2021-04-19 04:16:13 +00:00
|
|
|
use std::num::{NonZeroU16, NonZeroU64};
|
|
|
|
use std::sync::atomic::Ordering;
|
2021-03-26 04:07:32 +00:00
|
|
|
use std::{io::BufReader, sync::Arc};
|
2021-04-19 04:16:13 +00:00
|
|
|
|
|
|
|
use log::{debug, error, info, warn};
|
|
|
|
use rustls::internal::pemfile::{certs, rsa_private_keys};
|
|
|
|
use rustls::sign::{RSASigningKey, SigningKey};
|
|
|
|
use rustls::Certificate;
|
|
|
|
use serde::de::{MapAccess, Visitor};
|
|
|
|
use serde::{Deserialize, Serialize};
|
2021-03-18 01:45:16 +00:00
|
|
|
use sodiumoxide::crypto::box_::PrecomputedKey;
|
|
|
|
use url::Url;
|
|
|
|
|
2021-04-24 16:47:33 +00:00
|
|
|
use crate::client_api_version;
|
|
|
|
use crate::config::{CliArgs, VALIDATE_TOKENS};
|
|
|
|
use crate::state::{
|
|
|
|
RwLockServerState, PREVIOUSLY_COMPROMISED, PREVIOUSLY_PAUSED, TLS_CERTS,
|
|
|
|
TLS_PREVIOUSLY_CREATED, TLS_SIGNING_KEY,
|
|
|
|
};
|
2021-03-18 01:45:16 +00:00
|
|
|
|
2021-03-22 21:47:56 +00:00
|
|
|
pub const CONTROL_CENTER_PING_URL: &str = "https://api.mangadex.network/ping";
|
|
|
|
|
|
|
|
#[derive(Serialize, Debug)]
|
2021-03-18 02:41:48 +00:00
|
|
|
pub struct Request<'a> {
|
2021-03-18 01:45:16 +00:00
|
|
|
secret: &'a str,
|
2021-03-26 01:06:54 +00:00
|
|
|
port: NonZeroU16,
|
2021-04-15 02:52:54 +00:00
|
|
|
disk_space: u64,
|
|
|
|
network_speed: NonZeroU64,
|
|
|
|
build_version: u64,
|
2021-03-18 01:45:16 +00:00
|
|
|
tls_created_at: Option<String>,
|
|
|
|
}
|
|
|
|
|
2021-03-18 02:41:48 +00:00
|
|
|
impl<'a> Request<'a> {
|
2021-04-24 16:46:18 +00:00
|
|
|
fn from_config_and_state(secret: &'a str, config: &CliArgs) -> Self {
|
2021-03-18 01:45:16 +00:00
|
|
|
Self {
|
2021-03-26 01:06:54 +00:00
|
|
|
secret,
|
2021-03-18 01:45:16 +00:00
|
|
|
port: config.port,
|
|
|
|
disk_space: config.disk_quota,
|
|
|
|
network_speed: config.network_speed,
|
2021-04-23 22:25:59 +00:00
|
|
|
build_version: client_api_version!()
|
|
|
|
.parse()
|
|
|
|
.expect("to parse the build version"),
|
2021-04-24 04:56:58 +00:00
|
|
|
tls_created_at: TLS_PREVIOUSLY_CREATED
|
|
|
|
.get()
|
|
|
|
.map(|v| v.load().as_ref().to_owned()),
|
2021-03-18 01:45:16 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2021-03-23 00:00:21 +00:00
|
|
|
#[allow(clippy::fallible_impl_from)]
|
2021-03-26 01:06:54 +00:00
|
|
|
impl<'a> From<(&'a str, &CliArgs)> for Request<'a> {
|
|
|
|
fn from((secret, config): (&'a str, &CliArgs)) -> Self {
|
2021-03-18 01:45:16 +00:00
|
|
|
Self {
|
2021-03-26 01:06:54 +00:00
|
|
|
secret,
|
2021-03-18 01:45:16 +00:00
|
|
|
port: config.port,
|
|
|
|
disk_space: config.disk_quota,
|
|
|
|
network_speed: config.network_speed,
|
2021-04-23 22:25:59 +00:00
|
|
|
build_version: client_api_version!()
|
|
|
|
.parse()
|
|
|
|
.expect("to parse the build version"),
|
2021-03-18 01:45:16 +00:00
|
|
|
tls_created_at: None,
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2021-03-22 21:47:56 +00:00
|
|
|
#[derive(Deserialize, Debug)]
|
2021-03-18 02:41:48 +00:00
|
|
|
pub struct Response {
|
|
|
|
pub image_server: Url,
|
|
|
|
pub latest_build: usize,
|
2021-04-19 03:06:18 +00:00
|
|
|
pub url: Url,
|
2021-03-18 02:41:48 +00:00
