itsi-scheduler 0.2.22-aarch64-linux

data/ext/itsi_server/src/server/middleware_stack/middlewares/compression.rs

@@ -0,0 +1,329 @@
+use crate::{
+    server::http_message_types::{HttpBody, HttpRequest, HttpResponse},
+    services::itsi_http_service::HttpRequestContext,
+};
+
+use super::{
+    header_interpretation::{find_first_supported, header_contains},
+    FromValue, MiddlewareLayer,
+};
+
+use async_compression::{
+    tokio::bufread::{BrotliEncoder, DeflateEncoder, GzipEncoder, ZstdEncoder},
+    Level,
+};
+use async_trait::async_trait;
+use bytes::{Bytes, BytesMut};
+use either::Either;
+use futures::TryStreamExt;
+use http::{
+    header::{GetAll, CONTENT_ENCODING, CONTENT_LENGTH, CONTENT_TYPE},
+    HeaderValue, Response,
+};
+use http_body_util::{BodyExt, StreamBody};
+use hyper::body::Body;
+use magnus::error::Result;
+use serde::{Deserialize, Serialize};
+use std::convert::Infallible;
+use tokio::io::{AsyncRead, AsyncReadExt, BufReader};
+use tokio_stream::StreamExt;
+use tokio_util::io::{ReaderStream, StreamReader};
+use tracing::debug;
+#[derive(Debug, Clone, Serialize, Deserialize)]
+pub struct Compression {
+    min_size: usize,
+    algorithms: Vec<CompressionAlgorithm>,
+    compress_streams: bool,
+    mime_types: Vec<MimeType>,
+    level: CompressionLevel,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+enum CompressionLevel {
+    #[serde(rename(deserialize = "fastest"))]
+    Fastest,
+    #[serde(rename(deserialize = "best"))]
+    Best,
+    #[serde(rename(deserialize = "balanced"))]
+    Balanced,
+    #[serde(rename(deserialize = "precise"))]
+    Precise(i32),
+}
+
+impl CompressionLevel {
+    fn to_async_compression_level(&self) -> Level {
+        match self {
+            CompressionLevel::Fastest => Level::Fastest,
+            CompressionLevel::Best => Level::Best,
+            CompressionLevel::Balanced => Level::Default,
+            CompressionLevel::Precise(level) => Level::Precise(*level),
+        }
+    }
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, PartialOrd, Eq, Ord)]
+pub enum CompressionAlgorithm {
+    #[serde(rename(deserialize = "gzip"))]
+    Gzip,
+    #[serde(rename(deserialize = "br"))]
+    Brotli,
+    #[serde(rename(deserialize = "deflate"))]
+    Deflate,
+    #[serde(rename(deserialize = "zstd"))]
+    Zstd,
+    #[serde(rename(deserialize = "identity"))]
+    Identity,
+}
+
+impl CompressionAlgorithm {
+    pub fn as_str(&self) -> &'static str {
+        match self {
+            CompressionAlgorithm::Gzip => "gzip",
+            CompressionAlgorithm::Brotli => "br",
+            CompressionAlgorithm::Deflate => "deflate",
+            CompressionAlgorithm::Zstd => "zstd",
+            CompressionAlgorithm::Identity => "identity",
+        }
+    }
+
+    pub fn header_value(&self) -> HeaderValue {
+        HeaderValue::from_str(self.as_str()).unwrap()
+    }
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+enum MimeType {
+    #[serde(rename(deserialize = "text"))]
+    Text,
+    #[serde(rename(deserialize = "image"))]
+    Image,
+    #[serde(rename(deserialize = "application"))]
+    Application,
+    #[serde(rename(deserialize = "audio"))]
+    Audio,
+    #[serde(rename(deserialize = "video"))]
+    Video,
+    #[serde(rename(deserialize = "font"))]
+    Font,
+    #[serde(rename(deserialize = "other"))]
+    Other(String),
+    #[serde(rename(deserialize = "all"))]
+    All,
+}
+
+impl MimeType {
+    pub fn matches(&self, content_encodings: &GetAll<HeaderValue>) -> bool {
+        match self {
+            MimeType::Text => header_contains(content_encodings, "text/*"),
+            MimeType::Image => header_contains(content_encodings, "image/*"),
+            MimeType::Application => header_contains(content_encodings, "application/*"),
+            MimeType::Audio => header_contains(content_encodings, "audio/*"),
+            MimeType::Video => header_contains(content_encodings, "video/*"),
+            MimeType::Font => header_contains(content_encodings, "font/*"),
+            MimeType::Other(v) => header_contains(content_encodings, v),
+            MimeType::All => header_contains(content_encodings, "*"),
+        }
+    }
+}
+
+fn stream_encode<R>(encoder: R) -> HttpBody
+where
+    R: AsyncRead + Unpin + Sync + Send + 'static,
+{
+    let encoded_stream = ReaderStream::new(encoder)
+        .map(|res| res.map_err(|_| -> Infallible { unreachable!("We handle IO errors above") }));
+    HttpBody::stream(StreamBody::new(encoded_stream))
+}
+
+fn update_content_encoding(parts: &mut http::response::Parts, new_encoding: HeaderValue) {
