108 lines
2.7 KiB
Go
108 lines
2.7 KiB
Go
// Package server wires HTTP/WS routes and the UDP listener to the rest of
|
|
// the application. It owns the Fiber app and the autocert setup.
|
|
package server
|
|
|
|
import (
|
|
"context"
|
|
"crypto/subtle"
|
|
"encoding/base64"
|
|
"log/slog"
|
|
"net"
|
|
"os"
|
|
"strings"
|
|
"time"
|
|
|
|
"github.com/gofiber/fiber/v2"
|
|
"github.com/gofiber/websocket/v2"
|
|
|
|
"git.destefano.cloud/texasmade/RocketLeagueBot-Renderer/internal/hub"
|
|
"git.destefano.cloud/texasmade/RocketLeagueBot-Renderer/internal/recording"
|
|
"git.destefano.cloud/texasmade/RocketLeagueBot-Renderer/internal/stats"
|
|
)
|
|
|
|
// AuthMiddleware returns a Fiber handler enforcing HTTP Basic Auth with the
|
|
// given password. WebSocket upgrades skip auth because browsers cannot
|
|
// reliably supply Authorization headers on WS; the page itself is gated.
|
|
func AuthMiddleware(password string) fiber.Handler {
|
|
expected := "Basic " + base64.StdEncoding.EncodeToString([]byte(":"+password))
|
|
expectedBytes := []byte(expected)
|
|
|
|
return func(c *fiber.Ctx) error {
|
|
if websocket.IsWebSocketUpgrade(c) {
|
|
return c.Next()
|
|
}
|
|
|
|
deny := func() error {
|
|
c.Set("WWW-Authenticate", `Basic realm="Restricted"`)
|
|
return c.Status(fiber.StatusUnauthorized).SendString("Unauthorized")
|
|
}
|
|
|
|
auth := c.Get("Authorization")
|
|
if auth == "" {
|
|
return deny()
|
|
}
|
|
if subtle.ConstantTimeCompare([]byte(auth), expectedBytes) == 1 {
|
|
return c.Next()
|
|
}
|
|
const scheme = "Basic "
|
|
if len(auth) < len(scheme) || auth[:len(scheme)] != scheme {
|
|
return deny()
|
|
}
|
|
decoded, err := base64.StdEncoding.DecodeString(auth[len(scheme):])
|
|
if err != nil {
|
|
decoded, err = base64.RawStdEncoding.DecodeString(auth[len(scheme):])
|
|
if err != nil {
|
|
return deny()
|
|
}
|
|
}
|
|
creds := strings.SplitN(string(decoded), ":", 2)
|
|
if len(creds) != 2 {
|
|
return deny()
|
|
}
|
|
if subtle.ConstantTimeCompare([]byte(creds[1]), []byte(password)) != 1 {
|
|
return deny()
|
|
}
|
|
return c.Next()
|
|
}
|
|
}
|
|
|
|
// ListenUDP reads UDP packets and submits them to the recorder and hub.
|
|
// It exits on ctx cancellation.
|
|
func ListenUDP(ctx context.Context, addr string, h *hub.Hub, rec *recording.Recorder) {
|
|
conn, err := net.ListenPacket("udp", addr)
|
|
if err != nil {
|
|
slog.Error("udp listen failed", "err", err)
|
|
os.Exit(1)
|
|
}
|
|
slog.Info("udp listening", "addr", addr)
|
|
|
|
go func() {
|
|
<-ctx.Done()
|
|
_ = conn.Close()
|
|
}()
|
|
|
|
buf := make([]byte, 65536)
|
|
for {
|
|
n, _, err := conn.ReadFrom(buf)
|
|
if err != nil {
|
|
if ctx.Err() != nil {
|
|
return
|
|
}
|
|
slog.Warn("udp read error", "err", err)
|
|
continue
|
|
}
|
|
stats.Global.UDPPackets.Add(1)
|
|
stats.Global.UDPBytes.Add(int64(n))
|
|
stats.Global.LastUDPPacketUnix.Store(time.Now().UnixNano())
|
|
|
|
data := buf[:n]
|
|
rec.Submit(data)
|
|
|
|
if h.Count() > 0 {
|
|
cp := make([]byte, n)
|
|
copy(cp, data)
|
|
h.Broadcast(cp)
|
|
}
|
|
}
|
|
}
|