pkg/api/api.go at natb/scroll-btns-chat-pickers

stream.place / streamplace
fork atom
Live video on the AT Protocol
fork atom
streamplace / pkg / api / api.go
at natb/scroll-btns-chat-pickers 914 lines 29 kB view raw
wrap content
Eli Mallon Index and aggregate federated view counts 2w ago
2d2bdd16
  1package api
  2
  3import (
  4	"context"
  5	"encoding/json"
  6	"errors"
  7	"fmt"
  8	"io"
  9	"log/slog"
 10	"net"
 11	"net/http"
 12	"net/http/httputil"
 13	"net/url"
 14	"os"
 15	"strconv"
 16	"strings"
 17	"sync"
 18	"time"
 19
 20	"github.com/NYTimes/gziphandler"
 21	"github.com/bluesky-social/indigo/api/bsky"
 22	"github.com/google/uuid"
 23	"github.com/julienschmidt/httprouter"
 24	"github.com/labstack/echo/v4"
 25	"github.com/rs/cors"
 26	sloghttp "github.com/samber/slog-http"
 27	"golang.org/x/time/rate"
 28
 29	"github.com/streamplace/oatproxy/pkg/oatproxy"
 30	"stream.place/streamplace/js/app"
 31	"stream.place/streamplace/pkg/atproto"
 32	"stream.place/streamplace/pkg/bus"
 33	"stream.place/streamplace/pkg/config"
 34	"stream.place/streamplace/pkg/crypto/signers/eip712"
 35	"stream.place/streamplace/pkg/director"
 36	apierrors "stream.place/streamplace/pkg/errors"
 37	"stream.place/streamplace/pkg/linking"
 38	"stream.place/streamplace/pkg/localdb"
 39	"stream.place/streamplace/pkg/log"
 40	"stream.place/streamplace/pkg/media"
 41	"stream.place/streamplace/pkg/mist/mistconfig"
 42	"stream.place/streamplace/pkg/model"
 43	"stream.place/streamplace/pkg/notifications"
 44	"stream.place/streamplace/pkg/spxrpc"
 45	"stream.place/streamplace/pkg/statedb"
 46	"stream.place/streamplace/pkg/streamplace"
 47
 48	metrics "github.com/slok/go-http-metrics/metrics/prometheus"
 49	"github.com/slok/go-http-metrics/middleware"
 50	echomiddleware "github.com/slok/go-http-metrics/middleware/echo"
 51	httproutermiddleware "github.com/slok/go-http-metrics/middleware/httprouter"
 52	middlewarestd "github.com/slok/go-http-metrics/middleware/std"
 53)
 54
 55type StreamplaceAPI struct {
 56	CLI              *config.CLI
 57	Model            model.Model
 58	StatefulDB       *statedb.StatefulDB
 59	LocalDB          localdb.LocalDB
 60	Updater          *Updater
 61	Signer           *eip712.EIP712Signer
 62	Mimes            map[string]string
 63	FirebaseNotifier notifications.FirebaseNotifier
 64	MediaManager     *media.MediaManager
 65	MediaSigner      media.MediaSigner
 66	XRPCServer       *spxrpc.Server
 67	// not thread-safe yet
 68	Aliases  map[string]string
 69	Bus      *bus.Bus
 70	ATSync   *atproto.ATProtoSynchronizer
 71	Director *director.Director
 72
 73	connTracker *WebsocketTracker
 74
 75	limiters      map[string]*rate.Limiter
 76	limitersMu    sync.Mutex
 77	SignerCache   map[string]media.MediaSigner
 78	SignerCacheMu sync.Mutex
 79	op            *oatproxy.OATProxy
 80
 81	// override tls port for http redirect server if we're using systemd file descriptors
 82	HTTPRedirectTLSPort *int
 83	sessions            map[string]map[string]time.Time
 84	sessionsLock        sync.RWMutex
 85
 86	rtmpSessions             map[string]*media.RTMPSession
 87	rtmpSessionsLock         sync.Mutex
 88	rtmpInternalPlaybackAddr string
 89}
 90
 91type WebsocketTracker struct {
 92	connections   map[string]int
 93	maxConnsPerIP int
 94	mu            sync.RWMutex
 95}
 96
 97func MakeStreamplaceAPI(cli *config.CLI, mod model.Model, statefulDB *statedb.StatefulDB, noter notifications.FirebaseNotifier, mm *media.MediaManager, ms media.MediaSigner, bus *bus.Bus, atsync *atproto.ATProtoSynchronizer, d *director.Director, op *oatproxy.OATProxy, ldb localdb.LocalDB) (*StreamplaceAPI, error) {
 98	updater, err := PrepareUpdater(cli)
 99	if err != nil {
100		return nil, err
101	}
102	a := &StreamplaceAPI{CLI: cli,
103		Model:            mod,
104		StatefulDB:       statefulDB,
105		Updater:          updater,
106		FirebaseNotifier: noter,
107		MediaManager:     mm,
108		MediaSigner:      ms,
109		Aliases:          map[string]string{},
110		Bus:              bus,
111		ATSync:           atsync,
