Merge pull request #102 from uqbar-dao/jf/ws

WebSocket API update: apps must bind to accept incoming connections
This commit is contained in:
dr-frmr 2023-12-18 20:25:26 -05:00 committed by GitHub
commit 95ed5dd9a6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 259 additions and 196 deletions

View File

@ -632,7 +632,7 @@ checksum = "f962df74c8c05a667b5ee8bcf162993134c104e96440b663c8daa176dc772d8c"
[[package]]
name = "uqbar_process_lib"
version = "0.4.0"
source = "git+ssh://git@github.com/uqbar-dao/process_lib.git?rev=1ce0d41#1ce0d412169e795c2a99464563b42ae2a2628d77"
source = "git+ssh://git@github.com/uqbar-dao/process_lib.git?rev=65e07e4#65e07e49553a5fa3340ff7c3d9cf3340a53610c8"
dependencies = [
"anyhow",
"bincode",

View File

@ -16,7 +16,7 @@ pleco = "0.5"
serde = { version = "1.0", features = ["derive"] }
serde_json = "1.0"
url = "*"
uqbar_process_lib = { git = "ssh://git@github.com/uqbar-dao/process_lib.git", rev = "1ce0d41" }
uqbar_process_lib = { git = "ssh://git@github.com/uqbar-dao/process_lib.git", rev = "65e07e4" }
wit-bindgen = { git = "https://github.com/bytecodealliance/wit-bindgen", rev = "efcc759" }
[lib]

File diff suppressed because one or more lines are too long

View File

@ -147,6 +147,8 @@ fn initialize(our: Address) {
)
.unwrap();
http::bind_http_path("/games", true, false).unwrap();
// Allow websockets to be opened at / (our process ID will be prepended).
http::bind_ws_path("/", true, false).unwrap();
// Grab our state, then enter the main event loop.
let mut state: ChessState = load_chess_state();
@ -178,7 +180,7 @@ fn handle_request(our: &Address, message: &Message, state: &mut ChessState) -> a
// chess protocol request, we *await* its response in-place. This is appropriate
// for direct node<>node comms, less appropriate for other circumstances...
if !message.is_request() {
return Err(anyhow::anyhow!("message was response"));
return Ok(());
}
// If the request is from another node, handle it as an incoming request.
// Note that we can enforce the ProcessId as well, but it shouldn't be a trusted
@ -221,8 +223,10 @@ fn handle_request(our: &Address, message: &Message, state: &mut ChessState) -> a
}
}
}
http::HttpServerRequest::WebSocketOpen(channel_id) => {
// client frontend opened a websocket
http::HttpServerRequest::WebSocketOpen { path, channel_id } => {
// We know this is authenticated and unencrypted because we only
// bound one path, the root path. So we know that client
// frontend opened a websocket and can send updates
state.clients.insert(channel_id);
Ok(())
}
@ -295,7 +299,7 @@ fn handle_chess_request(
// If we don't have a game with them, reject the move.
return Response::new()
.ipc(serde_json::to_vec(&ChessResponse::MoveRejected)?)
.send()
.send();
};
// Convert the saved board to one we can manipulate.
let mut board = Board::from_fen(&game.board).unwrap();
@ -359,9 +363,12 @@ fn handle_local_request(
let Ok(Message::Response { ref ipc, .. }) = Request::new()
.target((game_id.as_ref(), our.process.clone()))
.ipc(serde_json::to_vec(&action)?)
.send_and_await_response(5)? else {
return Err(anyhow::anyhow!("other player did not respond properly to new game request"))
};
.send_and_await_response(5)?
else {
return Err(anyhow::anyhow!(
"other player did not respond properly to new game request"
));
};
// If they accept, create a new game -- otherwise, error out.
if serde_json::from_slice::<ChessResponse>(ipc)? != ChessResponse::NewGameAccepted {
return Err(anyhow::anyhow!("other player rejected new game request!"));
@ -402,9 +409,12 @@ fn handle_local_request(
let Ok(Message::Response { ref ipc, .. }) = Request::new()
.target((game_id.as_ref(), our.process.clone()))
.ipc(serde_json::to_vec(&action)?)
.send_and_await_response(5)? else {
return Err(anyhow::anyhow!("other player did not respond properly to our move"))
};
.send_and_await_response(5)?
else {
return Err(anyhow::anyhow!(
"other player did not respond properly to our move"
));
};
if serde_json::from_slice::<ChessResponse>(ipc)? != ChessResponse::MoveAccepted {
return Err(anyhow::anyhow!("other player rejected our move"));
}
@ -487,9 +497,12 @@ fn handle_http_request(
white: player_white.clone(),
black: player_black.clone(),
})?)
.send_and_await_response(5)? else {
return Err(anyhow::anyhow!("other player did not respond properly to new game request"))
};
.send_and_await_response(5)?
else {
return Err(anyhow::anyhow!(
"other player did not respond properly to new game request"
));
};
// if they accept, create a new game
// otherwise, should surface error to FE...
if serde_json::from_slice::<ChessResponse>(msg.ipc())? != ChessResponse::NewGameAccepted
@ -553,9 +566,12 @@ fn handle_http_request(
game_id: game_id.to_string(),
move_str: move_str.to_string(),
})?)
.send_and_await_response(5)? else {
return Err(anyhow::anyhow!("other player did not respond properly to our move"))
};
.send_and_await_response(5)?
else {
return Err(anyhow::anyhow!(
"other player did not respond properly to our move"
));
};
if serde_json::from_slice::<ChessResponse>(msg.ipc())? != ChessResponse::MoveAccepted {
return Err(anyhow::anyhow!("other player rejected our move"));
}

