mangadex-home-rs/src/routes.rs

use std::{
    convert::Infallible,
    sync::atomic::{AtomicBool, Ordering},
};

use actix_web::dev::HttpResponseBuilder;
use actix_web::http::header::{
    ACCESS_CONTROL_ALLOW_ORIGIN, ACCESS_CONTROL_EXPOSE_HEADERS, CACHE_CONTROL, CONTENT_LENGTH,
    CONTENT_TYPE, LAST_MODIFIED, X_CONTENT_TYPE_OPTIONS,
};
use actix_web::web::Path;
use actix_web::{get, web::Data, HttpRequest, HttpResponse, Responder};
use base64::DecodeError;
use bytes::Bytes;
use chrono::{DateTime, Utc};
use futures::stream;
use log::{error, info, warn};
use serde::Deserialize;
use sodiumoxide::crypto::box_::{open_precomputed, Nonce, PrecomputedKey, NONCEBYTES};
use thiserror::Error;

use crate::cache::{CacheKey, CachedImage};
use crate::client_api_version;
use crate::state::RwLockServerState;

pub const BASE64_CONFIG: base64::Config = base64::Config::new(base64::CharacterSet::UrlSafe, false);

pub static SEND_SERVER_VERSION: AtomicBool = AtomicBool::new(false);

const SERVER_ID_STRING: &str = concat!(
    env!("CARGO_CRATE_NAME"),
    " ",
    env!("CARGO_PKG_VERSION"),
    " (",
    client_api_version!(),
    ") - Conforming to spec revision b82043289",
);

enum ServerResponse {
    TokenValidationError(TokenValidationError),
    HttpResponse(HttpResponse),
}

impl Responder for ServerResponse {
    #[inline]
    fn respond_to(self, req: &HttpRequest) -> HttpResponse {
        match self {
            Self::TokenValidationError(e) => e.respond_to(req),
            Self::HttpResponse(resp) => resp.respond_to(req),
        }
    }
}

#[get("/{token}/data/{chapter_hash}/{file_name}")]
async fn token_data(
    state: Data<RwLockServerState>,
    path: Path<(String, String, String)>,
) -> impl Responder {
    let (token, chapter_hash, file_name) = path.into_inner();
    if state.0.read().force_tokens {
        if let Err(e) = validate_token(&state.0.read().precomputed_key, token, &chapter_hash) {
            return ServerResponse::TokenValidationError(e);
        }
    }

    fetch_image(state, chapter_hash, file_name, false).await
}

#[get("/{token}/data-saver/{chapter_hash}/{file_name}")]
async fn token_data_saver(
    state: Data<RwLockServerState>,
    path: Path<(String, String, String)>,
) -> impl Responder {
    let (token, chapter_hash, file_name) = path.into_inner();
    if state.0.read().force_tokens {
        if let Err(e) = validate_token(&state.0.read().precomputed_key, token, &chapter_hash) {
            return ServerResponse::TokenValidationError(e);
        }
    }
    fetch_image(state, chapter_hash, file_name, true).await
}

pub async fn default(state: Data<RwLockServerState>, req: HttpRequest) -> impl Responder {
    let path = &format!(
        "{}{}",
        state.0.read().image_server,
        req.path().chars().skip(1).collect::<String>()
    );
    info!("Got unknown path, just proxying: {}", path);
    let resp = reqwest::get(path).await.unwrap();
    let content_type = resp.headers().get(CONTENT_TYPE);
    let mut resp_builder = HttpResponseBuilder::new(resp.status());
    if let Some(content_type) = content_type {
        resp_builder.insert_header((CONTENT_TYPE, content_type));
    }
    push_headers(&mut resp_builder);

    ServerResponse::HttpResponse(resp_builder.body(resp.bytes().await.unwrap_or_default()))
}

