lfg2025/archy
1
0
Fork 0
Code Issues 13 Pull Requests Actions Packages Projects Releases 44 Wiki Activity
archy/core/archipelago/src/api/handler.rs

538 lines
22 KiB
Rust
Raw Normal View History

mid coding commit
2026-01-24 22:59:20 +00:00
use crate::api::rpc::RpcHandler;
fix: prevent tokio runtime deadlock in credential issue/verify The credential issuance and verification handlers used Handle::block_on() directly inside the tokio runtime, causing a deadlock. Wrapped with block_in_place() to properly yield the runtime thread. Also completed full feature verification across all 25 test groups (~175 checks) on live server. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-09 07:43:12 +00:00
use crate::content_server;
Update Fedimint configuration and enhance onboarding process - Upgraded Fedimint version to v0.10.0 in docker-compose.yml and manifest.yml, adding support for the built-in Guardian UI. - Modified .gitignore to exclude deploy-config.sh script. - Enhanced onboarding process in AuthManager to persist onboarding state and validate password strength during user setup. - Updated API to handle onboarding completion and password change requests, ensuring a smoother user experience. - Improved configuration management to support Nostr discovery and Tor proxy settings, enhancing node identity features.
2026-02-17 15:03:34 +00:00
use crate::electrs_status;
use crate::node_message as node_msg;
mid coding commit
2026-01-24 22:59:20 +00:00
use crate::config::Config;
fix: implement 22 security pentest remediation fixes Server-side session management with SHA-256 hashed tokens and HttpOnly cookies. Auth middleware gating all RPC/WS/proxy routes with method allowlist. Login rate limiting (5/60s per IP). CORS restricted to config origin. Docker registry allowlist. App ID and path validation. P2P message sanitization (HTML + log injection). Onion address and known-peer validation. Nginx security headers (CSP, X-Frame-Options, etc.) and AIUI proxy auth. Systemd hardening (non-root, NoNewPrivileges, ProtectSystem). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-06 03:26:56 +00:00
use crate::session::{self, SessionStore};
Integrate Docker support into Archipelago and Neode UI - Added StateManager and data_model modules to manage application state. - Updated ApiHandler to utilize StateManager for WebSocket connections. - Enhanced Server initialization to include StateManager. - Implemented Docker container querying in Neode UI to populate app data dynamically. - Removed temporary dummy app configurations in favor of real Docker-based applications. - Improved WebSocket reconnection logic and error handling in the UI. - Updated package.json and package-lock.json to include dockerode dependency.
2026-01-27 23:06:18 +00:00
use crate::state::StateManager;
mid coding commit
2026-01-24 22:59:20 +00:00
use anyhow::Result;
untrack
2026-01-27 22:37:08 +00:00
use futures_util::{SinkExt, StreamExt};
mid coding commit
2026-01-24 22:59:20 +00:00
use hyper::{Method, Request, Response, StatusCode};
Refactor and enhance Archipelago setup and API - Revamped GETTING_STARTED.md for clarity and completeness, detailing the Docker development environment and installation steps. - Updated Cargo.lock and Cargo.toml to replace deprecated dependencies and add new ones, including hyper-ws-listener and env_logger. - Improved WebSocket handling in the API to support upgrades and error management. - Enhanced Neode UI scripts to manage Docker containers during development. - Adjusted dummy app configurations for accurate LAN addresses. - Sorted app entries in the UI for better organization and accessibility.
2026-01-27 22:47:51 +00:00
use hyper_ws_listener::WsStream;
mid coding commit
2026-01-24 22:59:20 +00:00
use std::sync::Arc;
Enhance development workflow and deployment practices for Archipelago - Updated the Development-Workflow documentation to clarify deployment strategy, emphasizing direct deployment to the live system for testing. - Added detailed instructions for the deployment command, including syncing code, building frontend and backend, and restarting services. - Improved SSH key management section to assist with authentication issues. - Expanded the testing workflow to include steps for checking logs and syncing changes back to the ISO build. - Updated the ISO build integration section to ensure system-level changes are captured for future builds. - Refactored various sections for clarity and completeness, including deployment paths and system configuration files.
2026-02-01 13:24:03 +00:00
use tokio::sync::broadcast;
Refactor and enhance Archipelago setup and API - Revamped GETTING_STARTED.md for clarity and completeness, detailing the Docker development environment and installation steps. - Updated Cargo.lock and Cargo.toml to replace deprecated dependencies and add new ones, including hyper-ws-listener and env_logger. - Improved WebSocket handling in the API to support upgrades and error management. - Enhanced Neode UI scripts to manage Docker containers during development. - Adjusted dummy app configurations for accurate LAN addresses. - Sorted app entries in the UI for better organization and accessibility.
2026-01-27 22:47:51 +00:00
use tokio_tungstenite::tungstenite::Message;
use tracing::{debug, info};
mid coding commit
2026-01-24 22:59:20 +00:00
pub struct ApiHandler {
fix: implement 22 security pentest remediation fixes Server-side session management with SHA-256 hashed tokens and HttpOnly cookies. Auth middleware gating all RPC/WS/proxy routes with method allowlist. Login rate limiting (5/60s per IP). CORS restricted to config origin. Docker registry allowlist. App ID and path validation. P2P message sanitization (HTML + log injection). Onion address and known-peer validation. Nginx security headers (CSP, X-Frame-Options, etc.) and AIUI proxy auth. Systemd hardening (non-root, NoNewPrivileges, ProtectSystem). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-06 03:26:56 +00:00
config: Config,
mid coding commit
2026-01-24 22:59:20 +00:00
rpc_handler: Arc<RpcHandler>,
Integrate Docker support into Archipelago and Neode UI - Added StateManager and data_model modules to manage application state. - Updated ApiHandler to utilize StateManager for WebSocket connections. - Enhanced Server initialization to include StateManager. - Implemented Docker container querying in Neode UI to populate app data dynamically. - Removed temporary dummy app configurations in favor of real Docker-based applications. - Improved WebSocket reconnection logic and error handling in the UI. - Updated package.json and package-lock.json to include dockerode dependency.
2026-01-27 23:06:18 +00:00
state_manager: Arc<StateManager>,
fix: implement 22 security pentest remediation fixes Server-side session management with SHA-256 hashed tokens and HttpOnly cookies. Auth middleware gating all RPC/WS/proxy routes with method allowlist. Login rate limiting (5/60s per IP). CORS restricted to config origin. Docker registry allowlist. App ID and path validation. P2P message sanitization (HTML + log injection). Onion address and known-peer validation. Nginx security headers (CSP, X-Frame-Options, etc.) and AIUI proxy auth. Systemd hardening (non-root, NoNewPrivileges, ProtectSystem). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-06 03:26:56 +00:00
session_store: SessionStore,
mid coding commit
2026-01-24 22:59:20 +00:00
}
impl ApiHandler {
Integrate Docker support into Archipelago and Neode UI - Added StateManager and data_model modules to manage application state. - Updated ApiHandler to utilize StateManager for WebSocket connections. - Enhanced Server initialization to include StateManager. - Implemented Docker container querying in Neode UI to populate app data dynamically. - Removed temporary dummy app configurations in favor of real Docker-based applications. - Improved WebSocket reconnection logic and error handling in the UI. - Updated package.json and package-lock.json to include dockerode dependency.
