pkg/api/api.go at eli/routing-cleanup · stream.place/streamplace

stream.place / streamplace
fork atom
Live video on the AT Protocol
fork atom
streamplace / pkg / api / api.go
at eli/routing-cleanup 915 lines 29 kB view raw
wrap content
Eli Mallon fixes for self-test 6w ago
e3e3c514
  1package api
  2
  3import (
  4	"context"
  5	"encoding/json"
  6	"errors"
  7	"fmt"
  8	"io"
  9	"log/slog"
 10	"net"
 11	"net/http"
 12	"net/http/httputil"
 13	"net/url"
 14	"os"
 15	"strconv"
 16	"strings"
 17	"sync"
 18	"time"
 19
 20	"github.com/NYTimes/gziphandler"
 21	"github.com/bluesky-social/indigo/api/bsky"
 22	"github.com/google/uuid"
 23	"github.com/julienschmidt/httprouter"
 24	"github.com/labstack/echo/v4"
 25	"github.com/rs/cors"
 26	sloghttp "github.com/samber/slog-http"
 27	"golang.org/x/time/rate"
 28
 29	"github.com/streamplace/oatproxy/pkg/oatproxy"
 30	"stream.place/streamplace/js/app"
 31	"stream.place/streamplace/pkg/atproto"
 32	"stream.place/streamplace/pkg/bus"
 33	"stream.place/streamplace/pkg/config"
 34	"stream.place/streamplace/pkg/crypto/signers/eip712"
 35	"stream.place/streamplace/pkg/director"
 36	apierrors "stream.place/streamplace/pkg/errors"
 37	"stream.place/streamplace/pkg/linking"
 38	"stream.place/streamplace/pkg/localdb"
 39	"stream.place/streamplace/pkg/log"
 40	"stream.place/streamplace/pkg/media"
 41	"stream.place/streamplace/pkg/mist/mistconfig"
 42	"stream.place/streamplace/pkg/model"
 43	"stream.place/streamplace/pkg/notifications"
 44	"stream.place/streamplace/pkg/spmetrics"
 45	"stream.place/streamplace/pkg/spxrpc"
 46	"stream.place/streamplace/pkg/statedb"
 47	"stream.place/streamplace/pkg/streamplace"
 48
 49	metrics "github.com/slok/go-http-metrics/metrics/prometheus"
 50	"github.com/slok/go-http-metrics/middleware"
 51	echomiddleware "github.com/slok/go-http-metrics/middleware/echo"
 52	httproutermiddleware "github.com/slok/go-http-metrics/middleware/httprouter"
 53	middlewarestd "github.com/slok/go-http-metrics/middleware/std"
 54)
 55
 56type StreamplaceAPI struct {
 57	CLI              *config.CLI
 58	Model            model.Model
 59	StatefulDB       *statedb.StatefulDB
 60	LocalDB          localdb.LocalDB
 61	Updater          *Updater
 62	Signer           *eip712.EIP712Signer
 63	Mimes            map[string]string
 64	FirebaseNotifier notifications.FirebaseNotifier
 65	MediaManager     *media.MediaManager
 66	MediaSigner      media.MediaSigner
 67	XRPCServer       *spxrpc.Server
 68	// not thread-safe yet
 69	Aliases  map[string]string
 70	Bus      *bus.Bus
 71	ATSync   *atproto.ATProtoSynchronizer
 72	Director *director.Director
 73
 74	connTracker *WebsocketTracker
 75
 76	limiters      map[string]*rate.Limiter
 77	limitersMu    sync.Mutex
 78	SignerCache   map[string]media.MediaSigner
 79	SignerCacheMu sync.Mutex
 80	op            *oatproxy.OATProxy
 81
 82	// override tls port for http redirect server if we're using systemd file descriptors
 83	HTTPRedirectTLSPort *int
 84	sessions            map[string]map[string]time.Time
 85	sessionsLock        sync.RWMutex
 86
 87	rtmpSessions             map[string]*media.RTMPSession
 88	rtmpSessionsLock         sync.Mutex
 89	rtmpInternalPlaybackAddr string
 90}
 91
 92type WebsocketTracker struct {
 93	connections   map[string]int
 94	maxConnsPerIP int
 95	mu            sync.RWMutex
 96}
 97
 98func MakeStreamplaceAPI(cli *config.CLI, mod model.Model, statefulDB *statedb.StatefulDB, noter notifications.FirebaseNotifier, mm *media.MediaManager, ms media.MediaSigner, bus *bus.Bus, atsync *atproto.ATProtoSynchronizer, d *director.Director, op *oatproxy.OATProxy, ldb localdb.LocalDB) (*StreamplaceAPI, error) {
 99	updater, err := PrepareUpdater(cli)
100	if err != nil {
101		return nil, err
102	}
103	a := &StreamplaceAPI{CLI: cli,
104		Model:            mod,
105		StatefulDB:       statefulDB,
106		Updater:          updater,
107		FirebaseNotifier: noter,
108		MediaManager:     mm,
109		MediaSigner:      ms,
110		Aliases:          map[string]string{},
111		Bus:              bus,
