From b78133a5c46035deada775cb58a6ce801d850eea Mon Sep 17 00:00:00 2001 From: NotAShelf Date: Sun, 22 Dec 2024 18:44:11 +0300 Subject: [PATCH 1/9] nix: init tooling --- .envrc | 1 + flake.lock | 26 ++++++++++++++++++++++++++ flake.nix | 23 +++++++++++++++++++++++ nix/package.nix | 12 ++++++++++++ nix/shell.nix | 27 +++++++++++++++++++++++++++ 5 files changed, 89 insertions(+) create mode 100644 .envrc create mode 100644 flake.lock create mode 100644 flake.nix create mode 100644 nix/package.nix create mode 100644 nix/shell.nix diff --git a/.envrc b/.envrc new file mode 100644 index 00000000..3550a30f --- /dev/null +++ b/.envrc @@ -0,0 +1 @@ +use flake diff --git a/flake.lock b/flake.lock new file mode 100644 index 00000000..9c87edac --- /dev/null +++ b/flake.lock @@ -0,0 +1,26 @@ +{ + "nodes": { + "nixpkgs": { + "locked": { + "lastModified": 1734880952, + "narHash": "sha256-ZTt3x0DN55JGjdYv8TEDC/YDxcYfpFDLApYvKFMnxNM=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "578baae41df4920fb34db92ae3a312c23ea90b89", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "nixpkgs": "nixpkgs" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 00000000..5c3eedc0 --- /dev/null +++ b/flake.nix @@ -0,0 +1,23 @@ +{ + inputs.nixpkgs.url = "github:NixOS/nixpkgs"; + + outputs = { + self, + nixpkgs, + }: let + systems = ["x86_64-linux" "aarch64-linux"]; + forEachSystem = nixpkgs.lib.genAttrs systems; + + pkgsForEach = nixpkgs.legacyPackages; + in rec { + packages = forEachSystem (system: { + default = pkgsForEach.${system}.callPackage ./nix/package.nix {}; + }); + + devShells = forEachSystem (system: { + default = pkgsForEach.${system}.callPackage ./nix/shell.nix {}; + }); + + hydraJobs = packages; + }; +} diff --git a/nix/package.nix b/nix/package.nix new file mode 100644 index 00000000..a9d4e2e5 --- /dev/null +++ b/nix/package.nix @@ -0,0 +1,12 @@ +{rustPlatform}: +rustPlatform.buildRustPackage (finalAttrs: { + pname = "mrc"; + version = "0.0.1"; + src = ./.; + + cargoLock.lockFile = finalAttrs.src + /Cargo.lock; + meta = { + description = "MPV IPC wrapper"; + mainProgram = "mrc"; + }; +}) diff --git a/nix/shell.nix b/nix/shell.nix new file mode 100644 index 00000000..65df8894 --- /dev/null +++ b/nix/shell.nix @@ -0,0 +1,27 @@ +{ + mkShell, + rust-analyzer, + rustfmt, + clippy, + cargo, + gcc, + openssl, + pkg-config, + rustc, +}: +mkShell { + name = "mrc"; + packages = [ + rust-analyzer + rustfmt + clippy + cargo + cargo + gcc + clippy + rustfmt + openssl + pkg-config + rustc + ]; +} From 7591a8d2f408a8501549e74f22c31f24c01f4432 Mon Sep 17 00:00:00 2001 From: NotAShelf Date: Sun, 22 Dec 2024 19:12:24 +0300 Subject: [PATCH 2/9] separate cli and server implementations --- src/{main.rs => cli.rs} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename src/{main.rs => cli.rs} (100%) diff --git a/src/main.rs b/src/cli.rs similarity index 100% rename from src/main.rs rename to src/cli.rs From 45bef8e5827cc5da3c53fff2302668e00d9dd5ce Mon Sep 17 00:00:00 2001 From: NotAShelf Date: Sun, 22 Dec 2024 19:12:35 +0300 Subject: [PATCH 3/9] initial server implementation --- .gitignore | 6 ++ Cargo.lock | 164 +++++++++++++++++++++++++++++++++++++++ Cargo.toml | 11 +++ README.md | 6 ++ src/server.rs | 211 ++++++++++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 398 insertions(+) create mode 100644 README.md create mode 100644 src/server.rs diff --git a/.gitignore b/.gitignore index ea8c4bf7..311d44ea 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,7 @@ /target + +# Sensitive +certificate.pem +private_key.pem +identity.pfx + diff --git a/Cargo.lock b/Cargo.lock index cdd719e6..36ce9474 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -114,6 +114,15 @@ version = "1.9.