2026-01-27 23:06:18 +00:00
pub async fn new(config: Config, state_manager: Arc<StateManager>) -> Result<Self> {
fix: implement 22 security pentest remediation fixes Server-side session management with SHA-256 hashed tokens and HttpOnly cookies. Auth middleware gating all RPC/WS/proxy routes with method allowlist. Login rate limiting (5/60s per IP). CORS restricted to config origin. Docker registry allowlist. App ID and path validation. P2P message sanitization (HTML + log injection). Onion address and known-peer validation. Nginx security headers (CSP, X-Frame-Options, etc.) and AIUI proxy auth. Systemd hardening (non-root, NoNewPrivileges, ProtectSystem). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-06 03:26:56 +00:00
let session_store = SessionStore::new();
let rpc_handler = Arc::new(
RpcHandler::new(config.clone(), state_manager.clone(), session_store.clone()).await?,
);
mid coding commit
2026-01-24 22:59:20 +00:00
Ok(Self {
fix: implement 22 security pentest remediation fixes Server-side session management with SHA-256 hashed tokens and HttpOnly cookies. Auth middleware gating all RPC/WS/proxy routes with method allowlist. Login rate limiting (5/60s per IP). CORS restricted to config origin. Docker registry allowlist. App ID and path validation. P2P message sanitization (HTML + log injection). Onion address and known-peer validation. Nginx security headers (CSP, X-Frame-Options, etc.) and AIUI proxy auth. Systemd hardening (non-root, NoNewPrivileges, ProtectSystem). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-06 03:26:56 +00:00
config,
mid coding commit
2026-01-24 22:59:20 +00:00
rpc_handler,
Integrate Docker support into Archipelago and Neode UI - Added StateManager and data_model modules to manage application state. - Updated ApiHandler to utilize StateManager for WebSocket connections. - Enhanced Server initialization to include StateManager. - Implemented Docker container querying in Neode UI to populate app data dynamically. - Removed temporary dummy app configurations in favor of real Docker-based applications. - Improved WebSocket reconnection logic and error handling in the UI. - Updated package.json and package-lock.json to include dockerode dependency.
2026-01-27 23:06:18 +00:00
state_manager,
fix: implement 22 security pentest remediation fixes Server-side session management with SHA-256 hashed tokens and HttpOnly cookies. Auth middleware gating all RPC/WS/proxy routes with method allowlist. Login rate limiting (5/60s per IP). CORS restricted to config origin. Docker registry allowlist. App ID and path validation. P2P message sanitization (HTML + log injection). Onion address and known-peer validation. Nginx security headers (CSP, X-Frame-Options, etc.) and AIUI proxy auth. Systemd hardening (non-root, NoNewPrivileges, ProtectSystem). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-06 03:26:56 +00:00
session_store,
mid coding commit
2026-01-24 22:59:20 +00:00
})
}
fix: implement 22 security pentest remediation fixes Server-side session management with SHA-256 hashed tokens and HttpOnly cookies. Auth middleware gating all RPC/WS/proxy routes with method allowlist. Login rate limiting (5/60s per IP). CORS restricted to config origin. Docker registry allowlist. App ID and path validation. P2P message sanitization (HTML + log injection). Onion address and known-peer validation. Nginx security headers (CSP, X-Frame-Options, etc.) and AIUI proxy auth. Systemd hardening (non-root, NoNewPrivileges, ProtectSystem). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-06 03:26:56 +00:00
/// Check if the request has a valid session cookie.
async fn is_authenticated(&self, headers: &hyper::HeaderMap) -> bool {
match session::extract_session_cookie(headers) {
Some(token) => self.session_store.validate(&token).await,
None => false,
}
}
/// Build a 401 Unauthorized JSON response.
fn unauthorized() -> Response<hyper::Body> {
let body = serde_json::json!({ "error": "Unauthorized" });
let body_bytes = serde_json::to_vec(&body).unwrap_or_default();
Response::builder()
.status(StatusCode::UNAUTHORIZED)
.header("Content-Type", "application/json")
.body(hyper::Body::from(body_bytes))
.unwrap()
}
/// Derive the allowed CORS origin from the config host IP.
fn cors_origin(&self) -> String {
format!("http://{}", self.config.host_ip)
}
apps
2026-01-24 23:20:54 +00:00
pub async fn handle_request(
&self,
Update archipelago: API, auth, container, parmanode, performance, security - API handler, RPC, and server updates - Auth and coding rules - Container data manager, dev orchestrator, health monitor, podman client - Parmanode script runner - Performance resource manager - Security container policies and secrets manager - Add build scripts and documentation
2026-01-27 22:27:17 +00:00
req: Request<hyper::Body>,
) -> Result<Response<hyper::Body>> {
apps
2026-01-24 23:20:54 +00:00
let path = req.uri().path().to_string();
let method = req.method().clone();
untrack
2026-01-27 22:37:08 +00:00
fix: implement 22 security pentest remediation fixes Server-side session management with SHA-256 hashed tokens and HttpOnly cookies. Auth middleware gating all RPC/WS/proxy routes with method allowlist. Login rate limiting (5/60s per IP). CORS restricted to config origin. Docker registry allowlist. App ID and path validation. P2P message sanitization (HTML + log injection). Onion address and known-peer validation. Nginx security headers (CSP, X-Frame-Options, etc.) and AIUI proxy auth. Systemd hardening (non-root, NoNewPrivileges, ProtectSystem). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-06 03:26:56 +00:00
// Handle CORS preflight for all routes
if method == Method::OPTIONS {
let origin = self.cors_origin();
return Ok(Response::builder()
.status(StatusCode::NO_CONTENT)
.header("Access-Control-Allow-Origin", &origin)
.header("Access-Control-Allow-Methods", "GET, POST, OPTIONS")
.header("Access-Control-Allow-Headers", "Content-Type")
.header("Access-Control-Allow-Credentials", "true")
.header("Vary", "Origin")
.body(hyper::Body::empty())
.unwrap());
}
// WebSocket upgrade — validate session before upgrading
untrack
2026-01-27 22:37:08 +00:00
if method == Method::GET && path == "/ws/db" {
fix: implement 22 security pentest remediation fixes Server-side session management with SHA-256 hashed tokens and HttpOnly cookies. Auth middleware gating all RPC/WS/proxy routes with method allowlist. Login rate limiting (5/60s per IP). CORS restricted to config origin. Docker registry allowlist. App ID and path validation. P2P message sanitization (HTML + log injection). Onion address and known-peer validation. Nginx security headers (CSP, X-Frame-Options, etc.) and AIUI proxy auth. Systemd hardening (non-root, NoNewPrivileges, ProtectSystem). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-06 03:26:56 +00:00
if !self.is_authenticated(req.headers()).await {
return Ok(Self::unauthorized());
}
Integrate Docker support into Archipelago and Neode UI - Added StateManager and data_model modules to manage application state. - Updated ApiHandler to utilize StateManager for WebSocket connections. - Enhanced Server initialization to include StateManager. - Implemented Docker container querying in Neode UI to populate app data dynamically. - Removed temporary dummy app configurations in favor of real Docker-based applications. - Improved WebSocket reconnection logic and error handling in the UI. - Updated package.json and package-lock.json to include dockerode dependency.
2026-01-27 23:06:18 +00:00
return Self::handle_websocket(req, self.state_manager.clone()).await;
untrack
2026-01-27 22:37:08 +00:00
}
// Convert body to bytes for non-WS routes
fix: implement 22 security pentest remediation fixes Server-side session management with SHA-256 hashed tokens and HttpOnly cookies. Auth middleware gating all RPC/WS/proxy routes with method allowlist. Login rate limiting (5/60s per IP). CORS restricted to config origin. Docker registry allowlist. App ID and path validation. P2P message sanitization (HTML + log injection). Onion address and known-peer validation. Nginx security headers (CSP, X-Frame-Options, etc.) and AIUI proxy auth. Systemd hardening (non-root, NoNewPrivileges, ProtectSystem). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-06 03:26:56 +00:00
let headers = req.headers().clone();
mid coding commit
2026-01-24 22:59:20 +00:00
let (parts, body) = req.into_parts();
Update archipelago: API, auth, container, parmanode, performance, security - API handler, RPC, and server updates - Auth and coding rules - Container data manager, dev orchestrator, health monitor, podman client - Parmanode script runner - Performance resource manager - Security container policies and secrets manager - Add build scripts and documentation
2026-01-27 22:27:17 +00:00
let body_bytes = hyper::body::to_bytes(body).await
.map_err(|e| anyhow::anyhow!("Failed to read body: {}", e))?;
Update Fedimint configuration and enhance onboarding process - Upgraded Fedimint version to v0.10.0 in docker-compose.yml and manifest.yml, adding support for the built-in Guardian UI. - Modified .gitignore to exclude deploy-config.sh script. - Enhanced onboarding process in AuthManager to persist onboarding state and validate password strength during user setup. - Updated API to handle onboarding completion and password change requests, ensuring a smoother user experience. - Improved configuration management to support Nostr discovery and Tor proxy settings, enhancing node identity features.