+    if let Some(existing) = parts.headers.get(CONTENT_ENCODING) {
+        let mut encodings = existing.to_str().unwrap_or("").to_owned();
+        if !encodings.is_empty() {
+            encodings.push_str(", ");
+        }
+        encodings.push_str(new_encoding.to_str().unwrap());
+        parts
+            .headers
+            .insert(CONTENT_ENCODING, HeaderValue::from_str(&encodings).unwrap());
+    } else {
+        parts.headers.insert(CONTENT_ENCODING, new_encoding);
+    }
+}
+
+#[async_trait]
+impl MiddlewareLayer for Compression {
+    async fn before(
+        &self,
+        req: HttpRequest,
+        context: &mut HttpRequestContext,
+    ) -> Result<Either<HttpRequest, HttpResponse>> {
+        context.set_supported_encoding_set(&req);
+        Ok(Either::Left(req))
+    }
+
+    /// We'll apply compression on the response, where appropriate.
+    /// This is if:
+    /// * The response body is larger than the minimum size.
+    /// * The response content type is supported.
+    /// * The client supports the compression algorithm.
+    async fn after(&self, resp: HttpResponse, context: &mut HttpRequestContext) -> HttpResponse {
+        let body_size = resp.size_hint().exact();
+        let resp = resp;
+
+        // Don't compress if it's not an explicitly listed compressable type
+        if !self
+            .mime_types
+            .iter()
+            .any(|mt| mt.matches(&resp.headers().get_all(CONTENT_TYPE)))
+        {
+            debug!(
+                target: "middleware::compress",
+                "Mime type not supported for compression"
+            );
+            return resp;
+        }
+
+        // Don't compress streams unless compress streams is enabled.
+        if body_size.is_none() && !self.compress_streams {
+            debug!(
+                target: "middleware::compress",
+                "Stream compression disabled"
+            );
+            return resp;
+        }
+
+        // Don't compress too small bodies
+        if body_size.is_some_and(|s| s < self.min_size as u64) {
+            debug!(
+                target: "middleware::compress",
+                "Body size too small for compression"
+            );
+            return resp;
+        }
+
+        // Don't recompress if we're already compressed in a supported format
+        for existing_encoding in resp.headers().get_all(CONTENT_ENCODING) {
+            if let Ok(encodings) = existing_encoding.to_str() {
+                for encoding in encodings.split(',').map(str::trim) {
+                    let encoding = encoding.split(';').next().unwrap_or(encoding).trim();
+                    if self.algorithms.iter().any(|algo| algo.as_str() == encoding) {
+                        debug!(
+                            target: "middleware::compress",
+                            "Body already compressed with supported algorithm"
+                        );
+                        return resp;
+                    }
+                }
+            }
+        }
+
+        let compression_method =
+            if let Some(supported_encoding_set) = context.supported_encoding_set() {
+                match find_first_supported(
+                    supported_encoding_set,
+                    self.algorithms.iter().map(|algo| algo.as_str()),
+                ) {
+                    Some("gzip") => CompressionAlgorithm::Gzip,
+                    Some("br") => CompressionAlgorithm::Brotli,
+                    Some("deflate") => CompressionAlgorithm::Deflate,
+                    Some("zstd") => CompressionAlgorithm::Zstd,
+                    _ => CompressionAlgorithm::Identity,
+                }
+            } else {
+                CompressionAlgorithm::Identity
+            };
+
+        debug!(
+            target: "middleware::compress",
+            "Selected compression method: {:?}", compression_method
+        );
+        if matches!(compression_method, CompressionAlgorithm::Identity) {
+            return resp;
+        }
+
+        let (mut parts, body) = resp.into_parts();
+
+        let new_body = if let Some(_size) = body_size {
+            let full_bytes: Bytes = body
+                .into_data_stream()
+                .try_fold(BytesMut::new(), |mut acc, chunk| async move {
+                    acc.extend_from_slice(&chunk);
+                    Ok(acc)
+                })
+                .await
+                .unwrap()
+                .freeze();
+
+            let cursor = std::io::Cursor::new(full_bytes);
+            let reader = BufReader::new(cursor);
+            let compressed_bytes = match compression_method {
