278 lines
9.7 KiB
Rust
278 lines
9.7 KiB
Rust
use crate::app_config::AppConfig;
|
|
use crate::constants;
|
|
use crate::crypto::pki;
|
|
use crate::energy::energy_actor::EnergyActorAddr;
|
|
use crate::server::auth_middleware::AuthChecker;
|
|
use crate::server::devices_api::{
|
|
device_logging_controller, devices_ota, mgmt_controller, utils_controller,
|
|
};
|
|
use crate::server::unsecure_server::*;
|
|
use crate::server::web_api::*;
|
|
use crate::server::web_app_controller;
|
|
use actix_cors::Cors;
|
|
use actix_identity::config::LogoutBehaviour;
|
|
use actix_identity::IdentityMiddleware;
|
|
use actix_remote_ip::RemoteIPConfig;
|
|
use actix_session::storage::CookieSessionStore;
|
|
use actix_session::SessionMiddleware;
|
|
use actix_web::cookie::{Key, SameSite};
|
|
use actix_web::middleware::Logger;
|
|
use actix_web::{web, App, HttpServer};
|
|
use openssl::ssl::{SslAcceptor, SslMethod};
|
|
use std::time::Duration;
|
|
|
|
/// Start unsecure (HTTP) server
|
|
pub async fn unsecure_server() -> anyhow::Result<()> {
|
|
log::info!(
|
|
"Unsecure server starting to listen on {} for {}",
|
|
AppConfig::get().unsecure_listen_address,
|
|
AppConfig::get().unsecure_origin()
|
|
);
|
|
HttpServer::new(|| {
|
|
App::new()
|
|
.wrap(Logger::default())
|
|
.route(
|
|
"/",
|
|
web::get().to(unsecure_server_controller::unsecure_home),
|
|
)
|
|
.route(
|
|
"/secure_origin",
|
|
web::get().to(unsecure_server_controller::secure_origin),
|
|
)
|
|
.route(
|
|
"/pki/{file}",
|
|
web::get().to(unsecure_pki_controller::serve_pki_file),
|
|
)
|
|
})
|
|
.bind(&AppConfig::get().unsecure_listen_address)?
|
|
.run()
|
|
.await?;
|
|
|
|
Ok(())
|
|
}
|
|
|
|
/// Start secure (HTTPS) server
|
|
pub async fn secure_server(energy_actor: EnergyActorAddr) -> anyhow::Result<()> {
|
|
let web_ca = pki::CertData::load_web_ca()?;
|
|
let server_cert = pki::CertData::load_server()?;
|
|
|
|
let mut builder = SslAcceptor::mozilla_intermediate(SslMethod::tls()).unwrap();
|
|
builder.set_private_key(&server_cert.key)?;
|
|
builder.set_certificate(&server_cert.cert)?;
|
|
builder.add_extra_chain_cert(web_ca.cert)?;
|
|
|
|
log::info!(
|
|
"Secure server starting to listen on {} for {}",
|
|
AppConfig::get().listen_address,
|
|
AppConfig::get().secure_origin()
|
|
);
|
|
HttpServer::new(move || {
|
|
let session_mw = SessionMiddleware::builder(
|
|
CookieSessionStore::default(),
|
|
Key::from(AppConfig::get().secret().as_bytes()),
|
|
)
|
|
.cookie_name(constants::SESSION_COOKIE_NAME.to_string())
|
|
.cookie_secure(AppConfig::get().cookie_secure)
|
|
.cookie_same_site(SameSite::Strict)
|
|
.cookie_domain(AppConfig::get().cookie_domain())
|
|
.cookie_http_only(true)
|
|
.build();
|
|
|
|
let identity_middleware = IdentityMiddleware::builder()
|
|
.logout_behaviour(LogoutBehaviour::PurgeSession)
|
|
.visit_deadline(Some(Duration::from_secs(
|
|
constants::MAX_INACTIVITY_DURATION,
|
|
)))
|
|
.login_deadline(Some(Duration::from_secs(constants::MAX_SESSION_DURATION)))
|
|
.build();
|
|
|
|
let mut cors = Cors::default()
|
|
.allowed_origin(&AppConfig::get().secure_origin())
|
|
.allowed_methods(vec!["GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"])
|
|
.allowed_header("X-Auth-Token")
|
|
.allow_any_header()
|
|
.supports_credentials()
|
|
.max_age(3600);
|
|
|
|
if cfg!(debug_assertions) {
|
|
cors = cors.allow_any_origin();
|
|
}
|
|
|
|
App::new()
|
|
.app_data(web::Data::new(energy_actor.clone()))
|
|
.wrap(Logger::default())
|
|
.wrap(AuthChecker)
|
|
.wrap(identity_middleware)
|
|
.wrap(session_mw)
|
|
.wrap(cors)
|
|
.app_data(web::Data::new(RemoteIPConfig {
|
|
proxy: AppConfig::get().proxy_ip.clone(),
|
|
}))
|
|
//.route("/", web::get().to(server_controller::secure_home))
|
|
// Web API
|
|
// Server controller
|
|
.route(
|
|
"/web_api/server/config",
|
|
web::get().to(server_controller::config),
|
|
)
|
|
// Auth controller
|
|
.route(
|
|
"/web_api/auth/password_auth",
|
|
web::post().to(auth_controller::password_auth),
|
|
)
|
|
.route(
|
|
"/web_api/auth/info",
|
|
web::get().to(auth_controller::auth_info),