#[derive(Error, Debug)]
enum TokenValidationError {
    #[error("Failed to decode base64 token.")]
    DecodeError(#[from] DecodeError),
    #[error("Nonce was too short.")]
    IncompleteNonce,
    #[error("Invalid nonce.")]
    InvalidNonce,
    #[error("Decryption failed")]
    DecryptionFailure,
    #[error("The token format was invalid.")]
    InvalidToken,
    #[error("The token has expired.")]
    TokenExpired,
    #[error("Invalid chapter hash.")]
    InvalidChapterHash,
}

impl Responder for TokenValidationError {
    #[inline]
    fn respond_to(self, _: &HttpRequest) -> HttpResponse {
        push_headers(&mut HttpResponse::Forbidden()).finish()
    }
}

fn validate_token(
    precomputed_key: &PrecomputedKey,
    token: String,
    chapter_hash: &str,
) -> Result<(), TokenValidationError> {
    #[derive(Deserialize)]
    struct Token<'a> {
        expires: DateTime<Utc>,
        hash: &'a str,
    }

    let data = base64::decode_config(token, BASE64_CONFIG)?;
    if data.len() < NONCEBYTES {
        return Err(TokenValidationError::IncompleteNonce);
    }

    let nonce = Nonce::from_slice(&data[..NONCEBYTES]).ok_or(TokenValidationError::InvalidNonce)?;
    let decrypted = open_precomputed(&data[NONCEBYTES..], &nonce, precomputed_key)
        .map_err(|_| TokenValidationError::DecryptionFailure)?;

    let parsed_token: Token =
        serde_json::from_slice(&decrypted).map_err(|_| TokenValidationError::InvalidToken)?;

    if parsed_token.expires < Utc::now() {
        return Err(TokenValidationError::TokenExpired);
    }

    if parsed_token.hash != chapter_hash {
        return Err(TokenValidationError::InvalidChapterHash);
    }

    Ok(())
}

#[inline]
fn push_headers(builder: &mut HttpResponseBuilder) -> &mut HttpResponseBuilder {
    builder
        .insert_header((X_CONTENT_TYPE_OPTIONS, "nosniff"))
        .insert_header((ACCESS_CONTROL_ALLOW_ORIGIN, "https://mangadex.org"))
        .insert_header((ACCESS_CONTROL_EXPOSE_HEADERS, "*"))
        .insert_header((CACHE_CONTROL, "public, max-age=1209600"))
        .insert_header(("Timing-Allow-Origin", "https://mangadex.org"));

    if SEND_SERVER_VERSION.load(Ordering::Acquire) {
        builder.insert_header(("Server", SERVER_ID_STRING));
    }

    builder
}

async fn fetch_image(
    state: Data<RwLockServerState>,
    chapter_hash: String,
    file_name: String,
    is_data_saver: bool,
) -> ServerResponse {
    let key = CacheKey(chapter_hash, file_name, is_data_saver);

    if let Some(cached) = state.0.write().cache.get(&key).await {
        return construct_response(cached);
    }

    let mut state = state.0.write();

    let resp = if is_data_saver {
        reqwest::get(format!(
            "{}/data-saver/{}/{}",
            state.image_server, &key.1, &key.2
        ))
    } else {
        reqwest::get(format!("{}/data/{}/{}", state.image_server, &key.1, &key.2))
    }
    .await;

    match resp {
        Ok(resp) => {
            let content_type = resp.headers().get(CONTENT_TYPE);

            let is_image = content_type
                .map(|v| String::from_utf8_lossy(v.as_ref()).contains("image/"))
                .unwrap_or_default();
            if resp.status() != 200 || !is_image {
                warn!(
                    "Got non-OK or non-image response code from upstream, proxying and not caching result.",
                );

                let mut resp_builder = HttpResponseBuilder::new(resp.status());
                if let Some(content_type) = content_type {
                    resp_builder.insert_header((CONTENT_TYPE, content_type));
                }

                push_headers(&mut resp_builder);

                return ServerResponse::HttpResponse(
                    resp_builder.body(resp.bytes().await.unwrap_or_default()),
                );
            }