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "325918d6fe32f23b19878fe4b34794ae41fc19ddbe53b10571a4874d44ffd39b" +[[package]] +name = "cc" +version = "1.2.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c31a0499c1dc64f458ad13872de75c0eb7e3fdb0e67964610c914b034fc5956e" +dependencies = [ + "shlex", +] + [[package]] name = "cfg-if" version = "1.0.0" @@ -166,6 +175,22 @@ version = "1.0.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5b63caa9aa9397e2d9480a9b13673856c78d8ac123288526c37d7839f2a86990" +[[package]] +name = "core-foundation" +version = "0.9.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "91e195e091a93c46f7102ec7818a2aa394e1e1771c3ab4825963fa03e45afb8f" +dependencies = [ + "core-foundation-sys", + "libc", +] + +[[package]] +name = "core-foundation-sys" +version = "0.8.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "773648b94d0e5d620f64f280777445740e61fe701025087ec8b57f45c791888b" + [[package]] name = "crossbeam-channel" version = "0.5.13" @@ -203,6 +228,21 @@ version = "1.0.7" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3f9eec918d3f24069decb9af1554cad7c880e2da24a9afd88aca000531ab82c1" +[[package]] +name = "foreign-types" +version = "0.3.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f6f339eb8adc052cd2ca78910fda869aefa38d22d5cb648e6485e4d3fc06f3b1" +dependencies = [ + "foreign-types-shared", +] + +[[package]] +name = "foreign-types-shared" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "00b0228411908ca8685dba7fc2cdd70ec9990a6e753e89b6ac91a84c40fbaf4b" + [[package]] name = "getrandom" version = "0.2.15" @@ -325,12 +365,32 @@ dependencies = [ "clap", "clap_derive", "ipc-channel", + "native-tls", + "serde", "serde_json", "tokio", + "tokio-native-tls", "tracing", "tracing-subscriber", ] +[[package]] +name = "native-tls" +version = "0.2.12" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a8614eb2c83d59d1c8cc974dd3f920198647674a0a035e1af1fa58707e317466" +dependencies = [ + "libc", + "log", + "openssl", + "openssl-probe", + "openssl-sys", + "schannel", + "security-framework", + "security-framework-sys", + "tempfile", +] + [[package]] name = "nu-ansi-term" version = "0.46.0" @@ -356,6 +416,50 @@ version = "1.20.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1261fe7e33c73b354eab43b1273a57c8f967d0391e80353e51f764ac02cf6775" +[[package]] +name = "openssl" +version = "0.10.68" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6174bc48f102d208783c2c84bf931bb75927a617866870de8a4ea85597f871f5" +dependencies = [ + "bitflags", + "cfg-if", + "foreign-types", + "libc", + "once_cell", + "openssl-macros", + "openssl-sys", +] + +[[package]] +name = "openssl-macros" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "openssl-probe" +version = "0.1.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ff011a302c396a5197692431fc1948019154afc178baf7d8e37367442a4601cf" + +[[package]] +name = "openssl-sys" +version = "0.9.104" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "45abf306cbf99debc8195b66b7346498d7b10c210de50418b5ccd7ceba08c741" +dependencies = [ + "cc", + "libc", + "pkg-config", + "vcpkg", +] + [[package]] name = "overload" version = "0.1.1" @@ -391,6 +495,12 @@ version = "0.2.15" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "915a1e146535de9163f3987b8944ed8cf49a18bb0056bcebcdcece385cece4ff" +[[package]] +name = "pkg-config" +version = "0.3.31" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "953ec861398dccce10c670dfeaf3ec4911ca479e9c02154b3a215178c5f566f2" + [[package]] name = "ppv-lite86" version = "0.2.20" @@ -482,12 +592,44 @@ version = "1.0.18" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f3cb5ba0dc43242ce17de99c180e96db90b235b8a9fdc9543c96d2209116bd9f" +[[package]] +name = "schannel" +version = "0.1.27" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1f29ebaa345f945cec9fbbc532eb307f0fdad8161f281b6369539c8d84876b3d" +dependencies = [ + "windows-sys 0.59.0", +] + [[package]] name = "scopeguard" version = "1.