siem_connector/

lib.rs

//! Shared connector runtime for SIEM Studio apps.
//!
//! This crate extracts the ~1500 lines of duplicated infrastructure from each
//! SIEM connector binary (Devo Studio, Splunk Studio, etc.) into a single
//! reusable framework.  A new connector binary shrinks to ~50-80 lines:
//!
//! 1. Load env config, create your provider, call `probe()`.
//! 2. Implement [`SiemConnectorApp`] (app name, icon, Dioxus entry point, provider).
//! 3. Call [`run`]`(app).await`.
//!
//! # What this crate handles
//!
//! | Module | What it does |
//! |--------|------|
//! | [`ipc`] | Unix socket / named pipe transport |
//! | [`session`] | JWT token + display name storage |
//! | [`token_refresh`] | Background JWT refresh loop |
//! | [`ott_auth`] | RSA keypair, Keycloak OAuth, credential persistence |
//! | [`ws_proxy`] | Bidirectional WS relay (Matrix <-> Dioxus) |
//! | [`dioxus_server`] | LiveView IPC server + HTML rewriting |
//! | [`capability`] | Generic siem.* dispatch using `dyn SiemProvider` |
//! | [`registration`] | Registration message building |
//! | [`run`] | Orchestrates everything |
//!
//! # Environment variables
//!
//! | Variable | Required | Description |
//! |---|---|---|
//! | `STRIKE48_URL` / `STRIKE48_HOST` | Yes | Matrix gRPC endpoint |
//! | `TENANT_ID` | Yes | Tenant identifier |
//! | `INSTANCE_ID` | No | Unique instance ID (auto-generated if unset) |
//! | `CONNECTOR_NAME` | No | Override the default connector type |
//! | `STRIKEHUB_SOCKET` | No | Override the IPC socket path (Unix only) |
//! | `STRIKE48_API_URL` | No | Matrix API base URL (for OTT registration + token refresh) |
//! | `MATRIX_KEYS_DIR` | No | Override keypair storage (default: `~/.matrix/keys/`) |
//! | `MATRIX_TLS_INSECURE` | No | Set to `"true"` to skip TLS verification |
//!
//! # Adding a new SIEM connector
//!
//! ```rust,ignore
//! struct MyApp { provider: Option<Arc<dyn SiemProvider>> }
//!
//! impl SiemConnectorApp for MyApp {
//!     fn app_name(&self) -> &str { "My SIEM" }
//!     fn app_icon(&self) -> &str { "hero-shield-check" }
//!     fn default_connector_type(&self) -> &str { "app-my-siem" }
//!     fn nav_order(&self) -> u32 { 32 }
//!     fn dioxus_app(&self) -> fn() -> dioxus::prelude::Element { MyDioxusApp }
//!     fn ipc_prefix(&self) -> &str { "my-siem-connector" }
//!     fn provider(&self) -> Option<Arc<dyn SiemProvider>> { self.provider.clone() }
//! }
//!
//! #[tokio::main]
//! async fn main() -> anyhow::Result<()> {
//!     let app = MyApp { provider: /* ... */ };
//!     siem_connector::run(app).await
//! }
//! ```

pub mod capability;
pub mod construct_proxy;
pub mod dioxus_server;
pub mod ipc;
pub mod message_loop;
pub mod ott_auth;
pub mod registration;
pub mod session;
pub mod token_refresh;
pub mod ws_proxy;

use std::sync::Arc;

/// What each SIEM connector provides to the shared framework.
///
/// Implement this trait in your connector binary and pass it to [`run`].
/// All the boilerplate (IPC transport, OTT auth, WS proxying, capability
/// dispatch, heartbeat, reconnection) is handled by the framework.
pub trait SiemConnectorApp: Send + Sync + 'static {
    /// Human-readable application name shown in the Matrix sidebar.
    ///
    /// Examples: `"Devo Studio"`, `"Splunk Studio"`.
    fn app_name(&self) -> &str;

    /// Hero icon identifier for the sidebar entry.
    ///
    /// Examples: `"hero-shield-exclamation"`, `"hero-shield-check"`.
    fn app_icon(&self) -> &str;

    /// Connector type registered with Matrix (used in `RegisterConnectorRequest`).
    ///
    /// Can be overridden at runtime by the `CONNECTOR_NAME` env var.
    ///
    /// Examples: `"app-devo-studio"`, `"app-splunk-studio"`.
    fn default_connector_type(&self) -> &str;

    /// Sidebar ordering weight (lower = higher in the list).
    fn nav_order(&self) -> u32;

    /// Zero-capture Dioxus app entry point (`fn() -> Element`).
    ///
    /// This function must read its `DataContext` from a global/static, since
    /// Dioxus LiveView requires a bare function pointer.
    fn dioxus_app(&self) -> fn() -> dioxus::prelude::Element;

    /// Prefix used for IPC socket/pipe names.
    ///
    /// The socket will be `/tmp/{prefix}-{pid}.sock` on Unix or
    /// `\\.\pipe\{prefix}-{pid}` on Windows.
    ///
    /// Examples: `"devo-connector"`, `"splunk-connector"`.
    fn ipc_prefix(&self) -> &str;

    /// The SIEM provider for handling `siem.*` capability requests.
    ///
    /// Return `None` if no provider credentials were configured (the UI
    /// will still load, but API calls will return errors).
    fn provider(&self) -> Option<Arc<dyn siem_core::SiemProvider>>;

    /// Optional [`ConstructBridge`] for routing data requests through Matrix → Construct.
    ///
    /// When provided, the framework will bind the bridge to the gRPC stream
    /// after connection is established. This enables the proxy provider to
    /// send `construct://` invocations upstream.
    fn construct_bridge(&self) -> Option<construct_proxy::ConstructBridge> {
        None
    }
}

/// Run the connector.
///
/// This is the main entry point that orchestrates the full lifecycle:
/// 1. Start the Dioxus LiveView server on an IPC socket.
/// 2. Connect to Matrix via gRPC.
/// 3. Register as an APP+TOOL connector.
/// 4. Run the message loop (HTTP proxy, WS relay, capability dispatch, heartbeat).
/// 5. Handle OTT auth, token refresh, and reconnection.
///
/// This function blocks until shutdown (Ctrl+C) or an unrecoverable error.
pub async fn run(app: impl SiemConnectorApp) -> anyhow::Result<()> {
    crate::ws_proxy::run_connector(app).await
}