|
|
|
pub token_key: Option<String>,
|
|
|
|
pub compromised: bool,
|
|
|
|
pub paused: bool,
|
2021-03-23 03:04:54 +00:00
|
|
|
#[serde(default)]
|
2021-03-22 21:47:56 +00:00
|
|
|
pub force_tokens: bool,
|
2021-03-18 02:41:48 +00:00
|
|
|
pub tls: Option<Tls>,
|
2021-03-18 01:45:16 +00:00
|
|
|
}
|
|
|
|
|
2021-03-18 02:41:48 +00:00
|
|
|
pub struct Tls {
|
2021-03-18 01:45:16 +00:00
|
|
|
pub created_at: String,
|
2021-03-26 04:07:32 +00:00
|
|
|
pub priv_key: Arc<Box<dyn SigningKey>>,
|
|
|
|
pub certs: Vec<Certificate>,
|
|
|
|
}
|
|
|
|
|
|
|
|
impl<'de> Deserialize<'de> for Tls {
|
|
|
|
fn deserialize<D>(deserializer: D) -> Result<Self, D::Error>
|
|
|
|
where
|
|
|
|
D: serde::Deserializer<'de>,
|
|
|
|
{
|
|
|
|
struct TlsVisitor;
|
|
|
|
|
|
|
|
impl<'de> Visitor<'de> for TlsVisitor {
|
|
|
|
type Value = Tls;
|
|
|
|
|
|
|
|
fn expecting(&self, formatter: &mut std::fmt::Formatter) -> std::fmt::Result {
|
|
|
|
formatter.write_str("a tls struct")
|
|
|
|
}
|
|
|
|
|
|
|
|
fn visit_map<A>(self, mut map: A) -> Result<Self::Value, A::Error>
|
|
|
|
where
|
|
|
|
A: MapAccess<'de>,
|
|
|
|
{
|
|
|
|
let mut created_at = None;
|
|
|
|
let mut priv_key = None;
|
|
|
|
let mut certificates = None;
|
|
|
|
|
|
|
|
while let Some((key, value)) = map.next_entry::<&str, String>()? {
|
|
|
|
match key {
|
|
|
|
"created_at" => created_at = Some(value.to_string()),
|
|
|
|
"private_key" => {
|
|
|
|
priv_key = rsa_private_keys(&mut BufReader::new(value.as_bytes()))
|
|
|
|
.ok()
|
|
|
|
.and_then(|mut v| {
|
|
|
|
v.pop().and_then(|key| RSASigningKey::new(&key).ok())
|
|
|
|
})
|
|
|
|
}
|
|
|
|
"certificate" => {
|
|
|
|
certificates = certs(&mut BufReader::new(value.as_bytes())).ok()
|
|
|
|
}
|
|
|
|
_ => (), // Ignore extra fields
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
match (created_at, priv_key, certificates) {
|
|
|
|
(Some(created_at), Some(priv_key), Some(certificates)) => Ok(Tls {
|
|
|
|
created_at,
|
|
|
|
priv_key: Arc::new(Box::new(priv_key)),
|
|
|
|
certs: certificates,
|
|
|
|
}),
|
|
|
|
_ => Err(serde::de::Error::custom("Could not deserialize tls info")),
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
deserializer.deserialize_map(TlsVisitor)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
impl std::fmt::Debug for Tls {
|
|
|
|
fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
|
|
|
|
f.debug_struct("Tls")
|
|
|
|
.field("created_at", &self.created_at)
|
|
|
|
.finish()
|
|
|
|
}
|
2021-03-18 01:45:16 +00:00
|
|
|
}
|
|
|
|
|
2021-04-19 03:06:18 +00:00
|
|
|
pub async fn update_server_state(secret: &str, cli: &CliArgs, data: &mut Arc<RwLockServerState>) {
|
2021-04-24 16:46:18 +00:00
|
|
|
let req = Request::from_config_and_state(secret, cli);
|
2021-03-22 21:47:56 +00:00
|
|
|
let client = reqwest::Client::new();
|
|
|
|
let resp = client.post(CONTROL_CENTER_PING_URL).json(&req).send().await;
|
2021-03-18 01:45:16 +00:00
|
|
|
match resp {
|
2021-03-22 21:47:56 +00:00
|
|
|
Ok(resp) => match resp.json::<Response>().await {
|
2021-03-18 01:45:16 +00:00
|
|
|
Ok(resp) => {
|
2021-04-19 04:16:13 +00:00
|
|
|
debug!("got write guard for server state");
