flodgatt/src/main.rs

use log::{log_enabled, Level};
use ragequit::{
    config,
    parse_client_request::{sse, user, ws},
    redis_to_client_stream,
    redis_to_client_stream::ClientAgent,
};
use warp::{ws::Ws2, Filter as WarpFilter};

fn main() {
    config::logging_and_env();
    let client_agent_sse = ClientAgent::blank();
    let client_agent_ws = client_agent_sse.clone_with_shared_receiver();

    if log_enabled!(Level::Warn) {
        println!("Streaming server initialized and ready to accept connections");
    };

    // Server Sent Events
    //
    // For SSE, the API requires users to use different endpoints, so we first filter based on
    // the endpoint.  Using that endpoint determine the `timeline` the user is requesting,
    // the scope for that `timeline`, and authenticate the `User` if they provided a token.
    let sse_routes = sse::filter_incomming_request()
        .and(warp::sse())
        .map(
            move |timeline: String, user: user::User, sse_connection_to_client: warp::sse::Sse| {
                // Create a new ClientAgent
                let mut client_agent = client_agent_sse.clone_with_shared_receiver();
                // Assign that agent to generate a stream of updates for the user/timeline pair
                client_agent.init_for_user(&timeline, user);
                // send the updates through the SSE connection
                redis_to_client_stream::send_updates_to_sse(client_agent, sse_connection_to_client)
            },
        )
        .with(warp::reply::with::header("Connection", "keep-alive"))
        .recover(config::handle_errors);

    // WebSocket
    //
    // For WS, the API specifies a single endpoint, so we extract the User/timeline pair
    // directy from the query
    let websocket_routes = ws::extract_user_and_query()
        .and_then(move |mut user: user::User, q: ws::Query, ws: Ws2| {
            let token = user.access_token.clone();
            let read_scope = user.scopes.clone();

            let timeline = match q.stream.as_ref() {
                // Public endpoints:
                tl @ "public" | tl @ "public:local" if q.media => format!("{}:media", tl),
                tl @ "public:media" | tl @ "public:local:media" => tl.to_string(),
                tl @ "public" | tl @ "public:local" => tl.to_string(),
                // Hashtag endpoints:
                tl @ "hashtag" | tl @ "hashtag:local" => format!("{}:{}", tl, q.hashtag),
                // Private endpoints: User
                "user" if user.logged_in && (read_scope.all || read_scope.statuses) => {
                    format!("{}", user.id)
                }
                "user:notification" if user.logged_in && (read_scope.all || read_scope.notify) => {
                    user = user.set_filter(user::Filter::Notification);
                    format!("{}", user.id)
                }
                // List endpoint:
                "list" if user.owns_list(q.list) && (read_scope.all || read_scope.lists) => {
                    format!("list:{}", q.list)
                }
                // Direct endpoint:
                "direct" if user.logged_in && (read_scope.all || read_scope.statuses) => {
                    "direct".to_string()
                }
                // Reject unathorized access attempts for private endpoints
                "user" | "user:notification" | "direct" | "list" => {
                    return Err(warp::reject::custom("Error: Invalid Access Token"))
                }
                // Other endpoints don't exist:
                _ => return Err(warp::reject::custom("Error: Nonexistent WebSocket query")),
            };

            // Create a new ClientAgent
            let mut client_agent = client_agent_ws.clone_with_shared_receiver();
            // Assign that agent to generate a stream of updates for the user/timeline pair
            client_agent.init_for_user(&timeline, user);
            // send the updates through the WS connection (along with the User's access_token
            // which is sent for security)
            Ok((
                ws.on_upgrade(move |socket| {
                    redis_to_client_stream::send_updates_to_ws(socket, client_agent)
                }),
                token,
            ))
        })
        .map(|(reply, token)| warp::reply::with_header(reply, "sec-websocket-protocol", token));

    let cors = config::cross_origin_resource_sharing();