            let headers = resp.headers();
            let content_type = headers.get(CONTENT_TYPE).map(AsRef::as_ref).map(Vec::from);
            let content_length = headers
                .get(CONTENT_LENGTH)
                .map(AsRef::as_ref)
                .map(Vec::from);
            let last_modified = headers.get(LAST_MODIFIED).map(AsRef::as_ref).map(Vec::from);
            let body = resp.bytes().await;
            match body {
                Ok(bytes) => {
                    let cached = CachedImage {
                        data: bytes.to_vec(),
                        content_type,
                        content_length,
                        last_modified,
                    };
                    let resp = construct_response(&cached);
                    state.cache.put(key, cached).await;
                    return resp;
                }
                Err(e) => {
                    warn!("Got payload error from image server: {}", e);
                    ServerResponse::HttpResponse(
                        push_headers(&mut HttpResponse::ServiceUnavailable()).finish(),
                    )
                }
            }
        }
        Err(e) => {
            error!("Failed to fetch image from server: {}", e);
            ServerResponse::HttpResponse(
                push_headers(&mut HttpResponse::ServiceUnavailable()).finish(),
            )
        }
    }
}

fn construct_response(cached: &CachedImage) -> ServerResponse {
    let data: Vec<Result<Bytes, Infallible>> = cached
        .data
        .to_vec()
        .chunks(1460) // TCP MSS default size
        .map(|v| Ok(Bytes::from(v.to_vec())))
        .collect();
    let mut resp = HttpResponse::Ok();
    if let Some(content_type) = &cached.content_type {
        resp.append_header((CONTENT_TYPE, &**content_type));
    }
    if let Some(content_length) = &cached.content_length {
        resp.append_header((CONTENT_LENGTH, &**content_length));
    }
    if let Some(last_modified) = &cached.last_modified {
        resp.append_header((LAST_MODIFIED, &**last_modified));
    }

    return ServerResponse::HttpResponse(push_headers(&mut resp).streaming(stream::iter(data)));
}
Support CLI args 2021-03-25 18:06:54 -07:00			`use std::{`
			`convert::Infallible,`
			`sync::atomic::{AtomicBool, Ordering},`
			`};`
initial proof of concept 2021-03-17 18:45:16 -07:00
minimal viable product 2021-03-17 19:41:48 -07:00			`use actix_web::dev::HttpResponseBuilder;`
			`use actix_web::http::header::{`
			`ACCESS_CONTROL_ALLOW_ORIGIN, ACCESS_CONTROL_EXPOSE_HEADERS, CACHE_CONTROL, CONTENT_LENGTH,`
			`CONTENT_TYPE, LAST_MODIFIED, X_CONTENT_TYPE_OPTIONS,`
			`};`
			`use actix_web::web::Path;`
			`use actix_web::{get, web::Data, HttpRequest, HttpResponse, Responder};`
initial proof of concept 2021-03-17 18:45:16 -07:00			`use base64::DecodeError;`
			`use bytes::Bytes;`
			`use chrono::{DateTime, Utc};`
			`use futures::stream;`
finish minimum version 2021-03-22 14:47:56 -07:00			`use log::{error, info, warn};`
initial proof of concept 2021-03-17 18:45:16 -07:00			`use serde::Deserialize;`
			`use sodiumoxide::crypto::box_::{open_precomputed, Nonce, PrecomputedKey, NONCEBYTES};`
			`use thiserror::Error;`

finish minimum version 2021-03-22 14:47:56 -07:00			`use crate::cache::{CacheKey, CachedImage};`
			`use crate::client_api_version;`
			`use crate::state::RwLockServerState;`
initial proof of concept 2021-03-17 18:45:16 -07:00
finish minimum version 2021-03-22 14:47:56 -07:00			`pub const BASE64_CONFIG: base64::Config = base64::Config::new(base64::CharacterSet::UrlSafe, false);`
initial proof of concept 2021-03-17 18:45:16 -07:00
Support CLI args 2021-03-25 18:06:54 -07:00			`pub static SEND_SERVER_VERSION: AtomicBool = AtomicBool::new(false);`

initial proof of concept 2021-03-17 18:45:16 -07:00			`const SERVER_ID_STRING: &str = concat!(`
			`env!("CARGO_CRATE_NAME"),`
			`" ",`
			`env!("CARGO_PKG_VERSION"),`
			`" (",`
			`client_api_version!(),`
Remove no token paths 2021-03-22 20:04:54 -07:00			`") - Conforming to spec revision b82043289",`
initial proof of concept 2021-03-17 18:45:16 -07:00			`);`

