Add external payload reference storage contract

Author: durable-workflow-ops

src/V2/Contracts/ExternalPayloadStorageDriver.php

@@ -0,0 +1,23 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Workflow\V2\Contracts;
+
+interface ExternalPayloadStorageDriver
+{
+    /**
+     * Persist encoded payload bytes and return a stable URI.
+     */
+    public function put(string $data, string $sha256, string $codec): string;
+
+    /**
+     * Fetch previously persisted encoded payload bytes.
+     */
+    public function get(string $uri): string;
+
+    /**
+     * Delete previously persisted payload bytes when retention removes a run.
+     */
+    public function delete(string $uri): void;
+}

src/V2/Exceptions/ExternalPayloadIntegrityException.php

@@ -0,0 +1,11 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Workflow\V2\Exceptions;
+
+use RuntimeException;
+
+final class ExternalPayloadIntegrityException extends RuntimeException
+{
+}

src/V2/Support/ExternalPayloadReference.php

@@ -0,0 +1,102 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Workflow\V2\Support;
+
+use InvalidArgumentException;
+use Workflow\Serializers\CodecRegistry;
+
+final class ExternalPayloadReference
+{
+    public const SCHEMA = 'durable-workflow.v2.external-payload-reference.v1';
+
+    public function __construct(
+        public readonly string $uri,
+        public readonly string $sha256,
+        public readonly int $sizeBytes,
+        public readonly string $codec,
+        public readonly string $schema = self::SCHEMA,
+    ) {
+        if ($this->schema !== self::SCHEMA) {
+            throw new InvalidArgumentException('Unsupported external payload reference schema.');
+        }
+
+        if ($this->uri === '') {
+            throw new InvalidArgumentException('External payload reference URI must be a non-empty string.');
+        }
+
+        self::validateSha256($this->sha256);
+
+        if ($this->sizeBytes < 0) {
+            throw new InvalidArgumentException('External payload reference size_bytes must be a non-negative integer.');
+        }
+
+        if ($this->codec === '') {
+            throw new InvalidArgumentException('External payload reference codec must be a non-empty string.');
+        }
+
+        CodecRegistry::canonicalize($this->codec);
+    }
+
+    /**
+     * @param  array<string, mixed>  $data
+     */
+    public static function fromArray(array $data): self
+    {
+        $schema = $data['schema'] ?? null;
+        $uri = $data['uri'] ?? null;
+        $sha256 = $data['sha256'] ?? null;
+        $sizeBytes = $data['size_bytes'] ?? null;
+        $codec = $data['codec'] ?? null;
+
+        if ($schema !== self::SCHEMA) {
+            throw new InvalidArgumentException('Unsupported external payload reference schema.');
+        }
+
+        if (! is_string($uri) || $uri === '') {
+            throw new InvalidArgumentException('External payload reference URI must be a non-empty string.');
+        }
+
+        if (! is_string($sha256)) {
+            throw new InvalidArgumentException('External payload reference sha256 must be a hex digest.');
+        }
+
+        if (! is_int($sizeBytes) || $sizeBytes < 0) {
+            throw new InvalidArgumentException('External payload reference size_bytes must be a non-negative integer.');
+        }
+
+        if (! is_string($codec) || $codec === '') {
+            throw new InvalidArgumentException('External payload reference codec must be a non-empty string.');
+        }
+
+        return new self(
+            uri: $uri,
+            sha256: strtolower($sha256),
+            sizeBytes: $sizeBytes,
+            codec: CodecRegistry::canonicalize($codec),
+            schema: $schema,
+        );
+    }
+
+    /**
+     * @return array{schema: string, uri: string, sha256: string, size_bytes: int, codec: string}
+     */
+    public function toArray(): array
+    {
+        return [
+            'schema' => $this->schema,
+            'uri' => $this->uri,
+            'sha256' => $this->sha256,
+            'size_bytes' => $this->sizeBytes,
+            'codec' => $this->codec,
+        ];
+    }
+
+    private static function validateSha256(string $sha256): void
+    {
+        if (! preg_match('/\A[a-f0-9]{64}\z/i', $sha256)) {
+            throw new InvalidArgumentException('External payload reference sha256 must be a hex digest.');
+        }
+    }
+}

src/V2/Support/ExternalPayloadStorage.php

@@ -0,0 +1,39 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Workflow\V2\Support;
+
+use Workflow\Serializers\CodecRegistry;
+use Workflow\V2\Contracts\ExternalPayloadStorageDriver;
+use Workflow\V2\Exceptions\ExternalPayloadIntegrityException;
+
+final class ExternalPayloadStorage
+{
+    public static function store(
+        ExternalPayloadStorageDriver $driver,
+        string $data,
+        string $codec
+    ): ExternalPayloadReference {
+        $codec = CodecRegistry::canonicalize($codec);
+        $sha256 = hash('sha256', $data);
+        $uri = $driver->put($data, $sha256, $codec);
+
+        return new ExternalPayloadReference(uri: $uri, sha256: $sha256, sizeBytes: strlen($data), codec: $codec);
+    }
+
+    public static function fetch(ExternalPayloadStorageDriver $driver, ExternalPayloadReference $reference): string
+    {
+        $data = $driver->get($reference->uri);
+
+        if (strlen($data) !== $reference->sizeBytes) {
+            throw new ExternalPayloadIntegrityException('External payload size does not match its reference.');
+        }
+
+        if (! hash_equals($reference->sha256, hash('sha256', $data))) {
+            throw new ExternalPayloadIntegrityException('External payload hash does not match its reference.');
+        }
+
+        return $data;
+    }
+}

