use crate::app_config::AppConfig;
use crate::constants;
use crate::crypto::pki;
use crate::energy::energy_actor::EnergyActorAddr;
use crate::server::auth_middleware::AuthChecker;
use crate::server::devices_api::{
device_logging_controller, devices_ota, mgmt_controller, utils_controller,
};
use crate::server::unsecure_server::*;
use crate::server::web_api::*;
use crate::server::web_app_controller;
use actix_cors::Cors;
use actix_identity::IdentityMiddleware;
use actix_identity::config::LogoutBehaviour;
use actix_remote_ip::RemoteIPConfig;
use actix_session::SessionMiddleware;
use actix_session::storage::CookieSessionStore;
use actix_web::cookie::{Key, SameSite};
use actix_web::middleware::Logger;
use actix_web::{App, HttpServer, web};
use openssl::ssl::{SslAcceptor, SslMethod};
use std::time::Duration;
/// Start unsecure (HTTP) server
pub async fn unsecure_server(energy_actor: EnergyActorAddr) -> anyhow::Result<()> {
log::info!(
"Unsecure server starting to listen on {} for {}",
AppConfig::get().unsecure_listen_address,
AppConfig::get().unsecure_origin()
);
HttpServer::new(move || {
App::new()
.app_data(web::Data::new(energy_actor.clone()))
.wrap(Logger::default())
.route(
"/",
web::get().to(unsecure_server_controller::unsecure_home),
)
.route(
"/secure_origin",
web::get().to(unsecure_server_controller::secure_origin),
)
.route(
"/pki/{file}",
web::get().to(unsecure_pki_controller::serve_pki_file),
)
.route(
"/relay/{id}/legacy_state",
web::get().to(unsecure_relay_controller::legacy_state),
)
})
.bind(&AppConfig::get().unsecure_listen_address)?
.run()
.await?;
Ok(())
}
/// Start secure (HTTPS) server
pub async fn secure_server(energy_actor: EnergyActorAddr) -> anyhow::Result<()> {
let web_ca = pki::CertData::load_web_ca()?;
let server_cert = pki::CertData::load_server()?;
let mut builder = SslAcceptor::mozilla_intermediate(SslMethod::tls()).unwrap();
builder.set_private_key(&server_cert.key)?;
builder.set_certificate(&server_cert.cert)?;
builder.add_extra_chain_cert(web_ca.cert)?;
log::info!(
"Secure server starting to listen on {} for {}",
AppConfig::get().listen_address,
AppConfig::get().secure_origin()
);
HttpServer::new(move || {
let session_mw = SessionMiddleware::builder(
CookieSessionStore::default(),
Key::from(AppConfig::get().secret().as_bytes()),
)
.cookie_name(constants::SESSION_COOKIE_NAME.to_string())
.cookie_secure(AppConfig::get().cookie_secure)
.cookie_same_site(SameSite::Strict)
.cookie_domain(AppConfig::get().cookie_domain())
.cookie_http_only(true)
.build();
let identity_middleware = IdentityMiddleware::builder()
.logout_behaviour(LogoutBehaviour::PurgeSession)
.visit_deadline(Some(Duration::from_secs(
constants::MAX_INACTIVITY_DURATION,
)))
.login_deadline(Some(Duration::from_secs(constants::MAX_SESSION_DURATION)))
.build();
let mut cors = Cors::default()
.allowed_origin(&AppConfig::get().secure_origin())
.allowed_methods(vec!["GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"])
.allowed_header("X-Auth-Token")
.allow_any_header()
.supports_credentials()
.max_age(3600);
if cfg!(debug_assertions) {
cors = cors.allow_any_origin();
}
App::new()
.app_data(web::Data::new(energy_actor.clone()))
.wrap(Logger::default())
.wrap(AuthChecker)
.wrap(identity_middleware)
.wrap(session_mw)
.wrap(cors)
.app_data(web::Data::new(RemoteIPConfig {
proxy: AppConfig::get().proxy_ip.clone(),
}))
//.route("/", web::get().to(server_controller::secure_home))
// Web API
// Server controller
.route(
"/web_api/server/config",
web::get().to(server_controller::config),
)
// Auth controller
.route(
"/web_api/auth/password_auth",
web::post().to(auth_controller::password_auth),
)
.route(
"/web_api/auth/info",
web::get().to(auth_controller::auth_info),
