diff --git a/services/tunnelbroker/src/main.rs b/services/tunnelbroker/src/main.rs index 10a00fc0c..6fe72ca40 100644 --- a/services/tunnelbroker/src/main.rs +++ b/services/tunnelbroker/src/main.rs @@ -1,90 +1,89 @@ pub mod amqp; pub mod config; pub mod constants; pub mod database; pub mod error; pub mod grpc; pub mod identity; pub mod notifs; pub mod websockets; use crate::notifs::apns::APNsClient; use crate::notifs::fcm::FCMClient; use crate::notifs::NotifClient; use anyhow::{anyhow, Result}; use config::CONFIG; -use std::str::FromStr; use tracing::{self, error, info, Level}; use tracing_subscriber::EnvFilter; #[tokio::main] async fn main() -> Result<()> { let filter = EnvFilter::builder() .with_default_directive(Level::INFO.into()) .with_env_var(constants::LOG_LEVEL_ENV_VAR) .from_env_lossy(); let subscriber = tracing_subscriber::fmt().with_env_filter(filter).finish(); tracing::subscriber::set_global_default(subscriber) .expect("Unable to configure tracing"); config::parse_cmdline_args()?; let aws_config = config::load_aws_config().await; let db_client = database::DatabaseClient::new(&aws_config); let amqp_connection = amqp::connect().await; let apns_config = CONFIG.apns_config.clone(); let apns = match apns_config { Some(config) => match APNsClient::new(&config) { Ok(apns_client) => { info!("APNs client created successfully"); Some(apns_client) } Err(err) => { error!("Error creating APNs client: {}", err); None } }, None => { error!("APNs config is missing"); None } }; let fcm_config = CONFIG.fcm_config.clone(); let fcm = match fcm_config { Some(config) => match FCMClient::new(&config) { Ok(fcm_client) => { info!("FCM client created successfully"); Some(fcm_client) } Err(err) => { error!("Error creating FCM client: {}", err); None } }, None => { error!("FCM config is missing"); None } }; let notif_client = NotifClient { apns, fcm }; let grpc_server = grpc::run_server(db_client.clone(), &amqp_connection); let websocket_server = websockets::run_server( db_client.clone(), &amqp_connection, notif_client.clone(), ); tokio::select! { Ok(_) = grpc_server => { Ok(()) }, Ok(_) = websocket_server => { Ok(()) }, else => { tracing::error!("A grpc or websocket server crashed."); Err(anyhow!("A grpc or websocket server crashed.")) } } } diff --git a/services/tunnelbroker/src/notifs/apns/mod.rs b/services/tunnelbroker/src/notifs/apns/mod.rs index 63adac7de..8833a2eba 100644 --- a/services/tunnelbroker/src/notifs/apns/mod.rs +++ b/services/tunnelbroker/src/notifs/apns/mod.rs @@ -1,138 +1,137 @@ use crate::notifs::apns::config::APNsConfig; use crate::notifs::apns::error::Error::ResponseError; use crate::notifs::apns::headers::{NotificationHeaders, PushType}; use crate::notifs::apns::response::ErrorBody; use crate::notifs::apns::token::APNsToken; use reqwest::header::{HeaderMap, HeaderValue, AUTHORIZATION}; use reqwest::StatusCode; use serde::{Deserialize, Serialize}; -use serde_json::Value; use std::time::Duration; use tracing::debug; pub mod config; pub mod error; pub(crate) mod headers; mod response; pub mod token; #[derive(Clone)] pub struct APNsClient { http2_client: reqwest::Client, token: APNsToken, is_prod: bool, } #[derive(Serialize, Deserialize)] pub struct APNsNotif { pub device_token: String, pub headers: NotificationHeaders, pub payload: String, } impl APNsClient { pub fn new(config: &APNsConfig) -> Result { let token_ttl = Duration::from_secs(60 * 55); let token = APNsToken::new(config, token_ttl)?; let http2_client = reqwest::Client::builder() .http2_prior_knowledge() .http2_keep_alive_interval(Some(Duration::from_secs(5))) .http2_keep_alive_while_idle(true) .build()?; Ok(APNsClient { http2_client, token, is_prod: config.production, }) } async fn build_headers( &self, notif_headers: NotificationHeaders, ) -> Result { let mut headers = HeaderMap::new(); headers.insert( reqwest::header::CONTENT_TYPE, HeaderValue::from_static("application/json"), ); let bearer = self.token.get_bearer().await?; let token = format!