pkg/api/api.go at eli/remove-auth-webhook-url · stream.place/streamplace

stream.place / streamplace
Live video on the AT Protocol
streamplace / pkg / api / api.go
at eli/remove-auth-webhook-url 834 lines 27 kB view raw
  1package api
  2
  3import (
  4	"context"
  5	"encoding/json"
  6	"errors"
  7	"fmt"
  8	"io"
  9	"log/slog"
 10	"net"
 11	"net/http"
 12	"net/http/httputil"
 13	"net/url"
 14	"os"
 15	"strings"
 16	"sync"
 17	"time"
 18
 19	"github.com/NYTimes/gziphandler"
 20	"github.com/bluesky-social/indigo/api/bsky"
 21	"github.com/google/uuid"
 22	"github.com/julienschmidt/httprouter"
 23	"github.com/rs/cors"
 24	sloghttp "github.com/samber/slog-http"
 25	"golang.org/x/time/rate"
 26
 27	"github.com/streamplace/oatproxy/pkg/oatproxy"
 28	"stream.place/streamplace/js/app"
 29	"stream.place/streamplace/pkg/atproto"
 30	"stream.place/streamplace/pkg/bus"
 31	"stream.place/streamplace/pkg/config"
 32	"stream.place/streamplace/pkg/crypto/signers/eip712"
 33	"stream.place/streamplace/pkg/director"
 34	apierrors "stream.place/streamplace/pkg/errors"
 35	"stream.place/streamplace/pkg/linking"
 36	"stream.place/streamplace/pkg/log"
 37	"stream.place/streamplace/pkg/media"
 38	"stream.place/streamplace/pkg/mist/mistconfig"
 39	"stream.place/streamplace/pkg/model"
 40	"stream.place/streamplace/pkg/notifications"
 41	"stream.place/streamplace/pkg/spmetrics"
 42	"stream.place/streamplace/pkg/spxrpc"
 43	"stream.place/streamplace/pkg/streamplace"
 44
 45	metrics "github.com/slok/go-http-metrics/metrics/prometheus"
 46	"github.com/slok/go-http-metrics/middleware"
 47	echomiddleware "github.com/slok/go-http-metrics/middleware/echo"
 48	httproutermiddleware "github.com/slok/go-http-metrics/middleware/httprouter"
 49	middlewarestd "github.com/slok/go-http-metrics/middleware/std"
 50)
 51
 52type StreamplaceAPI struct {
 53	CLI              *config.CLI
 54	Model            model.Model
 55	Updater          *Updater
 56	Signer           *eip712.EIP712Signer
 57	Mimes            map[string]string
 58	FirebaseNotifier notifications.FirebaseNotifier
 59	MediaManager     *media.MediaManager
 60	MediaSigner      media.MediaSigner
 61	// not thread-safe yet
 62	Aliases  map[string]string
 63	Bus      *bus.Bus
 64	ATSync   *atproto.ATProtoSynchronizer
 65	Director *director.Director
 66
 67	connTracker *WebsocketTracker
 68
 69	limiters      map[string]*rate.Limiter
 70	limitersMu    sync.Mutex
 71	SignerCache   map[string]media.MediaSigner
 72	SignerCacheMu sync.Mutex
 73	op            *oatproxy.OATProxy
 74}
 75
 76type WebsocketTracker struct {
 77	connections   map[string]int
 78	maxConnsPerIP int
 79	mu            sync.RWMutex
 80}
 81
 82func MakeStreamplaceAPI(cli *config.CLI, mod model.Model, signer *eip712.EIP712Signer, noter notifications.FirebaseNotifier, mm *media.MediaManager, ms media.MediaSigner, bus *bus.Bus, atsync *atproto.ATProtoSynchronizer, d *director.Director, op *oatproxy.OATProxy) (*StreamplaceAPI, error) {
 83	updater, err := PrepareUpdater(cli)
 84	if err != nil {
 85		return nil, err
 86	}
 87	a := &StreamplaceAPI{CLI: cli,
 88		Model:            mod,
 89		Updater:          updater,
 90		Signer:           signer,
 91		FirebaseNotifier: noter,
 92		MediaManager:     mm,
 93		MediaSigner:      ms,
 94		Aliases:          map[string]string{},
 95		Bus:              bus,
 96		ATSync:           atsync,
 97		Director:         d,
 98		connTracker:      NewWebsocketTracker(cli.RateLimitWebsocket),
 99		limiters:         make(map[string]*rate.Limiter),
100		SignerCache:      make(map[string]media.MediaSigner),
101		op:               op,
102	}
103	a.Mimes, err = updater.GetMimes()
104	if err != nil {