View File

@ -36,6 +36,7 @@ type WebSocketSenders = Arc<DashMap<u32, (ProcessId, WebSocketSender)>>;
type WebSocketSender = tokio::sync::mpsc::Sender<warp::ws::Message>;
type PathBindings = Arc<RwLock<Router<BoundPath>>>;
type WsPathBindings = Arc<RwLock<Router<BoundWsPath>>>;
struct BoundPath {
pub app: ProcessId,
@ -45,6 +46,13 @@ struct BoundPath {
pub static_content: Option<Payload>, // TODO store in filesystem and cache
}
struct BoundWsPath {
pub app: ProcessId,
pub secure_subdomain: Option<String>,
pub authenticated: bool,
pub encrypted: bool, // TODO use
}
/// HTTP server: a runtime module that handles HTTP requests at a given port.
/// The server accepts bindings-requests from apps. These can be used in two ways:
///
@ -87,11 +95,15 @@ pub async fn http_server(
bindings_map.add("/rpc:sys:uqbar/message", rpc_bound_path);
let path_bindings: PathBindings = Arc::new(RwLock::new(bindings_map));
// ws path bindings
let ws_path_bindings: WsPathBindings = Arc::new(RwLock::new(Router::new()));
tokio::spawn(serve(
our_name.clone(),
our_port,
http_response_senders.clone(),
path_bindings.clone(),
ws_path_bindings.clone(),
ws_senders.clone(),
encoded_keyfile.clone(),
jwt_secret_bytes.clone(),
@ -105,6 +117,7 @@ pub async fn http_server(
km,
http_response_senders.clone(),
path_bindings.clone(),
ws_path_bindings.clone(),
ws_senders.clone(),
send_to_loop.clone(),
)
@ -120,6 +133,7 @@ async fn serve(
our_port: u16,
http_response_senders: HttpResponseSenders,
path_bindings: PathBindings,
ws_path_bindings: WsPathBindings,
ws_senders: WebSocketSenders,
encoded_keyfile: Arc<Vec<u8>>,
jwt_secret_bytes: Arc<Vec<u8>>,
@ -138,33 +152,17 @@ async fn serve(
let cloned_our = our.clone();
let cloned_jwt_secret_bytes = jwt_secret_bytes.clone();
let cloned_print_tx = print_tx.clone();
let ws_route = warp::path::end()
.and(warp::ws())
let ws_route = warp::ws()
.and(warp::path::full())
.and(warp::filters::host::optional())
.and(warp::filters::header::headers_cloned())
.and(warp::any().map(move || cloned_our.clone()))
.and(warp::any().map(move || cloned_jwt_secret_bytes.clone()))
.and(warp::any().map(move || ws_senders.clone()))
.and(warp::any().map(move || ws_path_bindings.clone()))
.and(warp::any().map(move || cloned_msg_tx.clone()))
.and(warp::any().map(move || cloned_print_tx.clone()))
.map(
|ws_connection: Ws,
our: Arc<String>,
jwt_secret_bytes: Arc<Vec<u8>>,
ws_senders: WebSocketSenders,
send_to_loop: MessageSender,
print_tx: PrintSender| {
ws_connection.on_upgrade(move |ws: WebSocket| async move {
maintain_websocket(
ws,
our,
jwt_secret_bytes,
ws_senders,
send_to_loop,
print_tx,
)
.await
})
},
);
.and_then(ws_handler);
// filter to receive and handle login requests
let cloned_our = our.clone();
@ -250,6 +248,84 @@ async fn login_handler(
}
}
async fn ws_handler(
ws_connection: Ws,
path: warp::path::FullPath,
host: Option<Authority>,
headers: warp::http::HeaderMap,
our: Arc<String>,
jwt_secret_bytes: Arc<Vec<u8>>,
ws_senders: WebSocketSenders,
ws_path_bindings: WsPathBindings,
send_to_loop: MessageSender,
print_tx: PrintSender,
) -> Result<impl warp::Reply, warp::Rejection> {
let original_path = normalize_path(path.as_str());
let _ = print_tx.send(Printout {
verbosity: 1,
content: format!("got ws request for {original_path}"),
});
let serialized_headers = serialize_headers(&headers);
let ws_path_bindings = ws_path_bindings.read().await;
let Ok(route) = ws_path_bindings.recognize(&original_path) else {
return Err(warp::reject::not_found());
};
let bound_path = route.handler();
if let Some(ref subdomain) = bound_path.secure_subdomain {
let _ = print_tx
.send(Printout {
verbosity: 1,
content: format!(
"got request for path {original_path} bound by subdomain {subdomain}"
),
})
.await;
// assert that host matches what this app wants it to be
if host.is_none() {
return Err(warp::reject::not_found());
}
let host = host.as_ref().unwrap();
// parse out subdomain from host (there can only be one)
let request_subdomain = host.host().split('.').next().unwrap_or("");
if request_subdomain != subdomain {
