Avoid accessing missing interfaces on other nodes

src/node/rpc/node_frontend.h

@@ -178,35 +178,36 @@ namespace ccf
     NetworkState& network;
     ccf::AbstractNodeOperation& node_operation;
 
-    std::optional<std::string> get_redirect_address_for_node(
-      const ccf::endpoints::ReadOnlyEndpointContext& ctx,
+    using AddressOrError =
+      std::variant<std::string, ccf::jsonhandler::JsonAdapterResponse>;
+    AddressOrError get_redirect_address_for_node(
+      const ccf::endpoints::CommandEndpointContext& ctx,
+      ccf::kv::ReadOnlyTx& ro_tx,
       const ccf::NodeId& target_node)
     {
-      auto nodes = ctx.tx.ro(network.nodes);
+      auto nodes = ro_tx.ro(network.nodes);
 
       auto node_info = nodes->get(target_node);
       if (!node_info.has_value())
       {
         LOG_FAIL_FMT("Node redirection error: Unknown node {}", target_node);
-        ctx.rpc_ctx->set_error(
+        return make_error(
           HTTP_STATUS_INTERNAL_SERVER_ERROR,
           ccf::errors::InternalError,
           fmt::format(
             "Cannot find node info to produce redirect response for node {}",
             target_node));
-        return std::nullopt;
       }
 
       const auto interface_id =
         ctx.rpc_ctx->get_session_context()->interface_id;
       if (!interface_id.has_value())
       {
         LOG_FAIL_FMT("Node redirection error: Non-RPC request");
-        ctx.rpc_ctx->set_error(
+        return make_error(
           HTTP_STATUS_INTERNAL_SERVER_ERROR,
           ccf::errors::InternalError,
           "Cannot redirect non-RPC request");
-        return std::nullopt;
       }
 
       const auto& interfaces = node_info->rpc_interfaces;
@@ -216,15 +217,14 @@ namespace ccf
         LOG_FAIL_FMT(
           "Node redirection error: Target missing interface {}",
           interface_id.value());
-        ctx.rpc_ctx->set_error(
+        return make_error(
           HTTP_STATUS_INTERNAL_SERVER_ERROR,
           ccf::errors::InternalError,
           fmt::format(
             "Cannot redirect request. Received on RPC interface {}, which is "
             "not present on target node {}",
             interface_id.value(),
             target_node));
-        return std::nullopt;
       }
 
       const auto& interface = interface_it->second;
@@ -522,6 +522,43 @@ namespace ccf
         auto nodes = args.tx.rw(this->network.nodes);
         auto service = args.tx.rw(this->network.service);
 
+        auto check_for_join_redirect =
+          [&]() -> std::optional<ccf::jsonhandler::JsonAdapterResponse> {
+          if (consensus != nullptr && !this->node_operation.can_replicate())
+          {
+            auto primary_id = consensus->primary();
+            if (primary_id.has_value())
+            {
+              const AddressOrError address_or_error =
+                get_redirect_address_for_node(
+                  args, args.tx, primary_id.value());
+              if (std::holds_alternative<ccf::jsonhandler::JsonAdapterResponse>(
+                    address_or_error))
+              {
+                return std::get<ccf::jsonhandler::JsonAdapterResponse>(
+                  address_or_error);
+              }
+
+              const auto address = std::get<std::string>(address_or_error);
+              args.rpc_ctx->set_response_header(
+                http::headers::LOCATION,
+                fmt::format("https://{}/node/join", address));
+
+              return make_error(
+                HTTP_STATUS_PERMANENT_REDIRECT,
+                ccf::errors::NodeCannotHandleRequest,
+                "Node is not primary; cannot handle write");
+            }
+
+            return make_error(
+              HTTP_STATUS_INTERNAL_SERVER_ERROR,
+              ccf::errors::InternalError,
+              "Primary unknown");
+          }
+
+          return std::nullopt;
+        };
+
         auto active_service = service->get();
         if (!active_service.has_value())
         {
@@ -563,40 +600,10 @@ namespace ccf
             return make_success(rep);
           }
 
-          if (consensus != nullptr && !this->node_operation.can_replicate())
+          const auto redirect_response = check_for_join_redirect();
+          if (redirect_response.has_value())
           {
-            auto primary_id = consensus->primary();
-            if (primary_id.has_value())
-            {
-              auto info = nodes->get(primary_id.value());
-              if (info)
-              {
-                auto& interface_id =
-                  args.rpc_ctx->get_session_context()->interface_id;
-                if (!interface_id.has_value())
-                {
-                  return make_error(
-                    HTTP_STATUS_INTERNAL_SERVER_ERROR,
-                    ccf::errors::InternalError,
-                    "Cannot redirect non-RPC request.");
-                }
-                const auto& address =
-                  info->rpc_interfaces[interface_id.value()].published_address;
-                args.rpc_ctx->set_response_header(
-                  http::headers::LOCATION,
-                  fmt::format("https://{}/node/join", address));
-
-                return make_error(
-                  HTTP_STATUS_PERMANENT_REDIRECT,
-                  ccf::errors::NodeCannotHandleRequest,
-                  "Node is not primary; cannot handle write");
-              }
-            }
-
-            return make_error(
-              HTTP_STATUS_INTERNAL_SERVER_ERROR,
-              ccf::errors::InternalError,
-              "Primary unknown");
+            return redirect_response.value();
           }
 