("bearer {bearer}"); headers.insert(AUTHORIZATION, HeaderValue::from_str(&token)?); if let Some(apns_topic) = ¬if_headers.apns_topic { headers.insert("apns-topic", HeaderValue::from_str(apns_topic)?); } if let Some(apns_id) = ¬if_headers.apns_id { headers.insert("apns-id", HeaderValue::from_str(apns_id)?); } if let Some(push_type) = ¬if_headers.apns_push_type { let push_type_str = match push_type { PushType::Alert => "alert", PushType::Background => "background", PushType::Location => "location", PushType::Voip => "voip", PushType::Complication => "complication", PushType::FileProvider => "fileprovider", PushType::Mdm => "mdm", PushType::LiveActivity => "live", PushType::PushToTalk => "pushtotalk", }; headers.insert("apns-push-type", HeaderValue::from_static(push_type_str)); } if let Some(expiration) = notif_headers.apns_expiration { headers.insert("apns-expiration", HeaderValue::from(expiration)); } if let Some(priority) = notif_headers.apns_priority { headers.insert("apns-priority", HeaderValue::from(priority)); } if let Some(collapse_id) = ¬if_headers.apns_collapse_id { headers.insert("apns-collapse-id", HeaderValue::from_str(collapse_id)?); } Ok(headers) } fn get_endpoint(&self) -> &'static str { if self.is_prod { return "api.push.apple.com"; } "api.development.push.apple.com" } pub async fn send(&self, notif: APNsNotif) -> Result<(), error::Error> { - debug!("Sending notif to {}", notif.device_token); + debug!("Sending APNs notif to {}", notif.device_token); let headers = self.build_headers(notif.headers.clone()).await?; let url = format!( "https://{}/3/device/{}", self.get_endpoint(), notif.device_token ); let response = self .http2_client .post(url) .headers(headers.clone()) .body(notif.payload) .send() .await?; match response.status() { StatusCode::OK => Ok(()), _ => { let error_body: ErrorBody = response.json().await?; Err(ResponseError(error_body)) } } } } diff --git a/services/tunnelbroker/src/notifs/fcm/mod.rs b/services/tunnelbroker/src/notifs/fcm/mod.rs index 2d0631d8f..b2fd288e5 100644 --- a/services/tunnelbroker/src/notifs/fcm/mod.rs +++ b/services/tunnelbroker/src/notifs/fcm/mod.rs @@ -1,88 +1,88 @@ use crate::notifs::fcm::config::FCMConfig; use crate::notifs::fcm::error::Error::FCMError; use crate::notifs::fcm::firebase_message::{FCMMessage, FCMMessageWrapper}; use crate::notifs::fcm::response::FCMErrorResponse; use crate::notifs::fcm::token::FCMToken; use reqwest::header::{HeaderMap, HeaderValue, AUTHORIZATION}; use reqwest::StatusCode; use std::time::Duration; use tracing::{debug, error}; pub mod config; mod error; -mod firebase_message; +pub mod firebase_message; mod response; mod token; #[derive(Clone)] pub struct FCMClient { http_client: reqwest::Client, config: FCMConfig, token: FCMToken, } impl FCMClient { pub fn new(config: &FCMConfig) -> Result { let http_client = reqwest::Client::builder().build()?; // Token must be a short-lived token (60 minutes) and in a reasonable // timeframe. let token_ttl = Duration::from_secs(60 * 55); let token = FCMToken::new(&config.clone(), token_ttl)?; Ok(FCMClient { http_client, config: config.clone(), token, }) } pub async fn send(&self, message: FCMMessage) -> Result<(), error::Error> { let token = message.token.clone(); debug!("Sending FCM notif to {}", token); let mut headers = HeaderMap::new(); headers.insert( reqwest::header::CONTENT_TYPE, HeaderValue::from_static("application/json"), ); let bearer = self.token.get_auth_bearer().await?; headers.insert(AUTHORIZATION, HeaderValue::from_str(&bearer)?); let url = format!( "https://fcm.googleapis.com/v1/projects/{}/messages:send", self.config.project_id ); let msg_wrapper = FCMMessageWrapper { message }; let payload = serde_json::to_string(&msg_wrapper).unwrap(); let response = self .http_client .post(&url) .headers(headers) .body(payload) .send() .await?; match response.status() { StatusCode::OK => { debug!("Successfully sent FCM notif to {}", token); Ok(()) } error_status => { let body = response .text() .await .unwrap_or_else(|error| format!("Error occurred: {}", error)); error!