mangadex-home-rs/src/state.rs

use std::sync::atomic::{AtomicBool, Ordering};
use std::sync::Arc;

use crate::config::{CliArgs, SEND_SERVER_VERSION, VALIDATE_TOKENS};
use crate::ping::{Request, Response, Tls, CONTROL_CENTER_PING_URL};
use log::{error, info, warn};
use parking_lot::RwLock;
use rustls::sign::CertifiedKey;
use rustls::{ClientHello, ResolvesServerCert};
use sodiumoxide::crypto::box_::PrecomputedKey;
use thiserror::Error;
use url::Url;

pub struct ServerState {
    pub precomputed_key: PrecomputedKey,
    pub image_server: Url,
    pub tls_config: Tls,
    pub url: Url,
    pub url_overridden: bool,
}

pub static PREVIOUSLY_PAUSED: AtomicBool = AtomicBool::new(false);
pub static PREVIOUSLY_COMPROMISED: AtomicBool = AtomicBool::new(false);

#[derive(Error, Debug)]
pub enum ServerInitError {
    #[error(transparent)]
    MalformedResponse(reqwest::Error),
    #[error(transparent)]
    Timeout(reqwest::Error),
    #[error(transparent)]
    SendFailure(reqwest::Error),
    #[error("Failed to parse token key")]
    KeyParseError(String),
    #[error("Token key was not provided in initial request")]
    MissingTokenKey,
}

impl ServerState {
    pub async fn init(secret: &str, config: &CliArgs) -> Result<Self, ServerInitError> {
        let resp = reqwest::Client::new()
            .post(CONTROL_CENTER_PING_URL)
            .json(&Request::from((secret, config)))
            .send()
            .await;

        if config.enable_server_string {
            warn!("Client will send Server header in responses. This is not recommended!");
            SEND_SERVER_VERSION.store(true, Ordering::Release);
        }

        match resp {
            Ok(resp) => match resp.json::<Response>().await {
                Ok(mut resp) => {
                    let key = resp
                        .token_key
                        .ok_or(ServerInitError::MissingTokenKey)
                        .and_then(|key| {
                            if let Some(key) = base64::decode(&key)
                                .ok()
                                .and_then(|k| PrecomputedKey::from_slice(&k))
                            {
                                Ok(key)
                            } else {
                                error!("Failed to parse token key: got {}", key);
                                Err(ServerInitError::KeyParseError(key))
                            }
                        })?;

                    PREVIOUSLY_COMPROMISED.store(resp.paused, Ordering::Release);
                    if resp.compromised {
                        error!("Got compromised response from control center!");
                    }

                    PREVIOUSLY_PAUSED.store(resp.paused, Ordering::Release);
                    if resp.paused {
                        warn!("Control center has paused this node!");
                    }

                    if let Some(ref override_url) = config.override_upstream {
                        resp.image_server = override_url.clone();
                        warn!("Upstream URL overridden to: {}", resp.image_server);
                    } else {
                    }

                    info!("This client's URL has been set to {}", resp.url);

                    if config.disable_token_validation {
                        warn!("Token validation is explicitly disabled!");
                    } else {
                        if resp.force_tokens {
                            info!("This client will validate tokens.");
                        } else {
                            info!("This client will not validate tokens.");
                        }
                        VALIDATE_TOKENS.store(resp.force_tokens, Ordering::Release);
                    }

                    Ok(Self {
                        precomputed_key: key,
                        image_server: resp.image_server,
                        tls_config: resp.tls.unwrap(),
                        url: resp.url,
                        url_overridden: config.override_upstream.is_some(),
                    })
                }
                Err(e) => {
                    warn!("Got malformed response: {}", e);
                    Err(ServerInitError::MalformedResponse(e))
                }
            },
            Err(e) => match e {
                e if e.is_timeout() => {
                    error!("Response timed out to control server. Is MangaDex down?");
                    Err(ServerInitError::Timeout(e))
                }
                e => {
                    warn!("Failed to send request: {}", e);
                    Err(ServerInitError::SendFailure(e))
                }
            },
        }
    }
}

pub struct RwLockServerState(pub RwLock<ServerState>);

