durable_streams-rails 0.5.0 → 0.5.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: bf65130284ea6d82ba8c5a96a6140d8d90b2a85644150d95e4cccc254e166da4
-  data.tar.gz: a9351da1b24a5a717ad3717eed8faa19f6079c99ef3e9d8300214a1e31558e19
+  metadata.gz: 79f28df832bb82db8fe2c8bf0204cf5c6ffededd6755c153d2a00aba4ec7f611
+  data.tar.gz: 698ea2440a5422124be37cb82ee2f988ad2e34dd008c702943f30d60797b0510
 SHA512:
-  metadata.gz: 48dce7b23beb7d4a5a8c7e37350d5790c25865f20cfebcd31bd80fad574c7179896fae4471289524556ea61836f739936c2e18fcc404fb7b810a4eee55a9f1c5
-  data.tar.gz: e1518c09eeaeaf28a6a92279bac1bc06b962aee73d89b8ead82b7651c7a6910f1a5eb9faa7210d3a4e3f97e2bf030c97df4c736a230e46d9dcf554c8ffc18375
+  metadata.gz: 407c2bcb96115a2b19207a3a10d99992b09daa273a39c935ce87adde911df3bc38c7be8b5e5ad409d6313c366ad74607ad9abe3a32eee62a6acfb4b95ce5afd3
+  data.tar.gz: 4c91ddfb552668d981f16c355876daa08c616ed42988f4eea157f1848af5b386eb9a93ace96def84a25c7abc9582e3e7d04b24e053b5146e2d15498ec5b95d5a

data/lib/durable_streams/rails/server_config.rb

@@ -4,31 +4,43 @@ require "erb"
 module DurableStreams
   module Rails
     class ServerConfig
+      LOG_FORMATS = %w[ console json ].freeze
+      LOG_LEVELS = %w[ INFO WARN ERROR DEBUG ].freeze
+      STORAGE_DIRECTIVES = %w[ data_dir max_file_handles long_poll_timeout sse_reconnect_interval ].freeze
+
       TEMPLATE = ERB.new(<<~'CADDYFILE', trim_mode: "-")
         {
         	admin off
-        <%- unless @config["domain"] -%>
+        <%- unless auto_https? -%>
         	auto_https off
         <%- end -%>
         }
 
         <%= address %> {
+        <%- if tls_config -%>
+        	tls <%= tls_config["cert"] %> <%= tls_config["key"] %>
+        <%- end -%>
         	log {
         		output stderr
         		format <%= log_format %>
         		level <%= log_level %>
         	}
 
-        	route <%= route_path %> {
-        		forward_auth <%= auth["url"] %> {
-        			uri <%= auth["path"] %>
-        <%- copy_headers.each do |header| -%>
-        			copy_headers <%= header %>
+        <%= route_block %>
+        }
+        <%- if internal -%>
+
+        :<%= internal["port"] %> {
+        <%- if internal["bind"] -%>
+        	bind <%= internal["bind"] %>
         <%- end -%>
-        		}
-        		durable_streams<%= storage_block %>
+        	@allowed remote_ip <%= internal_allowed_ips.join(" ") %>
+        	handle @allowed {
+        <%= route_block(indent: 2) %>
         	}
+        	respond 403
         }
+        <%- end -%>
       CADDYFILE
 
       def self.generate(config_path, environment)
@@ -37,6 +49,7 @@ module DurableStreams
 
       def initialize(config_path, environment)
         @config = YAML.load_file(config_path, aliases: true).fetch(environment)
+        validate!
       end
 
       def generate
@@ -44,10 +57,77 @@ module DurableStreams
       end
 
       private
+        def validate!
+          validate_internal!
+          validate_log!
+        end
+
+        def validate_internal!
+          if internal && !internal_allowed_ips
+            raise ArgumentError, "internal.allowed_ips is required when internal is configured"
+          end
+        end
+
+        def validate_log!
+          if log_config.key?("format") && !LOG_FORMATS.include?(log_config["format"])
+            raise ArgumentError,
+              "log.format must be one of #{LOG_FORMATS.join(", ")}, got: #{log_config["format"].inspect}"
+          end
+
+          if log_config.key?("level") && !LOG_LEVELS.include?(log_config["level"])
+            raise ArgumentError,
+              "log.level must be one of #{LOG_LEVELS.join(", ")}, got: #{log_config["level"].inspect}"
+          end
+        end
+
+        # Template methods — ordered by invocation
+
+        def auto_https?
+          @config["domain"] && !tls_config
+        end
+
         def address
           @config["domain"] || ":#{@config.fetch("port", 4437)}"
         end
 