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49" +[[package]] +name = "security-framework" +version = "2.11.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "897b2245f0b511c87893af39b033e5ca9cce68824c4d7e7630b5a1d339658d02" +dependencies = [ + "bitflags", + "core-foundation", + "core-foundation-sys", + "libc", + "security-framework-sys", +] + +[[package]] +name = "security-framework-sys" +version = "2.13.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1863fd3768cd83c56a7f60faa4dc0d403f1b6df0a38c3c25f44b7894e45370d5" +dependencies = [ + "core-foundation-sys", + "libc", +] + [[package]] name = "serde" version = "1.0.216" @@ -529,6 +671,12 @@ dependencies = [ "lazy_static", ] +[[package]] +name = "shlex" +version = "1.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0fda2ff0d084019ba4d7c6f371c95d8fd75ce3524c3cb8fb653a3023f6323e64" + [[package]] name = "signal-hook-registry" version = "1.4.2" @@ -623,6 +771,16 @@ dependencies = [ "syn", ] +[[package]] +name = "tokio-native-tls" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bbae76ab933c85776efabc971569dd6119c580d8f5d448769dec1764bf796ef2" +dependencies = [ + "native-tls", + "tokio", +] + [[package]] name = "tracing" version = "0.1.41" @@ -707,6 +865,12 @@ version = "0.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "830b7e5d4d90034032940e4ace0d9a9a057e7a45cd94e6c007832e39edb82f6d" +[[package]] +name = "vcpkg" +version = "0.2.15" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "accd4ea62f7bb7a82fe23066fb0957d48ef677f6eeb8215f372f52e48bb32426" + [[package]] name = "wasi" version = "0.11.0+wasi-snapshot-preview1" diff --git a/Cargo.toml b/Cargo.toml index 4bf18f7b..6608de1c 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -3,11 +3,22 @@ name = "mrc" version = "0.1.0" edition = "2021" +[[bin]] +name = "cli" # CLI implementation for terminal usage +path = "src/cli.rs" + +[[bin]] +name = "server" # remote usage +path = "src/server.rs" + [dependencies] clap = {version = "4.5.23", features = ["derive"]} clap_derive = "4.5.18" ipc-channel = "0.19.0" +serde = { version = "1", features = ["derive"] } serde_json = "1.0.133" tokio = { version = "1.42.0", features = ["full"] } +native-tls = "0.2" +tokio-native-tls = "0.3" tracing = "0.1.41" tracing-subscriber = "0.3.19" diff --git a/README.md b/README.md new file mode 100644 index 00000000..81d9af61 --- /dev/null +++ b/README.md @@ -0,0 +1,6 @@ +Creating a PKCS#12 certificate file using OpenSSL: + +```bash +openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 +openssl pkcs12 -export -out identity.pfx -inkey key.pem -in cert.pem +``` diff --git a/src/server.rs b/src/server.rs new file mode 100644 index 00000000..20b589f7 --- /dev/null +++ b/src/server.rs @@ -0,0 +1,211 @@ +use std::env; +use std::sync::Arc; + +use native_tls::{Identity, TlsAcceptor as NativeTlsAcceptor}; +use serde_json::json; +use tokio::io::{AsyncReadExt, AsyncWriteExt}; +use tokio_native_tls::TlsAcceptor; +use tracing::{info, debug, error}; + +use mrc::{set_property, get_property, playlist_clear, playlist_next, playlist_prev, quit, seek}; + +const AUTH_TOKEN: &str = "your_secure_token"; + +async fn handle_connection( + stream: tokio::net::TcpStream, + acceptor: Arc, +) -> Result<(), Box> { + let mut stream = acceptor.accept(stream).await?; + let mut buffer = vec![0; 2048]; + + let n = stream.read(&mut buffer).await?; + let request = String::from_utf8_lossy(&buffer[..n]); + + debug!