impl ResolvesServerCert for RwLockServerState {
    fn resolve(&self, _: ClientHello) -> Option<CertifiedKey> {
        // TODO: wait for actix-web to use a new version of rustls so we can
        // remove cloning the certs all the time
        let read_guard = self.0.read();
        Some(CertifiedKey {
            cert: read_guard.tls_config.certs.clone(),
            key: Arc::clone(&read_guard.tls_config.priv_key),
            ocsp: None,
            sct_list: None,
        })
    }
}
don't fill logs with compromised response 2021-04-22 21:34:23 -07:00			`use std::sync::atomic::{AtomicBool, Ordering};`
			`use std::sync::Arc;`
finish minimum version 2021-03-22 14:47:56 -07:00
Custom implementation of Tls 2021-03-25 21:07:32 -07:00			`use crate::config::{CliArgs, SEND_SERVER_VERSION, VALIDATE_TOKENS};`
finish minimum version 2021-03-22 14:47:56 -07:00			`use crate::ping::{Request, Response, Tls, CONTROL_CENTER_PING_URL};`
better logging 2021-03-22 20:19:56 -07:00			`use log::{error, info, warn};`
finish minimum version 2021-03-22 14:47:56 -07:00			`use parking_lot::RwLock;`
Custom implementation of Tls 2021-03-25 21:07:32 -07:00			`use rustls::sign::CertifiedKey;`
comment why tls is slow 2021-04-23 20:28:47 -07:00			`use rustls::{ClientHello, ResolvesServerCert};`
finish minimum version 2021-03-22 14:47:56 -07:00			`use sodiumoxide::crypto::box_::PrecomputedKey;`
Remove some unwraps 2021-04-23 15:03:53 -07:00			`use thiserror::Error;`
finish minimum version 2021-03-22 14:47:56 -07:00			`use url::Url;`

			`pub struct ServerState {`
			`pub precomputed_key: PrecomputedKey,`
			`pub image_server: Url,`
			`pub tls_config: Tls,`
debug streaming 2021-04-18 20:06:18 -07:00			`pub url: Url,`
			`pub url_overridden: bool,`
better logging 2021-03-22 20:19:56 -07:00			`}`

don't fill logs with compromised response 2021-04-22 21:34:23 -07:00			`pub static PREVIOUSLY_PAUSED: AtomicBool = AtomicBool::new(false);`
			`pub static PREVIOUSLY_COMPROMISED: AtomicBool = AtomicBool::new(false);`
finish minimum version 2021-03-22 14:47:56 -07:00
Remove some unwraps 2021-04-23 15:03:53 -07:00			`#[derive(Error, Debug)]`
			`pub enum ServerInitError {`
			`#[error(transparent)]`
			`MalformedResponse(reqwest::Error),`
			`#[error(transparent)]`
			`Timeout(reqwest::Error),`
			`#[error(transparent)]`
			`SendFailure(reqwest::Error),`
			`#[error("Failed to parse token key")]`
			`KeyParseError(String),`
			`#[error("Token key was not provided in initial request")]`
			`MissingTokenKey,`
			`}`

finish minimum version 2021-03-22 14:47:56 -07:00			`impl ServerState {`
Remove some unwraps 2021-04-23 15:03:53 -07:00			`pub async fn init(secret: &str, config: &CliArgs) -> Result<Self, ServerInitError> {`
finish minimum version 2021-03-22 14:47:56 -07:00			`let resp = reqwest::Client::new()`
			`.post(CONTROL_CENTER_PING_URL)`
Support CLI args 2021-03-25 18:06:54 -07:00			`.json(&Request::from((secret, config)))`
finish minimum version 2021-03-22 14:47:56 -07:00			`.send()`
			`.await;`

more perf 2021-03-25 19:58:07 -07:00			`if config.enable_server_string {`
			`warn!("Client will send Server header in responses. This is not recommended!");`
			`SEND_SERVER_VERSION.store(true, Ordering::Release);`
			`}`
Support CLI args 2021-03-25 18:06:54 -07:00
finish minimum version 2021-03-22 14:47:56 -07:00			`match resp {`
			`Ok(resp) => match resp.json::<Response>().await {`
debug streaming 2021-04-18 20:06:18 -07:00			`Ok(mut resp) => {`
finish minimum version 2021-03-22 14:47:56 -07:00			`let key = resp`
			`.token_key`
Remove some unwraps 2021-04-23 15:03:53 -07:00			`.ok_or(ServerInitError::MissingTokenKey)`
finish minimum version 2021-03-22 14:47:56 -07:00			`.and_then(\|key\| {`
			`if let Some(key) = base64::decode(&key)`
			`.ok()`
			`.and_then(\|k\| PrecomputedKey::from_slice(&k))`
			`{`
Remove some unwraps 2021-04-23 15:03:53 -07:00			`Ok(key)`
finish minimum version 2021-03-22 14:47:56 -07:00			`} else {`
			`error!("Failed to parse token key: got {}", key);`
Remove some unwraps 2021-04-23 15:03:53 -07:00			`Err(ServerInitError::KeyParseError(key))`
finish minimum version 2021-03-22 14:47:56 -07:00			`}`
Remove some unwraps 2021-04-23 15:03:53 -07:00			`})?;`
finish minimum version 2021-03-22 14:47:56 -07:00
don't fill logs with compromised response 2021-04-22 21:34:23 -07:00			`PREVIOUSLY_COMPROMISED.store(resp.paused, Ordering::Release);`
finish minimum version 2021-03-22 14:47:56 -07:00			`if resp.compromised {`
better logging 2021-03-22 20:19:56 -07:00			`error!("Got compromised response from control center!");`
finish minimum version 2021-03-22 14:47:56 -07:00			`}`