    warp::serve(websocket_routes.or(sse_routes).with(cors)).run(*config::SERVER_ADDR);
}
Add additional logging for postgres connection/server status 2019-07-10 04:20:11 +02:00			`use log::{log_enabled, Level};`
Initial cleanup/refactor 2019-07-06 02:08:50 +02:00			`use ragequit::{`
Replace integration tests with unit tests (#37) * Upgrade postgres dependency to support ssl * Clean up configuration code * Add support for SSL with postgres [WIP] * Add unit tests with mock Postgres 2019-09-05 03:48:29 +02:00			`config,`
Code reorganization 2019-07-08 13:31:42 +02:00			`parse_client_request::{sse, user, ws},`
			`redis_to_client_stream,`
			`redis_to_client_stream::ClientAgent,`
Initial cleanup/refactor 2019-07-06 02:08:50 +02:00			`};`
			`use warp::{ws::Ws2, Filter as WarpFilter};`
Added structures for env variables 2019-02-19 20:29:32 +01:00
Implement basic Server Sent Events with Warp This commit rolls up several days of work that took place in a side repo which was originally intended to be a test/proof-of-concept repo but that grew into a full implementation. This implementation switches to Warp as the framework for the primary web server (in large part because Warp offers built-in support for SSE and several other advantages). This implementation relies on a custom Redis interface built on Tokio (because the current Redis Rust crate does not support asnyc PubSub). Using a custom interface should also be faster, since it does not contain logic for anything other than pubsub—which is all we need. Finally, I note that the SSE support is currently as feature-complete as it is possible to be without having yet added the Postgress interface this means that all of the endpoints are present and are accessible on localhost. However, none of the endpoints have authentication yet, and the endpoints that should provide user-specific data (e.g., `/api/v1/streaming/user`) are currently hard-coded to provide data for user 1 (the admin). Other than those limitations, however, the SSE implementation is feature complete. 2019-04-15 20:22:44 +02:00			`fn main() {`
Initial cleanup/refactor 2019-07-06 02:08:50 +02:00			`config::logging_and_env();`
Code reorganization 2019-07-08 13:31:42 +02:00			`let client_agent_sse = ClientAgent::blank();`
			`let client_agent_ws = client_agent_sse.clone_with_shared_receiver();`
Add unit tests, (some) integration tests, and documentation 2019-05-01 00:41:13 +02:00
Add additional logging for postgres connection/server status 2019-07-10 04:20:11 +02:00			`if log_enabled!(Level::Warn) {`
			`println!("Streaming server initialized and ready to accept connections");`
			`};`