return Err(warp::reject::not_found());
}
}
if bound_path.authenticated {
let Some(auth_token) = serialized_headers.get("cookie") else {
return Err(warp::reject::not_found());
};
if !auth_cookie_valid(&our, &auth_token, &jwt_secret_bytes) {
return Err(warp::reject::not_found());
}
}
let app = bound_path.app.clone();
Ok(ws_connection.on_upgrade(move |ws: WebSocket| async move {
maintain_websocket(
ws,
our.clone(),
app,
// remove process id from beginning of path by splitting into segments
// separated by "/" and taking all but the first
original_path
.split('/')
.skip(1)
.collect::<Vec<&str>>()
.join("/"),
jwt_secret_bytes.clone(),
ws_senders.clone(),
send_to_loop.clone(),
print_tx.clone(),
)
.await;
}))
}
async fn http_handler(
method: warp::http::Method,
socket_addr: Option<SocketAddr>,
@ -522,16 +598,14 @@ async fn handle_rpc_message(
async fn maintain_websocket(
ws: WebSocket,
our: Arc<String>,
jwt_secret_bytes: Arc<Vec<u8>>,
app: ProcessId,
path: String,
_jwt_secret_bytes: Arc<Vec<u8>>, // TODO use for encrypted channels
ws_senders: WebSocketSenders,
send_to_loop: MessageSender,
print_tx: PrintSender,
) {
let (mut write_stream, mut read_stream) = ws.split();
// first, receive a message from client that contains the target process
// and the auth token
let _ = print_tx
.send(Printout {
verbosity: 1,
@ -539,72 +613,10 @@ async fn maintain_websocket(
})
.await;
let Some(Ok(register_msg)) = read_stream.next().await else {
// stream closed, exit
let _ = print_tx
.send(Printout {
verbosity: 1,
content: format!("client failed to send registration message"),
})
.await;
let stream = write_stream.reunite(read_stream).unwrap();
let _ = stream.close().await;
return;
};
let Ok(ws_register) = serde_json::from_slice::<WsRegister>(register_msg.as_bytes()) else {
// stream error, exit
let _ = print_tx
.send(Printout {
verbosity: 1,
content: format!("couldn't parse registration message from client"),
})
.await;
let stream = write_stream.reunite(read_stream).unwrap();
let _ = stream.close().await;
return;
};
let Ok(owner_process) = ProcessId::from_str(&ws_register.target_process) else {
// invalid process id, exit
let _ = print_tx
.send(Printout {
verbosity: 1,
content: format!("client sent malformed process ID"),
})
.await;
let stream = write_stream.reunite(read_stream).unwrap();
let _ = stream.close().await;
return;
};
let _ = print_tx
.send(Printout {
verbosity: 1,
content: format!("channel is intended for {owner_process}"),
})
.await;
let Ok(our_name) = verify_auth_token(&ws_register.auth_token, &jwt_secret_bytes) else {
// invalid auth token, exit
let stream = write_stream.reunite(read_stream).unwrap();
let _ = stream.close().await;
return;
};
if our_name != *our {
// invalid auth token, exit
let stream = write_stream.reunite(read_stream).unwrap();
let _ = stream.close().await;
return;
}
let ws_channel_id: u32 = rand::random();
let channel_id: u32 = rand::random();
let (ws_sender, mut ws_receiver) = tokio::sync::mpsc::channel(100);
ws_senders.insert(ws_channel_id, (owner_process.clone(), ws_sender));
ws_senders.insert(channel_id, (app.clone(), ws_sender));
// send a message to the process associated with this channel
// notifying them that the channel is now open
let _ = send_to_loop
.send(KernelMessage {
id: rand::random(),
@ -613,14 +625,15 @@ async fn maintain_websocket(
process: HTTP_SERVER_PROCESS_ID.clone(),
},
target: Address {
node: our.to_string(),
process: owner_process.clone(),
node: our.clone().to_string(),
process: app.clone(),
},
rsvp: None,
message: Message::Request(Request {
inherit: false,
expects_response: None,
ipc: serde_json::to_vec(&HttpServerRequest::WebSocketOpen(ws_channel_id)).unwrap(),
ipc: serde_json::to_vec(&HttpServerRequest::WebSocketOpen { path, channel_id })
.unwrap(),
metadata: Some("ws".into()),
}),
payload: None,
@ -628,83 +641,53 @@ async fn maintain_websocket(
})
.await;
// respond to the client notifying them that the channel is now open
let Ok(()) = write_stream
.send(warp::ws::Message::text(
serde_json::to_string(&WsRegisterResponse {
channel_id: ws_channel_id,