|
2021-03-18 01:45:16 +00:00
|
|
|
let mut write_guard = data.0.write();
|
|
|
|
|
2021-04-19 03:06:18 +00:00
|
|
|
if !write_guard.url_overridden && write_guard.image_server != resp.image_server {
|
|
|
|
warn!("Ignoring new upstream url!");
|
|
|
|
write_guard.image_server = resp.image_server;
|
|
|
|
}
|
2021-03-18 01:45:16 +00:00
|
|
|
|
|
|
|
if let Some(key) = resp.token_key {
|
2021-03-22 21:47:56 +00:00
|
|
|
if let Some(key) = base64::decode(&key)
|
|
|
|
.ok()
|
|
|
|
.and_then(|k| PrecomputedKey::from_slice(&k))
|
|
|
|
{
|
|
|
|
write_guard.precomputed_key = key;
|
|
|
|
} else {
|
|
|
|
error!("Failed to parse token key: got {}", key);
|
2021-03-18 01:45:16 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2021-04-19 03:06:18 +00:00
|
|
|
if !cli.disable_token_validation
|
|
|
|
&& VALIDATE_TOKENS.load(Ordering::Acquire) != resp.force_tokens
|
|
|
|
{
|
2021-03-23 03:19:56 +00:00
|
|
|
if resp.force_tokens {
|
|
|
|
info!("Client received command to enforce token validity.");
|
|
|
|
} else {
|
|
|
|
info!("Client received command to no longer enforce token validity");
|
|
|
|
}
|
2021-03-26 02:58:07 +00:00
|
|
|
VALIDATE_TOKENS.store(resp.force_tokens, Ordering::Release);
|
2021-03-23 03:19:56 +00:00
|
|
|
}
|
2021-03-18 01:45:16 +00:00
|
|
|
|
|
|
|
if let Some(tls) = resp.tls {
|
2021-04-24 04:56:58 +00:00
|
|
|
TLS_PREVIOUSLY_CREATED
|
|
|
|
.get()
|
|
|
|
.unwrap()
|
|
|
|
.swap(Arc::new(tls.created_at));
|
|
|
|
TLS_SIGNING_KEY.get().unwrap().swap(tls.priv_key);
|
|
|
|
TLS_CERTS.get().unwrap().swap(Arc::new(tls.certs));
|
2021-03-18 01:45:16 +00:00
|
|
|
}
|
|
|
|
|
2021-04-23 04:34:23 +00:00
|
|
|
let previously_compromised = PREVIOUSLY_COMPROMISED.load(Ordering::Acquire);
|
|
|
|
if resp.compromised != previously_compromised {
|
|
|
|
PREVIOUSLY_COMPROMISED.store(resp.compromised, Ordering::Release);
|
|
|
|
if resp.compromised {
|
|
|
|
error!("Got compromised response from control center!");
|
|
|
|
} else {
|
|
|
|
info!("No longer compromised!");
|
|
|
|
}
|
2021-03-18 01:45:16 +00:00
|
|
|
}
|
|
|
|
|
2021-04-23 04:34:23 +00:00
|
|
|
let previously_paused = PREVIOUSLY_PAUSED.load(Ordering::Acquire);
|
|
|
|
if resp.paused != previously_paused {
|
|
|
|
PREVIOUSLY_PAUSED.store(resp.paused, Ordering::Release);
|
2021-03-23 03:19:56 +00:00
|
|
|
if resp.paused {
|
|
|
|
warn!("Control center has paused this node.");
|
|
|
|
} else {
|
|
|
|
info!("Control center is no longer pausing this node.");
|
|
|
|
}
|
2021-03-18 01:45:16 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if resp.url != write_guard.url {
|
|
|
|
info!("This client's URL has been updated to {}", resp.url);
|
|
|
|
}
|
2021-04-19 04:16:13 +00:00
|
|
|
|
|
|
|
debug!("dropping write guard for server state");
|
2021-03-18 01:45:16 +00:00
|
|
|
}
|
|
|
|
Err(e) => warn!("Got malformed response: {}", e),
|
|
|
|
},
|
|
|
|
Err(e) => match e {
|
2021-03-22 21:47:56 +00:00
|
|
|
e if e.is_timeout() => {
|
2021-03-18 01:45:16 +00:00
|
|
|
error!("Response timed out to control server. Is MangaDex down?")
|
|
|
|
}
|
|
|
|
e => warn!("Failed to send request: {}", e),
|
|
|
|
},
|
|
|
|
}
|
|
|
|
}
|