Tidier public headers

.clang-tidy

@@ -58,5 +58,5 @@ Checks: >
   -readability-magic-numbers,
 
 WarningsAsErrors: '*'
-HeaderFilterRegex: 'include\/ccf\/(ds|threading|service|research|pal)\/.*'
+HeaderFilterRegex: 'include\/ccf\/(ds|threading|service|research|pal|node|kv|js|indexing|endpoints|crypto)\/.*'
 FormatStyle:     'file'

include/ccf/claims_digest.h

@@ -27,7 +27,7 @@ namespace ccf
     void set(Digest::Representation&& r)
     {
       is_set = true;
-      digest.set(std::move(r));
+      digest.set(r);
     }
 
     [[nodiscard]] bool empty() const

include/ccf/crypto/jwk.h

@@ -48,7 +48,7 @@ namespace ccf::crypto
 
   struct JsonWebKeyData
   {
-    JsonWebKeyType kty;
+    JsonWebKeyType kty = JsonWebKeyType::EC;
     std::optional<std::string> kid = std::nullopt;
     std::optional<std::vector<std::string>> x5c = std::nullopt;
     std::optional<std::string> n = std::nullopt;

include/ccf/crypto/sha256_hash.h

@@ -21,9 +21,9 @@ namespace ccf::crypto
 
     Sha256Hash() = default;
 
-    void set(Representation&& r)
+    void set(const Representation& r)
     {
-      h = std::move(r);
+      h = r;
     }
 
     Sha256Hash(const uint8_t* data, size_t size);

include/ccf/endpoints/authentication/all_of_auth.h

@@ -15,7 +15,7 @@ namespace ccf
   {
     std::map<std::string, std::unique_ptr<AuthnIdentity>> identities;
 
-    std::string get_conjoined_name() const;
+    [[nodiscard]] std::string get_conjoined_name() const;
   };
 
   class AllOfAuthnPolicy : public AuthnPolicy
@@ -37,15 +37,16 @@ namespace ccf
       const std::vector<std::shared_ptr<AuthnPolicy>>& _policies);
 
     std::unique_ptr<AuthnIdentity> authenticate(
-      ccf::kv::ReadOnlyTx&,
-      const std::shared_ptr<ccf::RpcContext>&,
-      std::string&) override;
+      ccf::kv::ReadOnlyTx& tx,
+      const std::shared_ptr<ccf::RpcContext>& ctx,
+      std::string& error_reason) override;
 
     void set_unauthenticated_error(
-      std::shared_ptr<ccf::RpcContext>, std::string&&) override;
+      std::shared_ptr<ccf::RpcContext> ctx,
+      std::string&& error_reason) override;
 
-    std::optional<OpenAPISecuritySchema> get_openapi_security_schema()
-      const override;
+    [[nodiscard]] std::optional<OpenAPISecuritySchema>
+    get_openapi_security_schema() const override;
 
     std::string get_security_scheme_name() override;
   };

include/ccf/endpoints/authentication/cert_auth.h

@@ -7,15 +7,12 @@
 
 namespace ccf
 {
-  namespace
+  inline std::optional<OpenAPISecuritySchema> get_cert_based_security_schema()
   {
-    std::optional<OpenAPISecuritySchema> get_cert_based_security_schema()
-    {
-      // There is currently no OpenAPI-compliant way to describe cert-based TLS
-      // auth, so this policy is not documented. This should change in
-      // OpenAPI3.1: https://github.com/OAI/OpenAPI-Specification/pull/1764
-      return std::nullopt;
-    }
+    // There is currently no OpenAPI-compliant way to describe cert-based TLS
+    // auth, so this policy is not documented. This should change in
+    // OpenAPI3.1: https://github.com/OAI/OpenAPI-Specification/pull/1764
+    return std::nullopt;
   }
 
   struct UserCertAuthnIdentity : public AuthnIdentity
@@ -35,20 +32,20 @@ namespace ccf
     static constexpr auto SECURITY_SCHEME_NAME = "user_cert";
 
     UserCertAuthnPolicy();
-    virtual ~UserCertAuthnPolicy();
+    ~UserCertAuthnPolicy() override;
 
     std::unique_ptr<AuthnIdentity> authenticate(
       ccf::kv::ReadOnlyTx& tx,
       const std::shared_ptr<ccf::RpcContext>& ctx,
       std::string& error_reason) override;
 