)
.route(
"/web_api/auth/sign_out",
web::get().to(auth_controller::sign_out),
)
// Energy controller
.route(
"/web_api/energy/curr_consumption",
web::get().to(energy_controller::curr_consumption),
)
.route(
"/web_api/energy/curr_consumption/history",
web::get().to(energy_controller::curr_consumption_history),
)
.route(
"/web_api/energy/cached_consumption",
web::get().to(energy_controller::cached_consumption),
)
.route(
"/web_api/energy/relays_consumption",
web::get().to(energy_controller::relays_consumption),
)
.route(
"/web_api/energy/relays_consumption/history",
web::get().to(energy_controller::relays_consumption_history),
)
// Devices controller
.route(
"/web_api/devices/list_pending",
web::get().to(devices_controller::list_pending),
)
.route(
"/web_api/devices/list_validated",
web::get().to(devices_controller::list_validated),
)
.route(
"/web_api/devices/state",
web::get().to(devices_controller::devices_state),
)
.route(
"/web_api/device/{id}",
web::get().to(devices_controller::get_single),
)
.route(
"/web_api/device/{id}/state",
web::get().to(devices_controller::state_single),
)
.route(
"/web_api/device/{id}/validate",
web::post().to(devices_controller::validate_device),
)
.route(
"/web_api/device/{id}",
web::patch().to(devices_controller::update_device),
)
.route(
"/web_api/device/{id}",
web::delete().to(devices_controller::delete_device),
)
// OTA API
.route(
"/web_api/ota/supported_platforms",
web::get().to(ota_controller::supported_platforms),
)
.route(
"/web_api/ota/{platform}/{version}",
web::post().to(ota_controller::upload_firmware),
)
.route(
"/web_api/ota/{platform}/{version}",
web::get().to(ota_controller::download_firmware),
)
.route(
"/web_api/ota/{platform}/{version}",
web::delete().to(ota_controller::delete_update),
)
.route("/web_api/ota", web::get().to(ota_controller::list_all_ota))
.route(
"/web_api/ota/{platform}",
web::get().to(ota_controller::list_updates_platform),
)
.route(
"/web_api/ota/set_desired_version",
web::post().to(ota_controller::set_desired_version),
)
// Logging controller API
.route(
"/web_api/logging/logs",
web::get().to(logging_controller::get_log),
)
// Relays API
.route(
"/web_api/relays/list",
web::get().to(relays_controller::get_list),
)
.route(
"/web_api/relay/create",
web::post().to(relays_controller::create),
)
.route(
"/web_api/relay/{id}",
web::put().to(relays_controller::update),
)
.route(
"/web_api/relay/{id}",
web::delete().to(relays_controller::delete),
)
.route(
"/web_api/relays/status",
web::get().to(relays_controller::status_all),
)
.route(
"/web_api/relay/{id}/status",
web::get().to(relays_controller::status_single),
)
// Management API
.route(
"/web_api/management/download_storage",
web::get().to(management_controller::download_storage),
)
// Devices API
.route(
"/devices_api/utils/time",
web::get().to(utils_controller::curr_time),
)
.route(
"/devices_api/mgmt/enroll",
web::post().to(mgmt_controller::enroll),
)
.route(
"/devices_api/mgmt/enrollment_status",
web::get().to(mgmt_controller::enrollment_status),
)
.route(
"/devices_api/mgmt/get_certificate",
web::get().to(mgmt_controller::get_certificate),
)
.route(
"/devices_api/mgmt/sync",
web::post().to(mgmt_controller::sync_device),
)
.route(
"/devices_api/ota/{platform}/{version}",
web::get().to(devices_ota::retrieve_firmware),
)
.route(
"/devices_api/logging/record",
web::post().to(device_logging_controller::report_log),
)
// Web app
.route("/", web::get().to(web_app_controller::root_index))
.route(
"/assets/{tail:.*}",
web::get().to(web_app_controller::serve_assets_content),
)
.route("/{tail:.*}", web::get().to(web_app_controller::root_index))
})
.bind_openssl(&AppConfig::get().listen_address, builder)?
.run()
.await?;
Ok(())
}