           return add_node(
@@ -655,40 +662,10 @@ namespace ccf
         }
         else
         {
-          if (consensus != nullptr && !this->node_operation.can_replicate())
+          const auto redirect_response = check_for_join_redirect();
+          if (redirect_response.has_value())
           {
-            auto primary_id = consensus->primary();
-            if (primary_id.has_value())
-            {
-              auto info = nodes->get(primary_id.value());
-              if (info)
-              {
-                auto& interface_id =
-                  args.rpc_ctx->get_session_context()->interface_id;
-                if (!interface_id.has_value())
-                {
-                  return make_error(
-                    HTTP_STATUS_INTERNAL_SERVER_ERROR,
-                    ccf::errors::InternalError,
-                    "Cannot redirect non-RPC request.");
-                }
-                const auto& address =
-                  info->rpc_interfaces[interface_id.value()].published_address;
-                args.rpc_ctx->set_response_header(
-                  http::headers::LOCATION,
-                  fmt::format("https://{}/node/join", address));
-
-                return make_error(
-                  HTTP_STATUS_PERMANENT_REDIRECT,
-                  ccf::errors::NodeCannotHandleRequest,
-                  "Node is not primary; cannot handle write");
-              }
-            }
-
-            return make_error(
-              HTTP_STATUS_INTERNAL_SERVER_ERROR,
-              ccf::errors::InternalError,
-              "Primary unknown");
+            return redirect_response.value();
           }
 
           // If the node does not exist, add it to the KV in state pending
@@ -1344,51 +1321,58 @@ namespace ccf
         .set_auto_schema<void, GetNode::Out>()
         .install();
 
-      auto head_primary = [this](auto& args) {
+      auto head_primary = [this](auto& args, nlohmann::json&&) {
         if (this->node_operation.can_replicate())
         {
-          args.rpc_ctx->set_response_status(HTTP_STATUS_OK);
+          // Body is ignored for head requests, but for backwards compatibility
+          // we want to ensure a 200 is returned rather than a 204
+          return ccf::make_success("Ignored body");
         }
         else
         {
-          args.rpc_ctx->set_response_status(HTTP_STATUS_PERMANENT_REDIRECT);
-          if (consensus != nullptr)
+          if (consensus == nullptr)
           {
-            auto primary_id = consensus->primary();
-            if (!primary_id.has_value())
-            {
-              args.rpc_ctx->set_error(
-                HTTP_STATUS_INTERNAL_SERVER_ERROR,
-                ccf::errors::InternalError,
-                "Primary unknown");
-              return;
-            }
+            return ccf::make_error(
+              HTTP_STATUS_INTERNAL_SERVER_ERROR,
+              ccf::errors::InternalError,
+              "Unable to determine primary - consensus object not created");
+          }
 
-            auto nodes = args.tx.ro(this->network.nodes);
-            auto info = nodes->get(primary_id.value());
-            if (info)
-            {
-              auto& interface_id =
-                args.rpc_ctx->get_session_context()->interface_id;
-              if (!interface_id.has_value())
-              {
-                args.rpc_ctx->set_error(
-                  HTTP_STATUS_INTERNAL_SERVER_ERROR,
-                  ccf::errors::InternalError,
-                  "Cannot redirect non-RPC request.");
-                return;
-              }
-              const auto& address =
-                info->rpc_interfaces[interface_id.value()].published_address;
-              args.rpc_ctx->set_response_header(
-                http::headers::LOCATION,
-                fmt::format("https://{}/node/primary", address));
-            }
+          auto primary_id = consensus->primary();
+
+          if (!primary_id.has_value())
+          {
+            return ccf::make_error(
+              HTTP_STATUS_INTERNAL_SERVER_ERROR,
+              ccf::errors::InternalError,
+              "Primary unknown");
           }
+
+          const AddressOrError address_or_error =
+            get_redirect_address_for_node(args, args.tx, primary_id.value());
+          if (std::holds_alternative<ccf::jsonhandler::JsonAdapterResponse>(
+                address_or_error))
+          {
+            return std::get<ccf::jsonhandler::JsonAdapterResponse>(
+              address_or_error);
+          }
+
+          const auto address = std::get<std::string>(address_or_error);
+
+          args.rpc_ctx->set_response_header(
+            ccf::http::headers::LOCATION,
+            fmt::format("https://{}/node/primary", address));
+          return ccf::make_error(
+            HTTP_STATUS_PERMANENT_REDIRECT,
+            ccf::errors::NodeCannotHandleRequest,
+            "Redirecting to primary");
         }
       };
       make_read_only_endpoint(
-        "/primary", HTTP_HEAD, head_primary, no_auth_required)
+        "/primary",
+        HTTP_HEAD,
+        json_read_only_adapter(head_primary),
+        no_auth_required)
         .set_forwarding_required(endpoints::ForwardingRequired::Never)
         .install();
 