-    std::optional<OpenAPISecuritySchema> get_openapi_security_schema()
-      const override
+    [[nodiscard]] std::optional<OpenAPISecuritySchema>
+    get_openapi_security_schema() const override
     {
       return get_cert_based_security_schema();
     }
 
-    virtual std::string get_security_scheme_name() override
+    std::string get_security_scheme_name() override
     {
       return SECURITY_SCHEME_NAME;
     };
@@ -69,20 +66,20 @@ namespace ccf
     static constexpr auto SECURITY_SCHEME_NAME = "member_cert";
 
     MemberCertAuthnPolicy();
-    virtual ~MemberCertAuthnPolicy();
+    ~MemberCertAuthnPolicy() override;
 
     std::unique_ptr<AuthnIdentity> authenticate(
       ccf::kv::ReadOnlyTx& tx,
       const std::shared_ptr<ccf::RpcContext>& ctx,
       std::string& error_reason) override;
 
-    std::optional<OpenAPISecuritySchema> get_openapi_security_schema()
-      const override
+    [[nodiscard]] std::optional<OpenAPISecuritySchema>
+    get_openapi_security_schema() const override
     {
       return get_cert_based_security_schema();
     }
 
-    virtual std::string get_security_scheme_name() override
+    std::string get_security_scheme_name() override
     {
       return SECURITY_SCHEME_NAME;
     };
@@ -103,13 +100,13 @@ namespace ccf
       const std::shared_ptr<ccf::RpcContext>& ctx,
       std::string& error_reason) override;
 
-    std::optional<OpenAPISecuritySchema> get_openapi_security_schema()
-      const override
+    [[nodiscard]] std::optional<OpenAPISecuritySchema>
+    get_openapi_security_schema() const override
     {
       return get_cert_based_security_schema();
     }
 
-    virtual std::string get_security_scheme_name() override
+    std::string get_security_scheme_name() override
     {
       return SECURITY_SCHEME_NAME;
     };
@@ -130,20 +127,20 @@ namespace ccf
     static constexpr auto SECURITY_SCHEME_NAME = "any_cert";
 
     AnyCertAuthnPolicy();
-    virtual ~AnyCertAuthnPolicy();
+    ~AnyCertAuthnPolicy() override;
 
     std::unique_ptr<AuthnIdentity> authenticate(
       ccf::kv::ReadOnlyTx& tx,
       const std::shared_ptr<ccf::RpcContext>& ctx,
       std::string& error_reason) override;
 
-    std::optional<OpenAPISecuritySchema> get_openapi_security_schema()
-      const override
+    [[nodiscard]] std::optional<OpenAPISecuritySchema>
+    get_openapi_security_schema() const override
     {
       return get_cert_based_security_schema();
     }
 
-    virtual std::string get_security_scheme_name() override
+    std::string get_security_scheme_name() override
     {
       return SECURITY_SCHEME_NAME;
     };

include/ccf/endpoints/authentication/cose_auth.h

@@ -11,15 +11,15 @@ namespace ccf
 {
   struct ProtectedHeader
   {
-    int64_t alg;
+    int64_t alg = 0;
     std::string kid;
   };
 
   struct GovernanceProtectedHeader : ProtectedHeader
   {
     std::optional<std::string> gov_msg_type;
     std::optional<std::string> gov_msg_proposal_id;
-    uint64_t gov_msg_created_at;
+    uint64_t gov_msg_created_at = 0;
   };
 
   struct TimestampedProtectedHeader : ProtectedHeader
@@ -70,13 +70,13 @@ namespace ccf
       const std::span<const uint8_t>& content_,
       const std::span<const uint8_t>& envelope_,
       const std::span<const uint8_t>& signature_,
-      const MemberId& member_id_,
-      const ccf::crypto::Pem& member_cert_,
-      const GovernanceProtectedHeader& protected_header_) :
+      MemberId member_id_,
+      ccf::crypto::Pem member_cert_,
+      GovernanceProtectedHeader protected_header_) :
       COSESign1AuthnIdentity(content_, envelope_, signature_),
-      member_id(member_id_),
-      member_cert(member_cert_),
-      protected_header(protected_header_)
+      member_id(std::move(member_id_)),
+      member_cert(std::move(member_cert_)),
+      protected_header(std::move(protected_header_))
     {}
   };
 
