Commit Graph

55 Commits

Author SHA1 Message Date
Daniel Sockwell 1765dc39ee Check oauth scopes and reject unauthorized requests 2019-07-04 13:27:11 -04:00
Daniel Sockwell f8a82caa2d Support passing access tokens via Sec-WebSocket-Protocol header
Previously, the access token needed to be passed via the query string;
with this commit, the token can be passed *either* through the query
string or the Sec-WebSocket-Protocol header.

This was done to correspond to the changes made to the streaming.js
version in [Improve streaming server security](https://github.com/tootsuite/mastodon/pull/10818).
However, I am not sure that it *does* increase security; as explained
at <https://support.ably.io/support/solutions/articles/3000075120-is-it-secure-to-send-the-access-token-as-part-of-the-websocket-url-query-params->,
there is generally no security advantage to passing sensitive information
via websocket headers instead of the query string—the entire connection
is encrypted and is not stored in the browser history, so the typical
reasons to keep sensitive info out of the query string don't apply.

I would welcome any corrections on this/reasons this change improves
security.
2019-07-04 10:57:15 -04:00
Daniel Sockwell 280cc60be9 Add hard-coded "sec-websocket-protocol" response header 2019-07-04 09:33:50 -04:00
Daniel Sockwell b85271c872 Update README 2019-05-10 07:33:58 -04:00
Daniel Sockwell bb692430d6 Update README with installation/usage instructions 2019-05-10 07:17:21 -04:00
Daniel Sockwell 769af09221 Remove outdated files and update dependencies 2019-05-10 06:23:07 -04:00
Daniel Sockwell a6a7ebeae1 Add dotenv configuration 2019-05-10 06:22:26 -04:00
Daniel Sockwell 1e9358f95d
Merge pull request #16 from tootsuite/WebSocket
WebSocket streaming
2019-05-10 02:03:38 -04:00
Daniel Sockwell 8ae9bbfac5 Revised WebSocket implementation 2019-05-10 01:47:29 -04:00
Daniel Sockwell 54ad55e0c0 Basic WebSocket support 2019-05-09 11:52:05 -04:00
Daniel Sockwell 6d037dd5af Working WS implemetation, but not cleaned up 2019-05-08 23:02:01 -04:00
Daniel Sockwell 19a3bac9d5
Merge pull request #15 from tootsuite/tests
Add unit tests, (some) integration tests, and documentation
2019-04-30 18:54:13 -04:00
Daniel Sockwell 4649f89442 Add unit tests, (some) integration tests, and documentation 2019-04-30 18:41:13 -04:00
Daniel Sockwell ae08218c0f
Merge pull request #14 from tootsuite/sharedsocket
Share a single Redis connection
2019-04-30 10:07:37 -04:00
Daniel Sockwell db10087439 Update documentation in README to reflect changes 2019-04-30 10:02:40 -04:00
Daniel Sockwell 62db7ae0ff Share a single Redis connection
This commit revises the code structure to share a single connection
to Redis (with multiple subscriptions on that connection) rather than
mutiple connections (each with one subscription).  It also simplifies the code based on that change.
2019-04-30 09:44:51 -04:00
Daniel Sockwell 9a3544acfb
Merge pull request #12 from tootsuite/connection-pool
Connection pool
2019-04-29 08:50:47 -04:00
Daniel Sockwell 30453c1fb7 Update README with notes on code architecture 2019-04-28 17:44:59 -04:00
Daniel Sockwell 9e921c1c97 Add ability for multiple clients to connect to the same pub/sub connection 2019-04-28 17:28:57 -04:00
Daniel Sockwell 425a9d0aae Allow seperate SSE responses to share Redis pubsub
This commit implements a shared stream of data from Redis, which
allows all SSE connections that send the same data to the client
to share a single connection to Redis.  (Previously, each client
got their own connection, which would significantly increase the
number of open Redis connections—especially since nearly all clients
will subscribe to `/public`.)
2019-04-26 20:00:11 -04:00
Daniel Sockwell f676e51ce4 Add limit on number of active streams
This commit tracks the number of active Pub/Sub streams and adds code to
keep the total number of streams below 400.  (When additional users
attempt to connect past that point, the server will wait for an slot
to open up).  This prevents "too many open file" panics and makes the
server better behaved in general.  However, we may need to revisit it
based on what capacity we want the server to have.

This commit also includes some general refactoring.
2019-04-23 14:07:49 -04:00
Daniel Sockwell cda74ff318
Merge pull request #11 from tootsuite/filter-notification
Fixup
2019-04-21 09:32:37 -04:00
Daniel Sockwell 4832f59f2f Fixup
This code should have been included with the previous PR
2019-04-21 09:31:16 -04:00
Daniel Sockwell 336f9eaf74
Merge pull request #10 from tootsuite/filter-notification
Close Redis connections when SSE stream ends
2019-04-21 09:29:32 -04:00
Daniel Sockwell e1257146cd Close Redis connections when SSE stream ends
This commit tracks the existence of the SSE stream and closes the
connection to the redis pub/sub channel when the stream is closed.  This
prevents the number of redis connections from growing over time.