112		ATSync:           atsync,
113		Director:         d,
114		connTracker:      NewWebsocketTracker(cli.RateLimitWebsocket),
115		limiters:         make(map[string]*rate.Limiter),
116		SignerCache:      make(map[string]media.MediaSigner),
117		op:               op,
118		sessions:         make(map[string]map[string]time.Time),
119		sessionsLock:     sync.RWMutex{},
120		rtmpSessions:     make(map[string]*media.RTMPSession),
121		rtmpSessionsLock: sync.Mutex{},
122		LocalDB:          ldb,
123	}
124	a.Mimes, err = updater.GetMimes()
125	if err != nil {
126		return nil, err
127	}
128	return a, nil
129}
130
131type AppHostingFS struct {
132	http.FileSystem
133}
134
135var ErrorIndex = errors.New("not found, use index.html")
136
137func (fs AppHostingFS) Open(name string) (http.File, error) {
138	file, err1 := fs.FileSystem.Open(name)
139	if err1 == nil {
140		return file, nil
141	}
142	return nil, ErrorIndex
143}
144
145// api/playback/iame.li/webrtc?rendition=source
146// api/playback/iame.li/stream.mp4?rendition=source
147// api/playback/iame.li/stream.webm?rendition=source
148// api/playback/iame.li/hls/index.m3u8
149// api/playback/iame.li/hls/source/stream.m3u8
150// api/playback/iame.li/hls/source/000000000000.ts
151
152func (a *StreamplaceAPI) Handler(ctx context.Context) (http.Handler, error) {
153
154	mdlw := middleware.New(middleware.Config{
155		Recorder: metrics.NewRecorder(metrics.Config{}),
156	})
157	var xrpc http.Handler
158	xrpc, err := spxrpc.NewServer(ctx, a.CLI, a.Model, a.StatefulDB, a.op, mdlw, a.ATSync, a.Bus, a.LocalDB, a.MediaManager, a.Aliases)
159	if err != nil {
160		return nil, err
161	}
162	a.XRPCServer = xrpc.(*spxrpc.Server)
163	router := httprouter.New()
164
165	// Create our middleware factory with the default settings.
166
167	a.op.Echo.Use(echomiddleware.Handler("", mdlw))
168
169	// r.GET("/test/:id", httproutermiddleware.Handler("/test/:id", h1, mdlw))
170
171	addHandle := func(router *httprouter.Router, method, path string, handler httprouter.Handle) {
172		router.Handle(method, path, httproutermiddleware.Handler(path, handler, mdlw))
173	}
174	addFunc := func(router *httprouter.Router, method, path string, handler http.HandlerFunc) {
175		router.Handler(method, path, middlewarestd.Handler(path, mdlw, handler))
176	}
177
178	router.Handler("GET", "/oauth/*anything", a.op.Handler())
179	router.Handler("POST", "/oauth/*anything", a.op.Handler())
180	router.Handler("GET", "/.well-known/oauth-authorization-server", a.op.Handler())
181	router.Handler("GET", "/.well-known/oauth-protected-resource", a.op.Handler())
182	router.Handler("GET", "/.well-known/apple-app-site-association", a.HandleAppleAppSiteAssociation(ctx))
183	router.Handler("GET", "/.well-known/assetlinks.json", a.HandleAndroidAssetLinks(ctx))
184	apiRouter := httprouter.New()
185	addFunc(apiRouter, "POST", "/api/notification", a.HandleNotification(ctx))
186	// old clients
187	addFunc(router, "GET", "/app-updates", a.HandleAppUpdates(ctx))
188	// new ones
189	addFunc(apiRouter, "GET", "/api/manifest", a.HandleAppUpdates(ctx))
190	addHandle(apiRouter, "GET", "/api/desktop-updates/:platform/:architecture/:version/:buildTime/:file", a.HandleDesktopUpdates(ctx))
191	addHandle(apiRouter, "POST", "/api/webrtc/:stream", a.MistProxyHandler(ctx, "/webrtc/%s"))
192	addHandle(apiRouter, "OPTIONS", "/api/webrtc/:stream", a.MistProxyHandler(ctx, "/webrtc/%s"))
193	addHandle(apiRouter, "DELETE", "/api/webrtc/:stream", a.MistProxyHandler(ctx, "/webrtc/%s"))
194	addFunc(apiRouter, "POST", "/api/segment", a.HandleSegment(ctx))
195	addFunc(apiRouter, "GET", "/api/healthz", a.HandleHealthz(ctx))
196	addHandle(apiRouter, "GET", "/api/playback/:user/hls/*file", a.HandleHLSPlayback(ctx))
197	// they're jpegs now
198	addHandle(apiRouter, "GET", "/api/playback/:user/stream.jpg", a.HandleThumbnailPlayback(ctx))
199	// this one is actually a jpeg (used previously and shouldn't remove for historical reasons)
200	addHandle(apiRouter, "GET", "/api/playback/:user/stream.png", a.HandleThumbnailPlayback(ctx))