("Received request:\n{}", request); + + let headers = request.split("\r\n").collect::>(); + let token_line = headers.iter().find(|&&line| line.starts_with("Authorization:")); + let token = match token_line { + Some(line) => line.split(" ").nth(1).unwrap_or_default(), + None => "", + }; + + if token != AUTH_TOKEN { + stream.write_all(b"Authentication failed\n").await?; + return Ok(()); + } + + info!("Client authenticated"); + stream.write_all(b"Authenticated\n").await?; + + let command = request.split("\r\n\r\n").last().unwrap_or(""); + info!("Received command: {}", command); + + let response = match process_command(command.trim()).await { + Ok(response) => response, + Err(e) => { + error!("Error processing command: {}", e); + format!("Error: {:?}", e) + } + }; + + stream.write_all(response.as_bytes()).await?; + Ok(()) +} + +async fn process_command(command: &str) -> Result { + match command { + "pause" => { + info!("Pausing playback"); + set_property("pause", &json!(true), None) + .await + .map_err(|e| format!("Failed to pause: {:?}", e))?; + Ok("Paused playback\n".to_string()) + } + + "play" => { + info!("Unpausing playback"); + set_property("pause", &json!(false), None) + .await + .map_err(|e| format!("Failed to play: {:?}", e))?; + Ok("Resumed playback\n".to_string()) + } + + "stop" => { + info!("Stopping playback and quitting MPV"); + quit(None) + .await + .map_err(|e| format!("Failed to stop: {:?}", e))?; + Ok("Stopped playback\n".to_string()) + } + + "next" => { + info!("Skipping to next item in the playlist"); + playlist_next(None) + .await + .map_err(|e| format!("Failed to skip to next: {:?}", e))?; + Ok("Skipped to next item\n".to_string()) + } + + "prev" => { + info!("Skipping to previous item in the playlist"); + playlist_prev(None) + .await + .map_err(|e| format!("Failed to skip to previous: {:?}", e))?; + Ok("Skipped to previous item\n".to_string()) + } + + "seek" => { + let parts: Vec<&str> = command.split_whitespace().collect(); + if let Some(seconds) = parts.get(1) { + if let Ok(sec) = seconds.parse::() { + info!("Seeking to {} seconds", sec); + seek(sec.into(), None) + .await + .map_err(|e| format!("Failed to seek: {:?}", e))?; + return Ok(format!("Seeking to {} seconds\n", sec)); + } + } + Err("Invalid seek command".to_string()) + } + + "clear" => { + info!("Clearing the playlist"); + playlist_clear(None) + .await + .map_err(|e| format!("Failed to clear playlist: {:?}", e))?; + Ok("Cleared playlist\n".to_string()) + } + + "list" => { + info!("Listing playlist items"); + match get_property("playlist", None).await { + Ok(Some(data)) => Ok(format!( + "Playlist: {}", + serde_json::to_string_pretty(&data).unwrap() + )), + Ok(None) => Err("No playlist data available".to_string()), + Err(e) => Err(format!("Failed to fetch playlist: {:?