})
.unwrap(),
))
.await
else {
// stream error, exit
let stream = write_stream.reunite(read_stream).unwrap();
let _ = stream.close().await;
return;
};
let _ = print_tx
.send(Printout {
verbosity: 1,
content: format!("websocket channel {ws_channel_id} opened"),
})
.await;
let _ = print_tx.send(Printout {
verbosity: 1,
content: format!("websocket channel {channel_id} opened"),
});
loop {
tokio::select! {
read = read_stream.next() => {
match read {
None => {
// stream closed, remove and exit
websocket_close(ws_channel_id, owner_process, &ws_senders, &send_to_loop).await;
break;
}
Some(Err(_e)) => {
// stream error, remove and exit
websocket_close(ws_channel_id, owner_process, &ws_senders, &send_to_loop).await;
break;
}
Some(Ok(msg)) => {
// forward message to process associated with this channel
let _ = send_to_loop
.send(KernelMessage {
id: rand::random(),
source: Address {
node: our.to_string(),
process: HTTP_SERVER_PROCESS_ID.clone(),
},
target: Address {
node: our.to_string(),
process: owner_process.clone(),
},
rsvp: None,
message: Message::Request(Request {
inherit: false,
expects_response: None,
ipc: serde_json::to_vec(&HttpServerRequest::WebSocketPush {
channel_id: ws_channel_id,
message_type: WsMessageType::Binary,
}).unwrap(),
metadata: Some("ws".into()),
}),
payload: Some(Payload {
mime: None,
bytes: msg.into_bytes(),
}),
signed_capabilities: None,
})
.await;
let _ = send_to_loop.send(KernelMessage {
id: rand::random(),
source: Address {
node: our.to_string(),
process: HTTP_SERVER_PROCESS_ID.clone(),
},
target: Address {
node: our.to_string(),
process: app.clone(),
},
rsvp: None,
message: Message::Request(Request {
inherit: false,
expects_response: None,
ipc: serde_json::to_vec(&HttpServerRequest::WebSocketPush {
channel_id,
message_type: WsMessageType::Binary,
}).unwrap(),
metadata: Some("ws".into()),
}),
payload: Some(Payload {
mime: None,
bytes: msg.into_bytes(),
}),
signed_capabilities: None,
});
}
_ => {
websocket_close(channel_id, app.clone(), &ws_senders, &send_to_loop).await;
break;
}
}
}
Some(outgoing) = ws_receiver.recv() => {
// forward message to websocket
match write_stream.send(outgoing).await {
Ok(()) => continue,
Err(_e) => {
// stream error, remove and exit
websocket_close(ws_channel_id, owner_process, &ws_senders, &send_to_loop).await;
Err(_) => {
websocket_close(channel_id, app.clone(), &ws_senders, &send_to_loop).await;
break;
}
}
@ -757,6 +740,7 @@ async fn handle_app_message(
km: KernelMessage,
http_response_senders: HttpResponseSenders,
path_bindings: PathBindings,
ws_path_bindings: WsPathBindings,
ws_senders: WebSocketSenders,
send_to_loop: MessageSender,
) {
@ -921,7 +905,53 @@ async fn handle_app_message(
}
send_action_response(km.id, km.source, &send_to_loop, Ok(())).await;
}
HttpServerAction::WebSocketOpen(_) => {
HttpServerAction::WebSocketBind {
mut path,
authenticated,
encrypted,
} => {
path = if path.starts_with('/') {
format!("/{}{}", km.source.process, path)
} else {
format!("/{}/{}", km.source.process, path)
};
let mut ws_path_bindings = ws_path_bindings.write().await;
ws_path_bindings.add(
&normalize_path(&path),
BoundWsPath {
app: km.source.process.clone(),
secure_subdomain: None,
authenticated,
encrypted,
},
);
send_action_response(km.id, km.source, &send_to_loop, Ok(())).await;
}
HttpServerAction::WebSocketSecureBind {
mut path,
encrypted,
} => {
path = if path.starts_with('/') {
format!("/{}{}", km.source.process, path)
} else {
format!("/{}/{}", km.source.process, path)
};
let process_id_hash =
format!("{:x}", Sha256::digest(km.source.process.to_string()));
let subdomain = process_id_hash.split_at(32).0.to_owned();
let mut ws_path_bindings = ws_path_bindings.write().await;
ws_path_bindings.add(
&normalize_path(&path),
BoundWsPath {
app: km.source.process.clone(),
secure_subdomain: Some(subdomain),
authenticated: true,
encrypted,
},
);
send_action_response(km.id, km.source, &send_to_loop, Ok(())).await;
}
HttpServerAction::WebSocketOpen { .. } => {
// we cannot receive these, only send them to processes
send_action_response(
km.id,

