diff --git a/services/tunnelbroker/src/cxx_bridge.rs b/services/tunnelbroker/src/cxx_bridge.rs index f9eeb0f2b..21ef93388 100644 --- a/services/tunnelbroker/src/cxx_bridge.rs +++ b/services/tunnelbroker/src/cxx_bridge.rs @@ -1,69 +1,78 @@ #[cxx::bridge] pub mod ffi { enum GRPCStatusCodes { Ok, Cancelled, Unknown, InvalidArgument, DeadlineExceeded, NotFound, AlreadyExists, PermissionDenied, ResourceExhausted, FailedPrecondition, Aborted, OutOfRange, Unimplemented, Internal, Unavailable, DataLoss, Unauthenticated, } struct GrpcResult { statusCode: GRPCStatusCodes, errorText: String, } struct SessionSignatureResult { toSign: String, grpcStatus: GrpcResult, } struct NewSessionResult { sessionID: String, grpcStatus: GrpcResult, } struct SessionItem { deviceID: String, publicKey: String, notifyToken: String, deviceType: i32, appVersion: String, deviceOS: String, isOnline: bool, } + struct MessageItem { + messageID: String, + fromDeviceID: String, + toDeviceID: String, + payload: String, + blobHashes: String, + } unsafe extern "C++" { include!("tunnelbroker/src/libcpp/Tunnelbroker.h"); pub fn initialize(); pub fn getConfigParameter(parameter: &str) -> Result; pub fn isSandbox() -> Result; pub fn sessionSignatureHandler(deviceID: &str) -> SessionSignatureResult; pub fn newSessionHandler( deviceID: &str, publicKey: &str, signature: &str, deviceType: i32, deviceAppVersion: &str, deviceOS: &str, notifyToken: &str, ) -> NewSessionResult; pub fn getSessionItem(sessionID: &str) -> Result; pub fn updateSessionItemIsOnline( sessionID: &str, isOnline: bool, ) -> Result<()>; pub fn updateSessionItemDeviceToken( sessionID: &str, newNotifToken: &str, ) -> Result<()>; + pub fn getMessagesFromDatabase(deviceID: &str) -> Result>; + pub fn eraseMessagesFromAMQP(deviceID: &str) -> Result<()>; } } diff --git a/services/tunnelbroker/src/libcpp/Tunnelbroker.cpp b/services/tunnelbroker/src/libcpp/Tunnelbroker.cpp index e8a7042ac..3a39e9896 100644 --- a/services/tunnelbroker/src/libcpp/Tunnelbroker.cpp +++ b/services/tunnelbroker/src/libcpp/Tunnelbroker.cpp @@ -1,185 +1,207 @@ #include "Tunnelbroker.h" #include "AmqpManager.h" #include "AwsTools.h" #include "ConfigManager.h" #include "CryptoTools.h" #include "DatabaseManager.h" +#include "DeliveryBroker.h" #include "GlobalTools.h" #include "Tools.h" #include "rust/cxx.h" #include "tunnelbroker/src/cxx_bridge.rs.h" #include void initialize() { comm::network::tools::InitLogging("tunnelbroker"); comm::network::config::ConfigManager::getInstance().load(); Aws::InitAPI({}); // List of AWS DynamoDB tables to check if they are created and can be // accessed before any AWS API methods const std::list tablesList = { comm::network::config::ConfigManager::getInstance().getParameter( comm::network::config::ConfigManager::OPTION_DYNAMODB_SESSIONS_TABLE), comm::network::config::ConfigManager::getInstance().getParameter( comm::network::config::ConfigManager:: OPTION_DYNAMODB_SESSIONS_VERIFICATION_TABLE), comm::network::config::ConfigManager::getInstance().getParameter( comm::network::config::ConfigManager:: OPTION_DYNAMODB_SESSIONS_PUBLIC_KEY_TABLE), comm::network::config::ConfigManager::getInstance().getParameter( comm::network::config::ConfigManager:: OPTION_DYNAMODB_MESSAGES_TABLE)}; for (const std::string &table : tablesList) { if (!comm::network::database::DatabaseManager::getInstance() .isTableAvailable(table)) { throw std::runtime_error( "Error: AWS DynamoDB table '" + table + "' is not available"); } }; comm::network::AmqpManager::getInstance().init(); } rust::String getConfigParameter(rust::Str parameter) { return rust::String{ comm::network::config::ConfigManager::getInstance().getParameter( std::string{parameter})}; } bool isSandbox() { return comm::network::tools::isSandbox(); } SessionSignatureResult sessionSignatureHandler(rust::Str deviceID) { const std::string requestedDeviceID(deviceID); if (!comm::network::tools::validateDeviceID(requestedDeviceID)) { return SessionSignatureResult{ .grpcStatus = { .statusCode = GRPCStatusCodes::InvalidArgument, .errorText = "Format validation failed for deviceID: " + requestedDeviceID}}; } const std::string toSign = comm::network::tools::generateRandomString( comm::network::SIGNATURE_REQUEST_LENGTH); std::shared_ptr SessionSignItem = std::make_shared( toSign, requestedDeviceID); comm::network::database::DatabaseManager::getInstance().putSessionSignItem( *SessionSignItem); return SessionSignatureResult{ .toSign = toSign, .grpcStatus = {.statusCode = GRPCStatusCodes::Ok}}; } NewSessionResult newSessionHandler( rust::Str deviceID, rust::Str publicKey, rust::Str signature, int32_t deviceType, rust::Str deviceAppVersion, rust::Str deviceOS, rust::Str notifyToken) { std::shared_ptr deviceSessionItem; std::shared_ptr sessionSignItem; std::shared_ptr publicKeyItem; const std::string stringDeviceID{deviceID}; if (!comm::network::tools::validateDeviceID(stringDeviceID)) { return NewSessionResult{ .grpcStatus = { .statusCode = GRPCStatusCodes::InvalidArgument, .errorText = "Format validation failed for deviceID"}}; } const std::string stringPublicKey{publicKey}; const std::string newSessionID = comm::network::tools::generateUUID(); try { sessionSignItem = comm::network::database::DatabaseManager::getInstance() .findSessionSignItem(stringDeviceID); if (sessionSignItem == nullptr) { return NewSessionResult{ .grpcStatus = { .statusCode = GRPCStatusCodes::NotFound, .errorText = "Session signature request not found for deviceID"}}; } publicKeyItem = comm::network::database::DatabaseManager::getInstance() .findPublicKeyItem(stringDeviceID); if (publicKeyItem == nullptr) { std::shared_ptr newPublicKeyItem = std::make_shared( stringDeviceID, stringPublicKey); comm::network::database::DatabaseManager::getInstance().putPublicKeyItem( *newPublicKeyItem); } else if (stringPublicKey != publicKeyItem->getPublicKey()) { return NewSessionResult{ .grpcStatus = { .statusCode = GRPCStatusCodes::PermissionDenied, .errorText = "The public key doesn't match for deviceID"}}; } const std::string verificationMessage = sessionSignItem->getSign(); if (!comm::network::crypto::rsaVerifyString( stringPublicKey, verificationMessage, std::string{signature})) { return NewSessionResult{ .grpcStatus = { .statusCode = GRPCStatusCodes::PermissionDenied, .errorText = "Signature for the verification message is not valid"}}; } comm::network::database::DatabaseManager::getInstance() .removeSessionSignItem(stringDeviceID); deviceSessionItem = std::make_shared( newSessionID, stringDeviceID, stringPublicKey, std::string{notifyToken}, deviceType, std::string{deviceAppVersion}, std::string{deviceOS}); comm::network::database::DatabaseManager::getInstance().putSessionItem( *deviceSessionItem); } catch (std::runtime_error &e) { LOG(ERROR) << "gRPC: " << "Error while processing 'NewSession' request: " << e.what(); return NewSessionResult{ .grpcStatus = { .statusCode = GRPCStatusCodes::Internal, .errorText = e.what()}}; } return NewSessionResult{ .sessionID = newSessionID, .grpcStatus = {.statusCode = GRPCStatusCodes::Ok}}; } SessionItem getSessionItem(rust::Str sessionID) { const std::string stringSessionID = std::string{sessionID}; if (!comm::network::tools::validateSessionID(stringSessionID)) { throw std::invalid_argument("Invalid format for 