+        def tls_config
+          @config["tls"]
+        end
+
+        def log_format
+          log_config.fetch("format", "console")
+        end
+
+        def log_level
+          log_config.fetch("level", "INFO")
+        end
+
+        def log_config
+          @config.fetch("log", {})
+        end
+
+        def route_block(indent: 1)
+          t = "\t" * indent
+          lines = []
+          lines << "#{t}route #{route_path} {"
+          lines << "#{t}\tforward_auth #{auth["url"]} {"
+          lines << "#{t}\t\turi #{auth["path"]}"
+          copy_headers.each { |h| lines << "#{t}\t\tcopy_headers #{h}" }
+          lines << "#{t}\t}"
+
+          directives = storage_directives
+          if directives.any?
+            lines << "#{t}\tdurable_streams {"
+            directives.each { |d| lines << "#{t}\t\t#{d}" }
+            lines << "#{t}\t}"
+          else
+            lines << "#{t}\tdurable_streams"
+          end
+
+          lines << "#{t}}"
+          lines.join("\n")
+        end
+
         def route_path
           @config.fetch("route", "/v1/streams/*")
         end
@@ -60,18 +140,17 @@ module DurableStreams
           auth.fetch("copy_headers", [ "Cookie" ])
         end
 
-        def log_format
-          @config.fetch("log_format", "console")
+        def storage_directives
+          storage = @config.fetch("storage", {})
+          STORAGE_DIRECTIVES.filter_map { |key| "#{key} #{storage[key]}" if storage[key] }
         end
 
-        def log_level
-          @config.fetch("log_level", "INFO")
+        def internal
+          @config["internal"]
         end
 
-        def storage_block
-          if dir = @config.dig("storage", "data_dir")
-            " {\n\t\t\tdata_dir #{dir}\n\t\t}"
-          end
+        def internal_allowed_ips
+          internal&.dig("allowed_ips")
         end
     end
   end

data/lib/durable_streams/rails/version.rb

@@ -1,5 +1,5 @@
 module DurableStreams
   module Rails
-    VERSION = "0.5.0"
+    VERSION = "0.5.2"
   end
 end

data/lib/generators/durable_streams/install/templates/durable_streams.yml.tt

@@ -6,7 +6,10 @@
 
 default: &default
   port: 4437
-  # route: /v1/streams/*
+  # route: /v1/streams/*            # URL path prefix for stream endpoints. Default: /v1/streams/*
+  # log:
+  #   format: console               # "console" (human-readable) or "json" (structured). Default: console
+  #   level: INFO                   # INFO, WARN, or ERROR. Default: INFO
   auth:
     url: http://localhost:3000
     path: /durable_streams/auth/verify
@@ -22,6 +25,17 @@ test:
 production:
   <<: *default
   domain: streams.example.com
+  # tls:                             # Explicit TLS certs (disables ACME). Use with Cloudflare origin certs.
+  #   cert: /etc/caddy/certs/cert.pem
+  #   key: /etc/caddy/certs/key.pem
+  # internal:                        # Server-to-server listener (no TLS). Restrict to private network.
+  #   port: 4437
+  #   bind: 10.0.0.5                # Only listen on the private interface.
+  #   allowed_ips:                   # Caddy remote_ip check — 403 for everyone else.
+  #     - 10.0.0.4
+  # log:
+  #   format: json
+  #   level: WARN
   auth:
     url: https://app.example.com
     path: /durable_streams/auth/verify
@@ -30,3 +44,6 @@ production:
       - Authorization
   storage:
     data_dir: /var/data/durable-streams
+    # max_file_handles: 100          # Connection pool for segment files. Default: 100
+    # long_poll_timeout: 30s         # How long to wait for new data before returning 204. Default: 30s
+    # sse_reconnect_interval: 60s    # Server closes SSE after this interval for CDN collapsing. Default: 60s

data/lib/tasks/durable_streams.rake

@@ -1,4 +1,17 @@
 namespace :durable_streams do
+  desc "Generate Caddyfile from config/durable_streams.yml"
+  task caddyfile: :environment do
+    require "durable_streams/rails/server_config"
+
+    environment = ENV.fetch("RAILS_ENV", ::Rails.env)
+    config_path = ::Rails.root.join("config", "durable_streams.yml")
+    output_path = ::Rails.root.join("config", "caddy", "Caddyfile")
+
+    FileUtils.mkdir_p(output_path.dirname)
+    File.write(output_path, DurableStreams::Rails::ServerConfig.generate(config_path.to_s, environment))
+    puts "Generated #{output_path} (#{environment})"
+  end
+
   desc "Download the Durable Streams server binary for the current platform"
   task :download do
     require "net/http"

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: durable_streams-rails
 version: !ruby/object:Gem::Version
-  version: 0.5.0
+  version: 0.5.2
 platform: ruby
 authors:
 - tokimonki