}", e)), + } + } + _ => Err("Unknown command".to_string()), + } +} + +fn create_tls_acceptor() -> Result> { + // FIXME: This is ugly, needs to be cleaned up. + let pfx_path = match env::var("TLS_PFX_PATH") { + Ok(path) => path, + Err(_) => { + return Err(Box::new(std::io::Error::new( + std::io::ErrorKind::NotFound, + "Environment variable TLS_PFX_PATH is missing. Please provide the path to the TLS certificate file.", + ))); + } + }; + + let password = match env::var("TLS_PASSWORD") { + Ok(password) => password, + Err(_) => { + return Err(Box::new(std::io::Error::new( + std::io::ErrorKind::NotFound, + "Environment variable TLS_PASSWORD is missing. Please provide the password for the TLS certificate.", + ))); + } + }; + + // Try to read the PFX file and handle possible errors + let mut file = match std::fs::File::open(&pfx_path) { + Ok(f) => f, + Err(e) => return Err(Box::new(e)), + }; + + let mut identity = vec![]; + if let Err(e) = std::io::Read::read_to_end(&mut file, &mut identity) { + return Err(Box::new(e)); + } + + // Try to create Identity from PFX data + let identity = match Identity::from_pkcs12(&identity, &password) { + Ok(id) => id, + Err(e) => return Err(Box::new(e)), + }; + + // Try to create TlsAcceptor from Identity + let native_acceptor = match NativeTlsAcceptor::new(identity) { + Ok(na) => na, + Err(e) => return Err(Box::new(e)), + }; + + Ok(TlsAcceptor::from(native_acceptor)) +} + +#[tokio::main] +async fn main() -> Result<(), Box> { + tracing_subscriber::fmt::init(); + + info!("Server is starting..."); + match create_tls_acceptor() { + Ok(acceptor) => { + let acceptor = Arc::new(acceptor); + + // TODO: This needs to be accepted by Clap, and as arguments to the program + // But we can, for now, define those as consts that clap falls back to. + let listener = tokio::net::TcpListener::bind("127.0.0.1:8080").await?; + info!("Server is listening on 127.0.0.1:8080..."); + + loop { + let (stream, _) = listener.accept().await?; + info!("New connection accepted."); + + let acceptor = Arc::clone(&acceptor); + tokio::spawn(handle_connection(stream, acceptor)); + } + } + + Err(e) => { + error!("Failed to initialize TLS: {}", e); + return Err(e); + } + } +} From 37ffb95add5fe2fb3d7f5e269b01fea665bc550c Mon Sep 17 00:00:00 2001 From: NotAShelf Date: Sun, 22 Dec 2024 19:13:33 +0300 Subject: [PATCH 4/9] set `default-run` to CLI impl --- Cargo.toml | 1 + 1 file changed, 1 insertion(+) diff --git a/Cargo.toml b/Cargo.toml index 6608de1c..69c9d3b7 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -2,6 +2,7 @@ name = "mrc" version = "0.1.0" edition = "2021" +default-run = "cli" [[bin]] name = "cli" # CLI implementation for terminal usage From ea085ba5fa7a2f555b0118f944939fe221082189 Mon Sep 17 00:00:00 2001 From: NotAShelf Date: Sun, 22 Dec 2024 19:24:41 +0300 Subject: [PATCH 5/9] read authentication token from the environment --- src/cli.rs | 1 - src/server.rs | 25 +++++++++++++++++++------ 2 files changed, 19 insertions(+), 7 deletions(-) diff --git a/src/cli.rs b/src/cli.rs index 1b4cc022..999aca2a 100644 --- a/src/cli.rs +++ b/src/cli.rs @@ -216,7 +216,6 @@ async fn main() -> io::Result<()> { break; } - // I don't like this either, but it looks cleaner than a multi-line // print macro just cramped in here. let commands = vec![ diff --git a/src/server.rs b/src/server.rs index 20b589f7..5989dcd4 100644 --- a/src/server.rs +++ b/src/server.rs @@ -5,11 +5,9 @@ use native_tls::{Identity, TlsAcceptor as NativeTlsAcceptor}; use serde_json::json; use tokio::io::{AsyncReadExt, AsyncWriteExt}; use tokio_native_tls::TlsAcceptor; -use tracing::{info, debug, error}; +use tracing::{debug, error, info}; -use mrc::{set_property, get_property, playlist_clear, playlist_next, playlist_prev, quit, seek}; - -const AUTH_TOKEN: &str = "your_secure_token"; +use mrc::{get_property, playlist_clear, playlist_next, playlist_prev, quit, seek, set_property}; async fn handle_connection( stream: tokio::net::TcpStream, @@ -24,13 +22,28 @@ async fn handle_connection( debug!