201	addHandle(apiRouter, "GET", "/api/app-return/*anything", a.HandleAppReturn(ctx))
202	addHandle(apiRouter, "POST", "/api/playback/:user/webrtc", a.HandleWebRTCPlayback(ctx))
203	addHandle(apiRouter, "POST", "/api/ingest/webrtc", a.HandleWebRTCIngest(ctx))
204	addHandle(apiRouter, "POST", "/api/ingest/webrtc/:key", a.HandleWebRTCIngest(ctx))
205	addHandle(apiRouter, "POST", "/api/player-event", a.HandlePlayerEvent(ctx))
206	addHandle(apiRouter, "GET", "/api/chat/:repoDID", a.HandleChat(ctx))
207	addHandle(apiRouter, "GET", "/api/websocket/:repoDID", a.HandleWebsocket(ctx))
208	addHandle(apiRouter, "GET", "/api/livestream/:repoDID", a.HandleLivestream(ctx))
209	addHandle(apiRouter, "GET", "/api/bluesky/resolve/:handle", a.HandleBlueskyResolve(ctx))
210	addHandle(apiRouter, "GET", "/api/view-count/:user", a.HandleViewCount(ctx))
211	addHandle(apiRouter, "GET", "/api/clip/:user/:file", a.HandleClip(ctx))
212	apiRouter.NotFound = a.HandleAPI404(ctx)
213	apiRouterHandler := a.RateLimitMiddleware(ctx)(apiRouter)
214	xrpcHandler := a.RateLimitMiddleware(ctx)(xrpc)
215	router.Handler("GET", "/api/*resource", apiRouterHandler)
216	router.Handler("POST", "/api/*resource", apiRouterHandler)
217	router.Handler("PUT", "/api/*resource", apiRouterHandler)
218	router.Handler("PATCH", "/api/*resource", apiRouterHandler)
219	router.Handler("DELETE", "/api/*resource", apiRouterHandler)
220	router.Handler("GET", "/xrpc/*resource", xrpcHandler)
221	router.Handler("POST", "/xrpc/*resource", xrpcHandler)
222	router.Handler("PUT", "/xrpc/*resource", xrpcHandler)
223	router.Handler("PATCH", "/xrpc/*resource", xrpcHandler)
224	router.Handler("DELETE", "/xrpc/*resource", xrpcHandler)
225	// i wonder if there's a better way to do this?
226	router.GET("/favicon.ico", func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
227		err := a.XRPCServer.HandleFaviconICO(echo.New().NewContext(r, w))
228		if err != nil {
229			log.Error(ctx, "error handling favicon.ico", "error", err)
230			w.WriteHeader(500)
231			return
232		}
233	})
234	router.GET("/.well-known/did.json", a.HandleDidJSON(ctx))
235	router.GET("/.well-known/atproto-did", a.HandleAtprotoDID(ctx))
236	router.GET("/dl/*params", a.HandleAppDownload(ctx))
237	router.POST("/", a.HandleWebRTCIngest(ctx))
238	for _, redirect := range a.CLI.Redirects {
239		parts := strings.Split(redirect, ":")
240		if len(parts) != 2 {
241			log.Error(ctx, "invalid redirect", "redirect", redirect)
242			return nil, fmt.Errorf("invalid redirect: %s", redirect)
243		}
244		router.Handle("GET", parts[0], func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
245			http.Redirect(w, r, parts[1], http.StatusTemporaryRedirect)
246		})
247	}
248	if a.CLI.FrontendProxy != "" {
249		u, err := url.Parse(a.CLI.FrontendProxy)
250		if err != nil {
251			return nil, err
252		}
253		log.Warn(ctx, "using frontend proxy instead of bundled frontend", "destination", a.CLI.FrontendProxy)
254		router.NotFound = &httputil.ReverseProxy{
255			Rewrite: func(r *httputil.ProxyRequest) {
256				// workaround for Expo disliking serving requests from 127.0.0.1 instead of localhost
257				// we need to use 127.0.0.1 because the atproto oauth client requires it
258				r.Out.Header.Set("Origin", u.String())
259				r.SetURL(u)
260			},
261		}
262	} else {
263		files, err := app.Files()
264		if err != nil {
265			return nil, err
266		}
267		index, err := files.Open("index.html")
268		if err != nil {
269			return nil, err
270		}
271		bs, err := io.ReadAll(index)
272		if err != nil {
273			return nil, err
274		}
275		linker, err := linking.NewLinker(ctx, bs, a.StatefulDB, a.CLI)
276		if err != nil {
277			return nil, err
278		}
279		linkingHandler, err := a.NotFoundLinkingHandler(ctx, linker)
280		if err != nil {
281			return nil, err
282		}
283		router.NotFound = middlewarestd.Handler("/*static", mdlw, linkingHandler)
284	}
285	// needed because the WebRTC handler issues 405s from / otherwise
286	router.GET("/", func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
