content/browser/private_aggregation/private_aggregation_host.h - chromium/src - Git at Google

 // Copyright 2022 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #ifndef CONTENT_BROWSER_PRIVATE_AGGREGATION_PRIVATE_AGGREGATION_HOST_H_
 #define CONTENT_BROWSER_PRIVATE_AGGREGATION_PRIVATE_AGGREGATION_HOST_H_

 #include <vector>

 #include "base/callback.h"
 #include "content/browser/private_aggregation/private_aggregation_budget_key.h"
 #include "content/common/content_export.h"
 #include "content/common/private_aggregation_host.mojom.h"
 #include "mojo/public/cpp/bindings/pending_receiver.h"
 #include "mojo/public/cpp/bindings/receiver_set.h"

 namespace url {
 class Origin;
 }  // namespace url

 namespace content {

 class AggregatableReportRequest;

 // UI thread class responsible for implementing the mojo interface used by
 // worklets and renderers to request reports be sent and maintaining the
 // receiver set for this interface. It is responsible for validating the
 // messages received and then passing them on for budget approval
 class CONTENT_EXPORT PrivateAggregationHost
     : public mojom::PrivateAggregationHost {
  public:
   // Enum string identifying this API for use in reports.
   static constexpr char kApiIdentifier[] = "private-aggregation";

   // Version string for the reports generated by this API.
   static constexpr char kApiReportVersion[] = "0.1";

   // The maximum number of contributions that can go in an `AggregatableReport`.
   // Aligns with `blink::kMaxAttributionAggregationKeysPerSourceOrTrigger`.
   static constexpr int kMaxNumberOfContributions = 50;

   explicit PrivateAggregationHost(
       base::RepeatingCallback<void(AggregatableReportRequest,
                                    PrivateAggregationBudgetKey)>
           on_report_request_received);
   PrivateAggregationHost(const PrivateAggregationHost&) = delete;
   PrivateAggregationHost& operator=(const PrivateAggregationHost&) = delete;
   ~PrivateAggregationHost() override;

   // Binds a new pending receiver for a worklet, allowing messages to be sent
   // and processed. However, the receiver is not bound if the `worklet_origin`
   // is not potentially trustworthy. The return value indicates whether the
   // receiver was accepted.
   [[nodiscard]] bool BindNewReceiver(
       url::Origin worklet_origin,
       PrivateAggregationBudgetKey::Api api_for_budgeting,
       mojo::PendingReceiver<mojom::PrivateAggregationHost> pending_receiver);

   // mojom::PrivateAggregationHost:
   void SendHistogramReport(
       std::vector<mojom::AggregatableReportHistogramContributionPtr>
           contributions,
       mojom::AggregationServiceMode aggregation_mode) override;

  private:
   struct ReceiverContext;

   base::RepeatingCallback<void(AggregatableReportRequest,
                                PrivateAggregationBudgetKey)>
       on_report_request_received_;

   mojo::ReceiverSet<mojom::PrivateAggregationHost, ReceiverContext>
       receiver_set_;
 };

 }  // namespace content

 #endif  // CONTENT_BROWSER_PRIVATE_AGGREGATION_PRIVATE_AGGREGATION_HOST_H_
	// Copyright 2022 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#ifndef CONTENT_BROWSER_PRIVATE_AGGREGATION_PRIVATE_AGGREGATION_HOST_H_
	#define CONTENT_BROWSER_PRIVATE_AGGREGATION_PRIVATE_AGGREGATION_HOST_H_

	#include <vector>

	#include "base/callback.h"
	#include "content/browser/private_aggregation/private_aggregation_budget_key.h"
	#include "content/common/content_export.h"
	#include "content/common/private_aggregation_host.mojom.h"
	#include "mojo/public/cpp/bindings/pending_receiver.h"
	#include "mojo/public/cpp/bindings/receiver_set.h"

	namespace url {
	class Origin;
	} // namespace url

	namespace content {

	class AggregatableReportRequest;

	// UI thread class responsible for implementing the mojo interface used by
	// worklets and renderers to request reports be sent and maintaining the
	// receiver set for this interface. It is responsible for validating the
	// messages received and then passing them on for budget approval
	class CONTENT_EXPORT PrivateAggregationHost
	: public mojom::PrivateAggregationHost {
	public:
	// Enum string identifying this API for use in reports.
	static constexpr char kApiIdentifier[] = "private-aggregation";

	// Version string for the reports generated by this API.
	static constexpr char kApiReportVersion[] = "0.1";

	// The maximum number of contributions that can go in an `AggregatableReport`.
	// Aligns with `blink::kMaxAttributionAggregationKeysPerSourceOrTrigger`.
	static constexpr int kMaxNumberOfContributions = 50;

	explicit PrivateAggregationHost(
	base::RepeatingCallback<void(AggregatableReportRequest,
	PrivateAggregationBudgetKey)>
	on_report_request_received);
	PrivateAggregationHost(const PrivateAggregationHost&) = delete;
	PrivateAggregationHost& operator=(const PrivateAggregationHost&) = delete;
	~PrivateAggregationHost() override;

	// Binds a new pending receiver for a worklet, allowing messages to be sent
	// and processed. However, the receiver is not bound if the `worklet_origin`
	// is not potentially trustworthy. The return value indicates whether the
	// receiver was accepted.
	[[nodiscard]] bool BindNewReceiver(
	url::Origin worklet_origin,
	PrivateAggregationBudgetKey::Api api_for_budgeting,
	mojo::PendingReceiver<mojom::PrivateAggregationHost> pending_receiver);

	// mojom::PrivateAggregationHost:
	void SendHistogramReport(
	std::vector<mojom::AggregatableReportHistogramContributionPtr>
	contributions,
	mojom::AggregationServiceMode aggregation_mode) override;

	private:
	struct ReceiverContext;

	base::RepeatingCallback<void(AggregatableReportRequest,
	PrivateAggregationBudgetKey)>
	on_report_request_received_;

	mojo::ReceiverSet<mojom::PrivateAggregationHost, ReceiverContext>
	receiver_set_;
	};

	} // namespace content

	#endif // CONTENT_BROWSER_PRIVATE_AGGREGATION_PRIVATE_AGGREGATION_HOST_H_