indexbus_msg/

header.rs

use crate::constants::{MAGIC, SLOT_CAPACITY, V1_HEADER_LEN};
use crate::errors::Error;
use crate::utils::bytes;

/// Parsed v1 envelope header.
///
/// ## Field invariants
///
/// - `header_len` is the declared length of the header prefix in bytes.
///   - v1 decoding accepts values `>= V1_HEADER_LEN` and may ignore appended header bytes.
///   - v1 encoding currently only supports `header_len == V1_HEADER_LEN`.
/// - `payload_len` is the declared payload length in bytes.
/// - `header_len + payload_len` is validated against [`crate::SLOT_CAPACITY`].
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
pub struct Header {
    /// Envelope flags; see [`crate::flags`].
    pub flags: u16,
    /// Codec identifier used to interpret the payload bytes.
    pub codec_id: u8,
    /// Header length in bytes (append-only evolution).
    pub header_len: u8,

    /// Schema identifier (application-defined).
    pub schema_id: u64,
    /// Message type identifier within a schema (application-defined).
    pub msg_type: u32,
    /// Message version within a schema/type (application-defined).
    pub msg_version: u16,
    /// Payload length in bytes.
    pub payload_len: u16,
}

#[inline]
/// Encode a v1 header into `out`.
///
/// ## Contract
///
/// - Writes exactly `V1_HEADER_LEN` bytes on success and returns `V1_HEADER_LEN`.
/// - Currently requires `hdr.header_len == V1_HEADER_LEN`.
/// - Rejects unknown flag bits for deterministic behavior.
/// - Validates `hdr.header_len + hdr.payload_len <= SLOT_CAPACITY`.
/// - Does not write any payload bytes; callers are expected to write the payload after the header.
///
/// ## Errors
///
/// Returns [`Error::BufferTooSmall`] if `out` is shorter than `V1_HEADER_LEN`. Returns
/// [`Error::BadHeaderLen`], [`Error::BadPayloadLen`], or [`Error::UnknownFlags`] if the header is
/// structurally invalid.
pub fn encode_header_into(out: &mut [u8], hdr: Header) -> Result<usize, Error> {
    if out.len() < V1_HEADER_LEN {
        return Err(Error::BufferTooSmall {
            required: V1_HEADER_LEN,
            provided: out.len(),
        });
    }

    // v1 currently only supports the minimum header.
    if hdr.header_len as usize != V1_HEADER_LEN {
        return Err(Error::BadHeaderLen {
            header_len: hdr.header_len as usize,
        });
    }

    let total = (hdr.header_len as usize)
        .checked_add(hdr.payload_len as usize)
        .ok_or(Error::BadPayloadLen {
            payload_len: hdr.payload_len as usize,
        })?;

    if total > SLOT_CAPACITY {
        return Err(Error::BadPayloadLen {
            payload_len: hdr.payload_len as usize,
        });
    }

    // Reject unknown flags for deterministic behavior.
    let known = crate::flags::CRC32_PRESENT | crate::flags::COMPRESSED | crate::flags::SIGNED;
    if (hdr.flags & !known) != 0 {
        return Err(Error::UnknownFlags { flags: hdr.flags });
    }

    out[..4].copy_from_slice(&MAGIC);
    bytes::write_u16_le(&mut out[4..6], hdr.flags);
    out[6] = hdr.codec_id;
    out[7] = hdr.header_len;
    bytes::write_u64_le(&mut out[8..16], hdr.schema_id);
    bytes::write_u32_le(&mut out[16..20], hdr.msg_type);
    bytes::write_u16_le(&mut out[20..22], hdr.msg_version);
    bytes::write_u16_le(&mut out[22..24], hdr.payload_len);

    Ok(V1_HEADER_LEN)
}

#[inline]
/// Decode a v1 header from `input`.
///
/// Returns the parsed header and a slice of the payload bytes.
///
/// ## Contract
///
/// - Accepts `header_len >= V1_HEADER_LEN` and ignores appended header bytes it does not
///   understand.
/// - Rejects unknown flag bits for deterministic behavior.
/// - Validates `header_len + payload_len <= SLOT_CAPACITY`.
/// - Returns a payload slice that borrows from `input`.
///
/// ## Errors
///
/// Returns [`Error::Truncated`] if `input` does not contain enough bytes for the declared header or
/// payload. Returns [`Error::BadMagic`], [`Error::BadHeaderLen`], [`Error::BadPayloadLen`], or
/// [`Error::UnknownFlags`] if the envelope is structurally invalid.
pub fn decode_header(input: &[u8]) -> Result<(Header, &[u8]), Error> {
    if input.len() < V1_HEADER_LEN {
        return Err(Error::Truncated);
    }

    if input[..4] != MAGIC {
        return Err(Error::BadMagic);
    }

    let flags = bytes::read_u16_le(&input[4..6]);
    let codec_id = input[6];
    let header_len = input[7] as usize;

    if header_len < V1_HEADER_LEN {
        return Err(Error::BadHeaderLen { header_len });
    }

    if header_len > input.len() {
        return Err(Error::Truncated);
    }

    // Reject unknown flags for deterministic behavior.
    let known = crate::flags::CRC32_PRESENT | crate::flags::COMPRESSED | crate::flags::SIGNED;
    if (flags & !known) != 0 {
        return Err(Error::UnknownFlags { flags });
    }

    // We only parse the v1 fixed prefix; appended bytes are ignored in v1.
    let schema_id = bytes::read_u64_le(&input[8..16]);
    let msg_type = bytes::read_u32_le(&input[16..20]);
    let msg_version = bytes::read_u16_le(&input[20..22]);
    let payload_len = bytes::read_u16_le(&input[22..24]) as usize;

    if header_len + payload_len > SLOT_CAPACITY {
        return Err(Error::BadPayloadLen { payload_len });
    }

    if header_len + payload_len > input.len() {
        return Err(Error::Truncated);
    }

    let hdr = Header {
        flags,
        codec_id,
        header_len: header_len as u8,
        schema_id,
        msg_type,
        msg_version,
        payload_len: payload_len as u16,
    };

    let payload = &input[header_len..(header_len + payload_len)];
    Ok((hdr, payload))
}