🗑️ Clean up command related stuff

🚚 Move http package to web

pkg/internal/web/api/check_ip.go

@@ -0,0 +1,7 @@
+package api
+
+import "github.com/gofiber/fiber/v2"
+
+func getClientIP(c *fiber.Ctx) error {
+	return c.SendString(c.IP())
+}

pkg/internal/web/api/directory.go

@@ -0,0 +1,19 @@
+package api
+
+import (
+	"git.solsynth.dev/hypernet/nexus/pkg/internal/directory"
+	"github.com/gofiber/fiber/v2"
+	"github.com/samber/lo"
+)
+
+func listExistsService(c *fiber.Ctx) error {
+	services := directory.ListServiceInstance()
+
+	return c.JSON(lo.Map(services, func(item *directory.ServiceInstance, index int) map[string]any {
+		return map[string]any{
+			"id":    item.ID,
+			"type":  item.Type,
+			"label": item.Label,
+		}
+	}))
+}

pkg/internal/web/api/forward.go

@@ -0,0 +1,43 @@
+package api
+
+import (
+	"fmt"
+	"git.solsynth.dev/hypernet/nexus/pkg/internal/directory"
+	"github.com/gofiber/fiber/v2"
+	"github.com/gofiber/fiber/v2/middleware/proxy"
+	"github.com/spf13/viper"
+	"github.com/valyala/fasthttp"
+	"strings"
+)
+
+func forwardService(c *fiber.Ctx) error {
+	serviceType := c.Params("service")
+	ogKeyword := serviceType
+
+	aliasingMap := viper.GetStringMapString("services.aliases")
+	if val, ok := aliasingMap[serviceType]; ok {
+		serviceType = val
+	}
+
+	service := directory.GetServiceInstanceByType(serviceType)
+
+	if service == nil || service.HttpAddr == nil {
+		return fiber.NewError(fiber.StatusNotFound, "service not found")
+	}
+
+	url := c.OriginalURL()
+	url = strings.Replace(url, "/cgi/"+ogKeyword, "", 1)
+	url = *service.HttpAddr + url
+
+	if tk, ok := c.Locals("nex_token").(string); ok {
+		c.Request().Header.Set(fiber.HeaderAuthorization, fmt.Sprintf("Bearer %s", tk))
+	} else {
+		c.Request().Header.Del(fiber.HeaderAuthorization)
+	}
+
+	return proxy.Do(c, url, &fasthttp.Client{
+		NoDefaultUserAgentHeader: true,
+		DisablePathNormalizing:   true,
+		StreamResponseBody:       true,
+	})
+}

pkg/internal/web/api/index.go

@@ -0,0 +1,55 @@
+package api
+
+import (
+	pkg "git.solsynth.dev/hypernet/nexus/pkg/internal"
+	"git.solsynth.dev/hypernet/nexus/pkg/internal/auth"
+	"git.solsynth.dev/hypernet/nexus/pkg/internal/directory"
+	"git.solsynth.dev/hypernet/nexus/pkg/internal/web/ws"
+	"git.solsynth.dev/hypernet/nexus/pkg/nex"
+	"github.com/gofiber/contrib/websocket"
+	"github.com/gofiber/fiber/v2"
+	"github.com/gofiber/fiber/v2/middleware/proxy"
+)
+
+func MapAPIs(app *fiber.App) {
+	app.Get("/check-ip", getClientIP)
+
+	// Some built-in public-accessible APIs
+	wellKnown := app.Group("/.well-known").Name("Well Known")
+	{
+		wellKnown.Get("/", func(c *fiber.Ctx) error {
+			return c.JSON(fiber.Map{
+				"api_level": pkg.ApiLevel,
+				"version":   pkg.AppVersion,
+				"status":    true,
+			})
+		})
+		wellKnown.Get("/directory/services", listExistsService)
+
+		wellKnown.Get("/openid-configuration", func(c *fiber.Ctx) error {
+			service := directory.GetServiceInstanceByType(nex.ServiceTypeAuth)
+			if service == nil || service.HttpAddr == nil {
+				return fiber.ErrNotFound
+			}
+			return proxy.Do(c, *service.HttpAddr+"/.well-known/openid-configuration")
+		})
+		wellKnown.Get("/jwks", func(c *fiber.Ctx) error {
+			service := directory.GetServiceInstanceByType(nex.ServiceTypeAuth)
+			if service == nil || service.HttpAddr == nil {
+				return fiber.ErrNotFound
+			}
+			return proxy.Do(c, *service.HttpAddr+"/.well-known/jwks")
+		})
+	}
+
+	// WatchTower administration APIs
+	wt := app.Group("/wt").Name("WatchTower").Use(auth.ValidatorMiddleware)
+	{
+		wt.Post("/maintenance/database", wtRunDbMaintenance)
+	}
+
+	// Common websocket gateway
+	app.Get("/ws", auth.ValidatorMiddleware, websocket.New(ws.Listen))
+
+	app.All("/cgi/:service/*", forwardService)
+}