don't fill logs with compromised response 2021-04-22 21:34:23 -07:00			`PREVIOUSLY_PAUSED.store(resp.paused, Ordering::Release);`
finish minimum version 2021-03-22 14:47:56 -07:00			`if resp.paused {`
better logging 2021-03-22 20:19:56 -07:00			`warn!("Control center has paused this node!");`
finish minimum version 2021-03-22 14:47:56 -07:00			`}`

debug streaming 2021-04-18 20:06:18 -07:00			`if let Some(ref override_url) = config.override_upstream {`
			`resp.image_server = override_url.clone();`
			`warn!("Upstream URL overridden to: {}", resp.image_server);`
			`} else {`
			`}`

finish minimum version 2021-03-22 14:47:56 -07:00			`info!("This client's URL has been set to {}", resp.url);`

debug streaming 2021-04-18 20:06:18 -07:00			`if config.disable_token_validation {`
			`warn!("Token validation is explicitly disabled!");`
better logging 2021-03-22 20:19:56 -07:00			`} else {`
debug streaming 2021-04-18 20:06:18 -07:00			`if resp.force_tokens {`
			`info!("This client will validate tokens.");`
			`} else {`
			`info!("This client will not validate tokens.");`
			`}`
			`VALIDATE_TOKENS.store(resp.force_tokens, Ordering::Release);`
finish minimum version 2021-03-22 14:47:56 -07:00			`}`

			`Ok(Self {`
			`precomputed_key: key,`
			`image_server: resp.image_server,`
			`tls_config: resp.tls.unwrap(),`
			`url: resp.url,`
debug streaming 2021-04-18 20:06:18 -07:00			`url_overridden: config.override_upstream.is_some(),`
finish minimum version 2021-03-22 14:47:56 -07:00			`})`
			`}`
			`Err(e) => {`
			`warn!("Got malformed response: {}", e);`
Remove some unwraps 2021-04-23 15:03:53 -07:00			`Err(ServerInitError::MalformedResponse(e))`
finish minimum version 2021-03-22 14:47:56 -07:00			`}`
			`},`
			`Err(e) => match e {`
			`e if e.is_timeout() => {`
			`error!("Response timed out to control server. Is MangaDex down?");`
Remove some unwraps 2021-04-23 15:03:53 -07:00			`Err(ServerInitError::Timeout(e))`
finish minimum version 2021-03-22 14:47:56 -07:00			`}`
			`e => {`
			`warn!("Failed to send request: {}", e);`
Remove some unwraps 2021-04-23 15:03:53 -07:00			`Err(ServerInitError::SendFailure(e))`
finish minimum version 2021-03-22 14:47:56 -07:00			`}`
			`},`
			`}`
			`}`
			`}`

			`pub struct RwLockServerState(pub RwLock<ServerState>);`

			`impl ResolvesServerCert for RwLockServerState {`
comment why tls is slow 2021-04-23 20:28:47 -07:00			`fn resolve(&self, _: ClientHello) -> Option<CertifiedKey> {`
			`// TODO: wait for actix-web to use a new version of rustls so we can`
			`// remove cloning the certs all the time`
finish minimum version 2021-03-22 14:47:56 -07:00			`let read_guard = self.0.read();`
			`Some(CertifiedKey {`
Custom implementation of Tls 2021-03-25 21:07:32 -07:00			`cert: read_guard.tls_config.certs.clone(),`
			`key: Arc::clone(&read_guard.tls_config.priv_key),`
finish minimum version 2021-03-22 14:47:56 -07:00			`ocsp: None,`
			`sct_list: None,`
			`})`
			`}`
			`}`