2026-02-17 15:03:34 +00:00
let req_with_bytes = Request::from_parts(parts, hyper::Body::from(body_bytes.clone()));
mid coding commit
2026-01-24 22:59:20 +00:00
debug!("{} {}", method, path);
Refactor server and API handler for improved error handling and routing logic. Updated request handling to use `Incoming` type and added HTTP/1.1 restriction. Enhanced splash screen logic in the frontend to manage routing based on onboarding and setup states. Fixed WebSocket client initialization to ensure lazy loading and error handling. Cleaned up unused imports and variables across multiple files.
2026-01-24 23:09:46 +00:00
match (method, path.as_str()) {
fix: implement 22 security pentest remediation fixes Server-side session management with SHA-256 hashed tokens and HttpOnly cookies. Auth middleware gating all RPC/WS/proxy routes with method allowlist. Login rate limiting (5/60s per IP). CORS restricted to config origin. Docker registry allowlist. App ID and path validation. P2P message sanitization (HTML + log injection). Onion address and known-peer validation. Nginx security headers (CSP, X-Frame-Options, etc.) and AIUI proxy auth. Systemd hardening (non-root, NoNewPrivileges, ProtectSystem). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-06 03:26:56 +00:00
// RPC — auth is handled inside rpc handler per-method
untrack
2026-01-27 22:37:08 +00:00
(Method::POST, "/rpc/v1") => self.rpc_handler.handle(req_with_bytes).await,
fix: implement 22 security pentest remediation fixes Server-side session management with SHA-256 hashed tokens and HttpOnly cookies. Auth middleware gating all RPC/WS/proxy routes with method allowlist. Login rate limiting (5/60s per IP). CORS restricted to config origin. Docker registry allowlist. App ID and path validation. P2P message sanitization (HTML + log injection). Onion address and known-peer validation. Nginx security headers (CSP, X-Frame-Options, etc.) and AIUI proxy auth. Systemd hardening (non-root, NoNewPrivileges, ProtectSystem). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-06 03:26:56 +00:00
// Health — unauthenticated
untrack
2026-01-27 22:37:08 +00:00
(Method::GET, "/health") => Ok(Response::builder()
.status(StatusCode::OK)
.body(hyper::Body::from("OK"))
.unwrap()),
fix: implement 22 security pentest remediation fixes Server-side session management with SHA-256 hashed tokens and HttpOnly cookies. Auth middleware gating all RPC/WS/proxy routes with method allowlist. Login rate limiting (5/60s per IP). CORS restricted to config origin. Docker registry allowlist. App ID and path validation. P2P message sanitization (HTML + log injection). Onion address and known-peer validation. Nginx security headers (CSP, X-Frame-Options, etc.) and AIUI proxy auth. Systemd hardening (non-root, NoNewPrivileges, ProtectSystem). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-06 03:26:56 +00:00
// Node message — P2P endpoint (authenticated by source validation, not cookie)
Update Fedimint configuration and enhance onboarding process - Upgraded Fedimint version to v0.10.0 in docker-compose.yml and manifest.yml, adding support for the built-in Guardian UI. - Modified .gitignore to exclude deploy-config.sh script. - Enhanced onboarding process in AuthManager to persist onboarding state and validate password strength during user setup. - Updated API to handle onboarding completion and password change requests, ensuring a smoother user experience. - Improved configuration management to support Nostr discovery and Tor proxy settings, enhancing node identity features.
2026-02-17 15:03:34 +00:00
(Method::POST, "/archipelago/node-message") => {
Self::handle_node_message(body_bytes).await
}
fix: implement 22 security pentest remediation fixes Server-side session management with SHA-256 hashed tokens and HttpOnly cookies. Auth middleware gating all RPC/WS/proxy routes with method allowlist. Login rate limiting (5/60s per IP). CORS restricted to config origin. Docker registry allowlist. App ID and path validation. P2P message sanitization (HTML + log injection). Onion address and known-peer validation. Nginx security headers (CSP, X-Frame-Options, etc.) and AIUI proxy auth. Systemd hardening (non-root, NoNewPrivileges, ProtectSystem). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-06 03:26:56 +00:00
fix: prevent tokio runtime deadlock in credential issue/verify The credential issuance and verification handlers used Handle::block_on() directly inside the tokio runtime, causing a deadlock. Wrapped with block_in_place() to properly yield the runtime thread. Also completed full feature verification across all 25 test groups (~175 checks) on live server. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-09 07:43:12 +00:00
// Content serving — peers access shared content over Tor (no session auth)
(Method::GET, p) if p.starts_with("/content/") => {
Self::handle_content_request(p, &headers, &self.config).await
}
// Content catalog — list available content (no session auth, for peers)
(Method::GET, "/content") => {
Self::handle_content_catalog(&self.config).await
}
fix: implement 22 security pentest remediation fixes Server-side session management with SHA-256 hashed tokens and HttpOnly cookies. Auth middleware gating all RPC/WS/proxy routes with method allowlist. Login rate limiting (5/60s per IP). CORS restricted to config origin. Docker registry allowlist. App ID and path validation. P2P message sanitization (HTML + log injection). Onion address and known-peer validation. Nginx security headers (CSP, X-Frame-Options, etc.) and AIUI proxy auth. Systemd hardening (non-root, NoNewPrivileges, ProtectSystem). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-06 03:26:56 +00:00
// Electrs status — unauthenticated (read-only sync status)
Update Fedimint configuration and enhance onboarding process - Upgraded Fedimint version to v0.10.0 in docker-compose.yml and manifest.yml, adding support for the built-in Guardian UI. - Modified .gitignore to exclude deploy-config.sh script. - Enhanced onboarding process in AuthManager to persist onboarding state and validate password strength during user setup. - Updated API to handle onboarding completion and password change requests, ensuring a smoother user experience. - Improved configuration management to support Nostr discovery and Tor proxy settings, enhancing node identity features.
2026-02-17 15:03:34 +00:00
(Method::GET, "/electrs-status") => Self::handle_electrs_status().await,
fix: implement 22 security pentest remediation fixes Server-side session management with SHA-256 hashed tokens and HttpOnly cookies. Auth middleware gating all RPC/WS/proxy routes with method allowlist. Login rate limiting (5/60s per IP). CORS restricted to config origin. Docker registry allowlist. App ID and path validation. P2P message sanitization (HTML + log injection). Onion address and known-peer validation. Nginx security headers (CSP, X-Frame-Options, etc.) and AIUI proxy auth. Systemd hardening (non-root, NoNewPrivileges, ProtectSystem). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-06 03:26:56 +00:00
// Container logs — requires session
Enhance ISO build process and documentation for Archipelago - Updated BUILD-GUIDE.md to clarify instructions for building the Archipelago Auto-Installer ISO, emphasizing the recommended method of building directly on the target server. - Added auto-installation of missing dependencies (xorriso, podman) when running the build script with sudo. - Enhanced the build-auto-installer-iso.sh script to capture container images from the live server, ensuring the ISO includes the same set of applications as the dev server. - Revised deployment documentation to stress the importance of building the Rust backend on the Linux dev server and included new instructions for capturing system-level changes for ISO builds. - Improved UI components and added new bundled applications (BTCPay Server, Mempool Explorer, Nostr Relay, Strfry Relay, Tailscale) to enhance user experience.
2026-02-14 16:44:20 +00:00
(Method::GET, path) if path.starts_with("/api/container/logs") => {
fix: implement 22 security pentest remediation fixes Server-side session management with SHA-256 hashed tokens and HttpOnly cookies. Auth middleware gating all RPC/WS/proxy routes with method allowlist. Login rate limiting (5/60s per IP). CORS restricted to config origin. Docker registry allowlist. App ID and path validation. P2P message sanitization (HTML + log injection). Onion address and known-peer validation. Nginx security headers (CSP, X-Frame-Options, etc.) and AIUI proxy auth. Systemd hardening (non-root, NoNewPrivileges, ProtectSystem). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-06 03:26:56 +00:00
if !self.is_authenticated(&headers).await {
return Ok(Self::unauthorized());
}
Self::handle_container_logs_http(self.rpc_handler.clone(), path, &self.cors_origin()).await
Enhance ISO build process and documentation for Archipelago - Updated BUILD-GUIDE.md to clarify instructions for building the Archipelago Auto-Installer ISO, emphasizing the recommended method of building directly on the target server. - Added auto-installation of missing dependencies (xorriso, podman) when running the build script with sudo. - Enhanced the build-auto-installer-iso.sh script to capture container images from the live server, ensuring the ISO includes the same set of applications as the dev server. - Revised deployment documentation to stress the importance of building the Rust backend on the Linux dev server and included new instructions for capturing system-level changes for ISO builds. - Improved UI components and added new bundled applications (BTCPay Server, Mempool Explorer, Nostr Relay, Strfry Relay, Tailscale) to enhance user experience.