			`enum ServerResponse {`
			`TokenValidationError(TokenValidationError),`
			`HttpResponse(HttpResponse),`
			`}`

			`impl Responder for ServerResponse {`
inline 2021-03-23 09:59:49 -07:00			`#[inline]`
initial proof of concept 2021-03-17 18:45:16 -07:00			`fn respond_to(self, req: &HttpRequest) -> HttpResponse {`
			`match self {`
minimal viable product 2021-03-17 19:41:48 -07:00			`Self::TokenValidationError(e) => e.respond_to(req),`
			`Self::HttpResponse(resp) => resp.respond_to(req),`
initial proof of concept 2021-03-17 18:45:16 -07:00			`}`
			`}`
			`}`

			`#[get("/{token}/data/{chapter_hash}/{file_name}")]`
			`async fn token_data(`
			`state: Data<RwLockServerState>,`
			`path: Path<(String, String, String)>,`
			`) -> impl Responder {`
			`let (token, chapter_hash, file_name) = path.into_inner();`
finish minimum version 2021-03-22 14:47:56 -07:00			`if state.0.read().force_tokens {`
initial proof of concept 2021-03-17 18:45:16 -07:00			`if let Err(e) = validate_token(&state.0.read().precomputed_key, token, &chapter_hash) {`
			`return ServerResponse::TokenValidationError(e);`
			`}`
			`}`

			`fetch_image(state, chapter_hash, file_name, false).await`
			`}`

			`#[get("/{token}/data-saver/{chapter_hash}/{file_name}")]`
			`async fn token_data_saver(`
			`state: Data<RwLockServerState>,`
			`path: Path<(String, String, String)>,`
			`) -> impl Responder {`
			`let (token, chapter_hash, file_name) = path.into_inner();`
finish minimum version 2021-03-22 14:47:56 -07:00			`if state.0.read().force_tokens {`
initial proof of concept 2021-03-17 18:45:16 -07:00			`if let Err(e) = validate_token(&state.0.read().precomputed_key, token, &chapter_hash) {`
			`return ServerResponse::TokenValidationError(e);`
			`}`
			`}`
			`fetch_image(state, chapter_hash, file_name, true).await`
			`}`

finish minimum version 2021-03-22 14:47:56 -07:00			`pub async fn default(state: Data<RwLockServerState>, req: HttpRequest) -> impl Responder {`
			`let path = &format!(`
			`"{}{}",`
			`state.0.read().image_server,`
			`req.path().chars().skip(1).collect::<String>()`
			`);`
			`info!("Got unknown path, just proxying: {}", path);`
			`let resp = reqwest::get(path).await.unwrap();`
			`let content_type = resp.headers().get(CONTENT_TYPE);`
			`let mut resp_builder = HttpResponseBuilder::new(resp.status());`
			`if let Some(content_type) = content_type {`
			`resp_builder.insert_header((CONTENT_TYPE, content_type));`
			`}`
			`push_headers(&mut resp_builder);`

			`ServerResponse::HttpResponse(resp_builder.body(resp.bytes().await.unwrap_or_default()))`
			`}`

initial proof of concept 2021-03-17 18:45:16 -07:00			`#[derive(Error, Debug)]`
			`enum TokenValidationError {`
			`#[error("Failed to decode base64 token.")]`
			`DecodeError(#[from] DecodeError),`
			`#[error("Nonce was too short.")]`
			`IncompleteNonce,`
			`#[error("Invalid nonce.")]`
			`InvalidNonce,`
			`#[error("Decryption failed")]`
			`DecryptionFailure,`
			`#[error("The token format was invalid.")]`
			`InvalidToken,`
			`#[error("The token has expired.")]`
			`TokenExpired,`
			`#[error("Invalid chapter hash.")]`
			`InvalidChapterHash,`
			`}`

			`impl Responder for TokenValidationError {`
inline 2021-03-23 09:59:49 -07:00			`#[inline]`
initial proof of concept 2021-03-17 18:45:16 -07:00			`fn respond_to(self, _: &HttpRequest) -> HttpResponse {`
			`push_headers(&mut HttpResponse::Forbidden()).finish()`
			`}`
			`}`

