From c00547c8437b992aa073378ab165aa40b073e1b4 Mon Sep 17 00:00:00 2001 From: Vika Date: Fri, 15 Jul 2022 02:18:14 +0300 Subject: PoC for modularity and WIP built-in Micropub client rework This is the living, breathing proof that Kittybox can be split into independent components without sacrificing any functionality. Just make sure all neccesary backing storage components are available to the modules that need them. Also the Micropub client was split into several files, because it's about to get much bigger and more full-featured. Yes, I am going to write it in vanilla JavaScript. I don't trust anything from NPM to run on my computer. Not anymore. Not after the node-ipc malware fiasco. And I am definitely not going to spin up a VM or a Docker container (who uses Docker containers as a security measure?) to hack on my own code. Cargo can at least be sandboxed inside Nix, where it can't do much harm. NPM basically requires unrestricted network access to download dependencies, and it runs arbitrary code upon **downloading** them. Cargo and rust-analyzer, on the other hand, can be configured to not trust the source code and its dependencies (for example, Cargo doesn't execute code on fetching dependencies - only on building, and rust-analyzer's proc-macro expansion support can be sacrificed for more security). --- kittybox-rs/src/main.rs | 129 +++++++++++++++++++++++++----------------------- 1 file changed, 68 insertions(+), 61 deletions(-) (limited to 'kittybox-rs/src/main.rs') diff --git a/kittybox-rs/src/main.rs b/kittybox-rs/src/main.rs index 50c0ca5..59c3e69 100644 --- a/kittybox-rs/src/main.rs +++ b/kittybox-rs/src/main.rs @@ -110,11 +110,55 @@ async fn main() { kittybox::media::storage::file::FileStore::new(path) }; - let svc = axum::Router::new() + // This code proves that different components of Kittybox can + // be split up without hurting the app + // + // If needed, some features could be omitted from the binary + // or just not spun up in the future + // + // For example, the frontend code could run spearately from + // Micropub and only have read access to the database folder + let frontend = axum::Router::new() .route( "/", - axum::routing::get(kittybox::frontend::homepage::), - ) + axum::routing::get(kittybox::frontend::homepage::) + .layer(axum::Extension(database.clone()))) + .route("/.kittybox/static/:path", axum::routing::get(kittybox::frontend::statics)) + .fallback( + axum::routing::get(kittybox::frontend::catchall::) + .layer(axum::Extension(database.clone()))); + + // Onboarding is a bit of a special case. One might argue that + // the onboarding makes Kittybox a monolith. This is wrong. + // The "onboarding receiver" doesn't need any code from the + // onboarding form - they're grouped in a single module for + // convenience only, since modifying one usually requires + // updating the other to match. + // + // For example, this "router" just groups two separate methods + // in one request, because logically they live in the same + // subtree. But one could manually construct only one but not + // the other, to receive a "frontend-only" application. Of + // course, in this scenario, one must employ a reverse proxy + // to distinguish between GET and POST requests to the same + // path, and route them to the correct set of endpoints with + // write access. + let onboarding = axum::Router::new() + .route("/.kittybox/onboarding", kittybox::frontend::onboarding::router( + database.clone(), http.clone() + )); + + let micropub = axum::Router::new() + .route("/.kittybox/micropub", kittybox::micropub::router(database.clone(), http.clone())) + .nest("/.kittybox/micropub/client", kittybox::companion::router()); + + let media = axum::Router::new() + .nest("/.kittybox/media", kittybox::media::router(blobstore).layer(axum::Extension(http))); + + /*let indieauth = axum::Router::new() + .nest("/.kittybox/indieauth", kittybox::indieauth::router());*/ + + let technical = axum::Router::new() .route( "/.kittybox/coffee", axum::routing::get(|| async { @@ -126,72 +170,35 @@ async fn main() { ) }), ) - .route( - "/.kittybox/onboarding", - axum::routing::get(kittybox::frontend::onboarding::get) - .post(kittybox::frontend::onboarding::post::), - ) - .route( - "/.kittybox/micropub", - axum::routing::get(kittybox::micropub::query::) - .post(kittybox::micropub::post::) - .layer( - tower_http::cors::CorsLayer::new() - .allow_methods([axum::http::Method::GET, axum::http::Method::POST]) - .allow_origin(tower_http::cors::Any), - ), - ) - .route( - "/.kittybox/micropub/client", - axum::routing::get(|| { - std::future::ready(axum::response::Html(kittybox::MICROPUB_CLIENT)) - }), - ) .route( "/.kittybox/health", - axum::routing::get(|| async { + axum::routing::get( + |axum::Extension(db): axum::Extension| async move { // TODO health-check the database "OK" - }), + } + ) + .layer(axum::Extension(database)) ) .route( "/.kittybox/metrics", axum::routing::get(|| async { todo!() }), - ) - .nest( - "/.kittybox/media", - axum::Router::new() - .route( - "/", - axum::routing::get(|| async { todo!() }) - .post( - kittybox::media::upload:: - ), - ) - .route("/uploads/*file", axum::routing::get( - kittybox::media::serve:: - )), - ) - .route( - "/.kittybox/static/:path", - axum::routing::get(kittybox::frontend::statics), - ) - .fallback(axum::routing::get( - kittybox::frontend::catchall::, - )) - .layer(axum::Extension(database)) - .layer(axum::Extension(http)) - .layer(axum::Extension(kittybox::tokenauth::TokenEndpoint( - token_endpoint, - ))) - .layer(axum::Extension(blobstore)) - .layer( - tower::ServiceBuilder::new() - .layer(tower_http::trace::TraceLayer::new_for_http()) - .into_inner(), ); - // A little dance to turn a potential file descriptor into a guaranteed async network socket + let svc = axum::Router::new() + .merge(frontend) + .merge(onboarding) + .merge(micropub) + .merge(media) + //.merge(indieauth) + .merge(technical) + .layer(axum::Extension(kittybox::tokenauth::TokenEndpoint(token_endpoint))) + .layer(tower::ServiceBuilder::new() + .layer(tower_http::trace::TraceLayer::new_for_http()) + .into_inner()); + + // A little dance to turn a potential file descriptor into + // a guaranteed async network socket let tcp_listener: std::net::TcpListener = { let mut listenfd = listenfd::ListenFd::from_env(); @@ -200,8 +207,8 @@ async fn main() { } else { std::net::TcpListener::bind(listen_at).unwrap() }; - // Set the socket to non-blocking so tokio can work with it properly - // This is the async magic + // Set the socket to non-blocking so tokio can poll it + // properly -- this is the async magic! tcp_listener.set_nonblocking(true).unwrap(); tcp_listener -- cgit 1.4.1