287		router.NotFound.ServeHTTP(w, r)
288	})
289	handler := sloghttp.Recovery(router)
290	handler = cors.AllowAll().Handler(handler)
291	handler = sloghttp.New(slog.Default())(handler)
292	handler = a.RateLimitMiddleware(ctx)(handler)
293
294	// this needs to be LAST so nothing else clobbers the context
295	handler = a.ContextMiddleware(ctx)(handler)
296
297	return handler, nil
298}
299func (a *StreamplaceAPI) ContextMiddleware(parentContext context.Context) func(next http.Handler) http.Handler {
300	return func(next http.Handler) http.Handler {
301		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
302			uuid := uuid.New().String()
303			ctx := log.WithLogValues(parentContext, "requestID", uuid, "method", r.Method, "path", r.URL.Path)
304			r = r.WithContext(ctx)
305			next.ServeHTTP(w, r)
306		})
307	}
308}
309func copyHeader(dst, src http.Header) {
310	for k, vv := range src {
311		// we'll handle CORS ourselves, thanks
312		if strings.HasPrefix(k, "Access-Control") {
313			continue
314		}
315		for _, v := range vv {
316			dst.Add(k, v)
317		}
318	}
319}
320
321// handler that takes care of static files and otherwise returns the index.html with the correct link card data
322func (a *StreamplaceAPI) NotFoundLinkingHandler(ctx context.Context, linker *linking.Linker) (http.HandlerFunc, error) {
323	files, err := app.Files()
324	if err != nil {
325		return nil, err
326	}
327	fs := AppHostingFS{http.FS(files)}
328
329	fileHandler := a.FileHandler(ctx, http.FileServer(fs))
330	defaultHandler := http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
331		f := strings.TrimPrefix(req.URL.Path, "/")
332		// under docs we need the index.html suffix due to astro rendering
333		if strings.HasPrefix(req.URL.Path, "/docs") && strings.HasSuffix(req.URL.Path, "/") {
334			f += "index.html"
335		}
336		_, err := fs.Open(f)
337		if err == nil {
338			fileHandler.ServeHTTP(w, req)
339			return
340		}
341		if errors.Is(err, ErrorIndex) || f == "" {
342			bs, err := linker.GenerateDefaultCard(ctx, req.URL, a.CLI.SentryDSN)
343			if err != nil {
344				log.Error(ctx, "error generating default card", "error", err)
345			}
346			w.Header().Set("Content-Type", "text/html")
347			if _, err := w.Write(bs); err != nil {
348				log.Error(ctx, "error writing response", "error", err)
349			}
350		} else {
351			log.Warn(ctx, "error opening file", "error", err)
352			apierrors.WriteHTTPInternalServerError(w, "file not found", err)
353		}
354	})
355	return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
356		proto := "http"
357		if req.TLS != nil {
358			proto = "https"
359		}
360		fwProto := req.Header.Get("x-forwarded-proto")
361		if fwProto != "" {
362			proto = fwProto
363		}
364		req.URL.Host = req.Host
365		req.URL.Scheme = proto
366		maybeHandle := strings.TrimPrefix(req.URL.Path, "/")
367		// quick check for things that aren't valid handles/dids
368		if strings.ContainsAny(maybeHandle, "/_") {
369			defaultHandler.ServeHTTP(w, req)
370			return
371		}
372		repo, err := a.Model.GetRepoByHandleOrDID(maybeHandle)
373		if err != nil || repo == nil {
374			log.Error(ctx, "no repo found", "maybeHandle", maybeHandle)
375			defaultHandler.ServeHTTP(w, req)
376			return
377		}
378		ls, err := a.Model.GetLatestLivestreamForRepo(repo.DID)
379		if err != nil || ls == nil {
380			log.Error(ctx, "no livestream found", "repoDID", repo.DID)
381			defaultHandler.ServeHTTP(w, req)
382			return
383		}
384		lsv, err := ls.ToLivestreamView()
385		if err != nil || lsv == nil {
386			log.Error(ctx, "no livestream view found", "repoDID", repo.DID)
387			defaultHandler.ServeHTTP(w, req)
388			return
389		}
390		bs, err := linker.GenerateStreamerCard(ctx, req.URL, lsv, a.CLI.SentryDSN)
391		if err != nil {
392			log.Error(ctx, "error generating html", "error", err)
393			defaultHandler.ServeHTTP(w, req)
394			return
395		}
396		w.Header().Set("Content-Type", "text/html")
397		if _, err := w.Write(bs); err != nil {
398			log.Error(ctx, "error writing response", "error", err)
