aerogramme/aero-proto/src/dav.rs

use std::net::SocketAddr;

use anyhow::{anyhow, Result};
use base64::Engine;
use hyper::service::service_fn;
use hyper::{Request, Response, body::Bytes};
use hyper::server::conn::http1 as http;
use hyper_util::rt::TokioIo;
use http_body_util::Full;
use futures::stream::{FuturesUnordered, StreamExt};
use tokio::net::TcpListener;
use tokio::sync::watch;

use aero_user::config::DavUnsecureConfig;
use aero_user::login::ArcLoginProvider;
use aero_collections::user::User;

pub struct Server {
    bind_addr: SocketAddr,
    login_provider: ArcLoginProvider,
}

pub fn new_unsecure(config: DavUnsecureConfig, login: ArcLoginProvider) -> Server {
    Server {
        bind_addr: config.bind_addr,
        login_provider: login,
    }
}

impl Server {
    pub async fn run(self: Self, mut must_exit: watch::Receiver<bool>) -> Result<()> {
        let tcp = TcpListener::bind(self.bind_addr).await?;
        tracing::info!("DAV server listening on {:#}", self.bind_addr);

        let mut connections = FuturesUnordered::new();
        while !*must_exit.borrow() {
            let wait_conn_finished = async {
                if connections.is_empty() {
                    futures::future::pending().await
                } else {
                    connections.next().await
                }
            };
            let (socket, remote_addr) = tokio::select! {
                a = tcp.accept() => a?,
                _ = wait_conn_finished => continue,
                _ = must_exit.changed() => continue,
            };
            tracing::info!("Accepted connection from {}", remote_addr);
            let stream = TokioIo::new(socket);
            let login = self.login_provider.clone();
            let conn = tokio::spawn(async move {
                //@FIXME should create a generic "public web" server on which "routers" could be
                //abitrarily bound
                //@FIXME replace with a handler supporting http2 and TLS
                match http::Builder::new().serve_connection(stream, service_fn(|req: Request<hyper::body::Incoming>| {
                    let login = login.clone();
                    async move {
                        auth(login, req).await
                    }
                })).await {
                    Err(e) => tracing::warn!(err=?e, "connection failed"),
                    Ok(()) => tracing::trace!("connection terminated with success"),
                }
            });
            connections.push(conn);
        }
        drop(tcp);

        tracing::info!("Server shutting down, draining remaining connections...");
        while connections.next().await.is_some() {}

        Ok(())
    }
}

//@FIXME We should not support only BasicAuth
async fn auth(
    login: ArcLoginProvider,
    req: Request<impl hyper::body::Body>, 
) -> Result<Response<Full<Bytes>>> {

    let auth_val = match req.headers().get("Authorization") {
        Some(hv) => hv.to_str()?,
        None => return Ok(Response::builder()
            .status(401)
            .body(Full::new(Bytes::from("Missing Authorization field")))?),
    };

    let b64_creds_maybe_padded = match auth_val.split_once(" ") {
        Some(("Basic", b64)) => b64,
        _ => return Ok(Response::builder()
            .status(400)
            .body(Full::new(Bytes::from("Unsupported Authorization field")))?),
    };

    // base64urlencoded may have trailing equals, base64urlsafe has not
    // theoretically authorization is padded but "be liberal in what you accept"
    let b64_creds_clean = b64_creds_maybe_padded.trim_end_matches('=');

    // Decode base64
    let creds = base64::engine::general_purpose::STANDARD_NO_PAD.decode(b64_creds_clean)?;
    let str_creds = std::str::from_utf8(&creds)?;
    
    // Split username and password
    let (username, password) = str_creds
        .split_once(':')
        .ok_or(anyhow!("Missing colon in Authorization, can't split decoded value into a username/password pair"))?;

    // Call login provider
    let creds = match login.login(username, password).await {
        Ok(c) => c,
        Err(_) => return Ok(Response::builder()
            .status(401)
            .body(Full::new(Bytes::from("Wrong credentials")))?),
    };

    // Build a user
    let user = User::new(username.into(), creds).await?;

