github-mirrors/netris-nestri
1
0
Fork 0
mirror of https://github.com/nestriness/nestri.git synced 2025-12-12 16:55:37 +02:00
Code Issues Packages Projects Releases Wiki Activity

feat(maitred): Update maitred - hookup to the API (#198)

Browse Source 
## Description
We are attempting to hookup maitred to the API
Maitred duties will be:
- [ ] Hookup to the API
- [ ]  Wait for signal (from the API) to start Steam
- [ ] Stop signal to stop the gaming session, clean up Steam... and
maybe do the backup

## Summary by CodeRabbit

- **New Features**
- Introduced Docker-based deployment configurations for both the main
and relay applications.
- Added new API endpoints enabling real-time machine messaging and
enhanced IoT operations.
- Expanded database schema and actor types to support improved machine
tracking.

- **Improvements**
- Enhanced real-time communication and relay management with streamlined
room handling.
- Upgraded dependencies, logging, and error handling for greater
stability and performance.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Co-authored-by: DatCaptainHorse <DatCaptainHorse@users.noreply.github.com>
Co-authored-by: Kristian Ollikainen <14197772+DatCaptainHorse@users.noreply.github.com>
This commit is contained in:
Wanjohi
2025-04-07 23:23:53 +03:00
committed by GitHub
parent 6990494b34
commit de80f3e6ab
84 changed files with 7357 additions and 1331 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
packages/functions/src/api/auth.ts
View File

@@ -1,15 +1,20 @@
import { Resource } from "sst";
import { subjects } from "../subjects";
import { type MiddlewareHandler } from "hono";
import { VisibleError } from "@nestri/core/error";
import { ActorContext } from "@nestri/core/actor";
import { HTTPException } from "hono/http-exception";
import { useActor, withActor } from "@nestri/core/actor";
import { createClient } from "@openauthjs/openauth/client";
import { ErrorCodes, VisibleError } from "@nestri/core/error";
const client = createClient({
issuer: Resource.Urls.auth,
clientID: "api",
issuer: Resource.Urls.auth
});
export const notPublic: MiddlewareHandler = async (c, next) => {
const actor = useActor();
if (actor.type === "public")
@@ -42,16 +47,22 @@ export const auth: MiddlewareHandler = async (c, next) => {
"Invalid bearer token",
);
}
if (result.subject.type === "machine") {
console.log("machine detected")
return withActor(result.subject, next);
}
if (result.subject.type === "user") {
const teamID = c.req.header("x-nestri-team") //|| c.req.query("teamID");
if (!teamID) return withActor(result.subject, next);
// const email = result.subject.properties.email;
return withActor(
{
type: "system",
properties: {
teamID,
if (result.subject.type === "user") {
const teamID = c.req.header("x-nestri-team") //|| c.req.query("teamID");
if (!teamID) return withActor(result.subject, next);
// const email = result.subject.properties.email;
return withActor(
{
type: "system",
properties: {
teamID,
},
},
},
next
@@ -71,4 +82,5 @@ export const auth: MiddlewareHandler = async (c, next) => {
// },
);
}
return ActorContext.with({ type: "public", properties: {} }, next);
};

4
packages/functions/src/api/index.ts
View File

@@ -4,6 +4,7 @@ import { auth } from "./auth";
import { TeamApi } from "./team";
import { logger } from "hono/logger";
import { AccountApi } from "./account";
import { MachineApi } from "./machine";
import { openAPISpecs } from "hono-openapi";
import { HTTPException } from "hono/http-exception";
import { handle, streamHandle } from "hono/aws-lambda";
@@ -22,6 +23,7 @@ const routes = app
.get("/", (c) => c.text("Hello World!"))
.route("/team", TeamApi.route)
.route("/account", AccountApi.route)
.route("/machine", MachineApi.route)
.onError((error, c) => {
console.warn(error);
if (error instanceof VisibleError) {
@@ -38,7 +40,7 @@ const routes = app
code: ErrorCodes.Validation.INVALID_PARAMETER,
message: "Invalid request",
},
400,
error.status,
);
}
console.error("unhandled error:", error);