399		}
400	}), nil
401}
402
403func (a *StreamplaceAPI) MistProxyHandler(ctx context.Context, tmpl string) httprouter.Handle {
404	return func(w http.ResponseWriter, req *http.Request, params httprouter.Params) {
405		if !a.CLI.HasMist() {
406			apierrors.WriteHTTPNotImplemented(w, "Playback only on the Linux version for now", nil)
407			return
408		}
409		stream := params.ByName("stream")
410		if stream == "" {
411			apierrors.WriteHTTPBadRequest(w, "missing stream in request", nil)
412			return
413		}
414
415		fullstream := fmt.Sprintf("%s+%s", mistconfig.StreamName, stream)
416		prefix := fmt.Sprintf(tmpl, fullstream)
417		resource := params.ByName("resource")
418
419		// path := strings.TrimPrefix(req.URL.EscapedPath(), "/api")
420
421		client := &http.Client{}
422		req.URL = &url.URL{
423			Scheme:   "http",
424			Host:     fmt.Sprintf("127.0.0.1:%d", a.CLI.MistHTTPPort),
425			Path:     fmt.Sprintf("%s%s", prefix, resource),
426			RawQuery: req.URL.RawQuery,
427		}
428
429		//http: Request.RequestURI can't be set in client requests.
430		//http://golang.org/src/pkg/net/http/client.go
431		req.RequestURI = ""
432
433		resp, err := client.Do(req)
434		if err != nil {
435			apierrors.WriteHTTPInternalServerError(w, "error connecting to mist", err)
436			return
437		}
438		defer resp.Body.Close()
439
440		copyHeader(w.Header(), resp.Header)
441		w.WriteHeader(resp.StatusCode)
442		if _, err := io.Copy(w, resp.Body); err != nil {
443			log.Error(ctx, "error writing response", "error", err)
444		}
445	}
446}
447
448func (a *StreamplaceAPI) FileHandler(ctx context.Context, fs http.Handler) http.HandlerFunc {
449	return func(w http.ResponseWriter, req *http.Request) {
450		noslash := req.URL.Path[1:]
451		ct, ok := a.Mimes[noslash]
452		if ok {
453			w.Header().Set("content-type", ct)
454		}
455		fs.ServeHTTP(w, req)
456	}
457}
458
459func (a *StreamplaceAPI) RedirectHandler(ctx context.Context) (http.Handler, error) {
460	var tlsPort string
461	var err error
462	if a.HTTPRedirectTLSPort != nil {
463		tlsPort = fmt.Sprintf("%d", *a.HTTPRedirectTLSPort)
464	} else {
465		_, tlsPort, err = net.SplitHostPort(a.CLI.HTTPSAddr)
466		if err != nil {
467			return nil, err
468		}
469	}
470	handleRedirect := func(w http.ResponseWriter, req *http.Request) {
471		host, _, err := net.SplitHostPort(req.Host)
472		if err != nil {
473			host = req.Host
474		}
475		u := req.URL
476		if tlsPort == "443" {
477			u.Host = host
478		} else {
479			u.Host = net.JoinHostPort(host, tlsPort)
480		}
481		u.Scheme = "https"
482		http.Redirect(w, req, u.String(), http.StatusTemporaryRedirect)
483	}
484	mux := http.NewServeMux()
485	mux.HandleFunc("/", handleRedirect)
486	return mux, nil
487}
488
489type NotificationPayload struct {
490	Token   string `json:"token"`
491	RepoDID string `json:"repoDID"`
492}
493
494func (a *StreamplaceAPI) HandleAPI404(ctx context.Context) http.HandlerFunc {
495	return func(w http.ResponseWriter, req *http.Request) {
496		w.WriteHeader(404)
497	}
498}
499
500func (a *StreamplaceAPI) HandleNotification(ctx context.Context) http.HandlerFunc {
501	return func(w http.ResponseWriter, req *http.Request) {
502		payload, err := io.ReadAll(req.Body)
503		if err != nil {
504			log.Log(ctx, "error reading notification create", "error", err)
505			w.WriteHeader(400)
506			return
507		}
508		n := NotificationPayload{}
509		err = json.Unmarshal(payload, &n)
510		if err != nil {
511			log.Log(ctx, "error unmarshalling notification create", "error", err)
512			w.WriteHeader(400)
513			return
514		}
515		err = a.StatefulDB.CreateNotification(n.Token, n.RepoDID)
516		if err != nil {
517			log.Log(ctx, "error creating notification", "error", err)
518			w.WriteHeader(400)
519			return
520		}
521		log.Log(ctx, "successfully created notification", "token", n.Token)
522		w.WriteHeader(200)
523		if n.RepoDID != "" {
524			go func() {
525				_, err := a.ATSync.SyncBlueskyRepo(ctx, n.RepoDID, a.Model)
526				if err != nil {
527					log.Error(ctx, "error syncing bluesky repo after notification creation", "error", err)
