RubyGems - anycable-core - Versions diffs - 1.4.4 → 1.5.0 - Mend

anycable-core 1.4.4 → 1.5.0

Files changed (17) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +26 -0
data/lib/anycable/broadcast_adapters/http.rb +11 -5
data/lib/anycable/config.rb +68 -13
data/lib/anycable/grpc/config.rb +9 -1
data/lib/anycable/httrpc/server.rb +5 -0
data/lib/anycable/jwt.rb +110 -0
data/lib/anycable/serializer.rb +44 -0
data/lib/anycable/socket.rb +13 -0
data/lib/anycable/streams.rb +38 -0
data/lib/anycable/version.rb +1 -1
data/lib/anycable.rb +4 -0
data/sig/anycable/config.rbs +19 -2
data/sig/anycable/jwt.rbs +21 -0
data/sig/anycable/serializer.rbs +14 -0
data/sig/anycable/streams.rbs +8 -0
metadata +8 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b02bcc10302bdd445b92e77c0ce354734e82a0ba124c9e88b2997b87013bbf3d
-  data.tar.gz: dadf0fdc856292e614f39ebd43b996da49ce4e9771408429ba75fae7ace9877b
+  metadata.gz: 51822ff8e8b07d8967dfaeed99b65c45e7cf8a2d3868f94f09dd81a26d934bd8
+  data.tar.gz: d782bdda587a181716bd0d6dc0aa19d0a6c24b0236b0cb3aa3354100364839a8
 SHA512:
-  metadata.gz: 918addcfda8aea6f57eb7fd4872a4b93eeafc18862e93d75221d55f13ded38c218c231a47fbf1b803ca717618a518a05b0c6bf86b080000aa566281842033167
-  data.tar.gz: f96deb1656000ce9d2089f94da40860bb9820598a5afb002a7ae5c2bc28f71f799dad6efeeea824e7bf306ceb8b76aad109b824c675391d4f218a81f90d9e491
+  metadata.gz: f2f48cae19656f6b3360f8173a76d91ec2e6bf87434c7b8ccc00e3fae5dd3f89542f8d545348944b2eee90068833cc74fbf33be929885eb0427c019f9a0c9ba1
+  data.tar.gz: 00a17dedd9dd6f572aca18fe08f77d5d234c5b5636497f2b925b5dafbb230c4b918d4a4fa5a020d1adb612d9c11528554579e9ec81589b336081792249029a3d

data/CHANGELOG.md CHANGED Viewed

@@ -2,6 +2,32 @@
 ## master
+## 1.5.0 (2024-04-01)
+- Fixed gRPC keepalive settings to align with the Go server client. ([@palkan][])
+- Added JWT utils. ([@palkan][])
+You can now generate and verify AnyCable JWT tokens without using additional dependencies:
+```ruby
+token = AnyCable::JWT.encode({user_id: "1"})
+identifiers = AnyCable::JWT.decode(token)
+```
+This change will deprecate `anycable-rails-jwt`.
+- Added signed streams support. ([@palkan][])
+You can generate signed stream names as follows:
+```ruby
+signed_name = AnyCable::Streams.sign("chat/2024")
+```
+- Added `secret` and `broadcast_key` configuration parameters. ([@palkan][])
 ## 1.4.3 (2023-10-15)
 - Add broadcast options support. ([@palkan][])

data/lib/anycable/broadcast_adapters/http.rb CHANGED Viewed

@@ -40,15 +40,21 @@ module AnyCable
       MAX_ATTEMPTS = 3
       DELAY = 2
-      attr_reader :url, :headers, :authorized
-      alias_method :authorized?, :authorized
+      attr_reader :url, :headers, :authorization
-      def initialize(url: AnyCable.config.http_broadcast_url, secret: AnyCable.config.http_broadcast_secret)
+      def initialize(url: AnyCable.config.http_broadcast_url, secret: AnyCable.config.broadcast_key)
         @url = url
         @headers = {}
+        @authorization = nil
+        if !secret
+          secret = AnyCable.config.broadcast_key!
+          @authorization = "with authorization key inferred from the application secret" if secret
+        end
         if secret
           headers["Authorization"] = "Bearer #{secret}"
-          @authorized = true
+          @authorization ||= "with authorization"
         end
         @uri = URI.parse(url)
@@ -71,7 +77,7 @@ module AnyCable
       end
       def announce!
-        logger.info "Broadcasting HTTP url: #{url}#{authorized? ? " (with authorization)" : ""}"
+        logger.info "Broadcasting HTTP url: #{url} (#{authorization || "no authorization"})"
       end
       private