105		return nil, err
106	}
107	return a, nil
108}
109
110type AppHostingFS struct {
111	http.FileSystem
112}
113
114var ErrorIndex = errors.New("not found, use index.html")
115
116func (fs AppHostingFS) Open(name string) (http.File, error) {
117	file, err1 := fs.FileSystem.Open(name)
118	if err1 == nil {
119		return file, nil
120	}
121	if !errors.Is(err1, os.ErrNotExist) {
122		return nil, err1
123	}
124
125	return nil, ErrorIndex
126}
127
128// api/playback/iame.li/webrtc?rendition=source
129// api/playback/iame.li/stream.mp4?rendition=source
130// api/playback/iame.li/stream.webm?rendition=source
131// api/playback/iame.li/hls/index.m3u8
132// api/playback/iame.li/hls/source/stream.m3u8
133// api/playback/iame.li/hls/source/000000000000.ts
134
135func (a *StreamplaceAPI) Handler(ctx context.Context) (http.Handler, error) {
136
137	mdlw := middleware.New(middleware.Config{
138		Recorder: metrics.NewRecorder(metrics.Config{}),
139	})
140	var xrpc http.Handler
141	xrpc, err := spxrpc.NewServer(ctx, a.CLI, a.Model, a.op, mdlw)
142	if err != nil {
143		return nil, err
144	}
145	router := httprouter.New()
146
147	// Create our middleware factory with the default settings.
148
149	a.op.Echo.Use(echomiddleware.Handler("", mdlw))
150
151	// r.GET("/test/:id", httproutermiddleware.Handler("/test/:id", h1, mdlw))
152
153	addHandle := func(router *httprouter.Router, method, path string, handler httprouter.Handle) {
154		router.Handle(method, path, httproutermiddleware.Handler(path, handler, mdlw))
155	}
156	addFunc := func(router *httprouter.Router, method, path string, handler http.HandlerFunc) {
157		router.Handler(method, path, middlewarestd.Handler(path, mdlw, handler))
158	}
159
160	router.Handler("GET", "/oauth/*anything", a.op.Handler())
161	router.Handler("POST", "/oauth/*anything", a.op.Handler())
162	router.Handler("GET", "/.well-known/oauth-authorization-server", a.op.Handler())
163	router.Handler("GET", "/.well-known/oauth-protected-resource", a.op.Handler())
164	apiRouter := httprouter.New()
165	addFunc(apiRouter, "POST", "/api/notification", a.HandleNotification(ctx))
166	// old clients
167	addFunc(router, "GET", "/app-updates", a.HandleAppUpdates(ctx))
168	// new ones
169	addFunc(apiRouter, "GET", "/api/manifest", a.HandleAppUpdates(ctx))
170	addHandle(apiRouter, "GET", "/api/desktop-updates/:platform/:architecture/:version/:buildTime/:file", a.HandleDesktopUpdates(ctx))
171	addHandle(apiRouter, "POST", "/api/webrtc/:stream", a.MistProxyHandler(ctx, "/webrtc/%s"))
172	addHandle(apiRouter, "OPTIONS", "/api/webrtc/:stream", a.MistProxyHandler(ctx, "/webrtc/%s"))
173	addHandle(apiRouter, "DELETE", "/api/webrtc/:stream", a.MistProxyHandler(ctx, "/webrtc/%s"))
174	addFunc(apiRouter, "POST", "/api/segment", a.HandleSegment(ctx))
175	addFunc(apiRouter, "GET", "/api/healthz", a.HandleHealthz(ctx))
176	addHandle(apiRouter, "GET", "/api/playback/:user/hls/*file", a.HandleHLSPlayback(ctx))
177	addHandle(apiRouter, "GET", "/api/playback/:user/stream.mp4", a.HandleMP4Playback(ctx))
178	addHandle(apiRouter, "GET", "/api/playback/:user/stream.webm", a.HandleMKVPlayback(ctx))
179	// they're jpegs now
180	addHandle(apiRouter, "GET", "/api/playback/:user/stream.jpg", a.HandleThumbnailPlayback(ctx))
181	// this one is actually a jpeg (used previously and shouldn't remove for historical reasons)
182	addHandle(apiRouter, "GET", "/api/playback/:user/stream.png", a.HandleThumbnailPlayback(ctx))
183	addHandle(apiRouter, "GET", "/api/app-return/*anything", a.HandleAppReturn(ctx))
184	addHandle(apiRouter, "POST", "/api/playback/:user/webrtc", a.HandleWebRTCPlayback(ctx))