528				}
529			}()
530		}
531	}
532}
533
534func (a *StreamplaceAPI) HandleSegment(ctx context.Context) http.HandlerFunc {
535	return func(w http.ResponseWriter, req *http.Request) {
536		err := a.MediaManager.ValidateMP4(ctx, req.Body, false)
537		if err != nil {
538			apierrors.WriteHTTPBadRequest(w, "could not ingest segment", err)
539			return
540		}
541		w.WriteHeader(200)
542	}
543}
544
545func (a *StreamplaceAPI) HandlePlayerEvent(ctx context.Context) httprouter.Handle {
546	return func(w http.ResponseWriter, req *http.Request, p httprouter.Params) {
547		if !a.CLI.PlayerTelemetry {
548			w.WriteHeader(200)
549			return
550		}
551		var event model.PlayerEventAPI
552		if err := json.NewDecoder(req.Body).Decode(&event); err != nil {
553			apierrors.WriteHTTPBadRequest(w, "could not decode JSON body", err)
554			return
555		}
556		err := a.Model.CreatePlayerEvent(event)
557		if err != nil {
558			apierrors.WriteHTTPBadRequest(w, "could not create player event", err)
559			return
560		}
561		w.WriteHeader(201)
562	}
563}
564
565func (a *StreamplaceAPI) HandleViewCount(ctx context.Context) httprouter.Handle {
566	return func(w http.ResponseWriter, req *http.Request, params httprouter.Params) {
567		user := params.ByName("user")
568		if user == "" {
569			apierrors.WriteHTTPBadRequest(w, "user required", nil)
570			return
571		}
572		user, err := a.NormalizeUser(ctx, user)
573		if err != nil {
574			apierrors.WriteHTTPNotFound(w, "user not found", err)
575			return
576		}
577		count := spmetrics.GetViewCount(user)
578		bs, err := json.Marshal(streamplace.Livestream_ViewerCount{Count: int64(count), LexiconTypeID: "place.stream.livestream#viewerCount"})
579		if err != nil {
580			apierrors.WriteHTTPInternalServerError(w, "could not marshal view count", err)
581			return
582		}
583		if _, err := w.Write(bs); err != nil {
584			log.Error(ctx, "error writing response", "error", err)
585		}
586	}
587}
588
589func (a *StreamplaceAPI) HandleBlueskyResolve(ctx context.Context) httprouter.Handle {
590	return func(w http.ResponseWriter, req *http.Request, params httprouter.Params) {
591		log.Log(ctx, "got bluesky notification", "params", params)
592		key, err := a.ATSync.SyncBlueskyRepo(ctx, params.ByName("handle"), a.Model)
593		if err != nil {
594			apierrors.WriteHTTPInternalServerError(w, "could not resolve streamplace key", err)
595			return
596		}
597		signingKeys, err := a.Model.GetSigningKeysForRepo(key.DID)
598		if err != nil {
599			apierrors.WriteHTTPInternalServerError(w, "could not get signing keys", err)
600			return
601		}
602		bs, err := json.Marshal(signingKeys)
603		if err != nil {
604			apierrors.WriteHTTPInternalServerError(w, "could not marshal signing keys", err)
605			return
606		}
607		if _, err := w.Write(bs); err != nil {
608			log.Error(ctx, "error writing response", "error", err)
609		}
610	}
611}
612
613type ChatResponse struct {
614	Post *bsky.FeedPost `json:"post"`
615	Repo *model.Repo    `json:"repo"`
616	CID  string         `json:"cid"`
617}
618
619func (a *StreamplaceAPI) HandleChat(ctx context.Context) httprouter.Handle {
620	return func(w http.ResponseWriter, req *http.Request, params httprouter.Params) {
621		user := params.ByName("repoDID")
622		if user == "" {
623			apierrors.WriteHTTPBadRequest(w, "user required", nil)
624			return
625		}
626		repoDID, err := a.NormalizeUser(ctx, user)
627		if err != nil {
628			apierrors.WriteHTTPNotFound(w, "user not found", err)
629			return
630		}
631		replies, err := a.Model.GetReplies(repoDID)
632		if err != nil {
633			apierrors.WriteHTTPInternalServerError(w, "could not get replies", err)
634			return
635		}
636		bs, err := json.Marshal(replies)
637		if err != nil {
638			apierrors.WriteHTTPInternalServerError(w, "could not marshal replies", err)
639			return
640		}
641		w.Header().Set("Content-Type", "application/json")
642		if _, err := w.Write(bs); err != nil {
643			log.Error(ctx, "error writing response", "error", err)
644		}
645	}
646}