pkg/internal/web/api/watchtower.go

@@ -0,0 +1,15 @@
+package api
+
+import (
+	"git.solsynth.dev/hypernet/nexus/pkg/internal/watchtower"
+	"git.solsynth.dev/hypernet/nexus/pkg/nex/sec"
+	"github.com/gofiber/fiber/v2"
+)
+
+func wtRunDbMaintenance(c *fiber.Ctx) error {
+	if err := sec.EnsureGrantedPerm(c, "AdminOperateWatchTower", true); err != nil {
+		return err
+	}
+	go watchtower.RunDbMaintenance()
+	return c.SendStatus(fiber.StatusOK)
+}

pkg/internal/web/exts/request.go

@@ -0,0 +1,18 @@
+package exts
+
+import (
+	"github.com/go-playground/validator/v10"
+	"github.com/gofiber/fiber/v2"
+)
+
+var validation = validator.New(validator.WithRequiredStructEnabled())
+
+func BindAndValidate(c *fiber.Ctx, out any) error {
+	if err := c.BodyParser(out); err != nil {
+		return fiber.NewError(fiber.StatusBadRequest, err.Error())
+	} else if err := validation.Struct(out); err != nil {
+		return fiber.NewError(fiber.StatusBadRequest, err.Error())
+	}
+
+	return nil
+}

pkg/internal/web/server.go

@@ -0,0 +1,65 @@
+package web
+
+import (
+	"time"
+
+	"git.solsynth.dev/hypernet/nexus/pkg/internal/auth"
+	"git.solsynth.dev/hypernet/nexus/pkg/internal/web/api"
+	"github.com/goccy/go-json"
+	"github.com/gofiber/fiber/v2"
+	"github.com/gofiber/fiber/v2/middleware/cors"
+	"github.com/gofiber/fiber/v2/middleware/idempotency"
+	"github.com/gofiber/fiber/v2/middleware/limiter"
+	"github.com/gofiber/fiber/v2/middleware/logger"
+	"github.com/rs/zerolog/log"
+	"github.com/spf13/viper"
+)
+
+type WebApp struct {
+	app *fiber.App
+}
+
+func NewServer() *WebApp {
+	app := fiber.New(fiber.Config{
+		DisableStartupMessage: true,
+		EnableIPValidation:    true,
+		ServerHeader:          "Hypernet.Nexus",
+		AppName:               "Hypernet.Nexus",
+		ProxyHeader:           fiber.HeaderXForwardedFor,
+		JSONEncoder:           json.Marshal,
+		JSONDecoder:           json.Unmarshal,
+		BodyLimit:             512 * 1024 * 1024 * 1024, // 512 TiB
+		EnablePrintRoutes:     viper.GetBool("debug.print_routes"),
+	})
+
+	app.Use(idempotency.New())
+	app.Use(cors.New(cors.Config{
+		AllowCredentials: true,
+		AllowMethods:     "GET,POST,HEAD,PUT,DELETE,PATCH",
+		AllowOriginsFunc: func(origin string) bool {
+			return true
+		},
+	}))
+
+	app.Use(logger.New(logger.Config{
+		Format: "${status} | ${latency} | ${method} ${path}\n",
+		Output: log.Logger,
+	}))
+
+	app.Use(auth.ContextMiddleware)
+	app.Use(limiter.New(limiter.Config{
+		Max:               viper.GetInt("rate_limit"),
+		Expiration:        60 * time.Second,
+		LimiterMiddleware: limiter.SlidingWindow{},
+	}))
+
+	api.MapAPIs(app)
+
+	return &WebApp{app}
+}
+
+func (v *WebApp) Listen() {
+	if err := v.app.Listen(viper.GetString("bind")); err != nil {
+		log.Fatal().Err(err).Msg("An error occurred when starting server...")
+	}
+}