185	addHandle(apiRouter, "POST", "/api/ingest/webrtc", a.HandleWebRTCIngest(ctx))
186	addHandle(apiRouter, "POST", "/api/ingest/webrtc/:key", a.HandleWebRTCIngest(ctx))
187	addHandle(apiRouter, "POST", "/api/player-event", a.HandlePlayerEvent(ctx))
188	addHandle(apiRouter, "GET", "/api/chat/:repoDID", a.HandleChat(ctx))
189	addHandle(apiRouter, "GET", "/api/websocket/:repoDID", a.HandleWebsocket(ctx))
190	addHandle(apiRouter, "GET", "/api/livestream/:repoDID", a.HandleLivestream(ctx))
191	addHandle(apiRouter, "GET", "/api/segment/recent", a.HandleRecentSegments(ctx))
192	addHandle(apiRouter, "GET", "/api/segment/recent/:repoDID", a.HandleUserRecentSegments(ctx))
193	addHandle(apiRouter, "GET", "/api/bluesky/resolve/:handle", a.HandleBlueskyResolve(ctx))
194	addHandle(apiRouter, "GET", "/api/view-count/:user", a.HandleViewCount(ctx))
195	apiRouter.NotFound = a.HandleAPI404(ctx)
196	apiRouterHandler := a.RateLimitMiddleware(ctx)(apiRouter)
197	xrpcHandler := a.RateLimitMiddleware(ctx)(xrpc)
198	router.Handler("GET", "/api/*resource", apiRouterHandler)
199	router.Handler("POST", "/api/*resource", apiRouterHandler)
200	router.Handler("PUT", "/api/*resource", apiRouterHandler)
201	router.Handler("PATCH", "/api/*resource", apiRouterHandler)
202	router.Handler("DELETE", "/api/*resource", apiRouterHandler)
203	router.Handler("GET", "/xrpc/*resource", xrpcHandler)
204	router.Handler("POST", "/xrpc/*resource", xrpcHandler)
205	router.Handler("PUT", "/xrpc/*resource", xrpcHandler)
206	router.Handler("PATCH", "/xrpc/*resource", xrpcHandler)
207	router.Handler("DELETE", "/xrpc/*resource", xrpcHandler)
208	router.GET("/.well-known/did.json", a.HandleDidJSON(ctx))
209	router.GET("/dl/*params", a.HandleAppDownload(ctx))
210	router.POST("/", a.HandleWebRTCIngest(ctx))
211	for _, redirect := range a.CLI.Redirects {
212		parts := strings.Split(redirect, ":")
213		if len(parts) != 2 {
214			log.Error(ctx, "invalid redirect", "redirect", redirect)
215			return nil, fmt.Errorf("invalid redirect: %s", redirect)
216		}
217		router.Handle("GET", parts[0], func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
218			http.Redirect(w, r, parts[1], http.StatusTemporaryRedirect)
219		})
220	}
221	if a.CLI.FrontendProxy != "" {
222		u, err := url.Parse(a.CLI.FrontendProxy)
223		if err != nil {
224			return nil, err
225		}
226		log.Warn(ctx, "using frontend proxy instead of bundled frontend", "destination", a.CLI.FrontendProxy)
227		router.NotFound = &httputil.ReverseProxy{
228			Rewrite: func(r *httputil.ProxyRequest) {
229				// workaround for Expo disliking serving requests from 127.0.0.1 instead of localhost
230				// we need to use 127.0.0.1 because the atproto oauth client requires it
231				r.Out.Header.Set("Origin", u.String())
232				r.SetURL(u)
233			},
234		}
235	} else {
236		files, err := app.Files()
237		if err != nil {
238			return nil, err
239		}
240		index, err := files.Open("index.html")
241		if err != nil {
242			return nil, err
243		}
244		bs, err := io.ReadAll(index)
245		if err != nil {
246			return nil, err
247		}
248		linker, err := linking.NewLinker(ctx, bs)
249		if err != nil {
250			return nil, err
251		}
252		linkingHandler, err := a.NotFoundLinkingHandler(ctx, linker)
253		if err != nil {
254			return nil, err
255		}
256		router.NotFound = middlewarestd.Handler("/*static", mdlw, linkingHandler)
257	}
258	// needed because the WebRTC handler issues 405s from / otherwise
259	router.GET("/", func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
260		router.NotFound.ServeHTTP(w, r)
261	})
262	handler := sloghttp.Recovery(router)
263	handler = cors.AllowAll().Handler(handler)
264	handler = sloghttp.New(slog.Default())(handler)