+                CompressionAlgorithm::Gzip => {
+                    let mut encoder =
+                        GzipEncoder::with_quality(reader, self.level.to_async_compression_level());
+                    let mut buf = Vec::new();
+                    encoder.read_to_end(&mut buf).await.unwrap();
+                    buf
+                }
+                CompressionAlgorithm::Brotli => {
+                    let mut encoder = BrotliEncoder::with_quality(
+                        reader,
+                        self.level.to_async_compression_level(),
+                    );
+                    let mut buf = Vec::new();
+                    encoder.read_to_end(&mut buf).await.unwrap();
+                    buf
+                }
+                CompressionAlgorithm::Deflate => {
+                    let mut encoder = DeflateEncoder::with_quality(
+                        reader,
+                        self.level.to_async_compression_level(),
+                    );
+                    let mut buf = Vec::new();
+                    encoder.read_to_end(&mut buf).await.unwrap();
+                    buf
+                }
+                CompressionAlgorithm::Zstd => {
+                    let mut encoder =
+                        ZstdEncoder::with_quality(reader, self.level.to_async_compression_level());
+                    let mut buf = Vec::new();
+                    encoder.read_to_end(&mut buf).await.unwrap();
+                    buf
+                }
+                CompressionAlgorithm::Identity => unreachable!(),
+            };
+            HttpBody::full(Bytes::from(compressed_bytes))
+        } else {
+            let stream = body.into_data_stream().map_err(std::io::Error::other);
+            let async_read_fut = StreamReader::new(stream);
+            let reader = BufReader::new(async_read_fut);
+            match compression_method {
+                CompressionAlgorithm::Gzip => stream_encode(GzipEncoder::with_quality(
+                    reader,
+                    self.level.to_async_compression_level(),
+                )),
+                CompressionAlgorithm::Brotli => stream_encode(BrotliEncoder::with_quality(
+                    reader,
+                    self.level.to_async_compression_level(),
+                )),
+                CompressionAlgorithm::Deflate => stream_encode(DeflateEncoder::with_quality(
+                    reader,
+                    self.level.to_async_compression_level(),
+                )),
+                CompressionAlgorithm::Zstd => stream_encode(ZstdEncoder::with_quality(
+                    reader,
+                    self.level.to_async_compression_level(),
+                )),
+                CompressionAlgorithm::Identity => unreachable!(),
+            }
+        };
+
+        update_content_encoding(&mut parts, compression_method.header_value());
+        parts.headers.remove(CONTENT_LENGTH);
+        debug!(
+            target: "middleware::compress",
+            "Response compressed"
+        );
+        Response::from_parts(parts, new_body)
+    }
+}
+impl FromValue for Compression {}

data/ext/itsi_server/src/server/middleware_stack/middlewares/cors.rs

@@ -0,0 +1,300 @@
+use super::{FromValue, MiddlewareLayer};
+use crate::{
+    server::http_message_types::{HttpBody, HttpRequest, HttpResponse, RequestExt},
+    services::itsi_http_service::HttpRequestContext,
+};
+
+use async_trait::async_trait;
+use http::{HeaderMap, Method, Response};
+use itsi_error::ItsiError;
+use magnus::error::Result;
+use serde::Deserialize;
+use tracing::debug;
+
+#[derive(Debug, Clone, Deserialize)]
+pub struct Cors {
+    pub allow_origins: Vec<String>,
+    pub allow_methods: Vec<HttpMethod>,
+    pub allow_headers: Vec<String>,
+    pub allow_credentials: bool,
+    pub expose_headers: Vec<String>,
+    pub max_age: Option<u64>,
+}
+
+#[derive(Debug, Clone, Deserialize)]
+pub enum HttpMethod {
+    #[serde(rename(deserialize = "GET"))]
+    Get,
+    #[serde(rename(deserialize = "POST"))]
+    Post,
+    #[serde(rename(deserialize = "PUT"))]
+    Put,
+    #[serde(rename(deserialize = "DELETE"))]
+    Delete,
+    #[serde(rename(deserialize = "OPTIONS"))]
+    Options,
+    #[serde(rename(deserialize = "HEAD"))]
+    Head,
+    #[serde(rename(deserialize = "PATCH"))]
+    Patch,
+}
+
+impl HttpMethod {
+    pub fn matches(&self, other: &str) -> bool {
+        match self {
+            HttpMethod::Get => other.eq_ignore_ascii_case("GET"),
+            HttpMethod::Post => other.eq_ignore_ascii_case("POST"),