src/V2/Support/LocalFilesystemExternalPayloadStorage.php

@@ -0,0 +1,133 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Workflow\V2\Support;
+
+use InvalidArgumentException;
+use RuntimeException;
+use Workflow\V2\Contracts\ExternalPayloadStorageDriver;
+
+final class LocalFilesystemExternalPayloadStorage implements ExternalPayloadStorageDriver
+{
+    private string $root;
+
+    public function __construct(string $root)
+    {
+        $resolved = realpath($root);
+
+        if ($resolved === false) {
+            if (! mkdir($root, 0775, true) && ! is_dir($root)) {
+                throw new RuntimeException(sprintf('Unable to create external payload storage root [%s].', $root));
+            }
+
+            $resolved = realpath($root);
+        }
+
+        if ($resolved === false || ! is_dir($resolved)) {
+            throw new InvalidArgumentException(sprintf(
+                'External payload storage root [%s] is not a directory.',
+                $root
+            ));
+        }
+
+        $this->root = rtrim($resolved, DIRECTORY_SEPARATOR);
+    }
+
+    public function put(string $data, string $sha256, string $codec): string
+    {
+        $this->validateSha256($sha256);
+        $codecSegment = $this->safeCodecSegment($codec);
+        $path = $this->root . DIRECTORY_SEPARATOR . $codecSegment . DIRECTORY_SEPARATOR . substr(
+            $sha256,
+            0,
+            2
+        ) . DIRECTORY_SEPARATOR . $sha256;
+        $directory = dirname($path);
+
+        if (! is_dir($directory) && ! mkdir($directory, 0775, true) && ! is_dir($directory)) {
+            throw new RuntimeException(sprintf('Unable to create external payload directory [%s].', $directory));
+        }
+
+        if (! is_file($path) && file_put_contents($path, $data, LOCK_EX) === false) {
+            throw new RuntimeException(sprintf('Unable to write external payload [%s].', $path));
+        }
+
+        return self::pathToFileUri($path);
+    }
+
+    public function get(string $uri): string
+    {
+        $path = $this->pathFromUri($uri);
+        if (! is_file($path)) {
+            throw new RuntimeException(sprintf('Unable to read external payload [%s].', $uri));
+        }
+
+        $data = file_get_contents($path);
+
+        if ($data === false) {
+            throw new RuntimeException(sprintf('Unable to read external payload [%s].', $uri));
+        }
+
+        return $data;
+    }
+
+    public function delete(string $uri): void
+    {
+        $path = $this->pathFromUri($uri);
+
+        if (is_file($path)) {
+            unlink($path);
+        }
+    }
+
+    private function pathFromUri(string $uri): string
+    {
+        $parts = parse_url($uri);
+
+        if (($parts['scheme'] ?? null) !== 'file') {
+            throw new InvalidArgumentException('Local external storage can only read file:// URIs.');
+        }
+
+        $host = $parts['host'] ?? '';
+        if ($host !== '' && $host !== 'localhost') {
+            throw new InvalidArgumentException('Local external storage can only read file://localhost URIs.');
+        }
+
+        $path = rawurldecode($parts['path'] ?? '');
+        $resolved = realpath($path);
+        if ($resolved === false) {
+            $parent = realpath(dirname($path));
+            if ($parent !== false && str_starts_with($parent, $this->root . DIRECTORY_SEPARATOR)) {
+                return $path;
+            }
+        }
+
+        if ($path === '' || $resolved === false || ! str_starts_with($resolved, $this->root . DIRECTORY_SEPARATOR)) {
+            throw new InvalidArgumentException('External payload URI is outside the local storage root.');
+        }
+
+        return $resolved;
+    }
+
+    private static function pathToFileUri(string $path): string
+    {
+        return 'file://' . implode('/', array_map('rawurlencode', explode(DIRECTORY_SEPARATOR, $path)));
+    }
+
+    private function validateSha256(string $sha256): void
+    {
+        if (! preg_match('/\A[a-f0-9]{64}\z/i', $sha256)) {
+            throw new InvalidArgumentException('sha256 must be a hex digest.');
+        }
+    }
+
+    private function safeCodecSegment(string $codec): string
+    {
+        if (! preg_match('/\A[A-Za-z0-9_.-]+\z/', $codec)) {
+            throw new InvalidArgumentException('Codec contains characters that are unsafe for local storage paths.');
+        }
+
+        return $codec;
+    }
+}