tuitbot_server/

ws.rs

//! WebSocket hub for real-time event streaming.
//!
//! Provides a `/api/ws` endpoint that streams server events to dashboard clients
//! via a `tokio::sync::broadcast` channel.
//!
//! Supports two authentication methods:
//! - Query parameter: `?token=<api_token>` (Tauri/API clients)
//! - Session cookie: `tuitbot_session=<token>` (web/LAN clients)

use std::sync::Arc;

use axum::extract::ws::{Message, WebSocket};
use axum::extract::{Query, State, WebSocketUpgrade};
use axum::http::{HeaderMap, StatusCode};
use axum::response::{IntoResponse, Response};
use serde::{Deserialize, Serialize};
use serde_json::json;
use tuitbot_core::auth::session;

use crate::state::AppState;

/// Wrapper that tags every [`WsEvent`] with the originating account.
///
/// Serializes flat thanks to `#[serde(flatten)]`, so the JSON looks like:
/// `{ "account_id": "...", "type": "ApprovalQueued", ... }`
#[derive(Clone, Debug, Serialize, Deserialize)]
pub struct AccountWsEvent {
    pub account_id: String,
    #[serde(flatten)]
    pub event: WsEvent,
}

/// Events pushed to WebSocket clients.
#[derive(Clone, Debug, Serialize, Deserialize)]
#[serde(tag = "type")]
pub enum WsEvent {
    /// An automation action was performed (reply, tweet, thread, etc.).
    ActionPerformed {
        action_type: String,
        target: String,
        content: String,
        timestamp: String,
    },
    /// A new item was queued for approval.
    ApprovalQueued {
        id: i64,
        action_type: String,
        content: String,
        #[serde(default)]
        media_paths: Vec<String>,
    },
    /// An approval item's status was updated (approved, rejected, edited).
    ApprovalUpdated {
        id: i64,
        status: String,
        action_type: String,
        #[serde(skip_serializing_if = "Option::is_none")]
        actor: Option<String>,
    },
    /// Follower count changed.
    FollowerUpdate { count: i64, change: i64 },
    /// Automation runtime status changed.
    RuntimeStatus {
        running: bool,
        active_loops: Vec<String>,
    },
    /// A tweet was discovered and scored by the discovery loop.
    TweetDiscovered {
        tweet_id: String,
        author: String,
        score: f64,
        timestamp: String,
    },
    /// An action was skipped (rate limited, below threshold, safety filter).
    ActionSkipped {
        action_type: String,
        reason: String,
        timestamp: String,
    },
    /// A new content item was scheduled via the composer.
    ContentScheduled {
        id: i64,
        content_type: String,
        scheduled_for: Option<String>,
    },
    /// Circuit breaker state changed.
    CircuitBreakerTripped {
        state: String,
        error_count: u32,
        cooldown_remaining_seconds: u64,
        timestamp: String,
    },
    /// An error occurred.
    Error { message: String },
}

/// Query parameters for WebSocket authentication.
#[derive(Deserialize)]
pub struct WsQuery {
    /// API token passed as a query parameter (optional — cookie auth is fallback).
    pub token: Option<String>,
}

/// Extract the session cookie value from headers.
fn extract_session_cookie(headers: &HeaderMap) -> Option<String> {
    headers
        .get("cookie")
        .and_then(|v| v.to_str().ok())
        .and_then(|cookies| {
            cookies.split(';').find_map(|c| {
                let c = c.trim();
                c.strip_prefix("tuitbot_session=").map(|v| v.to_string())
            })
        })
}

/// `GET /api/ws` — WebSocket upgrade with token or cookie auth.
pub async fn ws_handler(
    ws: WebSocketUpgrade,
    State(state): State<Arc<AppState>>,
    headers: HeaderMap,
    Query(params): Query<WsQuery>,
) -> Response {
    // Strategy 1: Bearer token via query parameter
    if let Some(ref token) = params.token {
        if token == &state.api_token {
            return ws.on_upgrade(move |socket| handle_ws(socket, state));
        }
    }

    // Strategy 2: Session cookie
    if let Some(session_token) = extract_session_cookie(&headers) {
        if let Ok(Some(_)) = session::validate_session(&state.db, &session_token).await {
            return ws.on_upgrade(move |socket| handle_ws(socket, state));
        }
    }

    (
        StatusCode::UNAUTHORIZED,
        axum::Json(json!({"error": "unauthorized"})),
    )
        .into_response()
}

/// Handle a single WebSocket connection.
///
/// Subscribes to the broadcast channel and forwards events as JSON text frames.
async fn handle_ws(mut socket: WebSocket, state: Arc<AppState>) {
    let mut rx = state.event_tx.subscribe();

    loop {
        match rx.recv().await {
            Ok(event) => {
                let json = match serde_json::to_string(&event) {
                    Ok(j) => j,
                    Err(e) => {
                        tracing::error!(error = %e, "Failed to serialize WsEvent");
                        continue;
                    }
                };
                if socket.send(Message::Text(json.into())).await.is_err() {
                    // Client disconnected.
                    break;
                }
            }
            Err(tokio::sync::broadcast::error::RecvError::Lagged(count)) => {
                tracing::warn!(count, "WebSocket client lagged, events dropped");
                let error_event = AccountWsEvent {
                    account_id: String::new(),
                    event: WsEvent::Error {
                        message: format!("{count} events dropped due to slow consumer"),
                    },
                };
                if let Ok(json) = serde_json::to_string(&error_event) {
                    if socket.send(Message::Text(json.into())).await.is_err() {
                        break;
                    }
                }
            }
            Err(tokio::sync::broadcast::error::RecvError::Closed) => {
                break;
            }
        }
    }
}