Add plugins (#27)

plugins/wasm-cpp/bazel/absl.patch

@@ -0,0 +1,31 @@
+diff --git a/absl/time/internal/cctz/src/time_zone_format.cc b/absl/time/internal/cctz/src/time_zone_format.cc
+index d8cb047..0c5f182 100644
+--- a/absl/time/internal/cctz/src/time_zone_format.cc
++++ b/absl/time/internal/cctz/src/time_zone_format.cc
+@@ -18,6 +18,8 @@
+ #endif
+ #endif
+ 
++#define HAS_STRPTIME 0
++
+ #if defined(HAS_STRPTIME) && HAS_STRPTIME
+ #if !defined(_XOPEN_SOURCE)
+ #define _XOPEN_SOURCE  // Definedness suffices for strptime.
+@@ -58,7 +60,7 @@ namespace {
+ 
+ #if !HAS_STRPTIME
+ // Build a strptime() using C++11's std::get_time().
+-char* strptime(const char* s, const char* fmt, std::tm* tm) {
++char* strptime_local(const char* s, const char* fmt, std::tm* tm) {
+   std::istringstream input(s);
+   input >> std::get_time(tm, fmt);
+   if (input.fail()) return nullptr;
+@@ -648,7 +650,7 @@ const char* ParseSubSeconds(const char* dp, detail::femtoseconds* subseconds) {
+ // Parses a string into a std::tm using strptime(3).
+ const char* ParseTM(const char* dp, const char* fmt, std::tm* tm) {
+   if (dp != nullptr) {
+-    dp = strptime(dp, fmt, tm);
++    dp = strptime_local(dp, fmt, tm);
+   }
+   return dp;
+ }

plugins/wasm-cpp/bazel/boringssl.patch

@@ -0,0 +1,50 @@
+diff --git a/src/crypto/fipsmodule/rand/internal.h b/src/crypto/fipsmodule/rand/internal.h
+index 127e5d1..87fc6f0 100644
+--- a/src/crypto/fipsmodule/rand/internal.h
++++ b/src/crypto/fipsmodule/rand/internal.h
+@@ -27,7 +27,7 @@ extern "C" {
+ 
+ 
+ #if !defined(OPENSSL_WINDOWS) && !defined(OPENSSL_FUCHSIA) && \
+-    !defined(BORINGSSL_UNSAFE_DETERMINISTIC_MODE) && !defined(OPENSSL_TRUSTY)
++  !defined(BORINGSSL_UNSAFE_DETERMINISTIC_MODE) && !defined(OPENSSL_TRUSTY) && !defined(__EMSCRIPTEN__)
+ #define OPENSSL_URANDOM
+ #endif
+ 
+diff --git a/src/crypto/internal.h b/src/crypto/internal.h
+index b288583..b2e9321 100644
+--- a/src/crypto/internal.h
++++ b/src/crypto/internal.h
+@@ -130,6 +130,10 @@
+ #endif
+ #endif
+ 
++#if defined(__EMSCRIPTEN__)
++#undef OPENSSL_THREADS
++#endif
++
+ #if defined(OPENSSL_THREADS) && \
+     (!defined(OPENSSL_WINDOWS) || defined(__MINGW32__))
+ #include <pthread.h>
+@@ -493,7 +497,7 @@ OPENSSL_EXPORT void CRYPTO_once(CRYPTO_once_t *once, void (*init)(void));
+ 
+ // Automatically enable C11 atomics if implemented.
+ #if !defined(OPENSSL_C11_ATOMIC) && !defined(__STDC_NO_ATOMICS__) && \
+-    defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L
++    defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L && !defined(__EMSCRIPTEN__)
+ #define OPENSSL_C11_ATOMIC
+ #endif
+ 
+diff --git a/src/crypto/rand_extra/deterministic.c b/src/crypto/rand_extra/deterministic.c
+index 435f063..13a77db 100644
+--- a/src/crypto/rand_extra/deterministic.c
++++ b/src/crypto/rand_extra/deterministic.c
+@@ -14,7 +14,7 @@
+ 
+ #include <openssl/rand.h>
+ 
+-#if defined(BORINGSSL_UNSAFE_DETERMINISTIC_MODE)
++#if defined(BORINGSSL_UNSAFE_DETERMINISTIC_MODE) || defined(__EMSCRIPTEN__)
+ 
+ #include <string.h>
+ 