( "Failed sending FCM notification to: {}. Status: {}. Body: {}", token, error_status, body ); let fcm_error = FCMErrorResponse::from_status(error_status, body); Err(FCMError(fcm_error)) } } } } diff --git a/services/tunnelbroker/src/websockets/session.rs b/services/tunnelbroker/src/websockets/session.rs index 1e7f2551f..fcd262c26 100644 --- a/services/tunnelbroker/src/websockets/session.rs +++ b/services/tunnelbroker/src/websockets/session.rs @@ -1,470 +1,532 @@ use crate::constants::{ CLIENT_RMQ_MSG_PRIORITY, DDB_RMQ_MSG_PRIORITY, MAX_RMQ_MSG_PRIORITY, RMQ_CONSUMER_TAG, }; use comm_lib::aws::ddb::error::SdkError; use comm_lib::aws::ddb::operation::put_item::PutItemError; use derive_more; use futures_util::stream::SplitSink; use futures_util::SinkExt; use futures_util::StreamExt; use hyper_tungstenite::{tungstenite::Message, WebSocketStream}; use lapin::message::Delivery; use lapin::options::{ BasicCancelOptions, BasicConsumeOptions, BasicPublishOptions, QueueDeclareOptions, QueueDeleteOptions, }; use lapin::types::FieldTable; use lapin::BasicProperties; use tokio::io::AsyncRead; use tokio::io::AsyncWrite; use tracing::{debug, error, info}; use tunnelbroker_messages::{ message_to_device_request_status::Failure, message_to_device_request_status::MessageSentStatus, session::DeviceTypes, Heartbeat, MessageToDevice, MessageToDeviceRequest, MessageToTunnelbroker, Messages, }; use crate::database::{self, DatabaseClient, MessageToDeviceExt}; use crate::identity; use crate::notifs::apns::headers::NotificationHeaders; use crate::notifs::apns::APNsNotif; +use crate::notifs::fcm::firebase_message::{ + AndroidConfig, AndroidMessagePriority, FCMMessage, +}; use crate::notifs::NotifClient; pub struct DeviceInfo { pub device_id: String, pub notify_token: Option, pub device_type: DeviceTypes, pub device_app_version: Option, pub device_os: Option, pub is_authenticated: bool, } pub struct WebsocketSession { tx: SplitSink, Message>, db_client: DatabaseClient, pub device_info: DeviceInfo, amqp_channel: lapin::Channel, // Stream of messages from AMQP endpoint amqp_consumer: lapin::Consumer, notif_client: NotifClient, } #[derive( Debug, derive_more::Display, derive_more::From, derive_more::Error, )] pub enum SessionError { InvalidMessage, SerializationError(serde_json::Error), MessageError(database::MessageErrors), AmqpError(lapin::Error), InternalError, UnauthorizedDevice, PersistenceError(SdkError), DatabaseError(comm_lib::database::Error), MissingAPNsClient, + MissingFCMClient, MissingDeviceToken, } // Parse a session request and retrieve the device information pub async fn handle_first_message_from_device( message: &str, ) -> Result { let serialized_message = serde_json::from_str::(message)?; match serialized_message { Messages::ConnectionInitializationMessage(mut session_info) => { let device_info = DeviceInfo { device_id: session_info.device_id.clone(), notify_token: session_info.notify_token.take(), device_type: session_info.device_type, device_app_version: session_info.device_app_version.take(), device_os: session_info.device_os.take(), is_authenticated: true, }; // Authenticate device debug!("Authenticating device: {}", &session_info.device_id); let auth_request = identity::verify_user_access_token( &session_info.user_id, &device_info.device_id, &session_info.access_token, ) .await; match auth_request { Err(e) => { error!("Failed to complete request to identity service: {:?}", e); return Err(SessionError::InternalError); } Ok(false) => { info!("Device failed authentication: {}", &session_info.device_id); return Err(SessionError::UnauthorizedDevice); } Ok(true) => { debug!( "Successfully authenticated device: {}", &session_info.device_id ); } } Ok(device_info) } Messages::AnonymousInitializationMessage(session_info) => { debug!( "Starting unauthenticated session with device: {}", &session_info.device_id ); let device_info = DeviceInfo { device_id: session_info.device_id, device_type: session_info.device_type, device_app_version: session_info.device_app_version, device_os: session_info.device_os, is_authenticated: false, notify_token: None, }; Ok(device_info) } _ => { debug!("Received invalid request"); Err(SessionError::InvalidMessage) } } } async fn publish_persisted_messages( db_client: &DatabaseClient, amqp_channel: &lapin::Channel, device_info: &DeviceInfo, ) -> Result<(), SessionError> { let messages = db_client .retrieve_messages(&device_info.device_id) .await .unwrap_or_else(|e| { error!