data/lib/anycable/config.rb CHANGED Viewed

@@ -7,6 +7,11 @@ require "uri"
 module AnyCable
   # AnyCable configuration.
   class Config < Anyway::Config
+    # These phareses are used to infer secret keys from the application secret
+    # and MUST match the ones used in AnyCable (Go)
+    BROADCAST_SECRET_PHRASE = "broadcast-cable"
+    HTTP_RPC_SECRET_PHRASE = "rpc-cable"
     class << self
       # Add usage txt for CLI
       def usage(txt)
@@ -22,9 +27,18 @@ module AnyCable
     attr_config(
       presets: "",
+      secret: nil,
+      ## Streams
+      streams_secret: nil,
-      ## PubSub
+      ## JWT
+      jwt_secret: nil,
+      jwt_ttl: 3600, # 1 hour
+      ## Broadcasting
       broadcast_adapter: :redis,
+      broadcast_key: nil,
       ### Redis options
       redis_url: ENV.fetch("REDIS_URL", "redis://localhost:6379"),
@@ -42,6 +56,7 @@ module AnyCable
       ### HTTP broadcasting options
       http_broadcast_url: "http://localhost:8090/_broadcast",
+      # DEPRECATED: use `broadcast_key` instead
       http_broadcast_secret: nil,
       ### Logging options
@@ -86,36 +101,67 @@ module AnyCable
       !http_health_port.nil? && http_health_port != ""
     end
+    def broadcast_key!
+      if http_broadcast_secret && !broadcast_key
+        self.broadcast_key ||= http_broadcast_secret
+        warn "DEPRECATION WARNING: `http_broadcast_secret` is deprecated, use `broadcast_key` instead"
+      end
+      return broadcast_key if broadcast_key
+      return unless secret
+      self.broadcast_key = infer_from_application_secret(BROADCAST_SECRET_PHRASE)
+    end
+    def http_rpc_secret!
+      return http_rpc_secret if http_rpc_secret
+      return unless secret
+      self.http_rpc_secret = infer_from_application_secret(HTTP_RPC_SECRET_PHRASE)
+    end
+    def streams_secret
+      super || secret
+    end
+    def jwt_secret
+      super || secret
+    end
     usage <<~TXT
       APPLICATION
-          --broadcast-adapter=type          Pub/sub adapter type for broadcasts, default: redis
-          --log-level=level                 Logging level, default: "info"
-          --log-file=path                   Path to log file, default: <none> (log to STDOUT)
-          --debug                           Turn on verbose logging ("debug" level and verbose logging on)
+          --broadcast-adapter=type          Broadcasting adapter, default: redis
+          --secret=secret                   Application secret, default: <none>
+          --broadcast-key=key               Broadcasting secret key, default: <none> (inferred from the application secret if any)
+          --streams-secret=secret           Signed streams secret, default: <none> (inferred from the application secret if any)
       HTTP HEALTH CHECKER
           --http-health-port=port           Port to run HTTP health server on, default: <none> (disabled)
           --http-health-path=path           Endpoint to serve health checks, default: "/health"
-      REDIS PUB/SUB
-          --redis-url=url                   Redis URL for pub/sub, default: REDIS_URL or "redis://localhost:6379"
+      REDIS
+          --redis-url=url                   Redis URL for broadcasting, default: REDIS_URL or "redis://localhost:6379"
           --redis-channel=name              Redis channel for broadcasting, default: "__anycable__"
           --redis-sentinels=<...hosts>      Redis Sentinel followers addresses (as a comma-separated list), default: nil
           --redis-tls-verify=yes|no         Whether to perform server certificate check in case of rediss:// protocol. Default: yes
           --redis-tls-client_cert-path=path Default: nil
           --redis-tls-client_key-path=path  Default: nil
-      NATS PUB/SUB
-          --nats-servers=<...addresses>     NATS servers for pub/sub, default: "nats://localhost:4222"
+      NATS
+          --nats-servers=<...addresses>     NATS servers for broadcasting, default: "nats://localhost:4222"
           --nats-channel=name               NATS channel for broadcasting, default: "__anycable__"
           --nats-dont-randomize-servers     Pass this option to disable NATS servers randomization during (re-)connect
-      HTTP PUB/SUB
-          --http-broadcast-url              HTTP pub/sub endpoint URL, default: "http://localhost:8090/_broadcast"
-          --http-broadcast-secret           HTTP pub/sub authorization secret, default: <none> (disabled)
+      HTTP BROADCASTING
+          --http-broadcast-url              HTTP broadcasting endpoint URL, default: "http://localhost:8090/_broadcast"
       HTTP RPC
-          --http-rpc-secret                 HTTP RPC authorization secret, default: <none> (disabled)
+          --http-rpc-secret                 HTTP RPC authorization secret, default: <none> (inferred from the application secret if any)
+      LOGGING
+          --log-level=level                 Logging level, default: "info"
+          --log-file=path                   Path to log file, default: <none> (log to STDOUT)
+          --debug                           Turn on verbose logging ("debug" level and verbose logging on)
     TXT
     # Build Redis parameters
@@ -216,5 +262,14 @@ module AnyCable
       write_config_attr(key, value)
       __trace__&.record_value(value, key, type: :preset, preset: preset)
     end
+    def infer_from_application_secret(phrase)
+      app_secret = secret
+      return unless app_secret
+      require "openssl"
+      OpenSSL::HMAC.hexdigest("SHA256", app_secret, phrase)
+    end
   end
 end