265	handler = a.RateLimitMiddleware(ctx)(handler)
266
267	// this needs to be LAST so nothing else clobbers the context
268	handler = a.ContextMiddleware(ctx)(handler)
269
270	return handler, nil
271}
272func (a *StreamplaceAPI) ContextMiddleware(ctx context.Context) func(next http.Handler) http.Handler {
273	return func(next http.Handler) http.Handler {
274		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
275			uuid := uuid.New().String()
276			ctx = log.WithLogValues(ctx, "requestID", uuid, "method", r.Method, "path", r.URL.Path)
277			r = r.WithContext(ctx)
278			next.ServeHTTP(w, r)
279		})
280	}
281}
282func copyHeader(dst, src http.Header) {
283	for k, vv := range src {
284		// we'll handle CORS ourselves, thanks
285		if strings.HasPrefix(k, "Access-Control") {
286			continue
287		}
288		for _, v := range vv {
289			dst.Add(k, v)
290		}
291	}
292}
293
294// handler that takes care of static files and otherwise returns the index.html with the correct link card data
295func (a *StreamplaceAPI) NotFoundLinkingHandler(ctx context.Context, linker *linking.Linker) (http.HandlerFunc, error) {
296	files, err := app.Files()
297	if err != nil {
298		return nil, err
299	}
300	fs := AppHostingFS{http.FS(files)}
301
302	fileHandler := a.FileHandler(ctx, http.FileServer(fs))
303	defaultHandler := http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
304		f := strings.TrimPrefix(req.URL.Path, "/")
305		// under docs we need the index.html suffix due to astro rendering
306		if strings.HasPrefix(req.URL.Path, "/docs") && strings.HasSuffix(req.URL.Path, "/") {
307			f += "index.html"
308		}
309		_, err := fs.Open(f)
310		if err == nil {
311			fileHandler.ServeHTTP(w, req)
312			return
313		}
314		if errors.Is(err, ErrorIndex) || f == "" {
315			bs, err := linker.GenerateDefaultCard(ctx, req.URL)
316			if err != nil {
317				log.Error(ctx, "error generating default card", "error", err)
318			}
319			w.Header().Set("Content-Type", "text/html")
320			if _, err := w.Write(bs); err != nil {
321				log.Error(ctx, "error writing response", "error", err)
322			}
323		} else {
324			log.Warn(ctx, "error opening file", "error", err)
325			apierrors.WriteHTTPInternalServerError(w, "file not found", err)
326		}
327	})
328	return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
329		proto := "http"
330		if req.TLS != nil {
331			proto = "https"
332		}
333		fwProto := req.Header.Get("x-forwarded-proto")
334		if fwProto != "" {
335			proto = fwProto
336		}
337		req.URL.Host = req.Host
338		req.URL.Scheme = proto
339		maybeHandle := strings.TrimPrefix(req.URL.Path, "/")
340		repo, err := a.Model.GetRepoByHandleOrDID(maybeHandle)
341		if err != nil || repo == nil {
342			log.Error(ctx, "no repo found", "maybeHandle", maybeHandle)
343			defaultHandler.ServeHTTP(w, req)
344			return
345		}
346		ls, err := a.Model.GetLatestLivestreamForRepo(repo.DID)
347		if err != nil || ls == nil {
348			log.Error(ctx, "no livestream found", "repoDID", repo.DID)
349			defaultHandler.ServeHTTP(w, req)
350			return
351		}
352		lsv, err := ls.ToLivestreamView()
353		if err != nil || lsv == nil {
354			log.Error(ctx, "no livestream view found", "repoDID", repo.DID)
355			defaultHandler.ServeHTTP(w, req)
356			return
357		}
358		bs, err := linker.GenerateStreamerCard(ctx, req.URL, lsv)
359		if err != nil {
360			log.Error(ctx, "error generating html", "error", err)
361			defaultHandler.ServeHTTP(w, req)
362			return
363		}
364		w.Header().Set("Content-Type", "text/html")
365		if _, err := w.Write(bs); err != nil {
366			log.Error(ctx, "error writing response", "error", err)
367		}
368	}), nil
369}
370