("Error while retrieving messages: {}", e); Vec::new() }); for message in messages { let message_to_device = MessageToDevice::from_hashmap(message)?; let serialized_message = serde_json::to_string(&message_to_device)?; amqp_channel .basic_publish( "", &message_to_device.device_id, BasicPublishOptions::default(), serialized_message.as_bytes(), BasicProperties::default().with_priority(DDB_RMQ_MSG_PRIORITY), ) .await?; } debug!("Flushed messages for device: {}", &device_info.device_id); Ok(()) } pub async fn initialize_amqp( db_client: DatabaseClient, frame: Message, amqp_channel: &lapin::Channel, ) -> Result<(DeviceInfo, lapin::Consumer), SessionError> { let device_info = match frame { Message::Text(payload) => { handle_first_message_from_device(&payload).await? } _ => { error!("Client sent wrong frame type for establishing connection"); return Err(SessionError::InvalidMessage); } }; let mut args = FieldTable::default(); args.insert("x-max-priority".into(), MAX_RMQ_MSG_PRIORITY.into()); amqp_channel .queue_declare(&device_info.device_id, QueueDeclareOptions::default(), args) .await?; publish_persisted_messages(&db_client, amqp_channel, &device_info).await?; let amqp_consumer = amqp_channel .basic_consume( &device_info.device_id, RMQ_CONSUMER_TAG, BasicConsumeOptions::default(), FieldTable::default(), ) .await?; Ok((device_info, amqp_consumer)) } impl WebsocketSession { pub fn new( tx: SplitSink, Message>, db_client: DatabaseClient, device_info: DeviceInfo, amqp_channel: lapin::Channel, amqp_consumer: lapin::Consumer, notif_client: NotifClient, ) -> Self { Self { tx, db_client, device_info, amqp_channel, amqp_consumer, notif_client, } } pub async fn handle_message_to_device( &self, message_request: &MessageToDeviceRequest, ) -> Result<(), SessionError> { let message_id = self .db_client .persist_message( &message_request.device_id, &message_request.payload, &message_request.client_message_id, ) .await?; let message_to_device = MessageToDevice { device_id: message_request.device_id.clone(), payload: message_request.payload.clone(), message_id: message_id.clone(), }; let serialized_message = serde_json::to_string(&message_to_device)?; let publish_result = self .amqp_channel .basic_publish( "", &message_request.device_id, BasicPublishOptions::default(), serialized_message.as_bytes(), BasicProperties::default().with_priority(CLIENT_RMQ_MSG_PRIORITY), ) .await; if let Err(publish_error) = publish_result { self .db_client .delete_message(&self.device_info.device_id, &message_id) .await .expect("Error deleting message"); return Err(SessionError::AmqpError(publish_error)); } Ok(()) } pub async fn handle_message_to_tunnelbroker( &self, message_to_tunnelbroker: &MessageToTunnelbroker, ) -> Result<(), SessionError> { match message_to_tunnelbroker { MessageToTunnelbroker::SetDeviceToken(token) => { self .db_client .set_device_token(&self.device_info.device_id, &token.device_token) .await?; } } Ok(()) } pub async fn handle_websocket_frame_from_device( &mut self, msg: String, ) -> Option { let Ok(serialized_message) = serde_json::from_str::(&msg) else { return Some(MessageSentStatus::SerializationError(msg)); }; match serialized_message { Messages::Heartbeat(Heartbeat {}) => { debug!("Received heartbeat from: {}", self.device_info.device_id); None } Messages::MessageReceiveConfirmation(confirmation) => { for message_id in confirmation.message_ids { if let Err(e) = self .db_client .delete_message(&self.device_info.device_id, &message_id) .await { error!("Failed to delete message: {}:", e); } } None } Messages::MessageToDeviceRequest(message_request) => { // unauthenticated clients cannot send messages if !self.device_info.is_authenticated { debug!( "Unauthenticated device {} tried to send text message. Aborting.", self.device_info.device_id ); return Some(MessageSentStatus::Unauthenticated); } debug!("Received message for {}", message_request.device_id); let result = self.handle_message_to_device(&message_request).await; Some(self.get_message_to_device_status( &message_request.client_message_id, result, )) } Messages::MessageToTunnelbrokerRequest(message_request) => { // unauthenticated clients cannot send messages if !self.device_info.is_authenticated { debug!( "Unauthenticated device {} tried to send text message. Aborting.", self.device_info.device_id ); return Some(MessageSentStatus::Unauthenticated); } debug!