'sessionID'"); } std::shared_ptr sessionItem = comm::network::database::DatabaseManager::getInstance().findSessionItem( stringSessionID); if (sessionItem == nullptr) { throw std::invalid_argument( "No sessions found for 'sessionID': " + stringSessionID); } return SessionItem{ .deviceID = sessionItem->getDeviceID(), .publicKey = sessionItem->getPubKey(), .notifyToken = sessionItem->getNotifyToken(), .deviceType = static_cast(sessionItem->getDeviceType()), .appVersion = sessionItem->getAppVersion(), .deviceOS = sessionItem->getDeviceOs(), .isOnline = sessionItem->getIsOnline()}; } void updateSessionItemIsOnline(rust::Str sessionID, bool isOnline) { comm::network::database::DatabaseManager::getInstance() .updateSessionItemIsOnline(std::string{sessionID}, isOnline); } void updateSessionItemDeviceToken( rust::Str sessionID, rust::Str newNotifToken) { comm::network::database::DatabaseManager::getInstance() .updateSessionItemDeviceToken( std::string{sessionID}, std::string{newNotifToken}); } + +rust::Vec getMessagesFromDatabase(rust::Str deviceID) { + std::vector> + messagesFromDatabase = + comm::network::database::DatabaseManager::getInstance() + .findMessageItemsByReceiver(std::string{deviceID}); + rust::Vec result; + for (auto &messageFromDatabase : messagesFromDatabase) { + result.push_back(MessageItem{ + .messageID = messageFromDatabase->getMessageID(), + .fromDeviceID = messageFromDatabase->getFromDeviceID(), + .payload = messageFromDatabase->getPayload(), + .blobHashes = messageFromDatabase->getBlobHashes(), + }); + } + return result; +} + +void eraseMessagesFromAMQP(rust::Str deviceID) { + comm::network::DeliveryBroker::getInstance().erase(std::string{deviceID}); +} diff --git a/services/tunnelbroker/src/libcpp/Tunnelbroker.h b/services/tunnelbroker/src/libcpp/Tunnelbroker.h index 136141452..5311dab5f 100644 --- a/services/tunnelbroker/src/libcpp/Tunnelbroker.h +++ b/services/tunnelbroker/src/libcpp/Tunnelbroker.h @@ -1,20 +1,22 @@ #pragma once #include "rust/cxx.h" #include "tunnelbroker/src/cxx_bridge.rs.h" void initialize(); rust::String getConfigParameter(rust::Str parameter); bool isSandbox(); SessionSignatureResult sessionSignatureHandler(rust::Str deviceID); NewSessionResult newSessionHandler( rust::Str deviceID, rust::Str publicKey, rust::Str signature, int32_t deviceType, rust::Str deviceAppVersion, rust::Str deviceOS, rust::Str notifyToken); SessionItem getSessionItem(rust::Str sessionID); void updateSessionItemIsOnline(rust::Str sessionID, bool isOnline); void updateSessionItemDeviceToken(rust::Str sessionID, rust::Str newNotifToken); +rust::Vec getMessagesFromDatabase(rust::Str deviceID); +void eraseMessagesFromAMQP(rust::Str deviceID); diff --git a/services/tunnelbroker/src/server/mod.rs b/services/tunnelbroker/src/server/mod.rs index 7c1dc0197..405e03e92 100644 --- a/services/tunnelbroker/src/server/mod.rs +++ b/services/tunnelbroker/src/server/mod.rs @@ -1,281 +1,322 @@ use super::constants; use super::cxx_bridge::ffi::{ - getSessionItem, newSessionHandler, sessionSignatureHandler, - updateSessionItemDeviceToken, updateSessionItemIsOnline, GRPCStatusCodes, + eraseMessagesFromAMQP, getMessagesFromDatabase, getSessionItem, + newSessionHandler, sessionSignatureHandler, updateSessionItemDeviceToken, + updateSessionItemIsOnline, GRPCStatusCodes, }; use anyhow::Result; use futures::Stream; use std::pin::Pin; use tokio::sync::mpsc; use tokio::time::{sleep, Duration}; use tokio_stream::{wrappers::ReceiverStream, StreamExt}; use tonic::{transport::Server, Request, Response, Status, Streaming}; use tracing::{debug, error}; use tunnelbroker::message_to_tunnelbroker::Data::{ MessagesToSend, NewNotifyToken, ProcessedMessages, }; use tunnelbroker::tunnelbroker_service_server::{ TunnelbrokerService, TunnelbrokerServiceServer, }; mod tools; mod tunnelbroker { tonic::include_proto!