hashtree_cli/server/

mod.rs

mod auth;
pub mod blossom;
mod handlers;
mod mime;
#[cfg(feature = "p2p")]
pub mod stun;
mod ui;
mod ws_relay;

use crate::nostr_relay::NostrRelay;
use crate::socialgraph;
use crate::storage::HashtreeStore;
use crate::webrtc::WebRTCState;
use anyhow::Result;
use axum::{
    extract::DefaultBodyLimit,
    middleware,
    routing::{get, post, put},
    Router,
};
use std::collections::HashSet;
use std::sync::Arc;
use tower_http::cors::CorsLayer;

pub use auth::{AppState, AuthCredentials};

pub struct HashtreeServer {
    state: AppState,
    addr: String,
    extra_routes: Option<Router<AppState>>,
    cors: Option<CorsLayer>,
}

impl HashtreeServer {
    pub fn new(store: Arc<HashtreeStore>, addr: String) -> Self {
        Self {
            state: AppState {
                store,
                auth: None,
                webrtc_peers: None,
                ws_relay: Arc::new(auth::WsRelayState::new()),
                max_upload_bytes: 5 * 1024 * 1024, // 5 MB default
                public_writes: true,               // Allow anyone with valid Nostr auth by default
                allowed_pubkeys: HashSet::new(), // No pubkeys allowed by default (use public_writes)
                upstream_blossom: Vec::new(),
                social_graph: None,
                social_graph_store: None,
                social_graph_root: None,
                socialgraph_snapshot_public: false,
                nostr_relay: None,
                tree_root_cache: Arc::new(std::sync::Mutex::new(std::collections::HashMap::new())),
            },
            addr,
            extra_routes: None,
            cors: None,
        }
    }

    /// Set maximum upload size for Blossom uploads
    pub fn with_max_upload_bytes(mut self, bytes: usize) -> Self {
        self.state.max_upload_bytes = bytes;
        self
    }

    /// Set whether to allow public writes (anyone with valid Nostr auth)
    /// When false, only social graph members can write
    pub fn with_public_writes(mut self, public: bool) -> Self {
        self.state.public_writes = public;
        self
    }

    /// Set WebRTC state for P2P peer queries
    pub fn with_webrtc_peers(mut self, webrtc_state: Arc<WebRTCState>) -> Self {
        self.state.webrtc_peers = Some(webrtc_state);
        self
    }

    pub fn with_auth(mut self, username: String, password: String) -> Self {
        self.state.auth = Some(AuthCredentials { username, password });
        self
    }

    /// Set allowed pubkeys for blossom write access (hex format)
    pub fn with_allowed_pubkeys(mut self, pubkeys: HashSet<String>) -> Self {
        self.state.allowed_pubkeys = pubkeys;
        self
    }

    /// Set upstream Blossom servers for cascade fetching
    pub fn with_upstream_blossom(mut self, servers: Vec<String>) -> Self {
        self.state.upstream_blossom = servers;
        self
    }

    /// Set social graph access control
    pub fn with_social_graph(mut self, sg: Arc<socialgraph::SocialGraphAccessControl>) -> Self {
        self.state.social_graph = Some(sg);
        self
    }

    /// Configure social graph snapshot export (store handle + root)
    pub fn with_socialgraph_snapshot(
        mut self,
        store: Arc<dyn socialgraph::SocialGraphBackend>,
        root: [u8; 32],
        public: bool,
    ) -> Self {
        self.state.social_graph_store = Some(store);
        self.state.social_graph_root = Some(root);
        self.state.socialgraph_snapshot_public = public;
        self
    }

    /// Set Nostr relay state (shared for /ws and WebRTC)
    pub fn with_nostr_relay(mut self, relay: Arc<NostrRelay>) -> Self {
        self.state.nostr_relay = Some(relay);
        self
    }

    /// Merge extra routes into the daemon router (e.g. Tauri embeds /nip07).
    pub fn with_extra_routes(mut self, routes: Router<AppState>) -> Self {
        self.extra_routes = Some(routes);
        self
    }

    /// Apply a CORS layer to all routes (used by embedded clients like Tauri).
    pub fn with_cors(mut self, cors: CorsLayer) -> Self {
        self.cors = Some(cors);
        self
    }

    pub async fn run(self) -> Result<()> {
        let listener = tokio::net::TcpListener::bind(&self.addr).await?;
        let _ = self.run_with_listener(listener).await?;
        Ok(())
    }

    pub async fn run_with_listener(self, listener: tokio::net::TcpListener) -> Result<u16> {
        let local_addr = listener.local_addr()?;