("Received request:\n{}", request); let headers = request.split("\r\n").collect::>(); - let token_line = headers.iter().find(|&&line| line.starts_with("Authorization:")); + let token_line = headers + .iter() + .find(|&&line| line.starts_with("Authorization:")); let token = match token_line { Some(line) => line.split(" ").nth(1).unwrap_or_default(), None => "", }; - if token != AUTH_TOKEN { + let auth_token = match env::var("AUTH_TOKEN") { + Ok(token) => token, + Err(_) => { + error!("Authentication token is not set. Connection cannot be accepted."); + stream.write_all(b"Authentication token not set\n").await?; + + // You know what? I do not care to panic when the token is missing. + // Sure, start the server and hell even accept the connection. Auth + // will be refused if token is incorrect, so we can just continue here. + return Ok(()); + } + }; + + if token != auth_token { stream.write_all(b"Authentication failed\n").await?; return Ok(()); } From a44e9f27d245bdf1311a561308c371b264e72319 Mon Sep 17 00:00:00 2001 From: NotAShelf Date: Sun, 22 Dec 2024 19:25:00 +0300 Subject: [PATCH 6/9] docs: mention `AUTH_TOKEN` env var --- README.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/README.md b/README.md index 81d9af61..20c0bf9b 100644 --- a/README.md +++ b/README.md @@ -4,3 +4,13 @@ Creating a PKCS#12 certificate file using OpenSSL: openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 openssl pkcs12 -export -out identity.pfx -inkey key.pem -in cert.pem ``` + +Before running the server: + +```bash +export TLS_PFX_PATH=/path/to/identity.pfx +export TLS_PASSWORD="your_identity_passphrase" +export AUTH_TOKEN="your_auth_token" +``` + +How you handle environment is up to you, Systemd makes it somewhat easy. From 2cf04583c11812ffaf36d58c7c801ec682da9ee4 Mon Sep 17 00:00:00 2001 From: NotAShelf Date: Wed, 5 Feb 2025 03:03:10 +0300 Subject: [PATCH 7/9] move bind address to clap args; better env handling for credentials --- src/server.rs | 85 ++++++++++++++++++++++----------------------------- 1 file changed, 36 insertions(+), 49 deletions(-) diff --git a/src/server.rs b/src/server.rs index 5989dcd4..5cc2ed28 100644 --- a/src/server.rs +++ b/src/server.rs @@ -1,6 +1,8 @@ use std::env; +use std::io::Read; use std::sync::Arc; +use clap::Parser; use native_tls::{Identity, TlsAcceptor as NativeTlsAcceptor}; use serde_json::json; use tokio::io::{AsyncReadExt, AsyncWriteExt}; @@ -9,6 +11,18 @@ use tracing::{debug, error, info}; use mrc::{get_property, playlist_clear, playlist_next, playlist_prev, quit, seek, set_property}; +#[derive(Parser)] +#[command(author, version, about)] +struct Config { + /// The IP address and port to bind the server to + #[arg(short, long, default_value = "127.0.0.1:8080")] + bind: String, + + /// Path to MPV IPC socket + #[arg(short, long, default_value = "/tmp/mpvsocket")] + socket: String, +} + async fn handle_connection( stream: tokio::net::TcpStream, acceptor: Arc, @@ -36,9 +50,10 @@ async fn handle_connection( error!("Authentication token is not set. Connection cannot be accepted."); stream.write_all(b"Authentication token not set\n").await?; - // You know what? I do not care to panic when the token is missing. - // Sure, start the server and hell even accept the connection. Auth - // will be refused if token is incorrect, so we can just continue here. + // You know what? I do not care to panic when the authentication token is + // missing in the environment. Start the goddamned server and hell, even + // accept incoming connections. Authenticated requests will be refused + // when the token is incorrect or not set, so we can simply continue here. return Ok(()); } }; @@ -146,66 +161,38 @@ async