112		Director:         d,
113		connTracker:      NewWebsocketTracker(cli.RateLimitWebsocket),
114		limiters:         make(map[string]*rate.Limiter),
115		SignerCache:      make(map[string]media.MediaSigner),
116		op:               op,
117		sessions:         make(map[string]map[string]time.Time),
118		sessionsLock:     sync.RWMutex{},
119		rtmpSessions:     make(map[string]*media.RTMPSession),
120		rtmpSessionsLock: sync.Mutex{},
121		LocalDB:          ldb,
122	}
123	a.Mimes, err = updater.GetMimes()
124	if err != nil {
125		return nil, err
126	}
127	return a, nil
128}
129
130type AppHostingFS struct {
131	http.FileSystem
132}
133
134var ErrorIndex = errors.New("not found, use index.html")
135
136func (fs AppHostingFS) Open(name string) (http.File, error) {
137	file, err1 := fs.FileSystem.Open(name)
138	if err1 == nil {
139		return file, nil
140	}
141	return nil, ErrorIndex
142}
143
144// api/playback/iame.li/webrtc?rendition=source
145// api/playback/iame.li/stream.mp4?rendition=source
146// api/playback/iame.li/stream.webm?rendition=source
147// api/playback/iame.li/hls/index.m3u8
148// api/playback/iame.li/hls/source/stream.m3u8
149// api/playback/iame.li/hls/source/000000000000.ts
150
151func (a *StreamplaceAPI) Handler(ctx context.Context) (http.Handler, error) {
152
153	mdlw := middleware.New(middleware.Config{
154		Recorder: metrics.NewRecorder(metrics.Config{}),
155	})
156	var xrpc http.Handler
157	xrpc, err := spxrpc.NewServer(ctx, a.CLI, a.Model, a.StatefulDB, a.op, mdlw, a.ATSync, a.Bus, a.LocalDB, a.MediaManager, a.Aliases)
158	if err != nil {
159		return nil, err
160	}
161	a.XRPCServer = xrpc.(*spxrpc.Server)
162	router := httprouter.New()
163
164	// Create our middleware factory with the default settings.
165
166	a.op.Echo.Use(echomiddleware.Handler("", mdlw))
167
168	// r.GET("/test/:id", httproutermiddleware.Handler("/test/:id", h1, mdlw))
169
170	addHandle := func(router *httprouter.Router, method, path string, handler httprouter.Handle) {
171		router.Handle(method, path, httproutermiddleware.Handler(path, handler, mdlw))
172	}
173	addFunc := func(router *httprouter.Router, method, path string, handler http.HandlerFunc) {
174		router.Handler(method, path, middlewarestd.Handler(path, mdlw, handler))
175	}
176
177	router.Handler("GET", "/oauth/*anything", a.op.Handler())
178	router.Handler("POST", "/oauth/*anything", a.op.Handler())
179	router.Handler("GET", "/.well-known/oauth-authorization-server", a.op.Handler())
180	router.Handler("GET", "/.well-known/oauth-protected-resource", a.op.Handler())
181	router.Handler("GET", "/.well-known/apple-app-site-association", a.HandleAppleAppSiteAssociation(ctx))
182	router.Handler("GET", "/.well-known/assetlinks.json", a.HandleAndroidAssetLinks(ctx))
183	apiRouter := httprouter.New()
184	addFunc(apiRouter, "POST", "/api/notification", a.HandleNotification(ctx))
185	// old clients
186	addFunc(router, "GET", "/app-updates", a.HandleAppUpdates(ctx))
187	// new ones
188	addFunc(apiRouter, "GET", "/api/manifest", a.HandleAppUpdates(ctx))
189	addHandle(apiRouter, "GET", "/api/desktop-updates/:platform/:architecture/:version/:buildTime/:file", a.HandleDesktopUpdates(ctx))
190	addHandle(apiRouter, "POST", "/api/webrtc/:stream", a.MistProxyHandler(ctx, "/webrtc/%s"))
191	addHandle(apiRouter, "OPTIONS", "/api/webrtc/:stream", a.MistProxyHandler(ctx, "/webrtc/%s"))
192	addHandle(apiRouter, "DELETE", "/api/webrtc/:stream", a.MistProxyHandler(ctx, "/webrtc/%s"))
193	addFunc(apiRouter, "POST", "/api/segment", a.HandleSegment(ctx))
194	addFunc(apiRouter, "GET", "/api/healthz", a.HandleHealthz(ctx))
195	addHandle(apiRouter, "GET", "/api/playback/:user/hls/*file", a.HandleHLSPlayback(ctx))
196	// they're jpegs now
197	addHandle(apiRouter, "GET", "/api/playback/:user/stream.jpg", a.HandleThumbnailPlayback(ctx))
198	// this one is actually a jpeg (used previously and shouldn't remove for historical reasons)
199	addHandle(apiRouter, "GET", "/api/playback/:user/stream.png", a.HandleThumbnailPlayback(ctx))
