample application is simple and does not make use of all CCF features (e.g. historical queries). However, it is a great starting point for new CCF developers.",
       "line": 1
     },
     {
-      "file": "src/app/app.cpp",
+      "file": "cpp/app/app.cpp",
       "description": "Here, the application is instantiated. \n\nThis lets CCF know that the application handlers should be registered and available on each CCF node starting this application. ",
       "line": 120,
       "selection": {
@@ -23,22 +23,22 @@
       }
     },
     {
-      "file": "src/app/app.cpp",
+      "file": "cpp/app/app.cpp",
       "description": "The application logic is defined in this namespace.\n\nIn particular, it defines:\n1. The types used by the app to record its state in the key-value store.\n2. The API schema for each endpoint.\n3. The HTTP endpoints that contain the business logic of the application and that can be invoked by client requests.",
       "line": 12
     },
     {
-      "file": "src/app/app.cpp",
+      "file": "cpp/app/app.cpp",
       "description": "The application makes use of a single key-value store map, which maps a `size_t` key to a `std::string` value (e.g. 0 -> \"hello world\").\n\nAll `put` operations on this map are recorded in the CCF ledger. ",
       "line": 15
     },
     {
-      "file": "src/app/app.cpp",
+      "file": "cpp/app/app.cpp",
       "description": "This defines the name of the `kv::Map` declared above. \n\nNote that the name is *not* prefixed with `public:` so all data written to this map is encrypted in the ledger. If the table was prefixed with `public:`, all writes to the map would be recorded in clear in the ledger, which is useful for auditable public data.",
       "line": 16
     },
     {
-      "file": "src/app/app.cpp",
+      "file": "cpp/app/app.cpp",
       "description": "CCF applications automatically generate their own OpenAPI specification (accessible via `GET /app/api`).\n\nThese lines specify metadata for the entire application.",
       "line": 37,
       "selection": {
@@ -53,12 +53,12 @@
       }
     },
     {
-      "file": "src/app/app.cpp",
+      "file": "cpp/app/app.cpp",
       "description": "This is the first HTTP handler defined by the application.\n\nIt lets users record an arbitrary message in the \"records\" private key-value map. The unique key of the message is set by the user as the `id` query parameter. \n\nEach handler is given a single transaction object (`ctx.tx`) that needs to be used to mutate and read from the key-value store.",
       "line": 43
     },
     {
-      "file": "src/app/app.cpp",
+      "file": "cpp/app/app.cpp",
       "description": "This is the CCF key-value store API to write to a specific map. \n\nA \"handle\" should be first retrieved on the map, using the `rw<Map>(RECORDS)` method on the unique transaction object `ctx.tx`. Then, a value (`in.msg`) can be recorded at a specific key (`id`) using the `put(key, value)` call. \n\nSee https://microsoft.github.io/CCF/release/2.x/build_apps/kv/index.html for the full key-value store API.",
       "line": 66,
       "selection": {
@@ -73,7 +73,7 @@
       }
     },
     {
-      "file": "src/app/app.cpp",
+      "file": "cpp/app/app.cpp",
       "description": "This installs the `write` handler as an HTTP endpoint.\n\nIt specifies:\n- The URI of the HTTP endpoint. In this case, `POST /app/log`. Note that all CCF application endpoints are prefixed with `/app`.\n- The content type of the HTTP request and response, in this case JSON.\n- The user authentication scheme. In this case, unauthenticated users are allowed to invoke the endpoint. See https://microsoft.github.io/CCF/release/2.x/build_apps/auth/index.html for the list of all supported authentication schemes.\n- The API schema to use in the generated OpenAPI specification.\n- The `id` query parameter at which the user message will be recorded. ",
       "line": 71,
       "selection": {
@@ -88,12 +88,12 @@
       }
     },
     {
-      "file": "src/app/app.cpp",
+      "file": "cpp/app/app.cpp",
       "description": "This is the second handler for this sample application.\n\nIt is similar to the first handler except that it only reads from the key-value store.",
       "line": 77
     },
     {
-      "file": "src/app/app.cpp",
+      "file": "cpp/app/app.cpp",
       "description": "Note that `make_read_only_endpoint` is used to specify that the endpoint does not write to the key-value store. \n\nThe endpoint is accessible at `GET /app/log` and as such, does not accept any request body.\n\n",
       "line": 103,
       "selection": {
@@ -108,29 +108,19 @@
       }
     },
     {
-      "file": "src/app/app.cpp",
+      "file": "cpp/app/app.cpp",
       "description": "That's it! \n\nFor more information on how to build CCF C++ applications, see https://microsoft.github.io/CCF/release/2.x/build_apps/example.html. \n\nFor any questions or bugs, please open an issue on Github: https://github.com/microsoft/CCF/issues/new/choose.",
       "line": 122
     },
     {
       "file": "README.md",
       "description": "You can build the sample application by running the following steps.\n\nMake sure the dependencies have been installed, or that you have checked out this repository in a VSCode development container (see above).",
-      "line": 19
+      "line": 59
     },
     {
       "file": "README.md",
       "description": "Finally, you can run the application locally using the CCF sandbox script.\n\nYou can then interact with the application with `curl`.",
-      "line": 34,
-      "selection": {
-        "start": {
-          "line": 56,
-          "character": 3
-        },
-        "end": {
-          "line": 56,
-          "character": 172
-        }
-      }
+      "line": 75
     }
   ],
   "ref": "main"