+            HttpMethod::Put => other.eq_ignore_ascii_case("PUT"),
+            HttpMethod::Delete => other.eq_ignore_ascii_case("DELETE"),
+            HttpMethod::Options => other.eq_ignore_ascii_case("OPTIONS"),
+            HttpMethod::Head => other.eq_ignore_ascii_case("HEAD"),
+            HttpMethod::Patch => other.eq_ignore_ascii_case("PATCH"),
+        }
+    }
+
+    pub fn to_str(&self) -> &str {
+        match self {
+            HttpMethod::Get => "GET",
+            HttpMethod::Post => "POST",
+            HttpMethod::Put => "PUT",
+            HttpMethod::Delete => "DELETE",
+            HttpMethod::Options => "OPTIONS",
+            HttpMethod::Head => "HEAD",
+            HttpMethod::Patch => "PATCH",
+        }
+    }
+}
+
+impl Cors {
+    /// Generate the simple CORS headers (used in normal responses)
+    fn cors_headers(&self, origin: &str) -> Result<HeaderMap> {
+        let mut headers = HeaderMap::new();
+
+        headers.insert("Vary", "Origin".parse().map_err(ItsiError::new)?);
+
+        if origin.is_empty() {
+            // When credentials are allowed, you cannot return "*".
+            debug!(target: "middleware::cors", "Origin empty {}", origin);
+            if !self.allow_credentials {
+                headers.insert(
+                    "Access-Control-Allow-Origin",
+                    "*".parse().map_err(ItsiError::new)?,
+                );
+            }
+            return Ok(headers);
+        }
+
+        // Only return a header if the origin is allowed.
+        if self.allow_origins.iter().any(|o| o == origin || o == "*") {
+            // If credentials are allowed, we must echo back the exact origin.
+            let value = if self.allow_credentials {
+                origin
+            } else {
+                // If not, and if "*" is allowed, you can still use "*".
+                if self.allow_origins.iter().any(|o| o == "*") {
+                    "*"
+                } else {
+                    origin
+                }
+            };
+            headers.insert(
+                "Access-Control-Allow-Origin",
+                value.parse().map_err(ItsiError::new)?,
+            );
+        }
+
+        if !self.allow_methods.is_empty() {
+            headers.insert(
+                "Access-Control-Allow-Methods",
+                self.allow_methods
+                    .iter()
+                    .map(HttpMethod::to_str)
+                    .collect::<Vec<&str>>()
+                    .join(", ")
+                    .parse()
+                    .map_err(ItsiError::new)?,
+            );
+        }
+        if !self.allow_headers.is_empty() {
+            headers.insert(
+                "Access-Control-Allow-Headers",
+                self.allow_headers
+                    .join(", ")
+                    .parse()
+                    .map_err(ItsiError::new)?,
+            );
+        }
+        if self.allow_credentials {
+            headers.insert(
+                "Access-Control-Allow-Credentials",
+                "true".parse().map_err(ItsiError::new)?,
+            );
+        }
+        if let Some(max_age) = self.max_age {
+            headers.insert(
+                "Access-Control-Max-Age",
+                max_age.to_string().parse().map_err(ItsiError::new)?,
+            );
+        }
+        if !self.expose_headers.is_empty() {
+            headers.insert(
+                "Access-Control-Expose-Headers",
+                self.expose_headers
+                    .join(", ")
+                    .parse()
+                    .map_err(ItsiError::new)?,
+            );
+        }
+        Ok(headers)
+    }
+
+    fn preflight_headers(
+        &self,
+        origin: Option<&str>,
+        req_method: Option<&str>,
+        req_headers: Option<&str>,
+    ) -> Result<HeaderMap> {
+        let mut headers = HeaderMap::new();
+
+        headers.insert("Vary", "Origin".parse().map_err(ItsiError::new)?);
+
+        let origin = match origin {
+            Some(o) if !o.is_empty() => o,
+            _ => {
+                debug!(target: "middleware::cors", "Missing Origin – preflight fails");
+                return Ok(headers);
+            }
+        };
+
+        if !self
+            .allow_origins
+            .iter()
+            .any(|allowed| allowed == "*" || allowed == origin)
+        {
+            debug!(target: "middleware::cors", "Origin not allowed");
+            return Ok(headers);
+        }
+
+        let request_method = match req_method {
+            Some(m) if !m.is_empty() => m,
+            _ => {