data/lib/anycable/grpc/config.rb CHANGED Viewed

@@ -35,7 +35,15 @@ module AnyCable
           poll_period: rpc_poll_period,
           pool_keep_alive: rpc_pool_keep_alive,
           tls_credentials: tls_credentials,
-          server_args: enhance_grpc_server_args(normalized_grpc_server_args)
+          server_args: enhance_grpc_server_args(normalized_grpc_server_args).tap do |sargs|
+            # Provide keepalive defaults unless explicitly set.
+            # They must MATCH the corresponding Go client defaults:
+            # https://github.com/anycable/anycable-go/blob/62e77e7f759aa9253c2bd23812dd59ec8471db86/rpc/rpc.go#L512-L515
+            #
+            # See also https://github.com/grpc/grpc/blob/master/doc/keepalive.md and https://grpc.github.io/grpc/core/group__grpc__arg__keys.html
+            sargs["grpc.keepalive_permit_without_calls"] ||= 1
+            sargs["grpc.http2.min_recv_ping_interval_without_data_ms"] ||= 10_000
+          end
         }
       end

data/lib/anycable/httrpc/server.rb CHANGED Viewed

@@ -4,6 +4,11 @@ module AnyCable
   module HTTRPC
     class Server
       def initialize(token: AnyCable.config.http_rpc_secret)
+        if !token
+          token = AnyCable.config.http_rpc_secret!
+          AnyCable.logger.info("AnyCable HTTP RPC created with authorization key inferred from the application secret")
+        end
         @token = token
       end