			`fn validate_token(`
			`precomputed_key: &PrecomputedKey,`
			`token: String,`
			`chapter_hash: &str,`
			`) -> Result<(), TokenValidationError> {`
minimal viable product 2021-03-17 19:41:48 -07:00			`#[derive(Deserialize)]`
			`struct Token<'a> {`
			`expires: DateTime<Utc>,`
			`hash: &'a str,`
			`}`

initial proof of concept 2021-03-17 18:45:16 -07:00			`let data = base64::decode_config(token, BASE64_CONFIG)?;`
			`if data.len() < NONCEBYTES {`
			`return Err(TokenValidationError::IncompleteNonce);`
			`}`

			`let nonce = Nonce::from_slice(&data[..NONCEBYTES]).ok_or(TokenValidationError::InvalidNonce)?;`
			`let decrypted = open_precomputed(&data[NONCEBYTES..], &nonce, precomputed_key)`
			`.map_err(\|_\| TokenValidationError::DecryptionFailure)?;`

			`let parsed_token: Token =`
			`serde_json::from_slice(&decrypted).map_err(\|_\| TokenValidationError::InvalidToken)?;`

			`if parsed_token.expires < Utc::now() {`
			`return Err(TokenValidationError::TokenExpired);`
			`}`

			`if parsed_token.hash != chapter_hash {`
			`return Err(TokenValidationError::InvalidChapterHash);`
			`}`

			`Ok(())`
			`}`

inline 2021-03-23 09:59:49 -07:00			`#[inline]`
initial proof of concept 2021-03-17 18:45:16 -07:00			`fn push_headers(builder: &mut HttpResponseBuilder) -> &mut HttpResponseBuilder {`
			`builder`
minimal viable product 2021-03-17 19:41:48 -07:00			`.insert_header((X_CONTENT_TYPE_OPTIONS, "nosniff"))`
			`.insert_header((ACCESS_CONTROL_ALLOW_ORIGIN, "https://mangadex.org"))`
			`.insert_header((ACCESS_CONTROL_EXPOSE_HEADERS, "*"))`
			`.insert_header((CACHE_CONTROL, "public, max-age=1209600"))`
Support CLI args 2021-03-25 18:06:54 -07:00			`.insert_header(("Timing-Allow-Origin", "https://mangadex.org"));`

			`if SEND_SERVER_VERSION.load(Ordering::Acquire) {`
			`builder.insert_header(("Server", SERVER_ID_STRING));`
			`}`

			`builder`
initial proof of concept 2021-03-17 18:45:16 -07:00			`}`

			`async fn fetch_image(`
			`state: Data<RwLockServerState>,`
			`chapter_hash: String,`
			`file_name: String,`
			`is_data_saver: bool,`
			`) -> ServerResponse {`
finish minimum version 2021-03-22 14:47:56 -07:00			`let key = CacheKey(chapter_hash, file_name, is_data_saver);`
initial proof of concept 2021-03-17 18:45:16 -07:00
finish minimum version 2021-03-22 14:47:56 -07:00			`if let Some(cached) = state.0.write().cache.get(&key).await {`
minimal viable product 2021-03-17 19:41:48 -07:00			`return construct_response(cached);`
initial proof of concept 2021-03-17 18:45:16 -07:00			`}`

			`let mut state = state.0.write();`
Support CLI args 2021-03-25 18:06:54 -07:00
initial proof of concept 2021-03-17 18:45:16 -07:00			`let resp = if is_data_saver {`
finish minimum version 2021-03-22 14:47:56 -07:00			`reqwest::get(format!(`
initial proof of concept 2021-03-17 18:45:16 -07:00			`"{}/data-saver/{}/{}",`
			`state.image_server, &key.1, &key.2`
			`))`
			`} else {`
finish minimum version 2021-03-22 14:47:56 -07:00			`reqwest::get(format!("{}/data/{}/{}", state.image_server, &key.1, &key.2))`
initial proof of concept 2021-03-17 18:45:16 -07:00			`}`
			`.await;`

