@@ -0,0 +1,107 @@
|
||||
// Package server wires HTTP/WS routes and the UDP listener to the rest of
|
||||
// the application. It owns the Fiber app and the autocert setup.
|
||||
package server
|
||||
|
||||
import (
|
||||
"context"
|
||||
"crypto/subtle"
|
||||
"encoding/base64"
|
||||
"log/slog"
|
||||
"net"
|
||||
"os"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/gofiber/fiber/v2"
|
||||
"github.com/gofiber/websocket/v2"
|
||||
|
||||
"git.destefano.cloud/fdestefano/RocketLeagueBot-Renderer/internal/hub"
|
||||
"git.destefano.cloud/fdestefano/RocketLeagueBot-Renderer/internal/recording"
|
||||
"git.destefano.cloud/fdestefano/RocketLeagueBot-Renderer/internal/stats"
|
||||
)
|
||||
|
||||
// AuthMiddleware returns a Fiber handler enforcing HTTP Basic Auth with the
|
||||
// given password. WebSocket upgrades skip auth because browsers cannot
|
||||
// reliably supply Authorization headers on WS; the page itself is gated.
|
||||
func AuthMiddleware(password string) fiber.Handler {
|
||||
expected := "Basic " + base64.StdEncoding.EncodeToString([]byte(":"+password))
|
||||
expectedBytes := []byte(expected)
|
||||
|
||||
return func(c *fiber.Ctx) error {
|
||||
if websocket.IsWebSocketUpgrade(c) {
|
||||
return c.Next()
|
||||
}
|
||||
|
||||
deny := func() error {
|
||||
c.Set("WWW-Authenticate", `Basic realm="Restricted"`)
|
||||
return c.Status(fiber.StatusUnauthorized).SendString("Unauthorized")
|
||||
}
|
||||
|
||||
auth := c.Get("Authorization")
|
||||
if auth == "" {
|
||||
return deny()
|
||||
}
|
||||
if subtle.ConstantTimeCompare([]byte(auth), expectedBytes) == 1 {
|
||||
return c.Next()
|
||||
}
|
||||
const scheme = "Basic "
|
||||
if len(auth) < len(scheme) || auth[:len(scheme)] != scheme {
|
||||
return deny()
|
||||
}
|
||||
decoded, err := base64.StdEncoding.DecodeString(auth[len(scheme):])
|
||||
if err != nil {
|
||||
decoded, err = base64.RawStdEncoding.DecodeString(auth[len(scheme):])
|
||||
if err != nil {
|
||||
return deny()
|
||||
}
|
||||
}
|
||||
creds := strings.SplitN(string(decoded), ":", 2)
|
||||
if len(creds) != 2 {
|
||||
return deny()
|
||||
}
|
||||
if subtle.ConstantTimeCompare([]byte(creds[1]), []byte(password)) != 1 {
|
||||
return deny()
|
||||
}
|
||||
return c.Next()
|
||||
}
|
||||
}
|
||||
|
||||
// ListenUDP reads UDP packets and submits them to the recorder and hub.
|
||||
// It exits on ctx cancellation.
|
||||
func ListenUDP(ctx context.Context, addr string, h *hub.Hub, rec *recording.Recorder) {
|
||||
conn, err := net.ListenPacket("udp", addr)
|
||||
if err != nil {
|
||||
slog.Error("udp listen failed", "err", err)
|
||||
os.Exit(1)
|
||||
}
|
||||
slog.Info("udp listening", "addr", addr)
|
||||
|
||||
go func() {
|
||||
<-ctx.Done()
|
||||
_ = conn.Close()
|
||||
}()
|
||||
|
||||
buf := make([]byte, 65536)
|
||||
for {
|
||||
n, _, err := conn.ReadFrom(buf)
|
||||
if err != nil {
|
||||
if ctx.Err() != nil {
|
||||
return
|
||||
}
|
||||
slog.Warn("udp read error", "err", err)
|
||||
continue
|
||||
}
|
||||
stats.Global.UDPPackets.Add(1)
|
||||
stats.Global.UDPBytes.Add(int64(n))
|
||||
stats.Global.LastUDPPacketUnix.Store(time.Now().UnixNano())
|
||||
|
||||
data := buf[:n]
|
||||
rec.Submit(data)
|
||||
|
||||
if h.Count() > 0 {
|
||||
cp := make([]byte, n)
|
||||
copy(cp, data)
|
||||
h.Broadcast(cp)
|
||||
}
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user