subduction_http_longpoll 0.8.0

HTTP long-poll transport layer for the Subduction sync protocol
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400

//! Hyper-based HTTP server for long-poll transport.
//!
//! Handles incoming HTTP requests and routes them to the appropriate handler:
//!
//! | Endpoint            | Method | Purpose                               |
//! |---------------------|--------|---------------------------------------|
//! | `/lp/handshake`     | POST   | Ed25519 mutual authentication         |
//! | `/lp/send`          | POST   | Client sends a message to the server  |
//! | `/lp/recv`          | POST   | Client long-polls for the next message|
//! | `/lp/disconnect`    | POST   | Clean session teardown                |
//!
//! The server is designed to run alongside a WebSocket server on the same
//! TCP listener by dispatching based on request path.

use alloc::{string::ToString, sync::Arc, vec::Vec};
use core::time::Duration;

use async_lock::Mutex;
use http_body_util::{BodyExt, Full, Limited};
use hyper::{
    Method, Request, Response, StatusCode,
    body::{Bytes, Incoming},
};
use subduction_core::{
    authenticated::Authenticated,
    handshake::{self, audience::Audience},
    nonce_cache::NonceCache,
    peer::id::PeerId,
    timeout::Timeout,
    timestamp::TimestampSeconds,
};
use subduction_crypto::signer::Signer;

use future_form::{FutureForm, Sendable};
use futures::{FutureExt, future::BoxFuture};

use crate::{
    DEFAULT_MAX_BODY_SIZE, DEFAULT_POLL_TIMEOUT_SECS, SESSION_ID_HEADER,
    error::ServerError,
    session::{SessionEntry, SessionId, SessionStore},
    transport::HttpLongPollTransport,
};

/// Server-side handler state, shared across request handlers.
#[derive(Debug, Clone)]
pub struct LongPollHandler<Sig, O: Timeout<Sendable> + Send + Sync> {
    sessions: SessionStore,
    signer: Sig,
    nonce_cache: Arc<NonceCache>,
    our_peer_id: PeerId,
    discovery_audience: Option<Audience>,
    handshake_max_drift: Duration,
    timeout: O,
    max_body_size: usize,
    poll_timeout: Duration,
}

impl<Sig: Signer<Sendable> + Clone + Send + Sync, O: Timeout<Sendable> + Clone + Send + Sync>
    LongPollHandler<Sig, O>
{
    /// Create a new long-poll handler.
    #[must_use]
    pub fn new(
        signer: Sig,
        nonce_cache: Arc<NonceCache>,
        our_peer_id: PeerId,
        discovery_audience: Option<Audience>,
        handshake_max_drift: Duration,
        timeout: O,
    ) -> Self {
        Self {
            sessions: SessionStore::new(),
            signer,
            nonce_cache,
            our_peer_id,
            discovery_audience,
            handshake_max_drift,
            timeout,
            max_body_size: DEFAULT_MAX_BODY_SIZE,
            poll_timeout: Duration::from_secs(DEFAULT_POLL_TIMEOUT_SECS),
        }
    }

    /// Set the maximum request body size.
    #[must_use]
    pub const fn with_max_body_size(mut self, size: usize) -> Self {
        self.max_body_size = size;
        self
    }

    /// Set the long-poll timeout.
    #[must_use]
    pub const fn with_poll_timeout(mut self, timeout: Duration) -> Self {
        self.poll_timeout = timeout;
        self
    }

    /// Access the session store.
    #[must_use]
    pub const fn sessions(&self) -> &SessionStore {
        &self.sessions
    }

    /// Route an incoming HTTP request to the appropriate handler.
    ///
    /// Returns an HTTP response. Application errors are mapped to
    /// appropriate status codes — the only way this returns `Err` is if
    /// hyper's response builder itself fails (a bug, not a runtime condition).
    ///
    /// # Errors
    ///
    /// Returns `ServerError` if neither the handler nor the fallback
    /// error response could be built.
    pub async fn handle(
        &self,
        req: Request<Incoming>,
    ) -> Result<Response<Full<Bytes>>, ServerError> {
        let method = req.method().clone();
        let path = req.uri().path();

        tracing::debug!("HTTP long-poll: {method} {path}");

        let response = match (&method, path) {
            (&Method::POST, "/lp/handshake") => self.handle_handshake(req).await,
            (&Method::POST, "/lp/send") => self.handle_send(req).await,
            (&Method::POST, "/lp/recv") => self.handle_recv(req).await,
            (&Method::POST, "/lp/disconnect") => self.handle_disconnect(req).await,
            _ => Response::builder()
                .status(StatusCode::NOT_FOUND)
                .body(Full::new(Bytes::from_static(b"not found")))
                .map_err(ServerError::from),
        };

        match response {
            Ok(resp) => Ok(resp),
            Err(e) => {
                tracing::error!("handler error: {e}");
                Ok(error_response(StatusCode::INTERNAL_SERVER_ERROR, &e)?)
            }
        }
    }