2026-02-14 16:44:20 +00:00
}
fix: implement 22 security pentest remediation fixes Server-side session management with SHA-256 hashed tokens and HttpOnly cookies. Auth middleware gating all RPC/WS/proxy routes with method allowlist. Login rate limiting (5/60s per IP). CORS restricted to config origin. Docker registry allowlist. App ID and path validation. P2P message sanitization (HTML + log injection). Onion address and known-peer validation. Nginx security headers (CSP, X-Frame-Options, etc.) and AIUI proxy auth. Systemd hardening (non-root, NoNewPrivileges, ProtectSystem). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-06 03:26:56 +00:00
// LND proxy — requires session
Enhance ISO build process and documentation for Archipelago - Updated BUILD-GUIDE.md to clarify instructions for building the Archipelago Auto-Installer ISO, emphasizing the recommended method of building directly on the target server. - Added auto-installation of missing dependencies (xorriso, podman) when running the build script with sudo. - Enhanced the build-auto-installer-iso.sh script to capture container images from the live server, ensuring the ISO includes the same set of applications as the dev server. - Revised deployment documentation to stress the importance of building the Rust backend on the Linux dev server and included new instructions for capturing system-level changes for ISO builds. - Improved UI components and added new bundled applications (BTCPay Server, Mempool Explorer, Nostr Relay, Strfry Relay, Tailscale) to enhance user experience.
2026-02-14 16:44:20 +00:00
(Method::GET, path) if path.starts_with("/proxy/lnd/") => {
fix: implement 22 security pentest remediation fixes Server-side session management with SHA-256 hashed tokens and HttpOnly cookies. Auth middleware gating all RPC/WS/proxy routes with method allowlist. Login rate limiting (5/60s per IP). CORS restricted to config origin. Docker registry allowlist. App ID and path validation. P2P message sanitization (HTML + log injection). Onion address and known-peer validation. Nginx security headers (CSP, X-Frame-Options, etc.) and AIUI proxy auth. Systemd hardening (non-root, NoNewPrivileges, ProtectSystem). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-06 03:26:56 +00:00
if !self.is_authenticated(&headers).await {
return Ok(Self::unauthorized());
}
Self::handle_lnd_proxy(path, &self.cors_origin()).await
Enhance ISO build process and documentation for Archipelago - Updated BUILD-GUIDE.md to clarify instructions for building the Archipelago Auto-Installer ISO, emphasizing the recommended method of building directly on the target server. - Added auto-installation of missing dependencies (xorriso, podman) when running the build script with sudo. - Enhanced the build-auto-installer-iso.sh script to capture container images from the live server, ensuring the ISO includes the same set of applications as the dev server. - Revised deployment documentation to stress the importance of building the Rust backend on the Linux dev server and included new instructions for capturing system-level changes for ISO builds. - Improved UI components and added new bundled applications (BTCPay Server, Mempool Explorer, Nostr Relay, Strfry Relay, Tailscale) to enhance user experience.
2026-02-14 16:44:20 +00:00
}
fix: implement 22 security pentest remediation fixes Server-side session management with SHA-256 hashed tokens and HttpOnly cookies. Auth middleware gating all RPC/WS/proxy routes with method allowlist. Login rate limiting (5/60s per IP). CORS restricted to config origin. Docker registry allowlist. App ID and path validation. P2P message sanitization (HTML + log injection). Onion address and known-peer validation. Nginx security headers (CSP, X-Frame-Options, etc.) and AIUI proxy auth. Systemd hardening (non-root, NoNewPrivileges, ProtectSystem). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-06 03:26:56 +00:00
untrack
2026-01-27 22:37:08 +00:00
_ => Ok(Response::builder()
.status(StatusCode::NOT_FOUND)
.body(hyper::Body::from("Not Found"))
.unwrap()),
mid coding commit
2026-01-24 22:59:20 +00:00
}
}
untrack
2026-01-27 22:37:08 +00:00
Enhance ISO build process and documentation for Archipelago - Updated BUILD-GUIDE.md to clarify instructions for building the Archipelago Auto-Installer ISO, emphasizing the recommended method of building directly on the target server. - Added auto-installation of missing dependencies (xorriso, podman) when running the build script with sudo. - Enhanced the build-auto-installer-iso.sh script to capture container images from the live server, ensuring the ISO includes the same set of applications as the dev server. - Revised deployment documentation to stress the importance of building the Rust backend on the Linux dev server and included new instructions for capturing system-level changes for ISO builds. - Improved UI components and added new bundled applications (BTCPay Server, Mempool Explorer, Nostr Relay, Strfry Relay, Tailscale) to enhance user experience.
2026-02-14 16:44:20 +00:00
async fn handle_container_logs_http(
rpc: Arc<RpcHandler>,
path: &str,
fix: implement 22 security pentest remediation fixes Server-side session management with SHA-256 hashed tokens and HttpOnly cookies. Auth middleware gating all RPC/WS/proxy routes with method allowlist. Login rate limiting (5/60s per IP). CORS restricted to config origin. Docker registry allowlist. App ID and path validation. P2P message sanitization (HTML + log injection). Onion address and known-peer validation. Nginx security headers (CSP, X-Frame-Options, etc.) and AIUI proxy auth. Systemd hardening (non-root, NoNewPrivileges, ProtectSystem). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-06 03:26:56 +00:00
cors_origin: &str,
Enhance ISO build process and documentation for Archipelago - Updated BUILD-GUIDE.md to clarify instructions for building the Archipelago Auto-Installer ISO, emphasizing the recommended method of building directly on the target server. - Added auto-installation of missing dependencies (xorriso, podman) when running the build script with sudo. - Enhanced the build-auto-installer-iso.sh script to capture container images from the live server, ensuring the ISO includes the same set of applications as the dev server. - Revised deployment documentation to stress the importance of building the Rust backend on the Linux dev server and included new instructions for capturing system-level changes for ISO builds. - Improved UI components and added new bundled applications (BTCPay Server, Mempool Explorer, Nostr Relay, Strfry Relay, Tailscale) to enhance user experience.
2026-02-14 16:44:20 +00:00
) -> Result<Response<hyper::Body>> {
let query = path
.strip_prefix("/api/container/logs")
.and_then(|s| s.strip_prefix('?'))
.unwrap_or("");
let params: std::collections::HashMap<String, String> =
query
.split('&')
.filter_map(|p| {
let mut it = p.splitn(2, '=');
let k = it.next()?.to_string();
let v = it.next()?.to_string();
Some((k, v))
})
.collect();
fix: implement 22 security pentest remediation fixes Server-side session management with SHA-256 hashed tokens and HttpOnly cookies. Auth middleware gating all RPC/WS/proxy routes with method allowlist. Login rate limiting (5/60s per IP). CORS restricted to config origin. Docker registry allowlist. App ID and path validation. P2P message sanitization (HTML + log injection). Onion address and known-peer validation. Nginx security headers (CSP, X-Frame-Options, etc.) and AIUI proxy auth. Systemd hardening (non-root, NoNewPrivileges, ProtectSystem). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-06 03:26:56 +00:00
Enhance ISO build process and documentation for Archipelago - Updated BUILD-GUIDE.md to clarify instructions for building the Archipelago Auto-Installer ISO, emphasizing the recommended method of building directly on the target server. - Added auto-installation of missing dependencies (xorriso, podman) when running the build script with sudo. - Enhanced the build-auto-installer-iso.sh script to capture container images from the live server, ensuring the ISO includes the same set of applications as the dev server. - Revised deployment documentation to stress the importance of building the Rust backend on the Linux dev server and included new instructions for capturing system-level changes for ISO builds. - Improved UI components and added new bundled applications (BTCPay Server, Mempool Explorer, Nostr Relay, Strfry Relay, Tailscale) to enhance user experience.