plugins/wasm-cpp/bazel/re2.patch

@@ -0,0 +1,53 @@
+diff --git a/util/mutex.h b/util/mutex.h
+index e2a8715..4031804 100644
+--- a/util/mutex.h
++++ b/util/mutex.h
+@@ -28,10 +28,10 @@
+ #if defined(MUTEX_IS_WIN32_SRWLOCK)
+ #include <windows.h>
+ typedef SRWLOCK MutexType;
+-#elif defined(MUTEX_IS_PTHREAD_RWLOCK)
+-#include <pthread.h>
+-#include <stdlib.h>
+-typedef pthread_rwlock_t MutexType;
++// #elif defined(MUTEX_IS_PTHREAD_RWLOCK)
++// #include <pthread.h>
++// #include <stdlib.h>
++// typedef pthread_rwlock_t MutexType;
+ #else
+ #include <mutex>
+ typedef std::mutex MutexType;
+@@ -73,21 +73,21 @@ void Mutex::Unlock()       { ReleaseSRWLockExclusive(&mutex_); }
+ void Mutex::ReaderLock()   { AcquireSRWLockShared(&mutex_); }
+ void Mutex::ReaderUnlock() { ReleaseSRWLockShared(&mutex_); }
+ 
+-#elif defined(MUTEX_IS_PTHREAD_RWLOCK)
++// #elif defined(MUTEX_IS_PTHREAD_RWLOCK)
+ 
+-#define SAFE_PTHREAD(fncall)    \
+-  do {                          \
+-    if ((fncall) != 0) abort(); \
+-  } while (0)
++// #define SAFE_PTHREAD(fncall)    \
++//   do {                          \
++//     if ((fncall) != 0) abort(); \
++//   } while (0)
+ 
+-Mutex::Mutex()             { SAFE_PTHREAD(pthread_rwlock_init(&mutex_, NULL)); }
+-Mutex::~Mutex()            { SAFE_PTHREAD(pthread_rwlock_destroy(&mutex_)); }
+-void Mutex::Lock()         { SAFE_PTHREAD(pthread_rwlock_wrlock(&mutex_)); }
+-void Mutex::Unlock()       { SAFE_PTHREAD(pthread_rwlock_unlock(&mutex_)); }
+-void Mutex::ReaderLock()   { SAFE_PTHREAD(pthread_rwlock_rdlock(&mutex_)); }
+-void Mutex::ReaderUnlock() { SAFE_PTHREAD(pthread_rwlock_unlock(&mutex_)); }
++// Mutex::Mutex()             { SAFE_PTHREAD(pthread_rwlock_init(&mutex_, NULL)); }
++// Mutex::~Mutex()            { SAFE_PTHREAD(pthread_rwlock_destroy(&mutex_)); }
++// void Mutex::Lock()         { SAFE_PTHREAD(pthread_rwlock_wrlock(&mutex_)); }
++// void Mutex::Unlock()       { SAFE_PTHREAD(pthread_rwlock_unlock(&mutex_)); }
++// void Mutex::ReaderLock()   { SAFE_PTHREAD(pthread_rwlock_rdlock(&mutex_)); }
++// void Mutex::ReaderUnlock() { SAFE_PTHREAD(pthread_rwlock_unlock(&mutex_)); }
+ 
+-#undef SAFE_PTHREAD
++// #undef SAFE_PTHREAD
+ 
+ #else
+ 

plugins/wasm-cpp/bazel/third_party.bzl

@@ -0,0 +1,10 @@
+load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
+
+def wasm_extension_dependency():
+    # Need to push Wasm OCI images
+    http_archive(
+        name = "io_bazel_rules_docker",
+        sha256 = "92779d3445e7bdc79b961030b996cb0c91820ade7ffa7edca69273f404b085d5",
+        strip_prefix = "rules_docker-0.20.0",
+        urls = ["https://github.com/bazelbuild/rules_docker/releases/download/v0.20.0/rules_docker-v0.20.0.tar.gz"],
+    )