200	addHandle(apiRouter, "GET", "/api/app-return/*anything", a.HandleAppReturn(ctx))
201	addHandle(apiRouter, "POST", "/api/playback/:user/webrtc", a.HandleWebRTCPlayback(ctx))
202	addHandle(apiRouter, "POST", "/api/ingest/webrtc", a.HandleWebRTCIngest(ctx))
203	addHandle(apiRouter, "POST", "/api/ingest/webrtc/:key", a.HandleWebRTCIngest(ctx))
204	addHandle(apiRouter, "POST", "/api/player-event", a.HandlePlayerEvent(ctx))
205	addHandle(apiRouter, "GET", "/api/chat/:repoDID", a.HandleChat(ctx))
206	addHandle(apiRouter, "GET", "/api/websocket/:repoDID", a.HandleWebsocket(ctx))
207	addHandle(apiRouter, "GET", "/api/livestream/:repoDID", a.HandleLivestream(ctx))
208	addHandle(apiRouter, "GET", "/api/bluesky/resolve/:handle", a.HandleBlueskyResolve(ctx))
209	addHandle(apiRouter, "GET", "/api/view-count/:user", a.HandleViewCount(ctx))
210	addHandle(apiRouter, "GET", "/api/clip/:user/:file", a.HandleClip(ctx))
211	apiRouter.NotFound = a.HandleAPI404(ctx)
212	apiRouterHandler := a.RateLimitMiddleware(ctx)(apiRouter)
213	xrpcHandler := a.RateLimitMiddleware(ctx)(xrpc)
214	router.Handler("GET", "/api/*resource", apiRouterHandler)
215	router.Handler("POST", "/api/*resource", apiRouterHandler)
216	router.Handler("PUT", "/api/*resource", apiRouterHandler)
217	router.Handler("PATCH", "/api/*resource", apiRouterHandler)
218	router.Handler("DELETE", "/api/*resource", apiRouterHandler)
219	router.Handler("GET", "/xrpc/*resource", xrpcHandler)
220	router.Handler("POST", "/xrpc/*resource", xrpcHandler)
221	router.Handler("PUT", "/xrpc/*resource", xrpcHandler)
222	router.Handler("PATCH", "/xrpc/*resource", xrpcHandler)
223	router.Handler("DELETE", "/xrpc/*resource", xrpcHandler)
224	// i wonder if there's a better way to do this?
225	router.GET("/favicon.ico", func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
226		err := a.XRPCServer.HandleFaviconICO(echo.New().NewContext(r, w))
227		if err != nil {
228			log.Error(ctx, "error handling favicon.ico", "error", err)
229			w.WriteHeader(500)
230			return
231		}
232	})
233	router.GET("/.well-known/did.json", a.HandleDidJSON(ctx))
234	router.GET("/.well-known/atproto-did", a.HandleAtprotoDID(ctx))
235	router.GET("/dl/*params", a.HandleAppDownload(ctx))
236	router.POST("/", a.HandleWebRTCIngest(ctx))
237	for _, redirect := range a.CLI.Redirects {
238		parts := strings.Split(redirect, ":")
239		if len(parts) != 2 {
240			log.Error(ctx, "invalid redirect", "redirect", redirect)
241			return nil, fmt.Errorf("invalid redirect: %s", redirect)
242		}
243		router.Handle("GET", parts[0], func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
244			http.Redirect(w, r, parts[1], http.StatusTemporaryRedirect)
245		})
246	}
247	if a.CLI.FrontendProxy != "" {
248		u, err := url.Parse(a.CLI.FrontendProxy)
249		if err != nil {
250			return nil, err
251		}
252		log.Warn(ctx, "using frontend proxy instead of bundled frontend", "destination", a.CLI.FrontendProxy)
253		router.NotFound = &httputil.ReverseProxy{
254			Rewrite: func(r *httputil.ProxyRequest) {
255				// workaround for Expo disliking serving requests from 127.0.0.1 instead of localhost
256				// we need to use 127.0.0.1 because the atproto oauth client requires it
257				r.Out.Header.Set("Origin", u.String())
258				r.SetURL(u)
259			},
260		}
261	} else {
262		files, err := app.Files()
263		if err != nil {
264			return nil, err
265		}
266		index, err := files.Open("index.html")
267		if err != nil {
268			return nil, err
269		}
270		bs, err := io.ReadAll(index)
271		if err != nil {
272			return nil, err
273		}
274		linker, err := linking.NewLinker(ctx, bs, a.StatefulDB, a.CLI)
275		if err != nil {
276			return nil, err
277		}
278		linkingHandler, err := a.NotFoundLinkingHandler(ctx, linker)
279		if err != nil {
280			return nil, err
281		}
282		router.NotFound = middlewarestd.Handler("/*static", mdlw, linkingHandler)
283	}
284	// needed because the WebRTC handler issues 405s from / otherwise
285	router.GET("/", func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