647
648func (a *StreamplaceAPI) HandleLivestream(ctx context.Context) httprouter.Handle {
649	return func(w http.ResponseWriter, req *http.Request, params httprouter.Params) {
650		user := params.ByName("repoDID")
651		if user == "" {
652			apierrors.WriteHTTPBadRequest(w, "user required", nil)
653			return
654		}
655		repoDID, err := a.NormalizeUser(ctx, user)
656		if err != nil {
657			apierrors.WriteHTTPNotFound(w, "user not found", err)
658			return
659		}
660		livestream, err := a.Model.GetLatestLivestreamForRepo(repoDID)
661		if err != nil {
662			apierrors.WriteHTTPInternalServerError(w, "could not get livestream", err)
663			return
664		}
665		if livestream == nil {
666			apierrors.WriteHTTPNotFound(w, "no livestream found", nil)
667			return
668		}
669
670		doc, err := livestream.ToLivestreamView()
671		if err != nil {
672			apierrors.WriteHTTPInternalServerError(w, "could not marshal livestream", err)
673			return
674		}
675
676		if livestream == nil {
677			apierrors.WriteHTTPNotFound(w, "no livestream found", nil)
678			return
679		}
680
681		bs, err := json.Marshal(doc)
682		if err != nil {
683			apierrors.WriteHTTPInternalServerError(w, "could not marshal livestream", err)
684			return
685		}
686		w.Header().Set("Content-Type", "application/json")
687		if _, err := w.Write(bs); err != nil {
688			log.Error(ctx, "error writing response", "error", err)
689		}
690	}
691}
692
693func (a *StreamplaceAPI) RateLimitMiddleware(ctx context.Context) func(http.Handler) http.Handler {
694	return func(next http.Handler) http.Handler {
695		return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
696			ip, _, err := net.SplitHostPort(req.RemoteAddr)
697			if err != nil {
698				ip = req.RemoteAddr
699			}
700
701			if a.CLI.RateLimitPerSecond > 0 {
702				limiter := a.getLimiter(ip)
703
704				if !limiter.Allow() {
705					log.Warn(ctx, "rate limit exceeded", "ip", ip, "path", req.URL.Path)
706					apierrors.WriteHTTPTooManyRequests(w, "rate limit exceeded")
707					return
708				}
709			}
710
711			next.ServeHTTP(w, req)
712		})
713	}
714}
715
716// helper for getting a listener from a systemd file descriptor
717func getListenerFromFD(fdName string) (net.Listener, error) {
718	log.Debug(context.TODO(), "getting listener from fd", "fdName", fdName, "LISTEN_PID", os.Getenv("LISTEN_PID"), "LISTEN_FDNAMES", os.Getenv("LISTEN_FDNAMES"))
719	if os.Getenv("LISTEN_PID") == strconv.Itoa(os.Getpid()) {
720		names := strings.Split(os.Getenv("LISTEN_FDNAMES"), ":")
721		for i, name := range names {
722			if name == fdName {
723				log.Warn(context.TODO(), "using systemd file descriptor", "fdName", fdName, "fdIndex", i+3)
724				f1 := os.NewFile(uintptr(i+3), fdName)
725				return net.FileListener(f1)
726			}
727		}
728	}
729	return nil, nil
730}
731
732func (a *StreamplaceAPI) ServeHTTP(ctx context.Context) error {
733	handler, err := a.Handler(ctx)
734	if err != nil {
735		return err
736	}
737	return a.ServerWithShutdown(ctx, handler, func(s *http.Server) error {
738		ln, err := getListenerFromFD("http")
739		if err != nil {
740			return err
741		}
742		if ln == nil {
743			ln, err = net.Listen("tcp", a.CLI.HTTPAddr)
744			if err != nil {
745				return err
746			}
747		} else {
748			log.Warn(ctx, "api server listening for http over systemd socket", "addr", ln.Addr())
749		}
750		log.Log(ctx, "http server starting", "addr", ln.Addr())
751		return s.Serve(ln)
752	})
753}
754
755func (a *StreamplaceAPI) ServeHTTPRedirect(ctx context.Context) error {
756	handler, err := a.RedirectHandler(ctx)
757	if err != nil {
758		return err
759	}
760	return a.ServerWithShutdown(ctx, handler, func(s *http.Server) error {
761		ln, err := getListenerFromFD("http")
762		if err != nil {
763			return err
764		}
765		if ln == nil {
766			ln, err = net.Listen("tcp", a.CLI.HTTPAddr)
767			if err != nil {
768				return err
769			}
770		} else {
771			log.Warn(ctx, "http tls redirect server listening for http over systemd socket", "addr", ln.Addr())
772		}