|
|
)
|
|
.route(
|
|
"/web_api/auth/sign_out",
|
|
web::get().to(auth_controller::sign_out),
|
|
)
|
|
// Energy controller
|
|
.route(
|
|
"/web_api/energy/curr_consumption",
|
|
web::get().to(energy_controller::curr_consumption),
|
|
)
|
|
.route(
|
|
"/web_api/energy/curr_consumption/history",
|
|
web::get().to(energy_controller::curr_consumption_history),
|
|
)
|
|
.route(
|
|
"/web_api/energy/cached_consumption",
|
|
web::get().to(energy_controller::cached_consumption),
|
|
)
|
|
.route(
|
|
"/web_api/energy/relays_consumption",
|
|
web::get().to(energy_controller::relays_consumption),
|
|
)
|
|
.route(
|
|
"/web_api/energy/relays_consumption/history",
|
|
web::get().to(energy_controller::relays_consumption_history),
|
|
)
|
|
// Devices controller
|
|
.route(
|
|
"/web_api/devices/list_pending",
|
|
web::get().to(devices_controller::list_pending),
|
|
)
|
|
.route(
|
|
"/web_api/devices/list_validated",
|
|
web::get().to(devices_controller::list_validated),
|
|
)
|
|
.route(
|
|
"/web_api/devices/state",
|
|
web::get().to(devices_controller::devices_state),
|
|
)
|
|
.route(
|
|
"/web_api/device/{id}",
|
|
web::get().to(devices_controller::get_single),
|
|
)
|
|
.route(
|
|
"/web_api/device/{id}/state",
|
|
web::get().to(devices_controller::state_single),
|
|
)
|
|
.route(
|
|
"/web_api/device/{id}/validate",
|
|
web::post().to(devices_controller::validate_device),
|
|
)
|
|
.route(
|
|
"/web_api/device/{id}",
|
|
web::patch().to(devices_controller::update_device),
|
|
)
|
|
.route(
|
|
"/web_api/device/{id}",
|
|
web::delete().to(devices_controller::delete_device),
|
|
)
|
|
// OTA API
|
|
.route(
|
|
"/web_api/ota/supported_platforms",
|
|
web::get().to(ota_controller::supported_platforms),
|
|
)
|
|
.route(
|
|
"/web_api/ota/{platform}/{version}",
|
|
web::post().to(ota_controller::upload_firmware),
|
|
)
|
|
.route("/web_api/ota", web::get().to(ota_controller::list_all_ota))
|
|
.route(
|
|
"/web_api/ota/{platform}",
|
|
web::get().to(ota_controller::list_updates_platform),
|
|
)
|
|
// TODO : download a OTA file
|
|
// TODO : delete an OTA file
|
|
.route(
|
|
"/web_api/ota/set_desired_version",
|
|
web::post().to(ota_controller::set_desired_version),
|
|
)
|
|
// Logging controller API
|
|
.route(
|
|
"/web_api/logging/logs",
|
|
web::get().to(logging_controller::get_log),
|
|
)
|
|
// Relays API
|
|
.route(
|
|
"/web_api/relays/list",
|
|
web::get().to(relays_controller::get_list),
|
|
)
|
|
.route(
|
|
"/web_api/relay/create",
|
|
web::post().to(relays_controller::create),
|
|
)
|
|
.route(
|
|
"/web_api/relay/{id}",
|
|
web::put().to(relays_controller::update),
|
|
)
|
|
.route(
|
|
"/web_api/relay/{id}",
|
|
web::delete().to(relays_controller::delete),
|
|
)
|
|
.route(
|
|
"/web_api/relays/status",
|
|
web::get().to(relays_controller::status_all),
|
|
)
|
|
.route(
|
|
"/web_api/relay/{id}/status",
|
|
web::get().to(relays_controller::status_single),
|
|
)
|
|
// Devices API
|
|
.route(
|
|
"/devices_api/utils/time",
|
|
web::get().to(utils_controller::curr_time),
|
|
)
|
|
.route(
|
|
"/devices_api/mgmt/enroll",
|
|
web::post().to(mgmt_controller::enroll),
|
|
)
|
|
.route(
|
|
"/devices_api/mgmt/enrollment_status",
|
|
web::get().to(mgmt_controller::enrollment_status),
|
|
)
|
|
.route(
|
|
"/devices_api/mgmt/get_certificate",
|
|
web::get().to(mgmt_controller::get_certificate),
|
|
)
|
|
.route(
|
|
"/devices_api/mgmt/sync",
|
|
web::post().to(mgmt_controller::sync_device),
|
|
)
|
|
.route(
|
|
"/devices_api/ota/{platform}/{version}",
|
|
web::get().to(devices_ota::retrieve_firmware),
|
|
)
|
|
.route(
|
|
"/devices_api/logging/record",
|
|
web::post().to(device_logging_controller::report_log),
|
|
)
|
|
// Web app
|
|
.route("/", web::get().to(web_app_controller::root_index))
|
|
.route(
|
|
"/assets/{tail:.*}",
|
|
web::get().to(web_app_controller::serve_assets_content),
|
|
)
|
|
.route("/{tail:.*}", web::get().to(web_app_controller::root_index))
|
|
})
|
|
.bind_openssl(&AppConfig::get().listen_address, builder)?
|
|
.run()
|
|
.await?;
|
|
|
|
Ok(())
|
|
}
|