data/lib/anycable/jwt.rb ADDED Viewed

@@ -0,0 +1,110 @@
+# frozen_string_literal: true
+require "json"
+require "openssl"
+module AnyCable
+  module JWT
+    class DecodeError < StandardError; end
+    class VerificationError < DecodeError; end
+    class ExpiredSignature < DecodeError; end
+    # Basic JWT encode/decode implementation suitable to our needs
+    # and not requiring external dependencies
+    module BasicImpl
+      ALGORITHM = "HS256"
+      class << self
+        def encode(payload, secret_key)
+          payload = ::Base64.urlsafe_encode64(payload.to_json, padding: false)
+          headers = ::Base64.urlsafe_encode64({"alg" => ALGORITHM}.to_json, padding: false)
+          header = "#{headers}.#{payload}"
+          signature = sign(header, secret_key)
+          "#{header}.#{signature}"
+        end
+        def decode(token, secret_key)
+          header, payload, signature = token.split(".")
+          # Check segments
+          raise DecodeError, "Not enough or too many segments" unless header && payload && signature
+          # Verify the algorithm
+          decoded_header = ::JSON.parse(::Base64.urlsafe_decode64(header))
+          raise DecodeError, "Algorithm not supported" unless decoded_header["alg"] == ALGORITHM
+          # Verify the signature
+          expected_signature = sign("#{header}.#{payload}", secret_key)
+          raise VerificationError, "Signature verification failed" unless secure_compare(signature, expected_signature)
+          # Verify expiration
+          decoded_payload = ::JSON.parse(::Base64.urlsafe_decode64(payload))
+          if decoded_payload.key?("exp")
+            raise ExpiredSignature, "Signature has expired" if Time.now.to_i >= decoded_payload["exp"]
+          end
+          decoded_payload
+        rescue JSON::ParserError, ArgumentError
+          raise DecodeError, "Invalid segment encoding"
+        end
+        # We don't really care about timing attacks here,
+        # since verification is done on the AnyCable server side.
+        # But still, we can use constant-time comparison when it's available.
+        if OpenSSL.respond_to?(:fixed_length_secure_compare)
+          def secure_compare(a, b)
+            return false if a.bytesize != b.bytesize
+            OpenSSL.fixed_length_secure_compare(a, b)
+          end
+        else
+          def secure_compare(a, b)
+            return false if a.bytesize != b.bytesize
+            a == b
+          end
+        end
+        def sign(data, secret_key)
+          ::Base64.urlsafe_encode64(
+            ::OpenSSL::HMAC.digest("SHA256", secret_key, data),
+            padding: false
+          )
+        end
+      end
+    end
+    class << self
+      attr_accessor :jwt_impl
+      def encode(payload, expires_at: nil, secret_key: AnyCable.config.jwt_secret, ttl: AnyCable.config.jwt_ttl)
+        raise ArgumentError, "JWT encryption key is not specified. Add it via `jwt_secret` or `secret` option" if secret_key.nil? || secret_key.empty?
+        encoded = Serializer.serialize(payload).to_json
+        data = {ext: encoded}
+        data[:exp] = expires_at.to_i if expires_at
+        if ttl&.positive? && !data.key?(:exp)
+          data[:exp] = Time.now.to_i + ttl
+        end
+        jwt_impl.encode(data, secret_key)
+      end
+      def decode(token, secret_key: AnyCable.config.jwt_secret)
+        raise ArgumentError, "JWT encryption key is not specified. Add it via `jwt_secret` or `secret` option" if secret_key.nil? || secret_key.empty?
+        jwt_impl.decode(token, secret_key).then do |decoded|
+          ::JSON.parse(decoded.fetch("ext"), symbolize_names: true)
+        end.then { |data| Serializer.deserialize(data) }
+      end
+    end
+    self.jwt_impl = BasicImpl
+  end
+end

data/lib/anycable/serializer.rb ADDED Viewed

@@ -0,0 +1,44 @@
+# frozen_string_literal: true
+module AnyCable
+  # Serializer is responsible for converting Ruby objects to and from a transferrable format (e.g., for identifiers, connection/channel state, etc.).
+  # It relies on configurable `.object_serializer` to handle non-primitive values and handles Hash/Array seririlzation.
+  module Serializer
+    class << self
+      attr_accessor :object_serializer
+      def serialize(obj)
+        handled = object_serializer&.serialize(obj)
+        return handled if handled
+        case obj
+        when nil, true, false, Integer, Float, String, Symbol
+          obj
+        when Hash
+          obj.transform_values { |v| serialize(v) }
+        when Array
+          obj.map { |v| serialize(v) }
+        else
+          raise ArgumentError, "Can't serialize #{obj.inspect}"
+        end
+      end
+      # Deserialize previously serialized value to a Ruby object.
+      def deserialize(val)
+        if val.is_a?(::String)
+          handled = object_serializer&.deserialize(val)
+          return handled if handled
+        end
+        case val
+        when Hash
+          val.transform_values { |v| deserialize(v) }
+        when Array
+          val.map { |v| deserialize(v) }
+        else
+          val
+        end
+      end
+    end
+  end
+end