773		log.Log(ctx, "http tls redirect server starting", "addr", ln.Addr())
774		return s.Serve(ln)
775	})
776}
777
778func (a *StreamplaceAPI) ServeHTTPS(ctx context.Context) error {
779	handler, err := a.Handler(ctx)
780	if err != nil {
781		return err
782	}
783	return a.ServerWithShutdown(ctx, handler, func(s *http.Server) error {
784		ln, err := getListenerFromFD("https")
785		if err != nil {
786			return err
787		}
788		if ln == nil {
789			ln, err = net.Listen("tcp", a.CLI.HTTPSAddr)
790			if err != nil {
791				return err
792			}
793		} else {
794			// tell the redirect handler we're using systemd and they should go to 443
795			port443 := 443
796			a.HTTPRedirectTLSPort = &port443
797			log.Warn(ctx, "https server listening for https over systemd socket", "addr", ln.Addr())
798		}
799		log.Log(ctx, "https server starting",
800			"addr", ln.Addr(),
801			"certPath", a.CLI.TLSCertPath,
802			"keyPath", a.CLI.TLSKeyPath,
803		)
804		return s.ServeTLS(ln, a.CLI.TLSCertPath, a.CLI.TLSKeyPath)
805	})
806}
807
808func (a *StreamplaceAPI) ServerWithShutdown(ctx context.Context, handler http.Handler, serve func(*http.Server) error) error {
809	ctx, cancel := context.WithCancel(ctx)
810	handler = gziphandler.GzipHandler(handler)
811	server := http.Server{Handler: handler}
812	var serveErr error
813	go func() {
814		serveErr = serve(&server)
815		cancel()
816	}()
817	<-ctx.Done()
818	if serveErr != nil {
819		return fmt.Errorf("error in http server: %w", serveErr)
820	}
821
822	ctx, cancel = context.WithTimeout(context.Background(), 5*time.Second)
823	defer cancel()
824	return server.Shutdown(ctx)
825}
826
827func (a *StreamplaceAPI) HandleHealthz(ctx context.Context) http.HandlerFunc {
828	return func(w http.ResponseWriter, req *http.Request) {
829		w.WriteHeader(200)
830	}
831}
832
833func (a *StreamplaceAPI) getLimiter(ip string) *rate.Limiter {
834	a.limitersMu.Lock()
835	defer a.limitersMu.Unlock()
836
837	limiter, exists := a.limiters[ip]
838	if !exists {
839		limiter = rate.NewLimiter(rate.Limit(a.CLI.RateLimitPerSecond), a.CLI.RateLimitBurst)
840		a.limiters[ip] = limiter
841	}
842
843	return limiter
844}
845
846func (a *StreamplaceAPI) HandleClip(ctx context.Context) httprouter.Handle {
847	return func(w http.ResponseWriter, req *http.Request, params httprouter.Params) {
848		user := params.ByName("user")
849		file := params.ByName("file")
850		if user == "" || file == "" {
851			apierrors.WriteHTTPBadRequest(w, "user and file required", nil)
852			return
853		}
854		user, err := a.NormalizeUser(ctx, user)
855		if err != nil {
856			apierrors.WriteHTTPNotFound(w, "user not found", err)
857			return
858		}
859		fPath := []string{user, "clips", file}
860		exists, err := a.CLI.DataFileExists(fPath)
861		if err != nil {
862			apierrors.WriteHTTPInternalServerError(w, "could not check if file exists", err)
863			return
864		}
865		if !exists {
866			apierrors.WriteHTTPNotFound(w, "file not found", nil)
867			return
868		}
869		fd, err := os.Open(a.CLI.DataFilePath(fPath))
870		if err != nil {
871			apierrors.WriteHTTPInternalServerError(w, "could not open file", err)
872			return
873		}
874		defer fd.Close()
875		w.Header().Set("Content-Type", "video/mp4")
876		if _, err := io.Copy(w, fd); err != nil {
877			log.Error(ctx, "error writing response", "error", err)
878		}
879	}
880}
881
882func NewWebsocketTracker(maxConns int) *WebsocketTracker {
883	return &WebsocketTracker{
884		connections:   make(map[string]int),
885		maxConnsPerIP: maxConns,
886	}
887}
888
889func (t *WebsocketTracker) AddConnection(ip string) bool {
890	t.mu.Lock()
891	defer t.mu.Unlock()
892
893	count := t.connections[ip]
894
895	if count >= t.maxConnsPerIP {
896		return false
897	}
898
899	t.connections[ip] = count + 1
900	return true
901}
902
903func (t *WebsocketTracker) RemoveConnection(ip string) {
904	t.mu.Lock()
905	defer t.mu.Unlock()
906
907	count := t.connections[ip]
908	if count > 0 {
909		t.connections[ip] = count - 1
910	}
911
912	if t.connections[ip] == 0 {
913		delete(t.connections, ip)
914	}
915}