plugins/wasm-cpp/bazel/wasm.bzl

@@ -0,0 +1,119 @@
+load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive", "http_file")
+load("@bazel_skylib//rules:copy_file.bzl", "copy_file")
+load(
+    "@io_bazel_rules_docker//container:container.bzl",
+    "container_image",
+    "container_push",
+)
+
+def wasm_libraries():
+    http_archive(
+        name = "com_google_absl",
+        sha256 = "ec8ef47335310cc3382bdc0d0cc1097a001e67dc83fcba807845aa5696e7e1e4",
+        strip_prefix = "abseil-cpp-302b250e1d917ede77b5ff00a6fd9f28430f1563",
+        url = "https://github.com/abseil/abseil-cpp/archive/302b250e1d917ede77b5ff00a6fd9f28430f1563.tar.gz",
+        patch_args = ["-p1"],
+        patches = ["//bazel:absl.patch"],
+    )
+
+    http_file(
+        name = "com_github_nlohmann_json_single_header",
+        sha256 = "3b5d2b8f8282b80557091514d8ab97e27f9574336c804ee666fda673a9b59926",
+        urls = [
+            "https://github.com/nlohmann/json/releases/download/v3.7.3/json.hpp",
+        ],
+    )
+
+
+    # import google test and cpp host for unit testing
+    http_archive(
+        name = "com_google_googletest",
+        sha256 = "9dc9157a9a1551ec7a7e43daea9a694a0bb5fb8bec81235d8a1e6ef64c716dcb",
+        strip_prefix = "googletest-release-1.10.0",
+        urls = ["https://github.com/google/googletest/archive/release-1.10.0.tar.gz"],
+    )
+
+    PROXY_WASM_CPP_HOST_SHA = "f38347360feaaf5b2a733f219c4d8c9660d626f0"
+    PROXY_WASM_CPP_HOST_SHA256 = "bf10de946eb5785813895c2bf16504afc0cd590b9655d9ee52fb1074d0825ea3"
+
+    http_archive(
+        name = "proxy_wasm_cpp_host",
+        sha256 = PROXY_WASM_CPP_HOST_SHA256,
+        strip_prefix = "proxy-wasm-cpp-host-" + PROXY_WASM_CPP_HOST_SHA,
+        url = "https://github.com/proxy-wasm/proxy-wasm-cpp-host/archive/" + PROXY_WASM_CPP_HOST_SHA +".tar.gz",
+    )
+
+    http_archive(
+        name = "boringssl",
+        urls = ["https://github.com/google/boringssl/archive/648cbaf033401b7fe7acdce02f275b06a88aab5c.tar.gz"],
+        strip_prefix = "boringssl-648cbaf033401b7fe7acdce02f275b06a88aab5c",
+        patch_args = ["-p1"],
+        patches = ["//bazel:boringssl.patch"],
+    )
+
+    native.bind(
+        name = "ssl",
+        actual = "@boringssl//:ssl",
+    )
+
+    http_archive(
+        name = "com_google_protobuf",
+        urls = ["https://github.com/protocolbuffers/protobuf/releases/download/v{version}/protobuf-all-3.18.0.tar.gz"],
+        strip_prefix = "protobuf-3.18.0",
+    )
+
+    native.bind(
+        name = "protobuf",
+        actual = "@com_google_protobuf//:protobuf",
+    )
+
+    http_archive(
+        name = "com_googlesource_code_re2",
+        urls = ["https://github.com/google/re2/archive/2020-07-06.tar.gz"],
+        strip_prefix = "re2-2020-07-06",
+        patch_args = ["-p1"],
+        patches = ["//bazel:re2.patch"],
+    )
+
+    native.bind(
+        name = "abseil_flat_hash_set",
+        actual = "@com_google_absl//absl/container:flat_hash_set",
+    )
+
+    native.bind(
+        name = "abseil_strings",
+        actual = "@com_google_absl//absl/strings:strings",
+    )
+
+    native.bind(
+        name = "abseil_time",
+        actual = "@com_google_absl//absl/time:time",
+    )
+
+    native.bind(
+        name = "protobuf",
+        actual = "@com_google_protobuf//:protobuf",
+    )
+
+    http_archive(
+        name = "com_github_google_jwt_verify",
+        urls = ["https://github.com/google/jwt_verify_lib/archive/26c22c0ce1bc607eec8fa5dd26b707378adc7a88.tar.gz"],
+        strip_prefix = "jwt_verify_lib-26c22c0ce1bc607eec8fa5dd26b707378adc7a88"
+    )
+    
+    
+def declare_wasm_image_targets(name, wasm_file):
+    # Rename to the spec compatible name.
+    copy_file("copy_original_file", wasm_file, "plugin.wasm")
+    container_image(
+        name = "wasm_image",
+        files = [":plugin.wasm"],
+    )
+    container_push(
+        name = "push_wasm_image",
+        format = "OCI",
+        image = ":wasm_image",
+        registry = "ghcr.io",
+        repository = "istio-ecosystem/wasm-extensions/"+name,
+        tag = "$(WASM_IMAGE_TAG)",
+    )