use crate::app_config::AppConfig; use crate::constants; use crate::crypto::pki; use crate::energy::energy_actor::EnergyActorAddr; use crate::server::auth_middleware::AuthChecker; use crate::server::devices_api::{ device_logging_controller, devices_ota, mgmt_controller, utils_controller, }; use crate::server::unsecure_server::*; use crate::server::web_api::*; use crate::server::web_app_controller; use actix_cors::Cors; use actix_identity::config::LogoutBehaviour; use actix_identity::IdentityMiddleware; use actix_remote_ip::RemoteIPConfig; use actix_session::storage::CookieSessionStore; use actix_session::SessionMiddleware; use actix_web::cookie::{Key, SameSite}; use actix_web::middleware::Logger; use actix_web::{web, App, HttpServer}; use openssl::ssl::{SslAcceptor, SslMethod}; use std::time::Duration; /// Start unsecure (HTTP) server pub async fn unsecure_server() -> anyhow::Result<()> { log::info!( "Unsecure server starting to listen on {} for {}", AppConfig::get().unsecure_listen_address, AppConfig::get().unsecure_origin() ); HttpServer::new(|| { App::new() .wrap(Logger::default()) .route( "/", web::get().to(unsecure_server_controller::unsecure_home), ) .route( "/secure_origin", web::get().to(unsecure_server_controller::secure_origin), ) .route( "/pki/{file}", web::get().to(unsecure_pki_controller::serve_pki_file), ) }) .bind(&AppConfig::get().unsecure_listen_address)? .run() .await?; Ok(()) } /// Start secure (HTTPS) server pub async fn secure_server(energy_actor: EnergyActorAddr) -> anyhow::Result<()> { let web_ca = pki::CertData::load_web_ca()?; let server_cert = pki::CertData::load_server()?; let mut builder = SslAcceptor::mozilla_intermediate(SslMethod::tls()).unwrap(); builder.set_private_key(&server_cert.key)?; builder.set_certificate(&server_cert.cert)?; builder.add_extra_chain_cert(web_ca.cert)?; log::info!( "Secure server starting to listen on {} for {}", AppConfig::get().listen_address, AppConfig::get().secure_origin() ); HttpServer::new(move || { let session_mw = SessionMiddleware::builder( CookieSessionStore::default(), Key::from(AppConfig::get().secret().as_bytes()), ) .cookie_name(constants::SESSION_COOKIE_NAME.to_string()) .cookie_secure(AppConfig::get().cookie_secure) .cookie_same_site(SameSite::Strict) .cookie_domain(AppConfig::get().cookie_domain()) .cookie_http_only(true) .build(); let identity_middleware = IdentityMiddleware::builder() .logout_behaviour(LogoutBehaviour::PurgeSession) .visit_deadline(Some(Duration::from_secs( constants::MAX_INACTIVITY_DURATION, ))) .login_deadline(Some(Duration::from_secs(constants::MAX_SESSION_DURATION))) .build(); let mut cors = Cors::default() .allowed_origin(&AppConfig::get().secure_origin()) .allowed_methods(vec!["GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"]) .allowed_header("X-Auth-Token") .allow_any_header() .supports_credentials() .max_age(3600); if cfg!(debug_assertions) { cors = cors.allow_any_origin(); } App::new() .app_data(web::Data::new(energy_actor.clone())) .wrap(Logger::default()) .wrap(AuthChecker) .wrap(identity_middleware) .wrap(session_mw) .wrap(cors) .app_data(web::Data::new(RemoteIPConfig { proxy: AppConfig::get().proxy_ip.clone(), })) //.route("/", web::get().to(server_controller::secure_home)) // Web API // Server controller .route( "/web_api/server/config", web::get().to(server_controller::config), ) // Auth controller .route( "/web_api/auth/password_auth", web::post().to(auth_controller::password_auth), ) .route( "/web_api/auth/info", web::get().to(auth_controller::auth_info), ) .route( "/web_api/auth/sign_out", web::get().to(auth_controller::sign_out), ) // Energy controller .route( "/web_api/energy/curr_consumption", web::get().to(energy_controller::curr_consumption), ) .route( "/web_api/energy/curr_consumption/history", web::get().to(energy_controller::curr_consumption_history), ) .route( "/web_api/energy/cached_consumption", web::get().to(energy_controller::cached_consumption), ) .route( "/web_api/energy/relays_consumption", web::get().to(energy_controller::relays_consumption), ) .route( "/web_api/energy/relays_consumption/history", web::get().to(energy_controller::relays_consumption_history), ) // Devices controller .route( "/web_api/devices/list_pending", web::get().to(devices_controller::list_pending), ) .route( "/web_api/devices/list_validated", web::get().to(devices_controller::list_validated), ) .route( "/web_api/devices/state", web::get().to(devices_controller::devices_state), ) .route( "/web_api/device/{id}", web::get().to(devices_controller::get_single), ) .route( "/web_api/device/{id}/state", web::get().to(devices_controller::state_single), ) .route( "/web_api/device/{id}/validate", web::post().to(devices_controller::validate_device), ) .route( "/web_api/device/{id}", web::patch().to(devices_controller::update_device), ) .route( "/web_api/device/{id}", web::delete().to(devices_controller::delete_device), ) // OTA API .route( "/web_api/ota/supported_platforms", web::get().to(ota_controller::supported_platforms), ) .route( "/web_api/ota/{platform}/{version}", web::post().to(ota_controller::upload_firmware), ) .route("/web_api/ota", web::get().to(ota_controller::list_all_ota)) .route( "/web_api/ota/{platform}", web::get().to(ota_controller::list_updates_platform), ) // TODO : download a OTA file // TODO : delete an OTA file .route( "/web_api/ota/set_desired_version", web::post().to(ota_controller::set_desired_version), ) // Logging controller API .route( "/web_api/logging/logs", web::get().to(logging_controller::get_log), ) // Relays API .route( "/web_api/relays/list", web::get().to(relays_controller::get_list), ) .route( "/web_api/relay/create", web::post().to(relays_controller::create), ) .route( "/web_api/relay/{id}", web::put().to(relays_controller::update), ) .route( "/web_api/relay/{id}", web::delete().to(relays_controller::delete), ) .route( "/web_api/relays/status", web::get().to(relays_controller::status_all), ) .route( "/web_api/relay/{id}/status", web::get().to(relays_controller::status_single), ) // Devices API .route( "/devices_api/utils/time", web::get().to(utils_controller::curr_time), ) .route( "/devices_api/mgmt/enroll", web::post().to(mgmt_controller::enroll), ) .route( "/devices_api/mgmt/enrollment_status", web::get().to(mgmt_controller::enrollment_status), ) .route( "/devices_api/mgmt/get_certificate", web::get().to(mgmt_controller::get_certificate), ) .route( "/devices_api/mgmt/sync", web::post().to(mgmt_controller::sync_device), ) .route( "/devices_api/ota/{platform}/{version}", web::get().to(devices_ota::retrieve_firmware), ) .route( "/devices_api/logging/record", web::post().to(device_logging_controller::report_log), ) // Web app .route("/", web::get().to(web_app_controller::root_index)) .route( "/assets/{tail:.*}", web::get().to(web_app_controller::serve_assets_content), ) .route("/{tail:.*}", web::get().to(web_app_controller::root_index)) }) .bind_openssl(&AppConfig::get().listen_address, builder)? .run() .await?; Ok(()) }