("Received message for Tunnelbroker"); let Ok(message_to_tunnelbroker) = serde_json::from_str(&message_request.payload) else { return Some(MessageSentStatus::SerializationError( message_request.payload, )); }; let result = self .handle_message_to_tunnelbroker(&message_to_tunnelbroker) .await; Some(self.get_message_to_device_status( &message_request.client_message_id, result, )) } Messages::APNsNotif(notif) => { // unauthenticated clients cannot send notifs if !self.device_info.is_authenticated { debug!( "Unauthenticated device {} tried to send text notif. Aborting.", self.device_info.device_id ); return Some(MessageSentStatus::Unauthenticated); } debug!("Received APNs notif for {}", notif.device_id); let Ok(headers) = serde_json::from_str::(¬if.headers) else { return Some(MessageSentStatus::SerializationError(notif.headers)); }; let device_token = match self.db_client.get_device_token(¬if.device_id).await { Ok(db_token) => { let Some(token) = db_token else { return Some(self.get_message_to_device_status( ¬if.client_message_id, Err(SessionError::MissingDeviceToken), )); }; token } Err(e) => { return Some(self.get_message_to_device_status( ¬if.client_message_id, Err(SessionError::DatabaseError(e)), )); } }; let apns_notif = APNsNotif { device_token, headers, payload: notif.payload, }; if let Some(apns) = self.notif_client.apns.clone() { let response = apns.send(apns_notif).await; return Some( self .get_message_to_device_status(¬if.client_message_id, response), ); } Some(self.get_message_to_device_status( ¬if.client_message_id, Err(SessionError::MissingAPNsClient), )) } + Messages::FCMNotif(notif) => { + // unauthenticated clients cannot send notifs + if !self.device_info.is_authenticated { + debug!( + "Unauthenticated device {} tried to send text notif. Aborting.", + self.device_info.device_id + ); + return Some(MessageSentStatus::Unauthenticated); + } + debug!("Received FCM notif for {}", notif.device_id); + + let Some(priority) = AndroidMessagePriority::from_str(¬if.priority) + else { + return Some(MessageSentStatus::SerializationError(notif.priority)); + }; + + let Ok(data) = serde_json::from_str(¬if.data) else { + return Some(MessageSentStatus::SerializationError(notif.data)); + }; + + let device_token = + match self.db_client.get_device_token(¬if.device_id).await { + Ok(db_token) => { + let Some(token) = db_token else { + return Some(self.get_message_to_device_status( + ¬if.client_message_id, + Err(SessionError::MissingDeviceToken), + )); + }; + token + } + Err(e) => { + return Some(self.get_message_to_device_status( + ¬if.client_message_id, + Err(SessionError::DatabaseError(e)), + )); + } + }; + + let fcm_message = FCMMessage { + data, + token: device_token.to_string(), + android: AndroidConfig { priority }, + }; + + if let Some(fcm) = self.notif_client.fcm.clone() { + let response = fcm.send(fcm_message).await; + return Some( + self + .get_message_to_device_status(¬if.client_message_id, response), + ); + } + + Some(self.get_message_to_device_status( + ¬if.client_message_id, + Err(SessionError::MissingFCMClient), + )) + } _ => { error!("Client sent invalid message type"); Some(MessageSentStatus::InvalidRequest) } } } pub async fn next_amqp_message( &mut self, ) -> Option> { self.amqp_consumer.next().await } pub async fn send_message_to_device(&mut self, message: Message) { if let Err(e) = self.tx.send(message).await { error!("Failed to send message to device: {}", e); } } // Release WebSocket and remove from active connections pub async fn close(&mut self) { if let Err(e) = self.tx.close().await { debug!("Failed to close WebSocket session: {}", e); } if let Err(e) = self .amqp_channel .basic_cancel( self.amqp_consumer.tag().as_str(), BasicCancelOptions::default(), ) .await { error!("Failed to cancel consumer: {}", e); } if let Err(e) = self .amqp_channel .queue_delete( self.device_info.device_id.as_str(), QueueDeleteOptions::default(), ) .await { error!("Failed to delete queue: {}", e); } } pub fn get_message_to_device_status( &mut self, client_message_id: &str, result: Result<(), E>, ) -> MessageSentStatus where E: std::error::Error, { match result { Ok(()) => MessageSentStatus::Success(client_message_id.to_string()), Err(err) => MessageSentStatus::Error(Failure { id: client_message_id.to_string(), error: err.to_string(), }), } } }