+                debug!(target: "middleware::cors", "Missing request method – preflight fails");
+                return Ok(headers);
+            }
+        };
+
+        if !self.allow_methods.iter().any(|m| m.matches(request_method)) {
+            debug!(target: "middleware::cors", "Method not allowed");
+            return Ok(headers);
+        }
+
+        if let Some(request_headers) = req_headers {
+            let req_headers_list: Vec<&str> = request_headers
+                .split(',')
+                .map(|s| s.trim())
+                .filter(|s| !s.is_empty())
+                .collect();
+            for header in req_headers_list {
+                if !self
+                    .allow_headers
+                    .iter()
+                    .any(|allowed| allowed.eq_ignore_ascii_case(header))
+                {
+                    debug!(target: "middleware::cors", "Header not allowed {}", header);
+                    return Ok(headers);
+                }
+            }
+        }
+
+        headers.insert("Access-Control-Allow-Origin", origin.parse().unwrap());
+        headers.insert(
+            "Access-Control-Allow-Methods",
+            self.allow_methods
+                .iter()
+                .map(HttpMethod::to_str)
+                .collect::<Vec<&str>>()
+                .join(", ")
+                .parse()
+                .map_err(ItsiError::new)?,
+        );
+        headers.insert(
+            "Access-Control-Allow-Headers",
+            self.allow_headers
+                .join(", ")
+                .parse()
+                .map_err(ItsiError::new)?,
+        );
+        if self.allow_credentials {
+            headers.insert(
+                "Access-Control-Allow-Credentials",
+                "true".parse().map_err(ItsiError::new)?,
+            );
+        }
+        if let Some(max_age) = self.max_age {
+            headers.insert(
+                "Access-Control-Max-Age",
+                max_age.to_string().parse().map_err(ItsiError::new)?,
+            );
+        }
+        if !self.expose_headers.is_empty() {
+            headers.insert(
+                "Access-Control-Expose-Headers",
+                self.expose_headers
+                    .join(", ")
+                    .parse()
+                    .map_err(ItsiError::new)?,
+            );
+        }
+
+        Ok(headers)
+    }
+}
+
+#[async_trait]
+impl MiddlewareLayer for Cors {
+    // For OPTIONS (preflight) requests we:
+    // 1. Extract Origin, Access-Control-Request-Method, and Access-Control-Request-Headers.
+    // 2. Validate them using our hardened preflight_headers function.
+    // 3. If validations pass (i.e. headers is non-empty), return a 204 response with those headers.
+    // Otherwise, the absence of headers indicates the request doesn’t meet the CORS policy.
+    async fn before(
+        &self,
+        req: HttpRequest,
+        context: &mut HttpRequestContext,
+    ) -> Result<either::Either<HttpRequest, HttpResponse>> {
+        let origin = req.header("Origin");
+        debug!(target: "middleware::cors", "Origin: {:?}", origin);
+        if req.method() == Method::OPTIONS {
+            let ac_request_method = req.header("Access-Control-Request-Method");
+            let ac_request_headers = req.header("Access-Control-Request-Headers");
+            let headers = self.preflight_headers(origin, ac_request_method, ac_request_headers)?;
+            debug!(target: "middleware::cors", "Preflight Headers: {:?}", headers);
+            let mut response_builder = Response::builder().status(204);
+            *response_builder.headers_mut().unwrap() = headers;
+            let response = response_builder
+                .body(HttpBody::empty())
+                .map_err(ItsiError::new)?;
+            return Ok(either::Either::Right(response));
+        }
+        context.set_origin(origin.map(|s| s.to_string()));
+        Ok(either::Either::Left(req))
+    }
+
+    async fn after(
+        &self,
+        mut resp: HttpResponse,
+        context: &mut HttpRequestContext,
+    ) -> HttpResponse {
+        if let Some(Some(origin)) = context.origin.get() {
+            debug!(target: "middleware::cors", "fetching cors headers for origin {}", origin);
+            if let Ok(cors_headers) = self.cors_headers(origin) {
+                debug!(target: "middleware::cors", "Cors Headers: {:?}", cors_headers);
+                for (key, value) in cors_headers.iter() {
+                    resp.headers_mut().insert(key.clone(), value.clone());
+                }
+            }
+        }
+        resp
+    }
+}
+impl FromValue for Cors {}