286		router.NotFound.ServeHTTP(w, r)
287	})
288	handler := sloghttp.Recovery(router)
289	handler = cors.AllowAll().Handler(handler)
290	handler = sloghttp.New(slog.Default())(handler)
291	handler = a.RateLimitMiddleware(ctx)(handler)
292
293	// this needs to be LAST so nothing else clobbers the context
294	handler = a.ContextMiddleware(ctx)(handler)
295
296	return handler, nil
297}
298func (a *StreamplaceAPI) ContextMiddleware(parentContext context.Context) func(next http.Handler) http.Handler {
299	return func(next http.Handler) http.Handler {
300		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
301			uuid := uuid.New().String()
302			ctx := log.WithLogValues(parentContext, "requestID", uuid, "method", r.Method, "path", r.URL.Path)
303			r = r.WithContext(ctx)
304			next.ServeHTTP(w, r)
305		})
306	}
307}
308func copyHeader(dst, src http.Header) {
309	for k, vv := range src {
310		// we'll handle CORS ourselves, thanks
311		if strings.HasPrefix(k, "Access-Control") {
312			continue
313		}
314		for _, v := range vv {
315			dst.Add(k, v)
316		}
317	}
318}
319
320// handler that takes care of static files and otherwise returns the index.html with the correct link card data
321func (a *StreamplaceAPI) NotFoundLinkingHandler(ctx context.Context, linker *linking.Linker) (http.HandlerFunc, error) {
322	files, err := app.Files()
323	if err != nil {
324		return nil, err
325	}
326	fs := AppHostingFS{http.FS(files)}
327
328	fileHandler := a.FileHandler(ctx, http.FileServer(fs))
329	defaultHandler := http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
330		f := strings.TrimPrefix(req.URL.Path, "/")
331		// under docs we need the index.html suffix due to astro rendering
332		if strings.HasPrefix(req.URL.Path, "/docs") && strings.HasSuffix(req.URL.Path, "/") {
333			f += "index.html"
334		}
335		_, err := fs.Open(f)
336		if err == nil {
337			fileHandler.ServeHTTP(w, req)
338			return
339		}
340		if errors.Is(err, ErrorIndex) || f == "" {
341			bs, err := linker.GenerateDefaultCard(ctx, req.URL, a.CLI.SentryDSN)
342			if err != nil {
343				log.Error(ctx, "error generating default card", "error", err)
344			}
345			w.Header().Set("Content-Type", "text/html")
346			if _, err := w.Write(bs); err != nil {
347				log.Error(ctx, "error writing response", "error", err)
348			}
349		} else {
350			log.Warn(ctx, "error opening file", "error", err)
351			apierrors.WriteHTTPInternalServerError(w, "file not found", err)
352		}
353	})
354	return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
355		proto := "http"
356		if req.TLS != nil {
357			proto = "https"
358		}
359		fwProto := req.Header.Get("x-forwarded-proto")
360		if fwProto != "" {
361			proto = fwProto
362		}
363		req.URL.Host = req.Host
364		req.URL.Scheme = proto
365		maybeHandle := strings.TrimPrefix(req.URL.Path, "/")
366		// quick check for things that aren't valid handles/dids
367		if strings.ContainsAny(maybeHandle, "/_") {
368			defaultHandler.ServeHTTP(w, req)
369			return
370		}
371		repo, err := a.Model.GetRepoByHandleOrDID(maybeHandle)
372		if err != nil || repo == nil {
373			log.Error(ctx, "no repo found", "maybeHandle", maybeHandle)
374			defaultHandler.ServeHTTP(w, req)
375			return
376		}
377		ls, err := a.Model.GetLatestLivestreamForRepo(repo.DID)
378		if err != nil || ls == nil {
379			log.Error(ctx, "no livestream found", "repoDID", repo.DID)
380			defaultHandler.ServeHTTP(w, req)
381			return
382		}
383		lsv, err := ls.ToLivestreamView()
384		if err != nil || lsv == nil {
385			log.Error(ctx, "no livestream view found", "repoDID", repo.DID)
386			defaultHandler.ServeHTTP(w, req)
387			return
388		}
389		bs, err := linker.GenerateStreamerCard(ctx, req.URL, lsv, a.CLI.SentryDSN)
390		if err != nil {
391			log.Error(ctx, "error generating html", "error", err)
392			defaultHandler.ServeHTTP(w, req)
393			return
394		}
395		w.Header().Set("Content-Type", "text/html")
396		if _, err := w.Write(bs); err != nil {
397			log.Error(ctx, "error writing response", "error", err)
398		}
399	}), nil