data/lib/anycable/socket.rb CHANGED Viewed

@@ -1,6 +1,8 @@
 # frozen_string_literal: true
 module AnyCable
+  WHISPER_KEY = "$w"
   # Socket mock to be used with application connection
   class Socket
     # Represents the per-connection store
@@ -59,10 +61,21 @@ module AnyCable
     def unsubscribe(_channel, broadcasting)
       streams[:stop] << broadcasting
+      if istate.read(WHISPER_KEY) == broadcasting
+        istate.write(WHISPER_KEY, "")
+      end
+    end
+    def whisper(_channel, broadcasting)
+      istate.write(WHISPER_KEY, broadcasting)
     end
     def unsubscribe_from_all(_channel)
       @stop_all_streams = true
+      if istate.read(WHISPER_KEY)
+        istate.write(WHISPER_KEY, "")
+      end
     end
     def streams

data/lib/anycable/streams.rb ADDED Viewed

@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+require "openssl"
+require "base64"
+require "json"
+module AnyCable
+  module Streams
+    class << self
+      def signed(stream_name)
+        ::Base64.urlsafe_encode64(::JSON.dump(stream_name)).then do |encoded|
+          "#{encoded}--#{signature(encoded)}"
+        end
+      end
+      def verified(signed_stream_name)
+        encoded, sig = signed_stream_name.split("--")
+        raise ArgumentError, "stream name has incorrect format" unless encoded
+        return unless sig == signature(encoded)
+        ::Base64.urlsafe_decode64(encoded).then do |decoded|
+          ::JSON.parse(decoded)
+        end
+      end
+      private
+      def signature(val)
+        key = AnyCable.config.streams_secret
+        raise ArgumentError, "streams signing secret is missing" unless key
+        ::OpenSSL::HMAC.hexdigest("SHA256", key, val)
+      end
+    end
+  end
+end

data/lib/anycable/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module AnyCable
-  VERSION = "1.4.4"
+  VERSION = "1.5.0"
 end

data/lib/anycable.rb CHANGED Viewed

@@ -26,6 +26,10 @@ require "anycable/httrpc/server"
 #
 # Broadcasting messages to WS is done through _broadcast adapter_ (Redis Pub/Sub by default).
 module AnyCable
+  autoload :JWT, "anycable/jwt"
+  autoload :Serializer, "anycable/serializer"
+  autoload :Streams, "anycable/streams"
   class << self
     # Provide connection factory which
     # is a callable object with build

data/sig/anycable/config.rbs CHANGED Viewed

@@ -4,6 +4,16 @@ module AnyCable
     def presets=: (Array[String]) -> void
     def broadcast_adapter: () -> Symbol
     def broadcast_adapter=: (Symbol) -> void
+    def secret: () -> String?
+    def secret=: (String?) -> void
+    def streams_secret: () -> String?
+    def streams_secret=: (String?) -> void
+    def jwt_secret: () -> String?
+    def jwt_secret=: (String?) -> void
+    def jwt_ttl: () -> Integer?
+    def jwt_ttl=: (Integer) -> void
+    def broadcast_key: () -> String?
+    def broadcast_key=: (String?) -> void
     def redis_url: () -> String
     def redis_url=: (String) -> void
     def redis_sentinels: () -> Array[String | Hash[untyped, untyped]]?
@@ -41,8 +51,8 @@ module AnyCable
     def http_health_port=: (Integer) -> void
     def http_health_path: () -> String
     def http_health_path=: (String) -> void
-    def http_rpc_secret: () -> String
-    def http_rpc_secret=: (String) -> void
+    def http_rpc_secret: () -> String?
+    def http_rpc_secret=: (String?) -> void
     def version_check_enabled: () -> bool
     def version_check_enabled=: (bool) -> void
     def version_check_enabled?: () -> bool
@@ -52,6 +62,9 @@ module AnyCable
   end
   class Config < Anyway::Config
+    BROADCAST_SECRET_PHRASE: String
+    HTTP_RPC_SECRET_PHRASE: String
     def self.usage: (String txt) -> void
     def self.usages: () -> Array[String]
@@ -60,6 +73,9 @@ module AnyCable
     alias debug? debug
     alias version_check_enabled? version_check_enabled
+    def http_rpc_secret!: () -> String?
+    def broadcast_key!: () -> String?
     def load: (*untyped) -> void
     def http_health_port_provided?: () -> bool
     def to_redis_params: () -> { url: String, sentinels: Array[untyped]?, ssl_params: Hash[Symbol, untyped]? }
@@ -74,5 +90,6 @@ module AnyCable
     def write_preset: (Symbol, untyped, preset: String) -> void
     def write_config_attr: (Symbol, untyped) -> void
     def __trace__: () -> untyped
+    def infer_from_application_secret: (String) -> String?
   end
 end