2026-02-14 16:44:20 +00:00
let app_id = params.get("app_id").map(|s| s.as_str()).unwrap_or("lnd");
fix: implement 22 security pentest remediation fixes Server-side session management with SHA-256 hashed tokens and HttpOnly cookies. Auth middleware gating all RPC/WS/proxy routes with method allowlist. Login rate limiting (5/60s per IP). CORS restricted to config origin. Docker registry allowlist. App ID and path validation. P2P message sanitization (HTML + log injection). Onion address and known-peer validation. Nginx security headers (CSP, X-Frame-Options, etc.) and AIUI proxy auth. Systemd hardening (non-root, NoNewPrivileges, ProtectSystem). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-06 03:26:56 +00:00
// Validate app_id format
if !is_valid_app_id(app_id) {
let body = serde_json::json!({ "error": "Invalid app_id" });
let body_bytes = serde_json::to_vec(&body).unwrap_or_default();
return Ok(Response::builder()
.status(StatusCode::BAD_REQUEST)
.header("Content-Type", "application/json")
.body(hyper::Body::from(body_bytes))
.unwrap());
}
Enhance ISO build process and documentation for Archipelago - Updated BUILD-GUIDE.md to clarify instructions for building the Archipelago Auto-Installer ISO, emphasizing the recommended method of building directly on the target server. - Added auto-installation of missing dependencies (xorriso, podman) when running the build script with sudo. - Enhanced the build-auto-installer-iso.sh script to capture container images from the live server, ensuring the ISO includes the same set of applications as the dev server. - Revised deployment documentation to stress the importance of building the Rust backend on the Linux dev server and included new instructions for capturing system-level changes for ISO builds. - Improved UI components and added new bundled applications (BTCPay Server, Mempool Explorer, Nostr Relay, Strfry Relay, Tailscale) to enhance user experience.
2026-02-14 16:44:20 +00:00
let lines = params
.get("lines")
.and_then(|s| s.parse::<u32>().ok())
.unwrap_or(200);
match rpc.get_container_logs_value(app_id, lines).await {
Ok(value) => {
let body = serde_json::json!({ "result": value });
let body_bytes = serde_json::to_vec(&body).unwrap_or_default();
Ok(Response::builder()
.status(StatusCode::OK)
.header("Content-Type", "application/json")
fix: implement 22 security pentest remediation fixes Server-side session management with SHA-256 hashed tokens and HttpOnly cookies. Auth middleware gating all RPC/WS/proxy routes with method allowlist. Login rate limiting (5/60s per IP). CORS restricted to config origin. Docker registry allowlist. App ID and path validation. P2P message sanitization (HTML + log injection). Onion address and known-peer validation. Nginx security headers (CSP, X-Frame-Options, etc.) and AIUI proxy auth. Systemd hardening (non-root, NoNewPrivileges, ProtectSystem). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-06 03:26:56 +00:00
.header("Access-Control-Allow-Origin", cors_origin)
.header("Access-Control-Allow-Credentials", "true")
.header("Vary", "Origin")
Enhance ISO build process and documentation for Archipelago - Updated BUILD-GUIDE.md to clarify instructions for building the Archipelago Auto-Installer ISO, emphasizing the recommended method of building directly on the target server. - Added auto-installation of missing dependencies (xorriso, podman) when running the build script with sudo. - Enhanced the build-auto-installer-iso.sh script to capture container images from the live server, ensuring the ISO includes the same set of applications as the dev server. - Revised deployment documentation to stress the importance of building the Rust backend on the Linux dev server and included new instructions for capturing system-level changes for ISO builds. - Improved UI components and added new bundled applications (BTCPay Server, Mempool Explorer, Nostr Relay, Strfry Relay, Tailscale) to enhance user experience.
2026-02-14 16:44:20 +00:00
.body(hyper::Body::from(body_bytes))
.unwrap())
}
Err(e) => {
let body = serde_json::json!({ "error": e.to_string() });
let body_bytes = serde_json::to_vec(&body).unwrap_or_default();
Ok(Response::builder()
.status(StatusCode::INTERNAL_SERVER_ERROR)
.header("Content-Type", "application/json")
fix: implement 22 security pentest remediation fixes Server-side session management with SHA-256 hashed tokens and HttpOnly cookies. Auth middleware gating all RPC/WS/proxy routes with method allowlist. Login rate limiting (5/60s per IP). CORS restricted to config origin. Docker registry allowlist. App ID and path validation. P2P message sanitization (HTML + log injection). Onion address and known-peer validation. Nginx security headers (CSP, X-Frame-Options, etc.) and AIUI proxy auth. Systemd hardening (non-root, NoNewPrivileges, ProtectSystem). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-06 03:26:56 +00:00
.header("Access-Control-Allow-Origin", cors_origin)
.header("Access-Control-Allow-Credentials", "true")
.header("Vary", "Origin")
Enhance ISO build process and documentation for Archipelago - Updated BUILD-GUIDE.md to clarify instructions for building the Archipelago Auto-Installer ISO, emphasizing the recommended method of building directly on the target server. - Added auto-installation of missing dependencies (xorriso, podman) when running the build script with sudo. - Enhanced the build-auto-installer-iso.sh script to capture container images from the live server, ensuring the ISO includes the same set of applications as the dev server. - Revised deployment documentation to stress the importance of building the Rust backend on the Linux dev server and included new instructions for capturing system-level changes for ISO builds. - Improved UI components and added new bundled applications (BTCPay Server, Mempool Explorer, Nostr Relay, Strfry Relay, Tailscale) to enhance user experience.
2026-02-14 16:44:20 +00:00
.body(hyper::Body::from(body_bytes))
.unwrap())
}
}
}
Update Fedimint configuration and enhance onboarding process - Upgraded Fedimint version to v0.10.0 in docker-compose.yml and manifest.yml, adding support for the built-in Guardian UI. - Modified .gitignore to exclude deploy-config.sh script. - Enhanced onboarding process in AuthManager to persist onboarding state and validate password strength during user setup. - Updated API to handle onboarding completion and password change requests, ensuring a smoother user experience. - Improved configuration management to support Nostr discovery and Tor proxy settings, enhancing node identity features.
2026-02-17 15:03:34 +00:00
async fn handle_node_message(body: hyper::body::Bytes) -> Result<Response<hyper::Body>> {
#[derive(serde::Deserialize)]
struct Incoming {
from_pubkey: Option<String>,
message: Option<String>,
}
let incoming: Incoming = serde_json::from_slice(&body).unwrap_or(Incoming {
from_pubkey: None,
message: None,
});
if let (Some(from), Some(msg)) = (incoming.from_pubkey, incoming.message) {
fix: implement 22 security pentest remediation fixes Server-side session management with SHA-256 hashed tokens and HttpOnly cookies. Auth middleware gating all RPC/WS/proxy routes with method allowlist. Login rate limiting (5/60s per IP). CORS restricted to config origin. Docker registry allowlist. App ID and path validation. P2P message sanitization (HTML + log injection). Onion address and known-peer validation. Nginx security headers (CSP, X-Frame-Options, etc.) and AIUI proxy auth. Systemd hardening (non-root, NoNewPrivileges, ProtectSystem). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-06 03:26:56 +00:00
// Validate from_pubkey is a valid hex ed25519 pubkey
if !is_valid_pubkey_hex(&from) {
return Ok(Response::builder()
.status(StatusCode::BAD_REQUEST)
.header("Content-Type", "application/json")
.body(hyper::Body::from(r#"{"error":"Invalid pubkey format"}"#))
.unwrap());
}
// Sanitize log output to prevent log injection
let safe_from = sanitize_log_string(&from);
let safe_msg = sanitize_log_string(&msg);
tracing::info!("Received message from {}: {}", safe_from, safe_msg);
// Sanitize stored message content (strip HTML entities)
let clean_from = sanitize_html(&from);
let clean_msg = sanitize_html(&msg);
node_msg::store_received(&clean_from, &clean_msg).await;
Update Fedimint configuration and enhance onboarding process - Upgraded Fedimint version to v0.10.0 in docker-compose.yml and manifest.yml, adding support for the built-in Guardian UI. - Modified .gitignore to exclude deploy-config.sh script. - Enhanced onboarding process in AuthManager to persist onboarding state and validate password strength during user setup. - Updated API to handle onboarding completion and password change requests, ensuring a smoother user experience. - Improved configuration management to support Nostr discovery and Tor proxy settings, enhancing node identity features.