        // Public endpoints (no auth required)
        // Note: /:id serves both CID and blossom SHA256 hash lookups
        // The handler differentiates based on hash format (64 char hex = blossom)
        let state = self.state.clone();
        let public_routes = Router::new()
            .route("/", get(handlers::serve_root))
            .route("/ws", get(ws_relay::ws_data))
            .route(
                "/htree/test",
                get(handlers::htree_test).head(handlers::htree_test),
            )
            // /htree/nhash1...[/path] - content-addressed (immutable)
            .route("/htree/nhash1:nhash", get(handlers::htree_nhash))
            .route("/htree/nhash1:nhash/", get(handlers::htree_nhash))
            .route("/htree/nhash1:nhash/*path", get(handlers::htree_nhash_path))
            // /htree/npub1.../tree[/path] - mutable (resolver-backed)
            .route("/htree/npub1:npub/:treename", get(handlers::htree_npub))
            .route("/htree/npub1:npub/:treename/", get(handlers::htree_npub))
            .route(
                "/htree/npub1:npub/:treename/*path",
                get(handlers::htree_npub_path),
            )
            // Nostr resolver endpoints - resolve npub/treename to content
            .route("/n/:pubkey/:treename", get(handlers::resolve_and_serve))
            // Direct npub route (clients should parse nhash and request by hex hash)
            .route("/npub1:rest", get(handlers::serve_npub))
            // Blossom endpoints (BUD-01, BUD-02)
            .route(
                "/:id",
                get(handlers::serve_content_or_blob)
                    .head(blossom::head_blob)
                    .delete(blossom::delete_blob)
                    .options(blossom::cors_preflight),
            )
            .route(
                "/upload",
                put(blossom::upload_blob).options(blossom::cors_preflight),
            )
            .route(
                "/list/:pubkey",
                get(blossom::list_blobs).options(blossom::cors_preflight),
            )
            // Hashtree API endpoints
            .route("/health", get(handlers::health_check))
            .route("/api/pins", get(handlers::list_pins))
            .route("/api/stats", get(handlers::storage_stats))
            .route("/api/peers", get(handlers::webrtc_peers))
            .route("/api/status", get(handlers::daemon_status))
            .route("/api/socialgraph", get(handlers::socialgraph_stats))
            .route(
                "/api/socialgraph/snapshot",
                get(handlers::socialgraph_snapshot),
            )
            .route(
                "/api/socialgraph/distance/:pubkey",
                get(handlers::follow_distance),
            )
            // Resolver API endpoints
            .route(
                "/api/resolve/:pubkey/:treename",
                get(handlers::resolve_to_hash),
            )
            .route(
                "/api/nostr/resolve/:pubkey/:treename",
                get(handlers::resolve_to_hash),
            )
            .route("/api/trees/:pubkey", get(handlers::list_trees))
            .with_state(state.clone());

        // Protected endpoints (require auth if enabled)
        let protected_routes = Router::new()
            .route("/upload", post(handlers::upload_file))
            .route("/api/pin/:cid", post(handlers::pin_cid))
            .route("/api/unpin/:cid", post(handlers::unpin_cid))
            .route("/api/gc", post(handlers::garbage_collect))
            .layer(middleware::from_fn_with_state(
                state.clone(),
                auth::auth_middleware,
            ))
            .with_state(state.clone());

        let mut app = public_routes
            .merge(protected_routes)
            .layer(DefaultBodyLimit::max(10 * 1024 * 1024 * 1024)); // 10GB limit

        if let Some(extra) = self.extra_routes {
            app = app.merge(extra.with_state(state));
        }

        if let Some(cors) = self.cors {
            app = app.layer(cors);
        }

        axum::serve(
            listener,
            app.into_make_service_with_connect_info::<std::net::SocketAddr>(),
        )
        .await?;

        Ok(local_addr.port())
    }

    pub fn addr(&self) -> &str {
        &self.addr
    }
}

#[cfg(test)]
mod tests {
    use super::*;
    use crate::storage::HashtreeStore;
    use hashtree_core::from_hex;
    use tempfile::TempDir;

    #[tokio::test]
    async fn test_server_serve_file() -> Result<()> {
        let temp_dir = TempDir::new()?;
        let store = Arc::new(HashtreeStore::new(temp_dir.path().join("db"))?);

        // Create and upload a test file
        let test_file = temp_dir.path().join("test.txt");
        std::fs::write(&test_file, b"Hello, Hashtree!")?;

        let cid = store.upload_file(&test_file)?;
        let hash = from_hex(&cid)?;

        // Verify we can get it
        let content = store.get_file(&hash)?;
        assert!(content.is_some());
        assert_eq!(content.unwrap(), b"Hello, Hashtree!");

        Ok(())
    }

    #[tokio::test]
    async fn test_server_list_pins() -> Result<()> {
        let temp_dir = TempDir::new()?;
        let store = Arc::new(HashtreeStore::new(temp_dir.path().join("db"))?);

        let test_file = temp_dir.path().join("test.txt");
        std::fs::write(&test_file, b"Test")?;

        let cid = store.upload_file(&test_file)?;
        let hash = from_hex(&cid)?;

        let pins = store.list_pins_raw()?;
        assert_eq!(pins.len(), 1);
        assert_eq!(pins[0], hash);

        Ok(())
    }
}