400}
401
402func (a *StreamplaceAPI) MistProxyHandler(ctx context.Context, tmpl string) httprouter.Handle {
403	return func(w http.ResponseWriter, req *http.Request, params httprouter.Params) {
404		if !a.CLI.HasMist() {
405			apierrors.WriteHTTPNotImplemented(w, "Playback only on the Linux version for now", nil)
406			return
407		}
408		stream := params.ByName("stream")
409		if stream == "" {
410			apierrors.WriteHTTPBadRequest(w, "missing stream in request", nil)
411			return
412		}
413
414		fullstream := fmt.Sprintf("%s+%s", mistconfig.StreamName, stream)
415		prefix := fmt.Sprintf(tmpl, fullstream)
416		resource := params.ByName("resource")
417
418		// path := strings.TrimPrefix(req.URL.EscapedPath(), "/api")
419
420		client := &http.Client{}
421		req.URL = &url.URL{
422			Scheme:   "http",
423			Host:     fmt.Sprintf("127.0.0.1:%d", a.CLI.MistHTTPPort),
424			Path:     fmt.Sprintf("%s%s", prefix, resource),
425			RawQuery: req.URL.RawQuery,
426		}
427
428		//http: Request.RequestURI can't be set in client requests.
429		//http://golang.org/src/pkg/net/http/client.go
430		req.RequestURI = ""
431
432		resp, err := client.Do(req)
433		if err != nil {
434			apierrors.WriteHTTPInternalServerError(w, "error connecting to mist", err)
435			return
436		}
437		defer resp.Body.Close()
438
439		copyHeader(w.Header(), resp.Header)
440		w.WriteHeader(resp.StatusCode)
441		if _, err := io.Copy(w, resp.Body); err != nil {
442			log.Error(ctx, "error writing response", "error", err)
443		}
444	}
445}
446
447func (a *StreamplaceAPI) FileHandler(ctx context.Context, fs http.Handler) http.HandlerFunc {
448	return func(w http.ResponseWriter, req *http.Request) {
449		noslash := req.URL.Path[1:]
450		ct, ok := a.Mimes[noslash]
451		if ok {
452			w.Header().Set("content-type", ct)
453		}
454		fs.ServeHTTP(w, req)
455	}
456}
457
458func (a *StreamplaceAPI) RedirectHandler(ctx context.Context) (http.Handler, error) {
459	var tlsPort string
460	var err error
461	if a.HTTPRedirectTLSPort != nil {
462		tlsPort = fmt.Sprintf("%d", *a.HTTPRedirectTLSPort)
463	} else {
464		_, tlsPort, err = net.SplitHostPort(a.CLI.HTTPSAddr)
465		if err != nil {
466			return nil, err
467		}
468	}
469	handleRedirect := func(w http.ResponseWriter, req *http.Request) {
470		host, _, err := net.SplitHostPort(req.Host)
471		if err != nil {
472			host = req.Host
473		}
474		u := req.URL
475		if tlsPort == "443" {
476			u.Host = host
477		} else {
478			u.Host = net.JoinHostPort(host, tlsPort)
479		}
480		u.Scheme = "https"
481		http.Redirect(w, req, u.String(), http.StatusTemporaryRedirect)
482	}
483	mux := http.NewServeMux()
484	mux.HandleFunc("/", handleRedirect)
485	return mux, nil
486}
487
488type NotificationPayload struct {
489	Token   string `json:"token"`
490	RepoDID string `json:"repoDID"`
491}
492
493func (a *StreamplaceAPI) HandleAPI404(ctx context.Context) http.HandlerFunc {
494	return func(w http.ResponseWriter, req *http.Request) {
495		w.WriteHeader(404)
496	}
497}
498
499func (a *StreamplaceAPI) HandleNotification(ctx context.Context) http.HandlerFunc {
500	return func(w http.ResponseWriter, req *http.Request) {
501		payload, err := io.ReadAll(req.Body)
502		if err != nil {
503			log.Log(ctx, "error reading notification create", "error", err)
504			w.WriteHeader(400)
505			return
506		}
507		n := NotificationPayload{}
508		err = json.Unmarshal(payload, &n)
509		if err != nil {
510			log.Log(ctx, "error unmarshalling notification create", "error", err)
511			w.WriteHeader(400)
512			return
513		}
514		err = a.StatefulDB.CreateNotification(n.Token, n.RepoDID)
515		if err != nil {
516			log.Log(ctx, "error creating notification", "error", err)
517			w.WriteHeader(400)
518			return
519		}
520		log.Log(ctx, "successfully created notification", "token", n.Token)
521		w.WriteHeader(200)
522		if n.RepoDID != "" {
523			go func() {
524				_, err := a.ATSync.SyncBlueskyRepo(ctx, n.RepoDID, a.Model)
525				if err != nil {
526					log.Error(ctx, "error syncing bluesky repo after notification creation", "error", err)