("tunnelbroker"); } #[derive(Debug, Default)] struct TunnelbrokerServiceHandlers {} #[tonic::async_trait] impl TunnelbrokerService for TunnelbrokerServiceHandlers { async fn session_signature( &self, request: Request, ) -> Result, Status> { let result = sessionSignatureHandler(&request.into_inner().device_id); if result.grpcStatus.statusCode != GRPCStatusCodes::Ok { return Err(tools::create_tonic_status( result.grpcStatus.statusCode, &result.grpcStatus.errorText, )); } Ok(Response::new(tunnelbroker::SessionSignatureResponse { to_sign: result.toSign, })) } async fn new_session( &self, request: Request, ) -> Result, Status> { let inner_request = request.into_inner(); let notify_token = inner_request.notify_token.unwrap_or(String::new()); if !tunnelbroker::new_session_request::DeviceTypes::is_valid( inner_request.device_type, ) { return Err(tools::create_tonic_status( GRPCStatusCodes::InvalidArgument, "Unsupported device type", )); }; let result = newSessionHandler( &inner_request.device_id, &inner_request.public_key, &inner_request.signature, inner_request.device_type, &inner_request.device_app_version, &inner_request.device_os, ¬ify_token, ); if result.grpcStatus.statusCode != GRPCStatusCodes::Ok { return Err(tools::create_tonic_status( result.grpcStatus.statusCode, &result.grpcStatus.errorText, )); } Ok(Response::new(tunnelbroker::NewSessionResponse { session_id: result.sessionID, })) } type MessagesStreamStream = Pin< Box< dyn Stream> + Send, >, >; async fn messages_stream( &self, request: Request>, ) -> Result, Status> { let session_id = match request.metadata().get("sessionID") { Some(metadata_session_id) => metadata_session_id .to_str() .expect("metadata session id was not valid UTF8") .to_string(), None => { return Err(Status::invalid_argument( "No 'sessionID' in metadata was provided", )) } }; let session_item = match getSessionItem(&session_id) { Ok(database_item) => database_item, Err(err) => return Err(Status::unauthenticated(err.what())), }; let (tx, rx) = mpsc::channel(constants::GRPC_TX_QUEUE_SIZE); // Through this function, we will write to the output stream from different Tokio // tasks and update the device's online status if the write was unsuccessful async fn tx_writer( session_id: &str, channel: &tokio::sync::mpsc::Sender, payload: T, ) -> Result<(), String> { let result = channel.send(payload).await; match result { Ok(result) => Ok(result), Err(err) => { if let Err(err) = updateSessionItemIsOnline(&session_id, false) { return Err(err.what().to_string()); } return Err(err.to_string()); } } } if let Err(err) = updateSessionItemIsOnline(&session_id, true) { return Err(Status::internal(err.what())); } // Checking for an empty notif token and requesting the new one from the client if session_item.notifyToken.is_empty() && session_item.deviceType == tunnelbroker::new_session_request::DeviceTypes::Mobile as i32 { let result = tx_writer( &session_id, &tx, Ok(tunnelbroker::MessageToClient { data: Some( tunnelbroker::message_to_client::Data::NewNotifyTokenRequired(()), ), }), ); if let Err(err) = result.await { debug!