371func (a *StreamplaceAPI) MistProxyHandler(ctx context.Context, tmpl string) httprouter.Handle {
372	return func(w http.ResponseWriter, req *http.Request, params httprouter.Params) {
373		if !a.CLI.HasMist() {
374			apierrors.WriteHTTPNotImplemented(w, "Playback only on the Linux version for now", nil)
375			return
376		}
377		stream := params.ByName("stream")
378		if stream == "" {
379			apierrors.WriteHTTPBadRequest(w, "missing stream in request", nil)
380			return
381		}
382
383		fullstream := fmt.Sprintf("%s+%s", mistconfig.StreamName, stream)
384		prefix := fmt.Sprintf(tmpl, fullstream)
385		resource := params.ByName("resource")
386
387		// path := strings.TrimPrefix(req.URL.EscapedPath(), "/api")
388
389		client := &http.Client{}
390		req.URL = &url.URL{
391			Scheme:   "http",
392			Host:     fmt.Sprintf("127.0.0.1:%d", a.CLI.MistHTTPPort),
393			Path:     fmt.Sprintf("%s%s", prefix, resource),
394			RawQuery: req.URL.RawQuery,
395		}
396
397		//http: Request.RequestURI can't be set in client requests.
398		//http://golang.org/src/pkg/net/http/client.go
399		req.RequestURI = ""
400
401		resp, err := client.Do(req)
402		if err != nil {
403			apierrors.WriteHTTPInternalServerError(w, "error connecting to mist", err)
404			return
405		}
406		defer resp.Body.Close()
407
408		copyHeader(w.Header(), resp.Header)
409		w.WriteHeader(resp.StatusCode)
410		if _, err := io.Copy(w, resp.Body); err != nil {
411			log.Error(ctx, "error writing response", "error", err)
412		}
413	}
414}
415
416func (a *StreamplaceAPI) FileHandler(ctx context.Context, fs http.Handler) http.HandlerFunc {
417	return func(w http.ResponseWriter, req *http.Request) {
418		noslash := req.URL.Path[1:]
419		ct, ok := a.Mimes[noslash]
420		if ok {
421			w.Header().Set("content-type", ct)
422		}
423		fs.ServeHTTP(w, req)
424	}
425}
426
427func (a *StreamplaceAPI) RedirectHandler(ctx context.Context) (http.Handler, error) {
428	_, tlsPort, err := net.SplitHostPort(a.CLI.HTTPSAddr)
429	if err != nil {
430		return nil, err
431	}
432	handleRedirect := func(w http.ResponseWriter, req *http.Request) {
433		host, _, err := net.SplitHostPort(req.Host)
434		if err != nil {
435			host = req.Host
436		}
437		u := req.URL
438		if tlsPort == "443" {
439			u.Host = host
440		} else {
441			u.Host = net.JoinHostPort(host, tlsPort)
442		}
443		u.Scheme = "https"
444		http.Redirect(w, req, u.String(), http.StatusTemporaryRedirect)
445	}
446	mux := http.NewServeMux()
447	mux.HandleFunc("/", handleRedirect)
448	return mux, nil
449}
450
451type NotificationPayload struct {
452	Token   string `json:"token"`
453	RepoDID string `json:"repoDID"`
454}
455
456func (a *StreamplaceAPI) HandleAPI404(ctx context.Context) http.HandlerFunc {
457	return func(w http.ResponseWriter, req *http.Request) {
458		w.WriteHeader(404)
459	}
460}
461
462func (a *StreamplaceAPI) HandleNotification(ctx context.Context) http.HandlerFunc {
463	return func(w http.ResponseWriter, req *http.Request) {
464		payload, err := io.ReadAll(req.Body)
465		if err != nil {
466			log.Log(ctx, "error reading notification create", "error", err)
467			w.WriteHeader(400)
468			return
469		}
470		n := NotificationPayload{}
471		err = json.Unmarshal(payload, &n)
472		if err != nil {
473			log.Log(ctx, "error unmarshalling notification create", "error", err)
474			w.WriteHeader(400)
475			return
476		}
477		err = a.Model.CreateNotification(n.Token, n.RepoDID)
478		if err != nil {
479			log.Log(ctx, "error creating notification", "error", err)
480			w.WriteHeader(400)
481			return
482		}
483		log.Log(ctx, "successfully created notification", "token", n.Token)
484		w.WriteHeader(200)
485		if n.RepoDID != "" {
486			go func() {
