lox/crates/lox-distributor/src/main.rs

use std::{
    convert::Infallible,
    net::SocketAddr,
    sync::{Arc, Mutex},
};

use hyper::{
    header::HeaderValue,
    service::{make_service_fn, service_fn},
    Body, Request, Response, Server,
};
use rand::RngCore;
use serde::{Deserialize, Serialize};
use serde_json;
use serde_with::serde_as;

use lox::bridge_table::BridgeLine;
use lox::{BridgeAuth, BridgeDb, OPENINV_LENGTH};

#[serde_as]
#[derive(Serialize, Deserialize)]
pub struct Invite {
    #[serde_as(as = "[_; OPENINV_LENGTH]")]
    invite: [u8; OPENINV_LENGTH],
}

/// Create a random BridgeLine for testing ONLY. Do not use in production!
/// This was copied directly from lox/src/bridge_table.rs in order
/// to easily initialize a bridgedb/bridgeauth with structurally
/// correct buckets to be used for Lox requests/verifications/responses.
/// In production, existing bridges should be translated into this format
/// in a private function and sorted into buckets (3 bridges/bucket is suggested
/// but experience may suggest something else) in some intelligent way.

pub fn random() -> BridgeLine {
    let mut rng = rand::thread_rng();
    let mut res: BridgeLine = BridgeLine::default();
    // Pick a random 4-byte address
    let mut addr: [u8; 4] = [0; 4];
    rng.fill_bytes(&mut addr);
    // If the leading byte is 224 or more, that's not a valid IPv4
    // address.  Choose an IPv6 address instead (but don't worry too
    // much about it being well formed).
    if addr[0] >= 224 {
        rng.fill_bytes(&mut res.addr);
    } else {
        // Store an IPv4 address as a v4-mapped IPv6 address
        res.addr[10] = 255;
        res.addr[11] = 255;
        res.addr[12..16].copy_from_slice(&addr);
    };
    let ports: [u16; 4] = [443, 4433, 8080, 43079];
    let portidx = (rng.next_u32() % 4) as usize;
    res.port = ports[portidx];
    let mut fingerprint: [u8; 20] = [0; 20];
    let mut cert: [u8; 52] = [0; 52];
    rng.fill_bytes(&mut fingerprint);
    rng.fill_bytes(&mut cert);
    let infostr: String = format!(
        "obfs4 {} cert={} iat-mode=0",
        hex_fmt::HexFmt(fingerprint),
        base64::encode_config(cert, base64::STANDARD_NO_PAD)
    );
    res.info[..infostr.len()].copy_from_slice(infostr.as_bytes());
    res
}

#[tokio::main]
async fn main() {
    let num_buckets = 5;
    // Create and initialize a new db and bridgeauth
    let mut bridgedb = BridgeDb::new();
    let mut bridgeauth = BridgeAuth::new(bridgedb.pubkey);
    // Make 3 x num_buckets open invitation bridges, in sets of 3
    for _ in 0..num_buckets {
        let bucket = [
            random(),
            random(),
            random(),
        ];
    bridgeauth.add_openinv_bridges(bucket, &mut bridgedb);
    }

    // Create the encrypted bridge table
    bridgeauth.enc_bridge_table();

    let db = Arc::new(Mutex::new(bridgedb));

    let new_service = make_service_fn(move |_conn| {
        let db = db.clone();
        async move {
            Ok::<_, Infallible>(service_fn(move |_req: Request<Body>| {
                let db = db.clone();
                async move { Ok::<_, Infallible>(generate_invite(db)) }
            }))
        }
    });

    let addr = SocketAddr::from(([127, 0, 0, 1], 8001));
    let server = Server::bind(&addr).serve(new_service);
    let graceful = server.with_graceful_shutdown(shutdown_signal());
    println!("Listening on {}", addr);

    if let Err(e) = graceful.await {
        eprintln!("server error: {}", e);
    }
}

async fn shutdown_signal() {
    tokio::signal::ctrl_c()
        .await
        .expect("failed to listen for ctrl+c signal");
}

fn generate_invite(db: Arc<Mutex<lox::BridgeDb>>) -> Response<Body> {
    let obj = db.lock().unwrap();
    let invite = Invite {
        invite: obj.invite(),
    };
    let token = serde_json::to_string(&invite).unwrap();
    let mut resp = Response::new(Body::from(token));
    resp.headers_mut()
        .insert("Access-Control-Allow-Origin", HeaderValue::from_static("*"));
    resp
}