View File

@ -11,7 +11,10 @@ pub enum HttpServerRequest {
/// Processes will receive this kind of request when a client connects to them.
/// If a process does not want this websocket open, they should issue a *request*
/// containing a [`type@HttpServerAction::WebSocketClose`] message and this channel ID.
WebSocketOpen(u32),
WebSocketOpen {
path: String,
channel_id: u32,
},
/// Processes can both SEND and RECEIVE this kind of request
/// (send as [`type@HttpServerAction::WebSocketPush`]).
/// When received, will contain the message bytes as payload.
@ -111,10 +114,22 @@ pub enum HttpServerAction {
/// payload bytes and serve them as the response to any request to this path.
cache: bool,
},
/// Bind a path to receive incoming WebSocket connections.
/// Doesn't need a cache since does not serve assets.
WebSocketBind {
path: String,
authenticated: bool,
encrypted: bool,
},
/// SecureBind is the same as Bind, except that it forces new connections to be made
/// from the unique subdomain of the process that bound the path. These are *always*
/// authenticated. Since the subdomain is unique, it will require the user to be
/// logged in separately to the general domain authentication.
WebSocketSecureBind { path: String, encrypted: bool },
/// Processes will RECEIVE this kind of request when a client connects to them.
/// If a process does not want this websocket open, they should issue a *request*
/// containing a [`type@HttpServerAction::WebSocketClose`] message and this channel ID.
WebSocketOpen(u32),
WebSocketOpen { path: String, channel_id: u32 },
/// When sent, expects a payload containing the WebSocket message bytes to send.
WebSocketPush {
channel_id: u32,

View File

@ -21,11 +21,13 @@ pub struct RpcMessage {
}
/// Ingest an auth token given from client and return the node name or an error.
pub fn verify_auth_token(auth_token: &str, jwt_secret: &[u8]) -> Result<String, jwt::Error> {
pub fn _verify_auth_token(auth_token: &str, jwt_secret: &[u8]) -> Result<String, jwt::Error> {
let Ok(secret) = Hmac::<Sha256>::new_from_slice(jwt_secret) else {
return Err(jwt::Error::Format);
};
println!("hello\r");
let claims: Result<JwtClaims, jwt::Error> = auth_token.verify_with_key(&secret);
match claims {