@@ -1910,16 +1894,15 @@ namespace ccf
       static constexpr auto snapshot_since_param_key = "since";
       // Redirects to endpoint for a single specific snapshot
       auto find_snapshot =
-        [this](ccf::endpoints::ReadOnlyEndpointContext& ctx) {
+        [this](ccf::endpoints::ReadOnlyEndpointContext& ctx, nlohmann::json&&) {
           auto node_configuration_subsystem =
             this->context.get_subsystem<NodeConfigurationSubsystem>();
           if (!node_configuration_subsystem)
           {
-            ctx.rpc_ctx->set_error(
+            return make_error(
               HTTP_STATUS_INTERNAL_SERVER_ERROR,
               ccf::errors::InternalError,
               "NodeConfigurationSubsystem is not available");
-            return;
           }
 
           const auto& snapshots_config =
@@ -1939,11 +1922,10 @@ namespace ccf
             {
               if (error_reason != "")
               {
-                ctx.rpc_ctx->set_error(
+                return make_error(
                   HTTP_STATUS_BAD_REQUEST,
                   ccf::errors::InvalidQueryParameterValue,
                   std::move(error_reason));
-                return;
               }
               latest_idx = snapshot_since.value();
             }
@@ -1956,41 +1938,51 @@ namespace ccf
 
           if (!latest_committed_snapshot.has_value())
           {
-            ctx.rpc_ctx->set_error(
+            return make_error(
               HTTP_STATUS_NOT_FOUND,
               ccf::errors::ResourceNotFound,
               fmt::format(
                 "This node has no committed snapshots since {}", orig_latest));
-            return;
           }
 
           const auto& snapshot_path = latest_committed_snapshot.value();
 
-          const auto address =
-            get_redirect_address_for_node(ctx, this->context.get_node_id());
-          if (!address.has_value())
+          const AddressOrError address_or_error = get_redirect_address_for_node(
+            ctx, ctx.tx, this->context.get_node_id());
+          if (std::holds_alternative<ccf::jsonhandler::JsonAdapterResponse>(
+                address_or_error))
           {
-            // Helper function should have populated error response, so return
-            // now
-            return;
+            return std::get<ccf::jsonhandler::JsonAdapterResponse>(
+              address_or_error);
           }
 
-          auto redirect_url = fmt::format(
-            "https://{}/node/snapshot/{}", address.value(), snapshot_path);
+          const auto address = std::get<std::string>(address_or_error);
+          auto redirect_url =
+            fmt::format("https://{}/node/snapshot/{}", address, snapshot_path);
           LOG_DEBUG_FMT("Redirecting to snapshot: {}", redirect_url);
+
           ctx.rpc_ctx->set_response_header(
             ccf::http::headers::LOCATION, redirect_url);
-          ctx.rpc_ctx->set_response_status(HTTP_STATUS_PERMANENT_REDIRECT);
+          return ccf::make_error(
+            HTTP_STATUS_PERMANENT_REDIRECT,
+            ccf::errors::NodeCannotHandleRequest,
+            "Redirecting to primary");
         };
       make_read_only_endpoint(
-        "/snapshot", HTTP_HEAD, find_snapshot, no_auth_required)
+        "/snapshot",
+        HTTP_HEAD,
+        json_read_only_adapter(find_snapshot),
+        no_auth_required)
         .set_forwarding_required(endpoints::ForwardingRequired::Never)
         .add_query_parameter<ccf::SeqNo>(
           snapshot_since_param_key, ccf::endpoints::OptionalParameter)
         .set_openapi_hidden(true)
         .install();
       make_read_only_endpoint(
-        "/snapshot", HTTP_GET, find_snapshot, no_auth_required)
+        "/snapshot",
+        HTTP_GET,
+        json_read_only_adapter(find_snapshot),
+        no_auth_required)
         .set_forwarding_required(endpoints::ForwardingRequired::Never)
         .add_query_parameter<ccf::SeqNo>(
           snapshot_since_param_key, ccf::endpoints::OptionalParameter)

src/snapshots/fetch.h

@@ -276,6 +276,9 @@ namespace snapshots
 
         response_body = std::move(request->get_response_ptr());
         curl_easy = std::move(request->get_easy_handle_ptr());
+
+        // Ignore any body from redirect responses
+        response_body->buffer.clear();
       }
 
       while (!fetched_all)