data/sig/anycable/jwt.rbs ADDED Viewed

@@ -0,0 +1,21 @@
+module AnyCable
+  module JWT
+    interface _Impl
+      def encode: (Hash[String | Symbol, untyped] payload, String secret_key) -> String
+      def decode: (String token, String secret_key) -> Hash[String, untyped]
+    end
+    module BasicImpl
+      extend _Impl
+      def self.sign: (String data, String key) -> String
+      def self.secure_compare: (String a, String b) -> bool
+    end
+    def self.jwt_impl: () -> _Impl
+    def self.jwt_impl=: (_Impl) -> void
+    def self.encode: (untyped payload, ?secret_key: String?, ?ttl: Integer, ?expires_at: Time | Integer) -> String
+    def self.decode: (String token, ?secret_key: String?) -> untyped
+  end
+end

data/sig/anycable/serializer.rbs ADDED Viewed

@@ -0,0 +1,14 @@
+module AnyCable
+  interface _ObjectSerializer
+    def serialize: (untyped) -> untyped
+    def deserialize: (String) -> untyped
+  end
+  module Serializer
+    def self.object_serializer: () -> _ObjectSerializer?
+    def self.object_serializer=: (_ObjectSerializer?) -> void
+    def self.serialize: (untyped) -> untyped
+    def self.deserialize: (untyped) -> untyped
+  end
+end

data/sig/anycable/streams.rbs ADDED Viewed

@@ -0,0 +1,8 @@
+module AnyCable
+  module Streams
+    def self.signed: (String) -> String
+    def self.verified: (String) -> String?
+    private def self.signature: (String) -> String
+  end
+end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: anycable-core
 version: !ruby/object:Gem::Version
-  version: 1.4.4
+  version: 1.5.0
 platform: ruby
 authors:
 - palkan
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-03-13 00:00:00.000000000 Z
+date: 2024-04-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: anyway_config
@@ -217,6 +217,7 @@ files:
 - lib/anycable/grpc_kit/server.rb
 - lib/anycable/health_server.rb
 - lib/anycable/httrpc/server.rb
+- lib/anycable/jwt.rb
 - lib/anycable/middleware.rb
 - lib/anycable/middleware_chain.rb
 - lib/anycable/middlewares/check_version.rb
@@ -230,7 +231,9 @@ files:
 - lib/anycable/rpc/handlers/disconnect.rb
 - lib/anycable/rspec.rb
 - lib/anycable/rspec/rpc_command_context.rb
+- lib/anycable/serializer.rb
 - lib/anycable/socket.rb
+- lib/anycable/streams.rb
 - lib/anycable/version.rb
 - sig/anycable.rbs
 - sig/anycable/broadcast_adapters.rbs
@@ -248,6 +251,7 @@ files:
 - sig/anycable/grpc/server.rbs
 - sig/anycable/health_server.rbs
 - sig/anycable/httrpc/server.rbs
+- sig/anycable/jwt.rbs
 - sig/anycable/middleware.rbs
 - sig/anycable/middleware_chain.rbs
 - sig/anycable/middlewares/check_version.rbs
@@ -258,7 +262,9 @@ files:
 - sig/anycable/rpc/handlers/command.rbs
 - sig/anycable/rpc/handlers/connect.rbs
 - sig/anycable/rpc/handlers/disconnect.rbs
+- sig/anycable/serializer.rbs
 - sig/anycable/socket.rbs
+- sig/anycable/streams.rbs
 - sig/anycable/version.rbs
 - sig/manifest.yml
 homepage: http://github.com/anycable/anycable