README.md

@@ -4,27 +4,83 @@
 
 [![CCF App Template CI](https://github.com/microsoft/ccf-app-template/actions/workflows/ci.yml/badge.svg)](https://github.com/microsoft/ccf-app-template/actions/workflows/ci.yml)
 
-Template repository for CCF applications.
+Template repository for JavaScript and C++ CCF applications.
 
 ## Quickstart
 
 **The quickest way to build and run this sample CCF app is to checkout this repository locally in its development container by clicking: 
 [![Open in VSCode](https://img.shields.io/static/v1?label=Open+in&message=VSCode&logo=visualstudiocode&color=007ACC&logoColor=007ACC&labelColor=2C2C32)](https://vscode.dev/redirect?url=vscode://ms-vscode-remote.remote-containers/cloneInVolume?url=https://github.com/microsoft/ccf-app-template)**
 
-All dependencies will be automatically installed (takes ~2 mins on first checkout) and the app can be quickly [built](#build) and [run](#run) by following [the steps below](#build).
+All dependencies will be automatically installed (takes ~2 mins on first checkout).
 
+Alternatively, if your organisation supports it, you can checkout this repository in a Github codespace: [![Open in Github codespace](https://img.shields.io/static/v1?label=Open+in&message=GitHub+codespace&logo=github&color=2F363D&logoColor=white&labelColor=2C2C32)](https://github.com/codespaces/new?hide_repo_select=true&ref=main&repo=496290904&machine=basicLinux32gb&devcontainer_path=.devcontainer.json&location=WestEurope)
 
-Also check out the [code tour](#code-tour) to get an overview of the app.
+---
+
+## JavaScript
+
+CCF apps can be written in JavaScript/TypeScript. This is the quickest way to develop new apps as this does not require any compilation step and the app can be updated on the fly, via [a governance proposal](https://microsoft.github.io/CCF/main/build_apps/js_app_bundle.html#deployment).
+
+The JavaScript sample bundle is located in the [`js/`](js/) directory.
+
+### Run JS app
+
+```bash
+$ /opt/ccf/bin/sandbox.sh --js-app-bundle ./js/
+[12:00:00.000] Virtual mode enabled
+[12:00:00.000] Starting 1 CCF node...
+[12:00:00.000] Started CCF network with the following nodes:
+[12:00:00.000]   Node [0] = https://127.0.0.1:8000
+[12:00:00.000] You can now issue business transactions to the libjs_generic application
+[12:00:00.000] Loaded JS application: ./js/
+[12:00:00.000] Keys and certificates have been copied to the common folder: .../ccf-app-template/workspace/sandbox_common
+[12:00:00.000] See https://microsoft.github.io/CCF/main/use_apps/issue_commands.html for more information
+[12:00:00.000] Press Ctrl+C to shutdown the network
+```
+
+In another terminal:
+
+```bash
+$ curl -X POST https://127.0.0.1:8000/app/log?id=1 --cacert ./workspace/sandbox_common/service_cert.pem -H "Content-Type: application/json" --data '{"msg": "hello world"}'
+$ curl https://127.0.0.1:8000/app/log?id=1 --cacert ./workspace/sandbox_common/service_cert.pem
+hello world
+```
 
-Alternatively, if your organisation supports it, you can checkout this repository in a Github Codespace: [![Open in Github codespace](https://img.shields.io/static/v1?label=Open+in&message=GitHub+codespace&logo=github&color=2F363D&logoColor=white&labelColor=2C2C32)](https://github.com/codespaces/new?hide_repo_select=true&ref=main&repo=496290904&machine=basicLinux32gb&devcontainer_path=.devcontainer.json&location=WestEurope)
+### Docker
+
+It is possible to build a runtime image of the JavaScript application via docker:
+
+```bash
+$ docker build -t ccf-app-template:js-enclave -f docker/ccf_app_js.enclave .
+$ docker run --device /dev/sgx_enclave:/dev/sgx_enclave --device /dev/sgx_provision:/dev/sgx_provision -v /dev/sgx:/dev/sgx ccf-app-template:js-enclave
+...
+2022-01-01T12:00:00.000000Z -0.000 0   [info ] ../src/node/node_state.h:1790        | Network TLS connections now accepted
+# It is then possible to interact with the service
+```
+
+Or, for the non-SGX (a.k.a. virtual) variant:
+
+```bash
+$ docker build -t ccf-app-template:js-virtual -f docker/ccf_app_js.virtual .
+$ docker run ccf-app-template:virtual
+```
 
 ---
 
-## Build
+## C++
+
+CCF apps can also be written in C++. This offers better performance than JavaScript apps but requires a compilation step and a restart of the CCF node for deployment.
+
+The C++ sample app is located in the [`cpp/`](cpp/) directory.
+
+Also check out the [code tour](#code-tour) to get an overview of the C++ app.
+
+### Build C++ app
 
 In the checkout of this repository:
 
 ```bash
+$ cd cpp/
 $ mkdir build && cd build
 $ CC="/opt/oe_lvi/clang-10" CXX="/opt/oe_lvi/clang++-10" cmake -GNinja ..
 $ ninja
@@ -35,7 +91,7 @@ libccf_app.virtual.so # Virtual application (i.e. insecure!)
 
 See [docs](https://microsoft.github.io/CCF/main/build_apps) for complete instructions on how to build a CCF app.
 
-## Run
+### Run C++ app
 
 ```bash
 $ /opt/ccf/bin/sandbox.sh -p ./libccf_app.virtual.so
@@ -53,22 +109,13 @@ Python environment successfully setup
 
 Or, for an SGX-enabled application (unavailable in development container): `$ /opt/ccf/bin/sandbox.sh -p ./libccf_app.enclave.so.signed -e release`
 
-In another terminal:
+### Docker
 
-```bash
-$ cd build
-$ curl -X POST https://127.0.0.1:8000/app/log?id=1 --cacert ./workspace/sandbox_common/service_cert.pem -H "Content-Type: application/json" --data '{"msg": "hello world"}'
-$ curl https://127.0.0.1:8000/app/log?id=1 --cacert ./workspace/sandbox_common/service_cert.pem
-"hello world"
-```
-
-## Docker
-
-It is possible to build a runtime image of this application via docker:
+It is possible to build a runtime image of the C++ application via docker:
 
 ```bash
-$ docker build -t ccf-app-template:enclave -f docker/ccf_app.enclave .
-$ docker run --device /dev/sgx_enclave:/dev/sgx_enclave --device /dev/sgx_provision:/dev/sgx_provision -v /dev/sgx:/dev/sgx ccf-app-template:enclave
+$ docker build -t ccf-app-template:cpp-enclave -f docker/ccf_app_cpp.enclave .
+$ docker run --device /dev/sgx_enclave:/dev/sgx_enclave --device /dev/sgx_provision:/dev/sgx_provision -v /dev/sgx:/dev/sgx ccf-app-template:cpp-enclave
 ...
 2022-01-01T12:00:00.000000Z -0.000 0   [info ] ../src/node/node_state.h:1790        | Network TLS connections now accepted
 # It is then possible to interact with the service
@@ -77,13 +124,15 @@ $ docker run --device /dev/sgx_enclave:/dev/sgx_enclave --device /dev/sgx_provis
 Or, for the non-SGX (a.k.a. virtual) variant:
 
 ```bash
-$ docker build -t ccf-app-template:virtual -f docker/ccf_app.virtual .
+$ docker build -t ccf-app-template:cpp-virtual -f docker/ccf_app_cpp.virtual .
 $ docker run ccf-app-template:virtual
 ```
 
+---
+
 ## Dependencies
 
-If this repository is checked out on a bare VM (e.g. [for SGX deployments](https://docs.microsoft.com/en-us/azure/confidential-computing/quick-create-portal)), the dependencies required to build and run the CCF app can be installed as follows:
+If this repository is checked out on a bare VM (e.g. [for SGX deployments](https://docs.microsoft.com/en-us/azure/confidential-computing/quick-create-portal)), the dependencies required to build and run the C++ app can be installed as follows:
 
 ```bash
 $ wget https://github.com/microsoft/CCF/releases/download/ccf-2.0.0/ccf_2.0.7_amd64.deb
@@ -97,4 +146,4 @@ See the [CCF official docs](https://microsoft.github.io/CCF/main/build_apps/inst
 
 ## Code Tour
 
-In VSCode, a [code tour](https://marketplace.visualstudio.com/items?itemName=vsls-contrib.codetour) of this app can be started with: Ctrl + P, `> CodeTour: Start Tour`
+In VSCode, a [code tour](https://marketplace.visualstudio.com/items?itemName=vsls-contrib.codetour) of the C++ app can be started with: Ctrl + P, `> CodeTour: Start Tour`

config/cchost_config_enclave.json config/cchost_config_enclave_cpp.json

@@ -0,0 +1,32 @@
+{
+  "enclave": {
+    "file": "/usr/lib/ccf/libjs_generic.enclave.so.signed",
+    "type": "Release"
+  },
+  "network": {
+    "node_to_node_interface": { "bind_address": "127.0.0.1:8081" },
+    "rpc_interfaces": {
+      "main_interface": {
+        "bind_address": "0.0.0.0:8080"
+      }
+    }
+  },
+  "command": {
+    "type": "Start",
+    "service_certificate_file": "/app/service_cert.pem",
+    "start": {
+      "constitution_files": [
+        "/app/validate.js",
+        "/app/apply.js",
+        "/app/resolve.js",
+        "/app/actions.js"
+      ],
+      "members": [
+        {
+          "certificate_file": "/app/member0_cert.pem",
+          "encryption_public_key_file": "/app/member0_enc_pubk.pem"
+        }
+      ]
+    }
+  }
+}

config/cchost_config_enclave_js.json

@@ -0,0 +1,32 @@
+{
+    "enclave": {
+      "file": "/usr/lib/ccf/libjs_generic.virtual.so",
+      "type": "Virtual"
+    },
+    "network": {
+      "node_to_node_interface": { "bind_address": "127.0.0.1:8081" },
+      "rpc_interfaces": {
+        "main_interface": {
+          "bind_address": "0.0.0.0:8080"
+        }
+      }
+    },
+    "command": {
+      "type": "Start",
+      "service_certificate_file": "/app/service_cert.pem",
+      "start": {
+        "constitution_files": [
+          "/app/validate.js",
+          "/app/apply.js",
+          "/app/resolve.js",
+          "/app/actions.js"
+        ],
+        "members": [
+          {
+            "certificate_file": "/app/member0_cert.pem",
+            "encryption_public_key_file": "/app/member0_enc_pubk.pem"
+          }
+        ]
+      }
+    }
+  }

config/cchost_config_virtual.json config/cchost_config_virtual_cpp.json

@@ -9,13 +9,13 @@ if(NOT TARGET ccf)
   find_package(ccf REQUIRED)
 endif()
 
-add_ccf_app(ccf_app SRCS src/app/app.cpp)
+add_ccf_app(ccf_app SRCS ${CMAKE_CURRENT_SOURCE_DIR}/app/app.cpp)
 
 # Generate an ephemeral signing key
 add_custom_command(
   OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/signing_key.pem
   COMMAND openssl genrsa -out ${CMAKE_CURRENT_BINARY_DIR}/signing_key.pem -3
-          3072
+  3072
 )
 add_custom_target(
   app_signing_key ALL DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/signing_key.pem