2026-02-17 15:03:34 +00:00
}
Ok(Response::builder()
.status(StatusCode::OK)
.header("Content-Type", "application/json")
.body(hyper::Body::from(r#"{"ok":true}"#))
.unwrap())
}
async fn handle_electrs_status() -> Result<Response<hyper::Body>> {
let status = electrs_status::get_electrs_sync_status().await;
let body = serde_json::to_vec(&status).unwrap_or_default();
Ok(Response::builder()
.status(StatusCode::OK)
.header("Content-Type", "application/json")
.body(hyper::Body::from(body))
.unwrap())
}
fix: implement 22 security pentest remediation fixes Server-side session management with SHA-256 hashed tokens and HttpOnly cookies. Auth middleware gating all RPC/WS/proxy routes with method allowlist. Login rate limiting (5/60s per IP). CORS restricted to config origin. Docker registry allowlist. App ID and path validation. P2P message sanitization (HTML + log injection). Onion address and known-peer validation. Nginx security headers (CSP, X-Frame-Options, etc.) and AIUI proxy auth. Systemd hardening (non-root, NoNewPrivileges, ProtectSystem). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-06 03:26:56 +00:00
async fn handle_lnd_proxy(path: &str, cors_origin: &str) -> Result<Response<hyper::Body>> {
Enhance ISO build process and documentation for Archipelago - Updated BUILD-GUIDE.md to clarify instructions for building the Archipelago Auto-Installer ISO, emphasizing the recommended method of building directly on the target server. - Added auto-installation of missing dependencies (xorriso, podman) when running the build script with sudo. - Enhanced the build-auto-installer-iso.sh script to capture container images from the live server, ensuring the ISO includes the same set of applications as the dev server. - Revised deployment documentation to stress the importance of building the Rust backend on the Linux dev server and included new instructions for capturing system-level changes for ISO builds. - Improved UI components and added new bundled applications (BTCPay Server, Mempool Explorer, Nostr Relay, Strfry Relay, Tailscale) to enhance user experience.
2026-02-14 16:44:20 +00:00
let suffix = path.strip_prefix("/proxy/lnd").unwrap_or("/");
let url = format!("http://127.0.0.1:8080{}", suffix);
match reqwest::get(&url).await {
Ok(resp) => {
let status = resp.status().as_u16();
let headers = resp.headers().clone();
let body = resp.bytes().await.unwrap_or_default();
let mut builder = Response::builder().status(status);
if let Some(ct) = headers.get("content-type") {
if let Ok(s) = ct.to_str() {
builder = builder.header("Content-Type", s);
}
}
builder
fix: implement 22 security pentest remediation fixes Server-side session management with SHA-256 hashed tokens and HttpOnly cookies. Auth middleware gating all RPC/WS/proxy routes with method allowlist. Login rate limiting (5/60s per IP). CORS restricted to config origin. Docker registry allowlist. App ID and path validation. P2P message sanitization (HTML + log injection). Onion address and known-peer validation. Nginx security headers (CSP, X-Frame-Options, etc.) and AIUI proxy auth. Systemd hardening (non-root, NoNewPrivileges, ProtectSystem). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-06 03:26:56 +00:00
.header("Access-Control-Allow-Origin", cors_origin)
.header("Access-Control-Allow-Credentials", "true")
.header("Vary", "Origin")
Enhance ISO build process and documentation for Archipelago - Updated BUILD-GUIDE.md to clarify instructions for building the Archipelago Auto-Installer ISO, emphasizing the recommended method of building directly on the target server. - Added auto-installation of missing dependencies (xorriso, podman) when running the build script with sudo. - Enhanced the build-auto-installer-iso.sh script to capture container images from the live server, ensuring the ISO includes the same set of applications as the dev server. - Revised deployment documentation to stress the importance of building the Rust backend on the Linux dev server and included new instructions for capturing system-level changes for ISO builds. - Improved UI components and added new bundled applications (BTCPay Server, Mempool Explorer, Nostr Relay, Strfry Relay, Tailscale) to enhance user experience.
2026-02-14 16:44:20 +00:00
.body(hyper::Body::from(body))
.map_err(|e| anyhow::anyhow!("response build: {}", e))
}
Err(e) => {
let body = serde_json::json!({ "error": e.to_string() });
let body_bytes = serde_json::to_vec(&body).unwrap_or_default();
Ok(Response::builder()
.status(StatusCode::BAD_GATEWAY)
.header("Content-Type", "application/json")
fix: implement 22 security pentest remediation fixes Server-side session management with SHA-256 hashed tokens and HttpOnly cookies. Auth middleware gating all RPC/WS/proxy routes with method allowlist. Login rate limiting (5/60s per IP). CORS restricted to config origin. Docker registry allowlist. App ID and path validation. P2P message sanitization (HTML + log injection). Onion address and known-peer validation. Nginx security headers (CSP, X-Frame-Options, etc.) and AIUI proxy auth. Systemd hardening (non-root, NoNewPrivileges, ProtectSystem). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-06 03:26:56 +00:00
.header("Access-Control-Allow-Origin", cors_origin)
.header("Access-Control-Allow-Credentials", "true")
.header("Vary", "Origin")
Enhance ISO build process and documentation for Archipelago - Updated BUILD-GUIDE.md to clarify instructions for building the Archipelago Auto-Installer ISO, emphasizing the recommended method of building directly on the target server. - Added auto-installation of missing dependencies (xorriso, podman) when running the build script with sudo. - Enhanced the build-auto-installer-iso.sh script to capture container images from the live server, ensuring the ISO includes the same set of applications as the dev server. - Revised deployment documentation to stress the importance of building the Rust backend on the Linux dev server and included new instructions for capturing system-level changes for ISO builds. - Improved UI components and added new bundled applications (BTCPay Server, Mempool Explorer, Nostr Relay, Strfry Relay, Tailscale) to enhance user experience.
2026-02-14 16:44:20 +00:00
.body(hyper::Body::from(body_bytes))
.unwrap())
fix: prevent tokio runtime deadlock in credential issue/verify The credential issuance and verification handlers used Handle::block_on() directly inside the tokio runtime, causing a deadlock. Wrapped with block_in_place() to properly yield the runtime thread. Also completed full feature verification across all 25 test groups (~175 checks) on live server. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-09 07:43:12 +00:00
}
}
}
async fn handle_content_catalog(config: &Config) -> Result<Response<hyper::Body>> {
match content_server::load_catalog(&config.data_dir).await {
Ok(catalog) => {
// Only expose public metadata, not file paths
let items: Vec<serde_json::Value> = catalog
.items
.iter()
.map(|i| {
serde_json::json!({
"id": i.id,
"filename": i.filename,
"mime_type": i.mime_type,
"size_bytes": i.size_bytes,
"description": i.description,
"access": i.access,
})
})
.collect();
let body = serde_json::to_vec(&serde_json::json!({ "items": items }))
.unwrap_or_default();
Ok(Response::builder()
.status(StatusCode::OK)
.header("Content-Type", "application/json")
.body(hyper::Body::from(body))
.unwrap())
}
Err(e) => {
let body = serde_json::json!({ "error": e.to_string() });
let body_bytes = serde_json::to_vec(&body).unwrap_or_default();
Ok(Response::builder()
.status(StatusCode::INTERNAL_SERVER_ERROR)
.header("Content-Type", "application/json")
.body(hyper::Body::from(body_bytes))
.unwrap())
}
}
}
async fn handle_content_request(
path: &str,
headers: &hyper::HeaderMap,
config: &Config,
) -> Result<Response<hyper::Body>> {
let content_id = path.strip_prefix("/content/").unwrap_or("");
if content_id.is_empty() || !is_valid_app_id(content_id) {
return Ok(Response::builder()
.status(StatusCode::BAD_REQUEST)
.body(hyper::Body::from("Invalid content ID"))
.unwrap());
}
// Extract payment token from X-Payment-Token header
let payment_token = headers
.get("x-payment-token")
.and_then(|v| v.to_str().ok())
.map(|s| s.to_string());
// Parse Range header for streaming support
let range = headers
.get("range")
.and_then(|v| v.to_str().ok())
.and_then(content_server::parse_range_header);
match content_server::serve_content(
&config.data_dir,
content_id,
payment_token.as_deref(),
range,
)
.await
{
Ok(content_server::ServeResult::Ok(bytes, mime_type)) => {
let len = bytes.len();
Ok(Response::builder()
.status(StatusCode::OK)
.header("Content-Type", mime_type)
.header("Content-Length", len.to_string())
.header("Accept-Ranges", "bytes")
.body(hyper::Body::from(bytes))
.unwrap())
}
Ok(content_server::ServeResult::Partial {
bytes,
mime_type,
start,
end,
total,
}) => {
Ok(Response::builder()
.status(StatusCode::PARTIAL_CONTENT)
.header("Content-Type", mime_type)
.header("Content-Length", bytes.len().to_string())
.header("Content-Range", format!("bytes {}-{}/{}", start, end, total))
.header("Accept-Ranges", "bytes")
.body(hyper::Body::from(bytes))
.unwrap())
}
Ok(content_server::ServeResult::PaymentRequired(price_sats)) => {
let body = serde_json::json!({
"error": "Payment required",
"price_sats": price_sats,
"payment_header": "X-Payment-Token",
});
let body_bytes = serde_json::to_vec(&body).unwrap_or_default();
Ok(Response::builder()
.status(StatusCode::PAYMENT_REQUIRED)
.header("Content-Type", "application/json")
.body(hyper::Body::from(body_bytes))
.unwrap())
}
Ok(content_server::ServeResult::NotFound) | Err(_) => {
Ok(Response::builder()
.status(StatusCode::NOT_FOUND)
.body(hyper::Body::from("Content not found"))
.unwrap())
Enhance ISO build process and documentation for Archipelago - Updated BUILD-GUIDE.md to clarify instructions for building the Archipelago Auto-Installer ISO, emphasizing the recommended method of building directly on the target server. - Added auto-installation of missing dependencies (xorriso, podman) when running the build script with sudo. - Enhanced the build-auto-installer-iso.sh script to capture container images from the live server, ensuring the ISO includes the same set of applications as the dev server. - Revised deployment documentation to stress the importance of building the Rust backend on the Linux dev server and included new instructions for capturing system-level changes for ISO builds. - Improved UI components and added new bundled applications (BTCPay Server, Mempool Explorer, Nostr Relay, Strfry Relay, Tailscale) to enhance user experience.