    /// Handle `POST /lp/handshake`.
    ///
    /// The client sends `Signed<Challenge>` bytes in the request body.
    /// The server responds with `Signed<Response>` bytes and a session ID header.
    async fn handle_handshake(
        &self,
        req: Request<Incoming>,
    ) -> Result<Response<Full<Bytes>>, ServerError> {
        let body = read_body(req, self.max_body_size).await?;

        let response_slot: Arc<Mutex<Option<Vec<u8>>>> = Arc::new(Mutex::new(None));

        let http_handshake = HttpHandshake {
            challenge_bytes: Some(body),
            response_slot: response_slot.clone(),
        };

        let now = TimestampSeconds::now();

        let result = handshake::respond::<Sendable, _, _, _, _>(
            http_handshake,
            |_handshake, peer_id| {
                let conn = HttpLongPollTransport::new(peer_id);
                (conn.clone(), conn)
            },
            &self.signer,
            &self.nonce_cache,
            self.our_peer_id,
            self.discovery_audience,
            now,
            self.handshake_max_drift,
        )
        .await;

        let response_bytes = response_slot.lock().await.take();

        match result {
            Ok((authenticated, conn)) => {
                let peer_id = authenticated.peer_id();
                let session_id = SessionId::random();

                tracing::info!(
                    "HTTP long-poll handshake complete: peer {peer_id}, session {session_id}"
                );

                self.sessions
                    .insert(
                        session_id,
                        SessionEntry {
                            peer_id,
                            connection: conn.clone(),
                            authenticated: Some(authenticated),
                        },
                    )
                    .await;

                let response_bytes = response_bytes.ok_or(ServerError::HandshakeNoResponse)?;

                Ok(Response::builder()
                    .status(StatusCode::OK)
                    .header(SESSION_ID_HEADER, session_id.to_hex())
                    .header("content-type", "application/octet-stream")
                    .body(Full::new(Bytes::from(response_bytes)))?)
            }
            Err(e) => {
                tracing::warn!("handshake failed: {e}");

                if let Some(response_bytes) = response_bytes {
                    Ok(Response::builder()
                        .status(StatusCode::UNAUTHORIZED)
                        .header("content-type", "application/octet-stream")
                        .body(Full::new(Bytes::from(response_bytes)))?)
                } else {
                    Ok(Response::builder()
                        .status(StatusCode::UNAUTHORIZED)
                        .body(Full::new(Bytes::from(e.to_string())))?)
                }
            }
        }
    }

    /// Handle `POST /lp/send`.
    ///
    /// The client sends a binary-encoded message in the body.
    async fn handle_send(
        &self,
        req: Request<Incoming>,
    ) -> Result<Response<Full<Bytes>>, ServerError> {
        let session_id = extract_session_id(&req)?;
        let entry = self
            .sessions
            .get(&session_id)
            .await
            .ok_or(ServerError::SessionNotFound)?;

        let body = read_body(req, self.max_body_size).await?;

        tracing::debug!(
            "POST /lp/send: peer {} ({} bytes)",
            entry.peer_id,
            body.len()
        );

        entry
            .connection
            .push_inbound(body)
            .await
            .map_err(|_| ServerError::ChanSend)?;

        Ok(Response::builder()
            .status(StatusCode::NO_CONTENT)
            .body(Full::new(Bytes::new()))?)
    }