    // Call router with user
    router(user, req).await 
}

async fn router(user: std::sync::Arc<User>, req: Request<impl hyper::body::Body>) -> Result<Response<Full<Bytes>>> {
    let path_segments: Vec<_> = req.uri().path().split("/").filter(|s| *s != "").collect();
    match path_segments.as_slice() {
        [] => tracing::info!("root"),
        [ username, ..] if *username != user.username => return Ok(Response::builder()
            .status(403)
            .body(Full::new(Bytes::from("Accessing other user ressources is not allowed")))?),
        [ _ ] => tracing::info!("user home"),
        [ _, "calendar" ] => tracing::info!("user calendars"),
        [ _, "calendar", colname ] => tracing::info!(name=colname, "selected calendar"),
        [ _, "calendar", colname, member ] => tracing::info!(name=colname, obj=member, "selected event"),
        _ => return Ok(Response::builder()
            .status(404)
            .body(Full::new(Bytes::from("Resource not found")))?),
    }
    Ok(Response::new(Full::new(Bytes::from("Hello World!"))))
}

#[allow(dead_code)]
async fn collections(_user: std::sync::Arc<User>, _req: Request<impl hyper::body::Body>) -> Result<Response<Full<Bytes>>> {
    unimplemented!();
}
Add basic DAV server 2024-02-26 22:59:29 +00:00			`use std::net::SocketAddr;`

WIP login 2024-02-27 00:05:51 +00:00			`use anyhow::{anyhow, Result};`
			`use base64::Engine;`
Add basic DAV server 2024-02-26 22:59:29 +00:00			`use hyper::service::service_fn;`
			`use hyper::{Request, Response, body::Bytes};`
			`use hyper::server::conn::http1 as http;`
			`use hyper_util::rt::TokioIo;`
			`use http_body_util::Full;`
			`use futures::stream::{FuturesUnordered, StreamExt};`
			`use tokio::net::TcpListener;`
			`use tokio::sync::watch;`

Re-enable proto 2024-03-08 08:55:33 +00:00			`use aero_user::config::DavUnsecureConfig;`
			`use aero_user::login::ArcLoginProvider;`
			`use aero_collections::user::User;`
Add basic DAV server 2024-02-26 22:59:29 +00:00
			`pub struct Server {`
			`bind_addr: SocketAddr,`
			`login_provider: ArcLoginProvider,`
			`}`

			`pub fn new_unsecure(config: DavUnsecureConfig, login: ArcLoginProvider) -> Server {`
			`Server {`
			`bind_addr: config.bind_addr,`
			`login_provider: login,`
			`}`
			`}`

			`impl Server {`
			`pub async fn run(self: Self, mut must_exit: watch::Receiver<bool>) -> Result<()> {`
			`let tcp = TcpListener::bind(self.bind_addr).await?;`
			`tracing::info!("DAV server listening on {:#}", self.bind_addr);`

			`let mut connections = FuturesUnordered::new();`
			`while !*must_exit.borrow() {`
			`let wait_conn_finished = async {`
			`if connections.is_empty() {`
			`futures::future::pending().await`
			`} else {`
			`connections.next().await`
			`}`
			`};`
			`let (socket, remote_addr) = tokio::select! {`
			`a = tcp.accept() => a?,`
			`_ = wait_conn_finished => continue,`
			`_ = must_exit.changed() => continue,`
			`};`
Working on DAV router 2024-02-27 18:30:51 +00:00			`tracing::info!("Accepted connection from {}", remote_addr);`
Add basic DAV server 2024-02-26 22:59:29 +00:00			`let stream = TokioIo::new(socket);`
WIP login 2024-02-27 00:05:51 +00:00			`let login = self.login_provider.clone();`
			`let conn = tokio::spawn(async move {`
Add basic DAV server 2024-02-26 22:59:29 +00:00			`//@FIXME should create a generic "public web" server on which "routers" could be`
			`//abitrarily bound`
			`//@FIXME replace with a handler supporting http2 and TLS`
WIP login 2024-02-27 00:05:51 +00:00			`match http::Builder::new().serve_connection(stream, service_fn(\|req: Request<hyper::body::Incoming>\| {`
			`let login = login.clone();`
			`async move {`
			`auth(login, req).await`
			`}`
			`})).await {`
Add basic DAV server 2024-02-26 22:59:29 +00:00			`Err(e) => tracing::warn!(err=?e, "connection failed"),`
			`Ok(()) => tracing::trace!("connection terminated with success"),`
			`}`
			`});`
			`connections.push(conn);`
			`}`
			`drop(tcp);`

Working on DAV router 2024-02-27 18:30:51 +00:00			`tracing::info!("Server shutting down, draining remaining connections...");`
Add basic DAV server 2024-02-26 22:59:29 +00:00			`while connections.next().await.is_some() {}`