2026-02-14 16:44:20 +00:00
}
}
}
untrack
2026-01-27 22:37:08 +00:00
async fn handle_websocket(
req: Request<hyper::Body>,
Integrate Docker support into Archipelago and Neode UI - Added StateManager and data_model modules to manage application state. - Updated ApiHandler to utilize StateManager for WebSocket connections. - Enhanced Server initialization to include StateManager. - Implemented Docker container querying in Neode UI to populate app data dynamically. - Removed temporary dummy app configurations in favor of real Docker-based applications. - Improved WebSocket reconnection logic and error handling in the UI. - Updated package.json and package-lock.json to include dockerode dependency.
2026-01-27 23:06:18 +00:00
state_manager: Arc<StateManager>,
untrack
2026-01-27 22:37:08 +00:00
) -> Result<Response<hyper::Body>> {
Refactor and enhance Archipelago setup and API - Revamped GETTING_STARTED.md for clarity and completeness, detailing the Docker development environment and installation steps. - Updated Cargo.lock and Cargo.toml to replace deprecated dependencies and add new ones, including hyper-ws-listener and env_logger. - Improved WebSocket handling in the API to support upgrades and error management. - Enhanced Neode UI scripts to manage Docker containers during development. - Adjusted dummy app configurations for accurate LAN addresses. - Sorted app entries in the UI for better organization and accessibility.
2026-01-27 22:47:51 +00:00
let (response, ws_fut_opt) = hyper_ws_listener::create_ws(req)
untrack
2026-01-27 22:37:08 +00:00
.map_err(|e| anyhow::anyhow!("WebSocket upgrade failed: {}", e))?;
Refactor and enhance Archipelago setup and API - Revamped GETTING_STARTED.md for clarity and completeness, detailing the Docker development environment and installation steps. - Updated Cargo.lock and Cargo.toml to replace deprecated dependencies and add new ones, including hyper-ws-listener and env_logger. - Improved WebSocket handling in the API to support upgrades and error management. - Enhanced Neode UI scripts to manage Docker containers during development. - Adjusted dummy app configurations for accurate LAN addresses. - Sorted app entries in the UI for better organization and accessibility.
2026-01-27 22:47:51 +00:00
if let Some(ws_fut) = ws_fut_opt {
tokio::spawn(async move {
let ws_stream: WsStream = match ws_fut.await {
Ok(Ok(s)) => s,
Ok(Err(e)) => {
debug!("WebSocket handshake failed (hyper): {}", e);
return;
untrack
2026-01-27 22:37:08 +00:00
}
Err(e) => {
Refactor and enhance Archipelago setup and API - Revamped GETTING_STARTED.md for clarity and completeness, detailing the Docker development environment and installation steps. - Updated Cargo.lock and Cargo.toml to replace deprecated dependencies and add new ones, including hyper-ws-listener and env_logger. - Improved WebSocket handling in the API to support upgrades and error management. - Enhanced Neode UI scripts to manage Docker containers during development. - Adjusted dummy app configurations for accurate LAN addresses. - Sorted app entries in the UI for better organization and accessibility.
2026-01-27 22:47:51 +00:00
debug!("WebSocket task join failed: {}", e);
return;
}
};
info!("WebSocket /ws/db connected");
fix: implement 22 security pentest remediation fixes Server-side session management with SHA-256 hashed tokens and HttpOnly cookies. Auth middleware gating all RPC/WS/proxy routes with method allowlist. Login rate limiting (5/60s per IP). CORS restricted to config origin. Docker registry allowlist. App ID and path validation. P2P message sanitization (HTML + log injection). Onion address and known-peer validation. Nginx security headers (CSP, X-Frame-Options, etc.) and AIUI proxy auth. Systemd hardening (non-root, NoNewPrivileges, ProtectSystem). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-06 03:26:56 +00:00
Refactor and enhance Archipelago setup and API - Revamped GETTING_STARTED.md for clarity and completeness, detailing the Docker development environment and installation steps. - Updated Cargo.lock and Cargo.toml to replace deprecated dependencies and add new ones, including hyper-ws-listener and env_logger. - Improved WebSocket handling in the API to support upgrades and error management. - Enhanced Neode UI scripts to manage Docker containers during development. - Adjusted dummy app configurations for accurate LAN addresses. - Sorted app entries in the UI for better organization and accessibility.
2026-01-27 22:47:51 +00:00
let (mut tx, mut rx) = ws_stream.split();
fix: implement 22 security pentest remediation fixes Server-side session management with SHA-256 hashed tokens and HttpOnly cookies. Auth middleware gating all RPC/WS/proxy routes with method allowlist. Login rate limiting (5/60s per IP). CORS restricted to config origin. Docker registry allowlist. App ID and path validation. P2P message sanitization (HTML + log injection). Onion address and known-peer validation. Nginx security headers (CSP, X-Frame-Options, etc.) and AIUI proxy auth. Systemd hardening (non-root, NoNewPrivileges, ProtectSystem). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-06 03:26:56 +00:00
Integrate Docker support into Archipelago and Neode UI - Added StateManager and data_model modules to manage application state. - Updated ApiHandler to utilize StateManager for WebSocket connections. - Enhanced Server initialization to include StateManager. - Implemented Docker container querying in Neode UI to populate app data dynamically. - Removed temporary dummy app configurations in favor of real Docker-based applications. - Improved WebSocket reconnection logic and error handling in the UI. - Updated package.json and package-lock.json to include dockerode dependency.