527				}
528			}()
529		}
530	}
531}
532
533func (a *StreamplaceAPI) HandleSegment(ctx context.Context) http.HandlerFunc {
534	return func(w http.ResponseWriter, req *http.Request) {
535		err := a.MediaManager.ValidateMP4(ctx, req.Body, false)
536		if err != nil {
537			apierrors.WriteHTTPBadRequest(w, "could not ingest segment", err)
538			return
539		}
540		w.WriteHeader(200)
541	}
542}
543
544func (a *StreamplaceAPI) HandlePlayerEvent(ctx context.Context) httprouter.Handle {
545	return func(w http.ResponseWriter, req *http.Request, p httprouter.Params) {
546		if !a.CLI.PlayerTelemetry {
547			w.WriteHeader(200)
548			return
549		}
550		var event model.PlayerEventAPI
551		if err := json.NewDecoder(req.Body).Decode(&event); err != nil {
552			apierrors.WriteHTTPBadRequest(w, "could not decode JSON body", err)
553			return
554		}
555		err := a.Model.CreatePlayerEvent(event)
556		if err != nil {
557			apierrors.WriteHTTPBadRequest(w, "could not create player event", err)
558			return
559		}
560		w.WriteHeader(201)
561	}
562}
563
564func (a *StreamplaceAPI) HandleViewCount(ctx context.Context) httprouter.Handle {
565	return func(w http.ResponseWriter, req *http.Request, params httprouter.Params) {
566		user := params.ByName("user")
567		if user == "" {
568			apierrors.WriteHTTPBadRequest(w, "user required", nil)
569			return
570		}
571		user, err := a.NormalizeUser(ctx, user)
572		if err != nil {
573			apierrors.WriteHTTPNotFound(w, "user not found", err)
574			return
575		}
576		count := a.Bus.GetViewerCount(user)
577		bs, err := json.Marshal(streamplace.Livestream_ViewerCount{Count: int64(count), LexiconTypeID: "place.stream.livestream#viewerCount"})
578		if err != nil {
579			apierrors.WriteHTTPInternalServerError(w, "could not marshal view count", err)
580			return
581		}
582		if _, err := w.Write(bs); err != nil {
583			log.Error(ctx, "error writing response", "error", err)
584		}
585	}
586}
587
588func (a *StreamplaceAPI) HandleBlueskyResolve(ctx context.Context) httprouter.Handle {
589	return func(w http.ResponseWriter, req *http.Request, params httprouter.Params) {
590		log.Log(ctx, "got bluesky notification", "params", params)
591		key, err := a.ATSync.SyncBlueskyRepo(ctx, params.ByName("handle"), a.Model)
592		if err != nil {
593			apierrors.WriteHTTPInternalServerError(w, "could not resolve streamplace key", err)
594			return
595		}
596		signingKeys, err := a.Model.GetSigningKeysForRepo(key.DID)
597		if err != nil {
598			apierrors.WriteHTTPInternalServerError(w, "could not get signing keys", err)
599			return
600		}
601		bs, err := json.Marshal(signingKeys)
602		if err != nil {
603			apierrors.WriteHTTPInternalServerError(w, "could not marshal signing keys", err)
604			return
605		}
606		if _, err := w.Write(bs); err != nil {
607			log.Error(ctx, "error writing response", "error", err)
608		}
609	}
610}
611
612type ChatResponse struct {
613	Post *bsky.FeedPost `json:"post"`
614	Repo *model.Repo    `json:"repo"`
615	CID  string         `json:"cid"`
616}
617
618func (a *StreamplaceAPI) HandleChat(ctx context.Context) httprouter.Handle {
619	return func(w http.ResponseWriter, req *http.Request, params httprouter.Params) {
620		user := params.ByName("repoDID")
621		if user == "" {
622			apierrors.WriteHTTPBadRequest(w, "user required", nil)
623			return
624		}
625		repoDID, err := a.NormalizeUser(ctx, user)
626		if err != nil {
627			apierrors.WriteHTTPNotFound(w, "user not found", err)
628			return
629		}
630		replies, err := a.Model.GetReplies(repoDID)
631		if err != nil {
632			apierrors.WriteHTTPInternalServerError(w, "could not get replies", err)
633			return
634		}
635		bs, err := json.Marshal(replies)
636		if err != nil {
637			apierrors.WriteHTTPInternalServerError(w, "could not marshal replies", err)
638			return
639		}
640		w.Header().Set("Content-Type", "application/json")
641		if _, err := w.Write(bs); err != nil {
642			log.Error(ctx, "error writing response", "error", err)
643		}
644	}
645}
646