			`match resp {`
finish minimum version 2021-03-22 14:47:56 -07:00			`Ok(resp) => {`
			`let content_type = resp.headers().get(CONTENT_TYPE);`

			`let is_image = content_type`
			`.map(\|v\| String::from_utf8_lossy(v.as_ref()).contains("image/"))`
			`.unwrap_or_default();`
			`if resp.status() != 200 \|\| !is_image {`
			`warn!(`
			`"Got non-OK or non-image response code from upstream, proxying and not caching result.",`
			`);`

			`let mut resp_builder = HttpResponseBuilder::new(resp.status());`
			`if let Some(content_type) = content_type {`
			`resp_builder.insert_header((CONTENT_TYPE, content_type));`
			`}`
Support CLI args 2021-03-25 18:06:54 -07:00
finish minimum version 2021-03-22 14:47:56 -07:00			`push_headers(&mut resp_builder);`

			`return ServerResponse::HttpResponse(`
			`resp_builder.body(resp.bytes().await.unwrap_or_default()),`
			`);`
			`}`

minimal viable product 2021-03-17 19:41:48 -07:00			`let headers = resp.headers();`
			`let content_type = headers.get(CONTENT_TYPE).map(AsRef::as_ref).map(Vec::from);`
			`let content_length = headers`
			`.get(CONTENT_LENGTH)`
			`.map(AsRef::as_ref)`
			`.map(Vec::from);`
			`let last_modified = headers.get(LAST_MODIFIED).map(AsRef::as_ref).map(Vec::from);`
finish minimum version 2021-03-22 14:47:56 -07:00			`let body = resp.bytes().await;`
minimal viable product 2021-03-17 19:41:48 -07:00			`match body {`
			`Ok(bytes) => {`
			`let cached = CachedImage {`
			`data: bytes.to_vec(),`
			`content_type,`
			`content_length,`
			`last_modified,`
			`};`
			`let resp = construct_response(&cached);`
finish minimum version 2021-03-22 14:47:56 -07:00			`state.cache.put(key, cached).await;`
minimal viable product 2021-03-17 19:41:48 -07:00			`return resp;`
			`}`
			`Err(e) => {`
			`warn!("Got payload error from image server: {}", e);`
			`ServerResponse::HttpResponse(`
			`push_headers(&mut HttpResponse::ServiceUnavailable()).finish(),`
			`)`
			`}`
initial proof of concept 2021-03-17 18:45:16 -07:00			`}`
minimal viable product 2021-03-17 19:41:48 -07:00			`}`
initial proof of concept 2021-03-17 18:45:16 -07:00			`Err(e) => {`
			`error!("Failed to fetch image from server: {}", e);`
minimal viable product 2021-03-17 19:41:48 -07:00			`ServerResponse::HttpResponse(`
			`push_headers(&mut HttpResponse::ServiceUnavailable()).finish(),`
			`)`
initial proof of concept 2021-03-17 18:45:16 -07:00			`}`
			`}`
			`}`
minimal viable product 2021-03-17 19:41:48 -07:00
			`fn construct_response(cached: &CachedImage) -> ServerResponse {`
			`let data: Vec<Result<Bytes, Infallible>> = cached`
			`.data`
			`.to_vec()`
use TCP MSS as chunk size 2021-03-23 12:31:59 -07:00			`.chunks(1460) // TCP MSS default size`
minimal viable product 2021-03-17 19:41:48 -07:00			`.map(\|v\| Ok(Bytes::from(v.to_vec())))`
			`.collect();`
			`let mut resp = HttpResponse::Ok();`
			`if let Some(content_type) = &cached.content_type {`
			`resp.append_header((CONTENT_TYPE, &**content_type));`
			`}`
			`if let Some(content_length) = &cached.content_length {`
			`resp.append_header((CONTENT_LENGTH, &**content_length));`
			`}`
			`if let Some(last_modified) = &cached.last_modified {`
			`resp.append_header((LAST_MODIFIED, &**last_modified));`
			`}`

			`return ServerResponse::HttpResponse(push_headers(&mut resp).streaming(stream::iter(data)));`
			`}`