Note, however, that the current code still subscribes to one redis
channel per SSE connection rather than reusing existing subscriptions.
This will need to be fixed in a later PR.
2019-04-21 09:21:44 -04:00
Daniel Sockwell fc7108c84a
Merge pull request #9 from tootsuite/filter-notification
Add language and notification filters
2019-04-21 09:19:42 -04:00
Daniel Sockwell 5011abaf77 Add language and notification filters 2019-04-19 17:06:29 -04:00
Daniel Sockwell 4b39009556
Merge pull request #8 from tootsuite/fixup
Minor refactoring
2019-04-19 12:19:46 -04:00
Daniel Sockwell ff957bd407 Minor refactoring
Improved clarity, concision, and ergonomics of the codebase.
2019-04-19 12:16:03 -04:00
Daniel Sockwell 593a292af7
Merge pull request #7 from tootsuite/auth 2019-04-19 12:13:13 -04:00
Daniel Sockwell 6746514f9a Finish building out postgres auth 2019-04-18 19:02:29 -04:00
Daniel Sockwell debf01770e Complete header-based auth 2019-04-18 17:07:31 -04:00
Daniel Sockwell 13d9cf17f6 Connect to postgres for basic auth 2019-04-18 15:47:08 -04:00
Daniel Sockwell 8f320fc949 Merge branch 'logging'
Add Cargo.lock changes
2019-04-18 10:17:21 -04:00
Daniel Sockwell 65fded3eb1 Commit Cargo.lock
Cargo.lock should be tracked with version control for binaries but
I neglected to commit it in the previous commit.
2019-04-18 10:14:46 -04:00
Daniel Sockwell f929fdf138
Merge pull request #6 from tootsuite/logging
Add logging with `pretty_env_log`
2019-04-18 10:12:31 -04:00
Daniel Sockwell 9434260fa7 Add logging with `pretty_env_log`
This commit adds basic logging at both the `info` level (for establishing
a new stream) and at the `debug` level (for streaming JSON).
2019-04-18 10:10:01 -04:00
Daniel Sockwell f8565824fc
Merge pull request #4 from tootsuite/warp
Implement basic Server Sent Events with Warp
2019-04-18 08:52:14 -04:00
Daniel Sockwell 9fca39c746 Minor lints
Fix formatting/style points raised by Clippy and @sphinxc0re.
2019-04-16 08:21:19 -04:00
Daniel Sockwell 36f9d1d7c1 Add dependencies neccessary for SSE/Warp 2019-04-15 14:48:09 -04:00
Daniel Sockwell 23eaa4a270 Implement basic Server Sent Events with Warp
This commit rolls up several days of work that took place in a side repo
which was originally intended to be a test/proof-of-concept repo but
that grew into a full implementation.

This implementation switches to Warp as the framework for the primary
web server (in large part because Warp offers built-in support for
SSE and several other advantages).  This implementation relies on
a custom Redis interface built on Tokio (because the current Redis
Rust crate does not support asnyc PubSub).  Using a custom interface
should also be faster, since it does not contain logic for anything
other than pubsub—which is all we need.

Finally, I note that the SSE support is currently as feature-complete
as it is possible to be without having yet added the Postgress interface
this means that all of the endpoints are present and are accessible
on localhost.  However, none of the endpoints have authentication yet,
and the endpoints that should provide user-specific data (e.g.,
`/api/v1/streaming/user`) are currently hard-coded to provide data for
user 1 (the admin).  Other than those limitations, however, the SSE
implementation is feature complete.
2019-04-15 14:22:44 -04:00
Daniel Sockwell 36c2734c86
Merge pull request #1 from tootsuite/setup-housekeeping
Initial setup/housekeeping
2019-03-05 09:28:27 -05:00
Daniel Sockwell 4842475b18 Rustfmt all code
Revise all code to comply with rustfmt
2019-03-05 09:23:44 -05:00
Daniel Sockwell fffd3b6b4d Improve logging
Add more descriptive messages for the logging triggered by the
websocket server.
2019-03-05 09:19:38 -05:00
Daniel Sockwell 7a0b11e240 Add descriptive success messages
Improves the success messages from "OMG! It worked!" to a descriptive
string identifying which function was invoked.
2019-03-05 08:49:35 -05:00
Daniel Sockwell 083130682f Remove custom rustfmt rule
This commit removes the custom rustfmt rule (which specified a shorter
line length) so that the project conforms to idiomatic Rust formatting
standards.
2019-03-05 08:23:24 -05:00
Julian Laubstein bfec0327d6 Use redis environment for connection 2019-02-19 22:57:01 +01:00
Julian Laubstein dfafec963b Added structures for env variables 2019-02-19 20:29:32 +01:00
Julian Laubstein dcc0283078 Fixed cors and added health endpoint 2019-02-15 22:59:21 +01:00
Julian Laubstein 88492aac36 Lots of basic stuff 2019-02-15 10:22:35 +01:00