pkg/internal/web/ws/connections.go

@@ -0,0 +1,118 @@
+package ws
+
+import (
+	"math/rand"
+	"sync"
+
+	"git.solsynth.dev/hypernet/nexus/pkg/internal/directory"
+	"git.solsynth.dev/hypernet/nexus/pkg/nex/sec"
+	"github.com/rs/zerolog/log"
+
+	"github.com/gofiber/contrib/websocket"
+)
+
+var (
+	wsMutex sync.Mutex
+	wsConn  = make(map[uint]map[uint64]*websocket.Conn)
+)
+
+func ClientRegister(user sec.UserInfo, conn *websocket.Conn) uint64 {
+	wsMutex.Lock()
+	if wsConn[user.ID] == nil {
+		wsConn[user.ID] = make(map[uint64]*websocket.Conn)
+	}
+	clientId := rand.Uint64()
+	wsConn[user.ID][clientId] = conn
+	wsMutex.Unlock()
+
+	log.Debug().
+		Uint64("client_id", clientId).
+		Uint("user_id", user.ID).
+		Msg("An client connected to stream endpoint...")
+
+	_ = directory.BroadcastEvent("ws.client.register", map[string]any{
+		"user": user.ID,
+		"id":   clientId,
+	})
+
+	return clientId
+}
+
+func ClientUnregister(user sec.UserInfo, id uint64) {
+	wsMutex.Lock()
+	if wsConn[user.ID] == nil {
+		wsConn[user.ID] = make(map[uint64]*websocket.Conn)
+	}
+	delete(wsConn[user.ID], id)
+	wsMutex.Unlock()
+
+	log.Debug().
+		Uint64("client_id", id).
+		Uint("user_id", user.ID).
+		Msg("An client disconnected from stream endpoint...")
+
+	_ = directory.BroadcastEvent("ws.client.unregister", map[string]any{
+		"user": user.ID,
+		"id":   id,
+	})
+}
+
+func ClientCount(uid uint) int {
+	return len(wsConn[uid])
+}
+
+func WebsocketPush(uid uint, body []byte) (count int, successes []uint64, errs []error) {
+	for _, conn := range wsConn[uid] {
+		if err := conn.WriteMessage(1, body); err != nil {
+			errs = append(errs, err)
+		} else {
+			successes = append(successes, uint64(uid))
+		}
+		count++
+	}
+	return
+}
+
+func WebsocketPushDirect(clientId uint64, body []byte) (count int, successes []uint64, errs []error) {
+	for _, m := range wsConn {
+		if conn, ok := m[clientId]; ok {
+			if err := conn.WriteMessage(1, body); err != nil {
+				errs = append(errs, err)
+			} else {
+				successes = append(successes, clientId)
+			}
+			count++
+		}
+	}
+	return
+}
+
+func WebsocketPushBatch(uidList []uint, body []byte) (count int, successes []uint64, errs []error) {
+	for _, uid := range uidList {
+		for _, conn := range wsConn[uid] {
+			if err := conn.WriteMessage(1, body); err != nil {
+				errs = append(errs, err)
+			} else {
+				successes = append(successes, uint64(uid))
+			}
+			count++
+		}
+	}
+	return
+}
+
+func WebsocketPushBatchDirect(clientIdList []uint64, body []byte) (count int, successes []uint64, errs []error) {
+	for _, clientId := range clientIdList {
+		for _, m := range wsConn {
+			if conn, ok := m[clientId]; ok {
+				if err := conn.WriteMessage(1, body); err != nil {
+					errs = append(errs, err)
+				} else {
+					successes = append(successes, clientId)
+				}
+				count++
+			}
+		}
+	}
+	return
+}

pkg/internal/web/ws/ws.go

@@ -0,0 +1,84 @@
+package ws
+
+import (
+	"context"
+	"fmt"
+
+	"git.solsynth.dev/hypernet/nexus/pkg/internal/directory"
+	"git.solsynth.dev/hypernet/nexus/pkg/nex"
+	"git.solsynth.dev/hypernet/nexus/pkg/nex/sec"
+	"git.solsynth.dev/hypernet/nexus/pkg/proto"
+	"github.com/gofiber/contrib/websocket"
+	jsoniter "github.com/json-iterator/go"
+	"github.com/samber/lo"
+	"github.com/spf13/viper"
+)
+
+func Listen(c *websocket.Conn) {
+	user, ok := c.Locals("nex_user").(*sec.UserInfo)
+	if !ok {
+		c.Close()
+		return
+	}
+
+	// Push connection
+	clientId := ClientRegister(*user, c)
+
+	// Event loop
+	var mt int
+	var data []byte
+	var err error
+
+	var packet nex.WebSocketPackage
+
+	for {
+		if mt, data, err = c.ReadMessage(); err != nil {
+			break
+		} else if err := jsoniter.Unmarshal(data, &packet); err != nil {
+			_ = c.WriteMessage(mt, nex.WebSocketPackage{
+				Action:  "error",
+				Message: "unable to unmarshal your command, requires json request",
+			}.Marshal())
+			continue
+		}
+
+		aliasingMap := viper.GetStringMapString("services.aliases")
+		if val, ok := aliasingMap[packet.Endpoint]; ok {
+			packet.Endpoint = val
+		}
+
+		service := directory.GetServiceInstanceByType(packet.Endpoint)
+		if service == nil {
+			_ = c.WriteMessage(mt, nex.WebSocketPackage{
+				Action:  "error",
+				Message: "service not found",
+			}.Marshal())
+			continue
+		}
+		pc, err := service.GetGrpcConn()
+		if err != nil {
+			_ = c.WriteMessage(mt, nex.WebSocketPackage{
+				Action:  "error",
+				Message: fmt.Sprintf("unable to connect to service: %v", err.Error()),
+			}.Marshal())
+			continue
+		}
+
+		sc := proto.NewStreamServiceClient(pc)
+		_, err = sc.PushStream(context.Background(), &proto.PushStreamRequest{
+			UserId:   lo.ToPtr(uint64(user.ID)),
+			ClientId: lo.ToPtr(clientId),
+			Body:     packet.Marshal(),
+		})
+		if err != nil {
+			_ = c.WriteMessage(mt, nex.WebSocketPackage{
+				Action:  "error",
+				Message: fmt.Sprintf("unable send message to service: %v", err.Error()),
+			}.Marshal())
+			continue
+		}
+	}
+
+	// Pop connection
+	ClientUnregister(*user, clientId)
+}