( "Error while sending notification token request to the client: {}", err ); }; } + // When a client connects to the bidirectional messages stream, first we check + // if there are undelivered messages in the database + let messages_from_database = + match getMessagesFromDatabase(&session_item.deviceID) { + Ok(messages) => messages, + Err(err) => return Err(Status::internal(err.what())), + }; + if messages_from_database.len() > 0 { + if let Err(err) = eraseMessagesFromAMQP(&session_item.deviceID) { + return Err(Status::internal(err.what())); + }; + let mut messages_to_response = vec![]; + for message in &messages_from_database { + messages_to_response.push(tunnelbroker::MessageToClientStruct { + message_id: message.messageID.clone(), + from_device_id: message.fromDeviceID.clone(), + payload: message.payload.clone(), + blob_hashes: vec![message.blobHashes.clone()], + }); + } + let result_from_writer = tx_writer( + &session_id, + &tx, + Ok(tunnelbroker::MessageToClient { + data: Some(tunnelbroker::message_to_client::Data::MessagesToDeliver( + tunnelbroker::MessagesToDeliver { + messages: messages_to_response, + }, + )), + }), + ); + if let Err(err) = result_from_writer.await { + debug!( + "Error while sending undelivered messages from database to the client: {}", + err + ); + return Err(Status::aborted(err)); + }; + } + // Spawning asynchronous Tokio task with the client pinging loop inside to // make sure that the client is online tokio::spawn({ let session_id = session_id.clone(); let tx = tx.clone(); async move { loop { sleep(Duration::from_millis(constants::GRPC_PING_INTERVAL_MS)).await; let result = tx_writer( &session_id, &tx, Ok(tunnelbroker::MessageToClient { data: Some(tunnelbroker::message_to_client::Data::Ping(())), }), ); if let Err(err) = result.await { debug!("Failed to write ping to a channel: {}", err); break; }; } } }); let mut input_stream = request.into_inner(); // Spawning asynchronous Tokio task for handling incoming messages from the client tokio::spawn(async move { while let Some(result) = input_stream.next().await { if let Err(err) = result { debug!("Error in input stream: {}", err); break; } if let Some(message_data) = result.unwrap().data { match message_data { NewNotifyToken(new_token) => { if let Err(err) = updateSessionItemDeviceToken(&session_id, &new_token) { error!( "Error in updating the device notification token in the database: {}", err.what() ); let writer_result = tx_writer( &session_id, &tx, Err( Status::internal( "Error in updating the device notification token in the database" ) ), ); if let Err(err) = writer_result.await { debug!( "Failed to write internal error to a channel: {}", err ); }; } } MessagesToSend(_) => (), ProcessedMessages(_) => (), } } } if let Err(err) = updateSessionItemIsOnline(&session_id, false) { error!( "Error in updating the session online state in the database: {}", err.what() ); } }); let output_stream = ReceiverStream::new(rx); Ok(Response::new( Box::pin(output_stream) as Self::MessagesStreamStream )) } // These empty old API handlers are deprecated and should be removed. // They are implemented only to fix the building process. async fn check_if_primary_device_online( &self, _request: Request, ) -> Result, Status> { Err(Status::cancelled("Deprecated")) } async fn become_new_primary_device( &self, _request: Request, ) -> Result, Status> { Err(Status::cancelled("Deprecated")) } async fn send_pong( &self, _request: Request, ) -> Result, Status> { Err(Status::cancelled("Deprecated")) } async fn send( &self, _request: Request, ) -> Result, Status> { Err(Status::cancelled("Deprecated")) } type GetStream = Pin< Box> + Send>, >; async fn get( &self, _request: Request, ) -> Result, Status> { Err(Status::cancelled("Deprecated")) } } pub async fn run_grpc_server() -> Result<()> { let addr = format!("[::1]:{}", constants::GRPC_SERVER_PORT).parse()?; Server::builder() .add_service(TunnelbrokerServiceServer::new( TunnelbrokerServiceHandlers::default(), )) .serve(addr) .await?; Ok(()) }