647func (a *StreamplaceAPI) HandleLivestream(ctx context.Context) httprouter.Handle {
648	return func(w http.ResponseWriter, req *http.Request, params httprouter.Params) {
649		user := params.ByName("repoDID")
650		if user == "" {
651			apierrors.WriteHTTPBadRequest(w, "user required", nil)
652			return
653		}
654		repoDID, err := a.NormalizeUser(ctx, user)
655		if err != nil {
656			apierrors.WriteHTTPNotFound(w, "user not found", err)
657			return
658		}
659		livestream, err := a.Model.GetLatestLivestreamForRepo(repoDID)
660		if err != nil {
661			apierrors.WriteHTTPInternalServerError(w, "could not get livestream", err)
662			return
663		}
664		if livestream == nil {
665			apierrors.WriteHTTPNotFound(w, "no livestream found", nil)
666			return
667		}
668
669		doc, err := livestream.ToLivestreamView()
670		if err != nil {
671			apierrors.WriteHTTPInternalServerError(w, "could not marshal livestream", err)
672			return
673		}
674
675		if livestream == nil {
676			apierrors.WriteHTTPNotFound(w, "no livestream found", nil)
677			return
678		}
679
680		bs, err := json.Marshal(doc)
681		if err != nil {
682			apierrors.WriteHTTPInternalServerError(w, "could not marshal livestream", err)
683			return
684		}
685		w.Header().Set("Content-Type", "application/json")
686		if _, err := w.Write(bs); err != nil {
687			log.Error(ctx, "error writing response", "error", err)
688		}
689	}
690}
691
692func (a *StreamplaceAPI) RateLimitMiddleware(ctx context.Context) func(http.Handler) http.Handler {
693	return func(next http.Handler) http.Handler {
694		return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
695			ip, _, err := net.SplitHostPort(req.RemoteAddr)
696			if err != nil {
697				ip = req.RemoteAddr
698			}
699
700			if a.CLI.RateLimitPerSecond > 0 {
701				limiter := a.getLimiter(ip)
702
703				if !limiter.Allow() {
704					log.Warn(ctx, "rate limit exceeded", "ip", ip, "path", req.URL.Path)
705					apierrors.WriteHTTPTooManyRequests(w, "rate limit exceeded")
706					return
707				}
708			}
709
710			next.ServeHTTP(w, req)
711		})
712	}
713}
714
715// helper for getting a listener from a systemd file descriptor
716func getListenerFromFD(fdName string) (net.Listener, error) {
717	log.Debug(context.TODO(), "getting listener from fd", "fdName", fdName, "LISTEN_PID", os.Getenv("LISTEN_PID"), "LISTEN_FDNAMES", os.Getenv("LISTEN_FDNAMES"))
718	if os.Getenv("LISTEN_PID") == strconv.Itoa(os.Getpid()) {
719		names := strings.Split(os.Getenv("LISTEN_FDNAMES"), ":")
720		for i, name := range names {
721			if name == fdName {
722				log.Warn(context.TODO(), "using systemd file descriptor", "fdName", fdName, "fdIndex", i+3)
723				f1 := os.NewFile(uintptr(i+3), fdName)
724				return net.FileListener(f1)
725			}
726		}
727	}
728	return nil, nil
729}
730
731func (a *StreamplaceAPI) ServeHTTP(ctx context.Context) error {
732	handler, err := a.Handler(ctx)
733	if err != nil {
734		return err
735	}
736	return a.ServerWithShutdown(ctx, handler, func(s *http.Server) error {
737		ln, err := getListenerFromFD("http")
738		if err != nil {
739			return err
740		}
741		if ln == nil {
742			ln, err = net.Listen("tcp", a.CLI.HTTPAddr)
743			if err != nil {
744				return err
745			}
746		} else {
747			log.Warn(ctx, "api server listening for http over systemd socket", "addr", ln.Addr())
748		}
749		log.Log(ctx, "http server starting", "addr", ln.Addr())
750		return s.Serve(ln)
751	})
752}
753
754func (a *StreamplaceAPI) ServeHTTPRedirect(ctx context.Context) error {
755	handler, err := a.RedirectHandler(ctx)
756	if err != nil {
757		return err
758	}
759	return a.ServerWithShutdown(ctx, handler, func(s *http.Server) error {
760		ln, err := getListenerFromFD("http")
761		if err != nil {
762			return err
763		}
764		if ln == nil {
765			ln, err = net.Listen("tcp", a.CLI.HTTPAddr)
766			if err != nil {
767				return err
768			}
769		} else {
770			log.Warn(ctx, "http tls redirect server listening for http over systemd socket", "addr", ln.Addr())
771		}