fn process_command(command: &str) -> Result { } fn create_tls_acceptor() -> Result> { - // FIXME: This is ugly, needs to be cleaned up. - let pfx_path = match env::var("TLS_PFX_PATH") { - Ok(path) => path, - Err(_) => { - return Err(Box::new(std::io::Error::new( - std::io::ErrorKind::NotFound, - "Environment variable TLS_PFX_PATH is missing. Please provide the path to the TLS certificate file.", - ))); - } - }; - - let password = match env::var("TLS_PASSWORD") { - Ok(password) => password, - Err(_) => { - return Err(Box::new(std::io::Error::new( - std::io::ErrorKind::NotFound, - "Environment variable TLS_PASSWORD is missing. Please provide the password for the TLS certificate.", - ))); - } - }; - - // Try to read the PFX file and handle possible errors - let mut file = match std::fs::File::open(&pfx_path) { - Ok(f) => f, - Err(e) => return Err(Box::new(e)), - }; + let pfx_path = env::var("TLS_PFX_PATH") + .map_err(|_| std::io::Error::new(std::io::ErrorKind::NotFound, "TLS_PFX_PATH not set"))?; + let password = env::var("TLS_PASSWORD") + .map_err(|_| std::io::Error::new(std::io::ErrorKind::NotFound, "TLS_PASSWORD not set"))?; + let mut file = std::fs::File::open(&pfx_path)?; let mut identity = vec![]; - if let Err(e) = std::io::Read::read_to_end(&mut file, &mut identity) { - return Err(Box::new(e)); - } - - // Try to create Identity from PFX data - let identity = match Identity::from_pkcs12(&identity, &password) { - Ok(id) => id, - Err(e) => return Err(Box::new(e)), - }; - - // Try to create TlsAcceptor from Identity - let native_acceptor = match NativeTlsAcceptor::new(identity) { - Ok(na) => na, - Err(e) => return Err(Box::new(e)), - }; + file.read_to_end(&mut identity)?; + let identity = Identity::from_pkcs12(&identity, &password)?; + let native_acceptor = NativeTlsAcceptor::new(identity)?; Ok(TlsAcceptor::from(native_acceptor)) } #[tokio::main] async fn main() -> Result<(), Box> { tracing_subscriber::fmt::init(); + let config = Config::parse(); + + if !std::path::Path::new(&config.socket).exists() { + error!( + "Error: MPV socket not found at '{}'. Is MPV running?", + config.socket + ); + } info!("Server is starting..."); match create_tls_acceptor() { Ok(acceptor) => { let acceptor = Arc::new(acceptor); - - // TODO: This needs to be accepted by Clap, and as arguments to the program - // But we can, for now, define those as consts that clap falls back to. - let listener = tokio::net::TcpListener::bind("127.0.0.1:8080").await?; - info!("Server is listening on 127.0.0.1:8080..."); + let listener = tokio::net::TcpListener::bind(&config.bind).await?; + info!("Server is listening on {}", config.bind); loop { let (stream, _) = listener.accept().await?; From b2f478ab22102791b4ef68f1c3e83d86699bc66d Mon Sep 17 00:00:00 2001 From: NotAShelf Date: Wed, 5 Feb 2025 03:03:31 +0300 Subject: [PATCH 8/9] nix: remove duplicate arg in shell --- nix/shell.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/nix/shell.nix b/nix/shell.nix index 65df8894..77c1d818 100644 --- a/nix/shell.nix +++ b/nix/shell.nix @@ -16,7 +16,6 @@ mkShell { rustfmt clippy cargo - cargo gcc clippy rustfmt From 3c5f94228a7b109cf73f3b946e33970707077153 Mon Sep 17 00:00:00 2001 From: NotAShelf Date: Wed, 5 Feb 2025 03:09:18 +0300 Subject: [PATCH 9/9] ci: grant write access --- .github/workflows/doc.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/doc.yml b/.github/workflows/doc.yml index 915ea9b9..08f0088b 100644 --- a/.github/workflows/doc.yml +++ b/.github/workflows/doc.yml @@ -9,7 +9,7 @@ on: - main permissions: - contents: read + contents: write pages: write concurrency: