finalize

apskhem · apskhem · commit 17ac954801eb · 2025-08-22T22:18:09.000+07:00
diff --git a/rust/signed_doc/src/validator/id.rs b/rust/signed_doc/src/validator/id.rs
@@ -17,8 +17,9 @@ impl IdRule {
     /// 2. If `provider.future_threshold()` not `None`, document `id` cannot be too far
     ///    behind (`past_threshold` arg) from `SystemTime::now()` based on the provide
     ///    threshold
-    pub(crate) fn check<Provider>(
-        self,
+    #[allow(clippy::unused_async)]
+    pub(crate) async fn check<Provider>(
+        &self,
         doc: &CatalystSignedDocument,
         provider: &Provider,
     ) -> anyhow::Result<bool>
@@ -38,7 +39,7 @@ impl IdRule {
         let (id_time_secs, id_time_nanos) = id
             .uuid()
             .get_timestamp()
-            .ok_or(anyhow::anyhow!("Document id field must be a UUIDv7"))?
+            .ok_or(anyhow::anyhow!("Document `id` field must be a UUIDv7"))?
             .to_unix();
 
         let Some(id_time) =
diff --git a/rust/signed_doc/src/validator/mod.rs b/rust/signed_doc/src/validator/mod.rs
@@ -9,7 +9,6 @@ pub(crate) mod ver;
 use std::{
     collections::HashMap,
     sync::{Arc, LazyLock},
-    time::{Duration, SystemTime},
 };
 
 use anyhow::Context;
@@ -199,10 +198,6 @@ where
         return Ok(false);
     };
 
-    if !validate_id_and_ver(doc, provider)? {
-        return Ok(false);
-    }
-
     let Some(rules) = DOCUMENT_RULES.get(doc_type) else {
         doc.report().invalid_value(
             "`type`",
@@ -215,106 +210,6 @@ where
     rules.check(doc, provider).await
 }
 
-/// Validates document `id` and `ver` fields on the timestamps:
-/// 1. document `ver` cannot be smaller than document id field
-/// 2. If `provider.future_threshold()` not `None`, document `id` cannot be too far in the
-///    future (`future_threshold` arg) from `SystemTime::now()` based on the provide
-///    threshold
-/// 3. If `provider.future_threshold()` not `None`, document `id` cannot be too far behind
-///    (`past_threshold` arg) from `SystemTime::now()` based on the provide threshold
-fn validate_id_and_ver<Provider>(
-    doc: &CatalystSignedDocument,
-    provider: &Provider,
-) -> anyhow::Result<bool>
-where
-    Provider: CatalystSignedDocumentProvider,
-{
-    let id = doc.doc_id().ok();
-    let ver = doc.doc_ver().ok();
-    if id.is_none() {
-        doc.report().missing_field(
-            "id",
-            "Can't get a document id during the validation process",
-        );
-    }
-    if ver.is_none() {
-        doc.report().missing_field(
-            "ver",
-            "Can't get a document ver during the validation process",
-        );
-    }
-    match (id, ver) {
-        (Some(id), Some(ver)) => {
-            let mut is_valid = true;
-            if ver < id {
-                doc.report().invalid_value(
-                    "ver",
-                    &ver.to_string(),
-                    "ver < id",
-                    &format!("Document Version {ver} cannot be smaller than Document ID {id}"),
-                );
-                is_valid = false;
-            }
-
-            let (ver_time_secs, ver_time_nanos) = ver
-                .uuid()
-                .get_timestamp()
-                .ok_or(anyhow::anyhow!("Document ver field must be a UUIDv7"))?
-                .to_unix();
-
-            let Some(ver_time) =
-                SystemTime::UNIX_EPOCH.checked_add(Duration::new(ver_time_secs, ver_time_nanos))
-            else {
-                doc.report().invalid_value(
-                    "ver",
-                    &ver.to_string(),
-                    "Must a valid duration since `UNIX_EPOCH`",
-                    "Cannot instantiate a valid `SystemTime` value from the provided `ver` field timestamp.",
-                );
-                return Ok(false);
-            };
-
-            let now = SystemTime::now();
-
-            if let Ok(version_age) = ver_time.duration_since(now) {
-                // `now` is earlier than `ver_time`
-                if let Some(future_threshold) = provider.future_threshold() {
-                    if version_age > future_threshold {
-                        doc.report().invalid_value(
-                        "ver",
-                        &ver.to_string(),
-                        "ver < now + future_threshold",
-                        &format!("Document Version timestamp {id} cannot be too far in future (threshold: {future_threshold:?}) from now: {now:?}"),
-                    );
-                        is_valid = false;
-                    }
-                }
-            } else {
-                // `ver_time` is earlier than `now`
-                let version_age = now
-                    .duration_since(ver_time)
-                    .context("BUG! `ver_time` must be earlier than `now` at this place")?;
-
-                if let Some(past_threshold) = provider.past_threshold() {
-                    if version_age > past_threshold {
-                        doc.report().invalid_value(
-                        "ver",
-                        &ver.to_string(),
-                        "ver > now - past_threshold",
-                        &format!("Document Version timestamp {id} cannot be too far behind (threshold: {past_threshold:?}) from now: {now:?}",),
-                    );
-                        is_valid = false;
-                    }
-                }
-            }
-
-            Ok(is_valid)
-        },
-
-        _ => Ok(false),
-    }
-}
-
 /// Verify document signatures.
 /// Return true if all signatures are valid, otherwise return false.
 ///
@@ -401,12 +296,12 @@ mod tests {
         builder::tests::Builder,
         metadata::SupportedField,
         providers::{tests::TestCatalystSignedDocumentProvider, CatalystSignedDocumentProvider},
-        validator::{document_rules_init, validate_id_and_ver},
+        validator::{document_rules_init, id::IdRule, ver::VerRule},
         UuidV7,
     };
 
-    #[test]
-    fn document_id_and_ver_test() {
+    #[tokio::test]
+    async fn document_id_and_ver_test() {
         let provider = TestCatalystSignedDocumentProvider::default();
         let now = SystemTime::now()
             .duration_since(SystemTime::UNIX_EPOCH)
@@ -419,8 +314,9 @@ mod tests {
             .with_metadata_field(SupportedField::Ver(uuid_v7))
             .build();
 
-        let is_valid = validate_id_and_ver(&doc, &provider).unwrap();
-        assert!(is_valid);
+        let is_id_valid = IdRule.check(&doc, &provider).await.unwrap();
+        let is_ver_valid = VerRule.check(&doc).await.unwrap();
+        assert!(is_id_valid && is_ver_valid);
 
         let ver = Uuid::new_v7(Timestamp::from_unix_time(now - 1, 0, 0, 0))
             .try_into()
@@ -434,8 +330,10 @@ mod tests {
             .with_metadata_field(SupportedField::Ver(ver))
             .build();
 
-        let is_valid = validate_id_and_ver(&doc, &provider).unwrap();
-        assert!(!is_valid);
+        let is_id_valid = IdRule.check(&doc, &provider).await.unwrap();
+        let is_ver_valid = VerRule.check(&doc).await.unwrap();
+        assert!(is_id_valid);
+        assert!(!is_ver_valid);
 
         let to_far_in_past = Uuid::new_v7(Timestamp::from_unix_time(
             now - provider.past_threshold().unwrap().as_secs() - 1,
@@ -450,8 +348,10 @@ mod tests {
             .with_metadata_field(SupportedField::Ver(to_far_in_past))
             .build();
 
-        let is_valid = validate_id_and_ver(&doc, &provider).unwrap();
-        assert!(!is_valid);
+        let is_id_valid = IdRule.check(&doc, &provider).await.unwrap();
+        let is_ver_valid = VerRule.check(&doc).await.unwrap();
+        assert!(!is_id_valid);
+        assert!(is_ver_valid);
 
         let to_far_in_future = Uuid::new_v7(Timestamp::from_unix_time(
             now + provider.future_threshold().unwrap().as_secs() + 1,
@@ -466,8 +366,10 @@ mod tests {
             .with_metadata_field(SupportedField::Ver(to_far_in_future))
             .build();
 
-        let is_valid = validate_id_and_ver(&doc, &provider).unwrap();
-        assert!(!is_valid);
+        let is_id_valid = IdRule.check(&doc, &provider).await.unwrap();
+        let is_ver_valid = VerRule.check(&doc).await.unwrap();
+        assert!(!is_id_valid);
+        assert!(is_ver_valid);
     }
 
     #[test]
diff --git a/rust/signed_doc/src/validator/rules/mod.rs b/rust/signed_doc/src/validator/rules/mod.rs
@@ -62,6 +62,12 @@ impl Rules {
         Provider: CatalystSignedDocumentProvider,
     {
         let rules = [
+            self.id
+                .as_ref()
+                .map_or_else(|| pass().boxed(), |rule| rule.check(doc, provider).boxed()),
+            self.ver
+                .as_ref()
+                .map_or_else(|| pass().boxed(), |rule| rule.check(doc).boxed()),
             self.content_type.check(doc).boxed(),
             self.content_encoding.check(doc).boxed(),
             self.content.check(doc, provider).boxed(),
@@ -81,3 +87,9 @@ impl Rules {
         Ok(res)
     }
 }
+
+/// An async no-op function to pass the rule validation.
+#[allow(clippy::unused_async)]
+pub async fn pass() -> anyhow::Result<bool> {
+    Ok(true)
+}
diff --git a/rust/signed_doc/src/validator/ver.rs b/rust/signed_doc/src/validator/ver.rs
@@ -8,7 +8,8 @@ pub(crate) struct VerRule;
 impl VerRule {
     /// Validates document `ver` field on the timestamps:
     /// 1. document `ver` cannot be smaller than document `id` field
-    pub(crate) fn check(
+    #[allow(clippy::unused_async)]
+    pub(crate) async fn check(
         &self,
         doc: &CatalystSignedDocument,
     ) -> anyhow::Result<bool> {