772		log.Log(ctx, "http tls redirect server starting", "addr", ln.Addr())
773		return s.Serve(ln)
774	})
775}
776
777func (a *StreamplaceAPI) ServeHTTPS(ctx context.Context) error {
778	handler, err := a.Handler(ctx)
779	if err != nil {
780		return err
781	}
782	return a.ServerWithShutdown(ctx, handler, func(s *http.Server) error {
783		ln, err := getListenerFromFD("https")
784		if err != nil {
785			return err
786		}
787		if ln == nil {
788			ln, err = net.Listen("tcp", a.CLI.HTTPSAddr)
789			if err != nil {
790				return err
791			}
792		} else {
793			// tell the redirect handler we're using systemd and they should go to 443
794			port443 := 443
795			a.HTTPRedirectTLSPort = &port443
796			log.Warn(ctx, "https server listening for https over systemd socket", "addr", ln.Addr())
797		}
798		log.Log(ctx, "https server starting",
799			"addr", ln.Addr(),
800			"certPath", a.CLI.TLSCertPath,
801			"keyPath", a.CLI.TLSKeyPath,
802		)
803		return s.ServeTLS(ln, a.CLI.TLSCertPath, a.CLI.TLSKeyPath)
804	})
805}
806
807func (a *StreamplaceAPI) ServerWithShutdown(ctx context.Context, handler http.Handler, serve func(*http.Server) error) error {
808	ctx, cancel := context.WithCancel(ctx)
809	handler = gziphandler.GzipHandler(handler)
810	server := http.Server{Handler: handler}
811	var serveErr error
812	go func() {
813		serveErr = serve(&server)
814		cancel()
815	}()
816	<-ctx.Done()
817	if serveErr != nil {
818		return fmt.Errorf("error in http server: %w", serveErr)
819	}
820
821	ctx, cancel = context.WithTimeout(context.Background(), 5*time.Second)
822	defer cancel()
823	return server.Shutdown(ctx)
824}
825
826func (a *StreamplaceAPI) HandleHealthz(ctx context.Context) http.HandlerFunc {
827	return func(w http.ResponseWriter, req *http.Request) {
828		w.WriteHeader(200)
829	}
830}
831
832func (a *StreamplaceAPI) getLimiter(ip string) *rate.Limiter {
833	a.limitersMu.Lock()
834	defer a.limitersMu.Unlock()
835
836	limiter, exists := a.limiters[ip]
837	if !exists {
838		limiter = rate.NewLimiter(rate.Limit(a.CLI.RateLimitPerSecond), a.CLI.RateLimitBurst)
839		a.limiters[ip] = limiter
840	}
841
842	return limiter
843}
844
845func (a *StreamplaceAPI) HandleClip(ctx context.Context) httprouter.Handle {
846	return func(w http.ResponseWriter, req *http.Request, params httprouter.Params) {
847		user := params.ByName("user")
848		file := params.ByName("file")
849		if user == "" || file == "" {
850			apierrors.WriteHTTPBadRequest(w, "user and file required", nil)
851			return
852		}
853		user, err := a.NormalizeUser(ctx, user)
854		if err != nil {
855			apierrors.WriteHTTPNotFound(w, "user not found", err)
856			return
857		}
858		fPath := []string{user, "clips", file}
859		exists, err := a.CLI.DataFileExists(fPath)
860		if err != nil {
861			apierrors.WriteHTTPInternalServerError(w, "could not check if file exists", err)
862			return
863		}
864		if !exists {
865			apierrors.WriteHTTPNotFound(w, "file not found", nil)
866			return
867		}
868		fd, err := os.Open(a.CLI.DataFilePath(fPath))
869		if err != nil {
870			apierrors.WriteHTTPInternalServerError(w, "could not open file", err)
871			return
872		}
873		defer fd.Close()
874		w.Header().Set("Content-Type", "video/mp4")
875		if _, err := io.Copy(w, fd); err != nil {
876			log.Error(ctx, "error writing response", "error", err)
877		}
878	}
879}
880
881func NewWebsocketTracker(maxConns int) *WebsocketTracker {
882	return &WebsocketTracker{
883		connections:   make(map[string]int),
884		maxConnsPerIP: maxConns,
885	}
886}
887
888func (t *WebsocketTracker) AddConnection(ip string) bool {
889	t.mu.Lock()
890	defer t.mu.Unlock()
891
892	count := t.connections[ip]
893
894	if count >= t.maxConnsPerIP {
895		return false
896	}
897
898	t.connections[ip] = count + 1
899	return true
900}
901
902func (t *WebsocketTracker) RemoveConnection(ip string) {
903	t.mu.Lock()
904	defer t.mu.Unlock()
905
906	count := t.connections[ip]
907	if count > 0 {
908		t.connections[ip] = count - 1
909	}
910
911	if t.connections[ip] == 0 {
912		delete(t.connections, ip)
913	}
914}