487				_, err := a.ATSync.SyncBlueskyRepo(ctx, n.RepoDID, a.Model)
488				if err != nil {
489					log.Error(ctx, "error syncing bluesky repo after notification creation", "error", err)
490				}
491			}()
492		}
493	}
494}
495
496func (a *StreamplaceAPI) HandleSegment(ctx context.Context) http.HandlerFunc {
497	return func(w http.ResponseWriter, req *http.Request) {
498		err := a.MediaManager.ValidateMP4(ctx, req.Body)
499		if err != nil {
500			apierrors.WriteHTTPBadRequest(w, "could not ingest segment", err)
501			return
502		}
503		w.WriteHeader(200)
504	}
505}
506
507func (a *StreamplaceAPI) HandlePlayerEvent(ctx context.Context) httprouter.Handle {
508	return func(w http.ResponseWriter, req *http.Request, p httprouter.Params) {
509		var event model.PlayerEventAPI
510		if err := json.NewDecoder(req.Body).Decode(&event); err != nil {
511			apierrors.WriteHTTPBadRequest(w, "could not decode JSON body", err)
512			return
513		}
514		err := a.Model.CreatePlayerEvent(event)
515		if err != nil {
516			apierrors.WriteHTTPBadRequest(w, "could not create player event", err)
517			return
518		}
519		w.WriteHeader(201)
520	}
521}
522
523func (a *StreamplaceAPI) HandleRecentSegments(ctx context.Context) httprouter.Handle {
524	return func(w http.ResponseWriter, req *http.Request, params httprouter.Params) {
525		segs, err := a.Model.MostRecentSegments()
526		if err != nil {
527			apierrors.WriteHTTPInternalServerError(w, "could not get segments", err)
528			return
529		}
530		bs, err := json.Marshal(segs)
531		if err != nil {
532			apierrors.WriteHTTPInternalServerError(w, "could not marshal segments", err)
533			return
534		}
535		w.Header().Add("Content-Type", "application/json")
536		if _, err := w.Write(bs); err != nil {
537			log.Error(ctx, "error writing response", "error", err)
538		}
539	}
540}
541
542func (a *StreamplaceAPI) HandleUserRecentSegments(ctx context.Context) httprouter.Handle {
543	return func(w http.ResponseWriter, req *http.Request, params httprouter.Params) {
544		user := params.ByName("repoDID")
545		if user == "" {
546			apierrors.WriteHTTPBadRequest(w, "user required", nil)
547			return
548		}
549		user, err := a.NormalizeUser(ctx, user)
550		if err != nil {
551			apierrors.WriteHTTPNotFound(w, "user not found", err)
552			return
553		}
554		seg, err := a.Model.LatestSegmentForUser(user)
555		if err != nil {
556			apierrors.WriteHTTPInternalServerError(w, "could not get segments", err)
557			return
558		}
559		streamplaceSeg, err := seg.ToStreamplaceSegment()
560		if err != nil {
561			apierrors.WriteHTTPInternalServerError(w, "could not convert segment to streamplace segment", err)
562			return
563		}
564		bs, err := json.Marshal(streamplaceSeg)
565		if err != nil {
566			apierrors.WriteHTTPInternalServerError(w, "could not marshal segments", err)
567			return
568		}
569		w.Header().Add("Content-Type", "application/json")
570		if _, err := w.Write(bs); err != nil {
571			log.Error(ctx, "error writing response", "error", err)
572		}
573	}
574}
575
576func (a *StreamplaceAPI) HandleViewCount(ctx context.Context) httprouter.Handle {
577	return func(w http.ResponseWriter, req *http.Request, params httprouter.Params) {
578		user := params.ByName("user")
579		if user == "" {
580			apierrors.WriteHTTPBadRequest(w, "user required", nil)
581			return
582		}
583		user, err := a.NormalizeUser(ctx, user)
584		if err != nil {
585			apierrors.WriteHTTPNotFound(w, "user not found", err)
586			return
587		}
588		count := spmetrics.GetViewCount(user)
589		bs, err := json.Marshal(streamplace.Livestream_ViewerCount{Count: int64(count), LexiconTypeID: "place.stream.livestream#viewerCount"})