2026-01-27 23:06:18 +00:00
let initial_msg = state_manager.get_initial_message().await;
if let Ok(json_msg) = serde_json::to_string(&initial_msg) {
if let Err(e) = tx.send(Message::Text(json_msg)).await {
debug!("Failed to send initial data: {}", e);
return;
}
debug!("Sent initial data dump at revision {}", initial_msg.rev);
}
fix: implement 22 security pentest remediation fixes Server-side session management with SHA-256 hashed tokens and HttpOnly cookies. Auth middleware gating all RPC/WS/proxy routes with method allowlist. Login rate limiting (5/60s per IP). CORS restricted to config origin. Docker registry allowlist. App ID and path validation. P2P message sanitization (HTML + log injection). Onion address and known-peer validation. Nginx security headers (CSP, X-Frame-Options, etc.) and AIUI proxy auth. Systemd hardening (non-root, NoNewPrivileges, ProtectSystem). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-06 03:26:56 +00:00
Enhance development workflow and deployment practices for Archipelago - Updated the Development-Workflow documentation to clarify deployment strategy, emphasizing direct deployment to the live system for testing. - Added detailed instructions for the deployment command, including syncing code, building frontend and backend, and restarting services. - Improved SSH key management section to assist with authentication issues. - Expanded the testing workflow to include steps for checking logs and syncing changes back to the ISO build. - Updated the ISO build integration section to ensure system-level changes are captured for future builds. - Refactored various sections for clarity and completeness, including deployment paths and system configuration files.
2026-02-01 13:24:03 +00:00
let mut state_rx = state_manager.subscribe();
Update README and API for Docker integration and app management - Revised README.md to clarify the use of Docker alongside Podman for containerization. - Updated API documentation to reflect new RPC endpoints, including `auth.logout`. - Enhanced WebSocket handling in the API for better connection management. - Modified Neode UI to utilize a curated list of Docker-based applications, replacing previous Start9 registry calls. - Improved error handling and logging in the marketplace for better user experience.
2026-01-27 22:55:20 +00:00
let ping_interval = tokio::time::interval(tokio::time::Duration::from_secs(30));
tokio::pin!(ping_interval);
fix: implement 22 security pentest remediation fixes Server-side session management with SHA-256 hashed tokens and HttpOnly cookies. Auth middleware gating all RPC/WS/proxy routes with method allowlist. Login rate limiting (5/60s per IP). CORS restricted to config origin. Docker registry allowlist. App ID and path validation. P2P message sanitization (HTML + log injection). Onion address and known-peer validation. Nginx security headers (CSP, X-Frame-Options, etc.) and AIUI proxy auth. Systemd hardening (non-root, NoNewPrivileges, ProtectSystem). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-06 03:26:56 +00:00
Update README and API for Docker integration and app management - Revised README.md to clarify the use of Docker alongside Podman for containerization. - Updated API documentation to reflect new RPC endpoints, including `auth.logout`. - Enhanced WebSocket handling in the API for better connection management. - Modified Neode UI to utilize a curated list of Docker-based applications, replacing previous Start9 registry calls. - Improved error handling and logging in the marketplace for better user experience.
2026-01-27 22:55:20 +00:00
loop {
tokio::select! {
_ = ping_interval.tick() => {
if tx.send(Message::Ping(vec![])).await.is_err() {
debug!("Failed to send ping, connection likely closed");
break;
}
Refactor and enhance Archipelago setup and API - Revamped GETTING_STARTED.md for clarity and completeness, detailing the Docker development environment and installation steps. - Updated Cargo.lock and Cargo.toml to replace deprecated dependencies and add new ones, including hyper-ws-listener and env_logger. - Improved WebSocket handling in the API to support upgrades and error management. - Enhanced Neode UI scripts to manage Docker containers during development. - Adjusted dummy app configurations for accurate LAN addresses. - Sorted app entries in the UI for better organization and accessibility.
2026-01-27 22:47:51 +00:00
}
Enhance development workflow and deployment practices for Archipelago - Updated the Development-Workflow documentation to clarify deployment strategy, emphasizing direct deployment to the live system for testing. - Added detailed instructions for the deployment command, including syncing code, building frontend and backend, and restarting services. - Improved SSH key management section to assist with authentication issues. - Expanded the testing workflow to include steps for checking logs and syncing changes back to the ISO build. - Updated the ISO build integration section to ensure system-level changes are captured for future builds. - Refactored various sections for clarity and completeness, including deployment paths and system configuration files.
2026-02-01 13:24:03 +00:00
update = state_rx.recv() => {
match update {
Ok(msg) => {
if let Ok(json_msg) = serde_json::to_string(&msg) {
if let Err(e) = tx.send(Message::Text(json_msg)).await {
debug!("Failed to send state update: {}", e);
break;
}
debug!("Sent state update at revision {}", msg.rev);
}
}
Err(broadcast::error::RecvError::Lagged(skipped)) => {
debug!("Client lagged behind, skipped {} messages", skipped);
}
Err(broadcast::error::RecvError::Closed) => {
debug!("Broadcast channel closed");
break;
}
}
}
Update README and API for Docker integration and app management - Revised README.md to clarify the use of Docker alongside Podman for containerization. - Updated API documentation to reflect new RPC endpoints, including `auth.logout`. - Enhanced WebSocket handling in the API for better connection management. - Modified Neode UI to utilize a curated list of Docker-based applications, replacing previous Start9 registry calls. - Improved error handling and logging in the marketplace for better user experience.
2026-01-27 22:55:20 +00:00
msg = rx.next() => {
match msg {
Some(Ok(Message::Close(_))) => break,
Some(Ok(Message::Pong(_))) => {
debug!("Received pong");
}
Some(Ok(Message::Ping(data))) => {
let _ = tx.send(Message::Pong(data)).await;
}
Some(Ok(_)) => {}
Some(Err(e)) => {
debug!("WebSocket stream error: {}", e);
break;
}
None => break,
}
Refactor and enhance Archipelago setup and API - Revamped GETTING_STARTED.md for clarity and completeness, detailing the Docker development environment and installation steps. - Updated Cargo.lock and Cargo.toml to replace deprecated dependencies and add new ones, including hyper-ws-listener and env_logger. - Improved WebSocket handling in the API to support upgrades and error management. - Enhanced Neode UI scripts to manage Docker containers during development. - Adjusted dummy app configurations for accurate LAN addresses. - Sorted app entries in the UI for better organization and accessibility.
2026-01-27 22:47:51 +00:00
}
untrack
2026-01-27 22:37:08 +00:00
}
}
Refactor and enhance Archipelago setup and API - Revamped GETTING_STARTED.md for clarity and completeness, detailing the Docker development environment and installation steps. - Updated Cargo.lock and Cargo.toml to replace deprecated dependencies and add new ones, including hyper-ws-listener and env_logger. - Improved WebSocket handling in the API to support upgrades and error management. - Enhanced Neode UI scripts to manage Docker containers during development. - Adjusted dummy app configurations for accurate LAN addresses. - Sorted app entries in the UI for better organization and accessibility.
2026-01-27 22:47:51 +00:00
info!("WebSocket /ws/db disconnected");
});
}
untrack
2026-01-27 22:37:08 +00:00
Ok(response)
}
mid coding commit
2026-01-24 22:59:20 +00:00
}
fix: implement 22 security pentest remediation fixes Server-side session management with SHA-256 hashed tokens and HttpOnly cookies. Auth middleware gating all RPC/WS/proxy routes with method allowlist. Login rate limiting (5/60s per IP). CORS restricted to config origin. Docker registry allowlist. App ID and path validation. P2P message sanitization (HTML + log injection). Onion address and known-peer validation. Nginx security headers (CSP, X-Frame-Options, etc.) and AIUI proxy auth. Systemd hardening (non-root, NoNewPrivileges, ProtectSystem). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-06 03:26:56 +00:00
/// Validate that an app ID matches the safe pattern: lowercase alphanumeric + hyphens.
fn is_valid_app_id(id: &str) -> bool {
!id.is_empty()
&& id.len() <= 64
&& id.bytes().all(|b| b.is_ascii_lowercase() || b.is_ascii_digit() || b == b'-')
&& id.as_bytes()[0] != b'-'
}
/// Validate that a pubkey is a 64-char hex string.
fn is_valid_pubkey_hex(s: &str) -> bool {
s.len() == 64 && s.bytes().all(|b| b.is_ascii_hexdigit())
}
/// Strip newlines and ANSI escape sequences from strings before logging.
fn sanitize_log_string(s: &str) -> String {
s.replace('\n', "\\n")
.replace('\r', "\\r")
.replace('\x1b', "")
}
/// Strip HTML-sensitive characters to prevent XSS when stored/rendered.
fn sanitize_html(s: &str) -> String {
s.replace('&', "&amp;")
.replace('<', "&lt;")
.replace('>', "&gt;")
.replace('"', "&quot;")
.replace('\'', "&#x27;")
}
Reference in New Issue Copy Permalink