    /// Handle `POST /lp/recv`.
    ///
    /// Long-polls until an outbound message is available or the poll timeout expires.
    async fn handle_recv(
        &self,
        req: Request<Incoming>,
    ) -> Result<Response<Full<Bytes>>, ServerError> {
        let session_id = extract_session_id(&req)?;
        let entry = self
            .sessions
            .get(&session_id)
            .await
            .ok_or(ServerError::SessionNotFound)?;

        tracing::debug!("POST /lp/recv: peer {} waiting...", entry.peer_id);

        let pull_fut = Sendable::from_future(async move { entry.connection.pull_outbound().await });

        match self.timeout.timeout(self.poll_timeout, pull_fut).await {
            Ok(Ok(bytes)) => {
                tracing::debug!("POST /lp/recv: delivering {} bytes", bytes.len());
                Ok(Response::builder()
                    .status(StatusCode::OK)
                    .header("content-type", "application/octet-stream")
                    .body(Full::new(Bytes::from(bytes)))?)
            }
            Ok(Err(_)) => {
                tracing::debug!("POST /lp/recv: channel closed");
                Ok(Response::builder()
                    .status(StatusCode::GONE)
                    .body(Full::new(Bytes::from_static(b"session closed")))?)
            }
            Err(_timed_out) => {
                tracing::debug!("POST /lp/recv: poll timeout");
                Ok(Response::builder()
                    .status(StatusCode::NO_CONTENT)
                    .body(Full::new(Bytes::new()))?)
            }
        }
    }

    /// Handle `POST /lp/disconnect`.
    async fn handle_disconnect(
        &self,
        req: Request<Incoming>,
    ) -> Result<Response<Full<Bytes>>, ServerError> {
        let session_id = extract_session_id(&req)?;

        if let Some(entry) = self.sessions.remove(&session_id).await {
            tracing::info!(
                "POST /lp/disconnect: peer {} session {session_id}",
                entry.peer_id
            );
            entry.connection.close();
        }

        Ok(Response::builder()
            .status(StatusCode::NO_CONTENT)
            .body(Full::new(Bytes::new()))?)
    }

    /// Take the authenticated connection for a session (for Subduction registration).
    ///
    /// This removes the `Authenticated` wrapper from the session entry.
    /// The caller is responsible for registering it with `Subduction`.
    pub async fn take_authenticated(
        &self,
        session_id: &SessionId,
    ) -> Option<Authenticated<HttpLongPollTransport, Sendable>> {
        let mut sessions = self.sessions.sessions.lock().await;
        sessions
            .get_mut(session_id)
            .and_then(|entry| entry.authenticated.take())
    }
}

/// In-memory handshake transport for HTTP request-response.
///
/// Satisfies the `Handshake<Sendable>` trait by:
/// 1. Yielding pre-loaded challenge bytes on `recv()`
/// 2. Storing response bytes in a shared slot on `send()`
///
/// After `respond()` completes, the caller reads the response bytes
/// from the shared `response_slot`.
struct HttpHandshake {
    challenge_bytes: Option<Vec<u8>>,
    response_slot: Arc<Mutex<Option<Vec<u8>>>>,
}

impl subduction_core::handshake::Handshake<Sendable> for HttpHandshake {
    type Error = ServerError;

    fn send(&mut self, bytes: Vec<u8>) -> BoxFuture<'_, Result<(), Self::Error>> {
        let slot = self.response_slot.clone();
        async move {
            *slot.lock().await = Some(bytes);
            Ok(())
        }
        .boxed()
    }

    fn recv(&mut self) -> BoxFuture<'_, Result<Vec<u8>, Self::Error>> {
        let bytes = self.challenge_bytes.take();
        async move { bytes.ok_or(ServerError::HandshakeNoChallenge) }.boxed()
    }
}

/// Extract the session ID from the `X-Session-Id` header.
fn extract_session_id<T>(req: &Request<T>) -> Result<SessionId, ServerError> {
    let header_value = req
        .headers()
        .get(SESSION_ID_HEADER)
        .ok_or(ServerError::InvalidSessionId)?;

    let header_str = header_value
        .to_str()
        .map_err(|_| ServerError::InvalidSessionId)?;

    SessionId::from_hex(header_str).ok_or(ServerError::InvalidSessionId)
}

/// Read the request body up to `max_size` bytes.
///
/// Uses [`Limited`] to enforce the size limit at the streaming level,
/// rejecting oversized bodies before they are fully buffered in memory.
async fn read_body(req: Request<Incoming>, max_size: usize) -> Result<Vec<u8>, ServerError> {
    let limited = Limited::new(req.into_body(), max_size);
    let collected = limited
        .collect()
        .await
        .map_err(|_| ServerError::BodyTooLarge)?;

    Ok(collected.to_bytes().to_vec())
}

/// Build a simple error response.
fn error_response(
    status: StatusCode,
    err: &ServerError,
) -> Result<Response<Full<Bytes>>, hyper::http::Error> {
    Response::builder()
        .status(status)
        .body(Full::new(Bytes::from(err.to_string())))
}