590		if err != nil {
591			apierrors.WriteHTTPInternalServerError(w, "could not marshal view count", err)
592			return
593		}
594		if _, err := w.Write(bs); err != nil {
595			log.Error(ctx, "error writing response", "error", err)
596		}
597	}
598}
599
600func (a *StreamplaceAPI) HandleBlueskyResolve(ctx context.Context) httprouter.Handle {
601	return func(w http.ResponseWriter, req *http.Request, params httprouter.Params) {
602		log.Log(ctx, "got bluesky notification", "params", params)
603		key, err := a.ATSync.SyncBlueskyRepo(ctx, params.ByName("handle"), a.Model)
604		if err != nil {
605			apierrors.WriteHTTPInternalServerError(w, "could not resolve streamplace key", err)
606			return
607		}
608		signingKeys, err := a.Model.GetSigningKeysForRepo(key.DID)
609		if err != nil {
610			apierrors.WriteHTTPInternalServerError(w, "could not get signing keys", err)
611			return
612		}
613		bs, err := json.Marshal(signingKeys)
614		if err != nil {
615			apierrors.WriteHTTPInternalServerError(w, "could not marshal signing keys", err)
616			return
617		}
618		if _, err := w.Write(bs); err != nil {
619			log.Error(ctx, "error writing response", "error", err)
620		}
621	}
622}
623
624type ChatResponse struct {
625	Post *bsky.FeedPost `json:"post"`
626	Repo *model.Repo    `json:"repo"`
627	CID  string         `json:"cid"`
628}
629
630func (a *StreamplaceAPI) HandleChat(ctx context.Context) httprouter.Handle {
631	return func(w http.ResponseWriter, req *http.Request, params httprouter.Params) {
632		user := params.ByName("repoDID")
633		if user == "" {
634			apierrors.WriteHTTPBadRequest(w, "user required", nil)
635			return
636		}
637		repoDID, err := a.NormalizeUser(ctx, user)
638		if err != nil {
639			apierrors.WriteHTTPNotFound(w, "user not found", err)
640			return
641		}
642		replies, err := a.Model.GetReplies(repoDID)
643		if err != nil {
644			apierrors.WriteHTTPInternalServerError(w, "could not get replies", err)
645			return
646		}
647		bs, err := json.Marshal(replies)
648		if err != nil {
649			apierrors.WriteHTTPInternalServerError(w, "could not marshal replies", err)
650			return
651		}
652		w.Header().Set("Content-Type", "application/json")
653		if _, err := w.Write(bs); err != nil {
654			log.Error(ctx, "error writing response", "error", err)
655		}
656	}
657}
658
659func (a *StreamplaceAPI) HandleLivestream(ctx context.Context) httprouter.Handle {
660	return func(w http.ResponseWriter, req *http.Request, params httprouter.Params) {
661		user := params.ByName("repoDID")
662		if user == "" {
663			apierrors.WriteHTTPBadRequest(w, "user required", nil)
664			return
665		}
666		repoDID, err := a.NormalizeUser(ctx, user)
667		if err != nil {
668			apierrors.WriteHTTPNotFound(w, "user not found", err)
669			return
670		}
671		livestream, err := a.Model.GetLatestLivestreamForRepo(repoDID)
672		if err != nil {
673			apierrors.WriteHTTPInternalServerError(w, "could not get livestream", err)
674			return
675		}
676
677		doc, err := livestream.ToLivestreamView()
678		if err != nil {
679			apierrors.WriteHTTPInternalServerError(w, "could not marshal livestream", err)
680			return
681		}
682
683		if livestream == nil {
684			apierrors.WriteHTTPNotFound(w, "no livestream found", nil)
685			return
686		}
687
688		bs, err := json.Marshal(doc)
689		if err != nil {
690			apierrors.WriteHTTPInternalServerError(w, "could not marshal livestream", err)
691			return
692		}
693		w.Header().Set("Content-Type", "application/json")
694		if _, err := w.Write(bs); err != nil {
695			log.Error(ctx, "error writing response", "error", err)
696		}
697	}
698}
699
700func (a *StreamplaceAPI) RateLimitMiddleware(ctx context.Context) func(http.Handler) http.Handler {