Initial cleanup/refactor 2019-07-06 02:08:50 +02:00			`// Server Sent Events`
Code reorganization 2019-07-08 13:31:42 +02:00			`//`
			`// For SSE, the API requires users to use different endpoints, so we first filter based on`
			// the endpoint. Using that endpoint determine the `timeline` the user is requesting,
			// the scope for that `timeline`, and authenticate the `User` if they provided a token.
Replace integration tests with unit tests (#37) * Upgrade postgres dependency to support ssl * Clean up configuration code * Add support for SSL with postgres [WIP] * Add unit tests with mock Postgres 2019-09-05 03:48:29 +02:00			`let sse_routes = sse::filter_incomming_request()`
			`.and(warp::sse())`
			`.map(`
			`move \|timeline: String, user: user::User, sse_connection_to_client: warp::sse::Sse\| {`
			`// Create a new ClientAgent`
			`let mut client_agent = client_agent_sse.clone_with_shared_receiver();`
			`// Assign that agent to generate a stream of updates for the user/timeline pair`
			`client_agent.init_for_user(&timeline, user);`
			`// send the updates through the SSE connection`
			`redis_to_client_stream::send_updates_to_sse(client_agent, sse_connection_to_client)`
			`},`
			`)`
			`.with(warp::reply::with::header("Connection", "keep-alive"))`
			`.recover(config::handle_errors);`
Add ability for multiple clients to connect to the same pub/sub connection 2019-04-28 23:28:57 +02:00
Initial cleanup/refactor 2019-07-06 02:08:50 +02:00			`// WebSocket`
Code reorganization 2019-07-08 13:31:42 +02:00			`//`
			`// For WS, the API specifies a single endpoint, so we extract the User/timeline pair`
			`// directy from the query`
			`let websocket_routes = ws::extract_user_and_query()`
			`.and_then(move \|mut user: user::User, q: ws::Query, ws: Ws2\| {`
			`let token = user.access_token.clone();`
Initial cleanup/refactor 2019-07-06 02:08:50 +02:00			`let read_scope = user.scopes.clone();`
Code reorganization 2019-07-08 13:31:42 +02:00
Initial cleanup/refactor 2019-07-06 02:08:50 +02:00			`let timeline = match q.stream.as_ref() {`
			`// Public endpoints:`
			`tl @ "public" \| tl @ "public:local" if q.media => format!("{}:media", tl),`
			`tl @ "public:media" \| tl @ "public:local:media" => tl.to_string(),`
			`tl @ "public" \| tl @ "public:local" => tl.to_string(),`
			`// Hashtag endpoints:`
			`tl @ "hashtag" \| tl @ "hashtag:local" => format!("{}:{}", tl, q.hashtag),`
			`// Private endpoints: User`
			`"user" if user.logged_in && (read_scope.all \|\| read_scope.statuses) => {`
			`format!("{}", user.id)`
			`}`
			`"user:notification" if user.logged_in && (read_scope.all \|\| read_scope.notify) => {`
Code reorganization 2019-07-08 13:31:42 +02:00			`user = user.set_filter(user::Filter::Notification);`
Initial cleanup/refactor 2019-07-06 02:08:50 +02:00			`format!("{}", user.id)`
			`}`
			`// List endpoint:`
			`"list" if user.owns_list(q.list) && (read_scope.all \|\| read_scope.lists) => {`
			`format!("list:{}", q.list)`
			`}`
			`// Direct endpoint:`
			`"direct" if user.logged_in && (read_scope.all \|\| read_scope.statuses) => {`
			`"direct".to_string()`
			`}`
			`// Reject unathorized access attempts for private endpoints`
			`"user" \| "user:notification" \| "direct" \| "list" => {`
			`return Err(warp::reject::custom("Error: Invalid Access Token"))`
			`}`
			`// Other endpoints don't exist:`
			`_ => return Err(warp::reject::custom("Error: Nonexistent WebSocket query")),`
			`};`
Working WS implemetation, but not cleaned up 2019-05-09 05:02:01 +02:00
Code reorganization 2019-07-08 13:31:42 +02:00			`// Create a new ClientAgent`
			`let mut client_agent = client_agent_ws.clone_with_shared_receiver();`
			`// Assign that agent to generate a stream of updates for the user/timeline pair`
			`client_agent.init_for_user(&timeline, user);`
			`// send the updates through the WS connection (along with the User's access_token`
			`// which is sent for security)`
Initial cleanup/refactor 2019-07-06 02:08:50 +02:00			`Ok((`
Code reorganization 2019-07-08 13:31:42 +02:00			`ws.on_upgrade(move \|socket\| {`
			`redis_to_client_stream::send_updates_to_ws(socket, client_agent)`
			`}),`
Initial cleanup/refactor 2019-07-06 02:08:50 +02:00			`token,`
			`))`
			`})`
Support passing access tokens via Sec-WebSocket-Protocol header Previously, the access token needed to be passed via the query string; with this commit, the token can be passed either through the query string or the Sec-WebSocket-Protocol header. This was done to correspond to the changes made to the streaming.js version in [Improve streaming server security](https://github.com/tootsuite/mastodon/pull/10818). However, I am not sure that it does increase security; as explained at <https://support.ably.io/support/solutions/articles/3000075120-is-it-secure-to-send-the-access-token-as-part-of-the-websocket-url-query-params->, there is generally no security advantage to passing sensitive information via websocket headers instead of the query string—the entire connection is encrypted and is not stored in the browser history, so the typical reasons to keep sensitive info out of the query string don't apply. I would welcome any corrections on this/reasons this change improves security. 2019-07-04 16:57:15 +02:00			`.map(\|(reply, token)\| warp::reply::with_header(reply, "sec-websocket-protocol", token));`
Working WS implemetation, but not cleaned up 2019-05-09 05:02:01 +02:00
Initial cleanup/refactor 2019-07-06 02:08:50 +02:00			`let cors = config::cross_origin_resource_sharing();`

Update documentation and restructure code 2019-07-08 21:21:02 +02:00			`warp::serve(websocket_routes.or(sse_routes).with(cors)).run(*config::SERVER_ADDR);`
Initial project files 2019-02-11 09:45:14 +01:00			`}`