@@ -95,13 +95,13 @@ namespace ccf
       const std::span<const uint8_t>& content_,
       const std::span<const uint8_t>& envelope_,
       const std::span<const uint8_t>& signature_,
-      const UserId& user_id_,
-      const ccf::crypto::Pem& user_cert_,
-      const TimestampedProtectedHeader& protected_header_) :
+      UserId user_id_,
+      ccf::crypto::Pem user_cert_,
+      TimestampedProtectedHeader protected_header_) :
       COSESign1AuthnIdentity(content_, envelope_, signature_),
-      user_id(user_id_),
-      user_cert(user_cert_),
-      protected_header(protected_header_)
+      user_id(std::move(user_id_)),
+      user_cert(std::move(user_cert_)),
+      protected_header(std::move(protected_header_))
     {}
   };
 
@@ -122,7 +122,7 @@ namespace ccf
 
     MemberCOSESign1AuthnPolicy(
       std::optional<std::string> gov_msg_type_ = std::nullopt);
-    ~MemberCOSESign1AuthnPolicy();
+    ~MemberCOSESign1AuthnPolicy() override;
 
     std::unique_ptr<AuthnIdentity> authenticate(
       ccf::kv::ReadOnlyTx& tx,
@@ -133,8 +133,8 @@ namespace ccf
       std::shared_ptr<ccf::RpcContext> ctx,
       std::string&& error_reason) override;
 
-    std::optional<OpenAPISecuritySchema> get_openapi_security_schema()
-      const override
+    [[nodiscard]] std::optional<OpenAPISecuritySchema>
+    get_openapi_security_schema() const override
     {
       return security_schema;
     }
@@ -190,12 +190,12 @@ namespace ccf
     static constexpr auto SECURITY_SCHEME_NAME = "user_cose_sign1";
 
     UserCOSESign1AuthnPolicy(
-      const std::string& msg_type_name_ = "ccf.msg.type",
-      const std::string& msg_created_at_name_ = "ccf.msg.created_at") :
-      msg_type_name(msg_type_name_),
-      msg_created_at_name(msg_created_at_name_)
+      std::string msg_type_name_ = "ccf.msg.type",
+      std::string msg_created_at_name_ = "ccf.msg.created_at") :
+      msg_type_name(std::move(msg_type_name_)),
+      msg_created_at_name(std::move(msg_created_at_name_))
     {}
-    ~UserCOSESign1AuthnPolicy();
+    ~UserCOSESign1AuthnPolicy() override;
 
     std::unique_ptr<AuthnIdentity> authenticate(
       ccf::kv::ReadOnlyTx& tx,
@@ -206,8 +206,8 @@ namespace ccf
       std::shared_ptr<ccf::RpcContext> ctx,
       std::string&& error_reason) override;
 
-    std::optional<OpenAPISecuritySchema> get_openapi_security_schema()
-      const override
+    [[nodiscard]] std::optional<OpenAPISecuritySchema>
+    get_openapi_security_schema() const override
     {
       return security_schema;
     }
@@ -232,11 +232,12 @@ namespace ccf
     static constexpr auto SECURITY_SCHEME_NAME = "typed_user_cose_sign1";
 
     TypedUserCOSESign1AuthnPolicy(
-      const std::string& expected_msg_type_,
-      const std::string& msg_type_name_ = "ccf.msg.type",
-      const std::string& msg_created_at_name_ = "ccf.msg.created_at") :
-      UserCOSESign1AuthnPolicy(msg_type_name_, msg_created_at_name_),
-      expected_msg_type(expected_msg_type_)
+      std::string expected_msg_type_,
+      std::string msg_type_name_ = "ccf.msg.type",
+      std::string msg_created_at_name_ = "ccf.msg.created_at") :
+      UserCOSESign1AuthnPolicy(
+        std::move(msg_type_name_), std::move(msg_created_at_name_)),
+      expected_msg_type(std::move(expected_msg_type_))
     {}
 
     std::unique_ptr<AuthnIdentity> authenticate(

include/ccf/endpoints/authentication/empty_auth.h

@@ -17,15 +17,16 @@ namespace ccf
     static constexpr auto SECURITY_SCHEME_NAME = "no_auth";
 
     std::unique_ptr<AuthnIdentity> authenticate(
-      ccf::kv::ReadOnlyTx&,
-      const std::shared_ptr<ccf::RpcContext>&,
-      std::string&) override;
+      [[maybe_unused]] ccf::kv::ReadOnlyTx& tx,
+      [[maybe_unused]] const std::shared_ptr<ccf::RpcContext>& ctx,
+      [[maybe_unused]] std::string& error_reason) override;
 
     void set_unauthenticated_error(
-      std::shared_ptr<ccf::RpcContext>, std::string&&) override;
+      [[maybe_unused]] std::shared_ptr<ccf::RpcContext> ctx,
+      [[maybe_unused]] std::string&& error_reason) override;
 
-    std::optional<OpenAPISecuritySchema> get_openapi_security_schema()
-      const override
+    [[nodiscard]] std::optional<OpenAPISecuritySchema>
+    get_openapi_security_schema() const override
     {
       return unauthenticated_schema;
     }

include/ccf/endpoints/authentication/js.h

@@ -56,7 +56,7 @@ namespace ccf
   }
 
   template <typename T>
-  static inline constexpr char const* get_policy_name_from_ident(const T*)
+  static constexpr char const* get_policy_name_from_ident(const T* /*unused*/)
   {
     if constexpr (std::is_same_v<T, ccf::UserCertAuthnIdentity>)
     {

include/ccf/endpoints/authentication/jwt_auth.h

@@ -34,7 +34,7 @@ namespace ccf
     static constexpr auto SECURITY_SCHEME_NAME = "jwt";
 
     JwtAuthnPolicy();
-    virtual ~JwtAuthnPolicy();
+    ~JwtAuthnPolicy() override;
 
     std::unique_ptr<AuthnIdentity> authenticate(
       ccf::kv::ReadOnlyTx& tx,
@@ -45,8 +45,8 @@ namespace ccf
       std::shared_ptr<ccf::RpcContext> ctx,
       std::string&& error_reason) override;
 
-    std::optional<OpenAPISecuritySchema> get_openapi_security_schema()
-      const override
+    [[nodiscard]] std::optional<OpenAPISecuritySchema>
+    get_openapi_security_schema() const override
     {
       return security_schema;
     }

include/ccf/entity_id.h

@@ -26,6 +26,8 @@ namespace ccf
     EntityId(const EntityId& id_) = default;
     EntityId(const Value& id_) : id(id_) {}
     EntityId(Value&& id_) : id(std::move(id_)) {}
+    EntityId(EntityId&& id_) : id(std::move(id_)) {}
+    EntityId& operator=(EntityId&& other) = default;
 
     operator std::string() const
     {

include/ccf/indexing/indexer_interface.h

@@ -24,7 +24,7 @@ namespace ccf::indexing
     std::set<StrategyPtr> strategies;
 
   public:
-    virtual ~IndexingStrategies() = default;
+    ~IndexingStrategies() override = default;
 
     static char const* get_subsystem_name()
     {

include/ccf/indexing/strategies/seqnos_by_key_bucketed.h

@@ -34,7 +34,7 @@ namespace ccf::indexing::strategies
       size_t seqnos_per_bucket_ = 1000,
       size_t max_buckets_ = 10);
 
-    size_t max_requestable_range() const;
+    [[nodiscard]] size_t max_requestable_range() const;
   };
 
   template <typename M>

include/ccf/indexing/strategies/visit_each_entry_in_map.h

@@ -31,7 +31,7 @@ namespace ccf::indexing::strategies
       const std::string& map_name_,
       const std::string& strategy_prefix = "VisitEachEntryIn");
 
-    virtual ~VisitEachEntryInMap() = default;
+    ~VisitEachEntryInMap() override = default;
 
     void handle_committed_transaction(
       const ccf::TxID& tx_id, const ccf::kv::ReadOnlyStorePtr& store) override;