701	return func(next http.Handler) http.Handler {
702		return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
703			ip, _, err := net.SplitHostPort(req.RemoteAddr)
704			if err != nil {
705				ip = req.RemoteAddr
706			}
707
708			if a.CLI.RateLimitPerSecond > 0 {
709				limiter := a.getLimiter(ip)
710
711				if !limiter.Allow() {
712					log.Warn(ctx, "rate limit exceeded", "ip", ip, "path", req.URL.Path)
713					apierrors.WriteHTTPTooManyRequests(w, "rate limit exceeded")
714					return
715				}
716			}
717
718			next.ServeHTTP(w, req)
719		})
720	}
721}
722
723func (a *StreamplaceAPI) ServeHTTP(ctx context.Context) error {
724	handler, err := a.Handler(ctx)
725	if err != nil {
726		return err
727	}
728	return a.ServerWithShutdown(ctx, handler, func(s *http.Server) error {
729		s.Addr = a.CLI.HTTPAddr
730		log.Log(ctx, "http server starting", "addr", s.Addr)
731		return s.ListenAndServe()
732	})
733}
734
735func (a *StreamplaceAPI) ServeHTTPRedirect(ctx context.Context) error {
736	handler, err := a.RedirectHandler(ctx)
737	if err != nil {
738		return err
739	}
740	return a.ServerWithShutdown(ctx, handler, func(s *http.Server) error {
741		s.Addr = a.CLI.HTTPAddr
742		log.Log(ctx, "http tls redirecct server starting", "addr", s.Addr)
743		return s.ListenAndServe()
744	})
745}
746
747func (a *StreamplaceAPI) ServeHTTPS(ctx context.Context) error {
748	handler, err := a.Handler(ctx)
749	if err != nil {
750		return err
751	}
752	return a.ServerWithShutdown(ctx, handler, func(s *http.Server) error {
753		s.Addr = a.CLI.HTTPSAddr
754		log.Log(ctx, "https server starting",
755			"addr", s.Addr,
756			"certPath", a.CLI.TLSCertPath,
757			"keyPath", a.CLI.TLSKeyPath,
758		)
759		return s.ListenAndServeTLS(a.CLI.TLSCertPath, a.CLI.TLSKeyPath)
760	})
761}
762
763func (a *StreamplaceAPI) ServerWithShutdown(ctx context.Context, handler http.Handler, serve func(*http.Server) error) error {
764	ctx, cancel := context.WithCancel(ctx)
765	handler = gziphandler.GzipHandler(handler)
766	server := http.Server{Handler: handler}
767	var serveErr error
768	go func() {
769		serveErr = serve(&server)
770		cancel()
771	}()
772	<-ctx.Done()
773	if serveErr != nil {
774		return fmt.Errorf("error in http server: %w", serveErr)
775	}
776
777	ctx, cancel = context.WithTimeout(context.Background(), 5*time.Second)
778	defer cancel()
779	return server.Shutdown(ctx)
780}
781
782func (a *StreamplaceAPI) HandleHealthz(ctx context.Context) http.HandlerFunc {
783	return func(w http.ResponseWriter, req *http.Request) {
784		w.WriteHeader(200)
785	}
786}
787
788func (a *StreamplaceAPI) getLimiter(ip string) *rate.Limiter {
789	a.limitersMu.Lock()
790	defer a.limitersMu.Unlock()
791
792	limiter, exists := a.limiters[ip]
793	if !exists {
794		limiter = rate.NewLimiter(rate.Limit(a.CLI.RateLimitPerSecond), a.CLI.RateLimitBurst)
795		a.limiters[ip] = limiter
796	}
797
798	return limiter
799}
800
801func NewWebsocketTracker(maxConns int) *WebsocketTracker {
802	return &WebsocketTracker{
803		connections:   make(map[string]int),
804		maxConnsPerIP: maxConns,
805	}
806}
807
808func (t *WebsocketTracker) AddConnection(ip string) bool {
809	t.mu.Lock()
810	defer t.mu.Unlock()
811
812	count := t.connections[ip]
813
814	if count >= t.maxConnsPerIP {
815		return false
816	}
817
818	t.connections[ip] = count + 1
819	return true
820}
821
822func (t *WebsocketTracker) RemoveConnection(ip string) {
823	t.mu.Lock()
824	defer t.mu.Unlock()
825
826	count := t.connections[ip]
827	if count > 0 {
828		t.connections[ip] = count - 1
829	}
830
831	if t.connections[ip] == 0 {
832		delete(t.connections, ip)
833	}
834}