			`Ok(())`
			`}`
			`}`

Working on DAV router 2024-02-27 18:30:51 +00:00			`//@FIXME We should not support only BasicAuth`
WIP login 2024-02-27 00:05:51 +00:00			`async fn auth(`
			`login: ArcLoginProvider,`
			`req: Request<impl hyper::body::Body>,`
			`) -> Result<Response<Full<Bytes>>> {`

			`let auth_val = match req.headers().get("Authorization") {`
			`Some(hv) => hv.to_str()?,`
			`None => return Ok(Response::builder()`
			`.status(401)`
			`.body(Full::new(Bytes::from("Missing Authorization field")))?),`
			`};`

			`let b64_creds_maybe_padded = match auth_val.split_once(" ") {`
			`Some(("Basic", b64)) => b64,`
			`_ => return Ok(Response::builder()`
			`.status(400)`
			`.body(Full::new(Bytes::from("Unsupported Authorization field")))?),`
			`};`

			`// base64urlencoded may have trailing equals, base64urlsafe has not`
			`// theoretically authorization is padded but "be liberal in what you accept"`
			`let b64_creds_clean = b64_creds_maybe_padded.trim_end_matches('=');`

			`// Decode base64`
			`let creds = base64::engine::general_purpose::STANDARD_NO_PAD.decode(b64_creds_clean)?;`
			`let str_creds = std::str::from_utf8(&creds)?;`

			`// Split username and password`
			`let (username, password) = str_creds`
			`.split_once(':')`
			`.ok_or(anyhow!("Missing colon in Authorization, can't split decoded value into a username/password pair"))?;`

			`// Call login provider`
Refactor 2024-02-27 17:33:49 +00:00			`let creds = match login.login(username, password).await {`
			`Ok(c) => c,`
Re-enable proto 2024-03-08 08:55:33 +00:00			`Err(_) => return Ok(Response::builder()`
Refactor 2024-02-27 17:33:49 +00:00			`.status(401)`
			`.body(Full::new(Bytes::from("Wrong credentials")))?),`
			`};`

Working on DAV router 2024-02-27 18:30:51 +00:00			`// Build a user`
			`let user = User::new(username.into(), creds).await?;`

WIP login 2024-02-27 00:05:51 +00:00			`// Call router with user`
Working on DAV router 2024-02-27 18:30:51 +00:00			`router(user, req).await`
WIP login 2024-02-27 00:05:51 +00:00			`}`

Working on DAV router 2024-02-27 18:30:51 +00:00			`async fn router(user: std::sync::Arc<User>, req: Request<impl hyper::body::Body>) -> Result<Response<Full<Bytes>>> {`
basic router, define URI pattern 2024-02-26 23:12:01 +00:00			`let path_segments: Vec<_> = req.uri().path().split("/").filter(\|s\| *s != "").collect();`
			`match path_segments.as_slice() {`
			`[] => tracing::info!("root"),`
Working on DAV router 2024-02-27 18:30:51 +00:00			`[ username, ..] if *username != user.username => return Ok(Response::builder()`
			`.status(403)`
			`.body(Full::new(Bytes::from("Accessing other user ressources is not allowed")))?),`
WIP DAV types & encoder 2024-02-28 09:20:28 +00:00			`[ _ ] => tracing::info!("user home"),`
			`[ _, "calendar" ] => tracing::info!("user calendars"),`
			`[ _, "calendar", colname ] => tracing::info!(name=colname, "selected calendar"),`
			`[ _, "calendar", colname, member ] => tracing::info!(name=colname, obj=member, "selected event"),`
Working on DAV router 2024-02-27 18:30:51 +00:00			`_ => return Ok(Response::builder()`
			`.status(404)`
			`.body(Full::new(Bytes::from("Resource not found")))?),`
Add basic DAV server 2024-02-26 22:59:29 +00:00			`}`
			`Ok(Response::new(Full::new(Bytes::from("Hello World!"))))`
			`}`
WIP DAV types & encoder 2024-02-28 09:20:28 +00:00
Re-enable proto 2024-03-08 08:55:33 +00:00			`#[allow(dead_code)]`
			`async fn collections(_user: std::sync::Arc<User>, _req: Request<impl hyper::body::Body>) -> Result<Response<Full<Bytes>>> {`
WIP DAV types & encoder 2024-02-28 09:20:28 +00:00			`unimplemented!();`
			`}`