224
packages/functions/src/api/machine.ts Normal file
View File

@@ -0,0 +1,224 @@
import {z} from "zod"
import {Hono} from "hono";
import {notPublic} from "./auth";
import {Result} from "../common";
import {describeRoute} from "hono-openapi";
import {assertActor} from "@nestri/core/actor";
import {Realtime} from "@nestri/core/realtime/index";
import {validator} from "hono-openapi/zod";
import {CreateMessageSchema, StartMessageSchema, StopMessageSchema} from "./messages.ts";
export module MachineApi {
export const route = new Hono()
.use(notPublic)
.post("/",
describeRoute({
tags: ["Machine"],
summary: "Send messages to the machine",
description: "Send messages directly to the machine",
responses: {
200: {
content: {
"application/json": {
schema: Result(
z.literal("ok")
),
},
},
description: "Successfully sent the message to Maitred"
},
// 404: {
// content: {
// "application/json": {
// schema: resolver(z.object({ error: z.string() })),
// },
// },
// description: "This account does not exist",
// },
}
}),
validator(
"json",
z.any()
),
async (c) => {
const actor = assertActor("machine");
console.log("actor.id", actor.properties.machineID)
await Realtime.publish(c.req.valid("json"))
return c.json({
data: "ok"
}, 200);
},
)
.post("/:machineID/create",
describeRoute({
tags: ["Machine"],
summary: "Request to create a container for a specific machine",
description: "Publishes a message to create a container via MQTT for the given machine ID",
responses: {
200: {
content: {
"application/json": {
schema: Result(
z.object({
message: z.literal("create request sent"),
})
),
},
},
description: "Create request successfully sent to MQTT",
},
400: {
content: {
"application/json": {
schema: Result(
z.object({error: z.string()})
),
},
},
description: "Failed to publish create request",
},
},
}),
validator("json", CreateMessageSchema.shape.payload.optional()), // No payload required for create
async (c) => {
const actor = assertActor("machine");
const body = c.req.valid("json");
const message = {
type: "create" as const,
payload: body || {}, // Empty payload if none provided
};
try {
await Realtime.publish(message, "create");
console.log("Published create request to");
} catch (error) {
console.error("Failed to publish to MQTT:", error);
return c.json({error: "Failed to send create request"}, 400);
}
return c.json({
data: {
message: "create request sent",
},
}, 200);
}
)
.post("/:machineID/start",
describeRoute({
tags: ["Machine"],
summary: "Request to start a container for a specific machine",
description: "Publishes a message to start a container via MQTT for the given machine ID",
responses: {
200: {
content: {
"application/json": {
schema: Result(
z.object({
message: z.literal("start request sent"),
})
),
},
},
description: "Start request successfully sent to MQTT",
},
400: {
content: {
"application/json": {
schema: Result(
z.object({error: z.string()})
),
},
},
description: "Failed to publish start request",
},
},
}),
validator("json", StartMessageSchema.shape.payload), // Use the payload schema
async (c) => {
const actor = assertActor("machine");
const body = c.req.valid("json");
const message = {
type: "start" as const,
payload: {
container_id: body.container_id,
},
};
try {
await Realtime.publish(message, "start");
console.log("Published start request");
} catch (error) {
console.error("Failed to publish to MQTT:", error);
return c.json({error: "Failed to send start request"}, 400);
}
return c.json({
data: {
message: "start request sent",
},
}, 200);
}
)
.post("/:machineID/stop",
describeRoute({
tags: ["Machine"],
summary: "Request to stop a container for a specific machine",
description: "Publishes a message to stop a container via MQTT for the given machine ID",
responses: {
200: {
content: {
"application/json": {
schema: Result(
z.object({
message: z.literal("stop request sent"),
})
),
},
},
description: "Stop request successfully sent to MQTT",
},
400: {
content: {
"application/json": {
schema: Result(
z.object({error: z.string()})
),
},
},
description: "Failed to publish start request",
},
},
}),
validator("json", StopMessageSchema.shape.payload), // Use the payload schema
async (c) => {
const actor = assertActor("machine");
const body = c.req.valid("json");
const message = {
type: "stop" as const,
payload: {
container_id: body.container_id,
},
};
try {
await Realtime.publish(message, "stop");
console.log("Published stop request");
} catch (error) {
console.error("Failed to publish to MQTT:", error);
return c.json({error: "Failed to send stop request"}, 400);
}
return c.json({
data: {
message: "stop request sent",
},
}, 200);
}
)
}

54
packages/functions/src/api/messages.ts Normal file
View File

@@ -0,0 +1,54 @@
import { z } from "zod"
// Base message interface
export interface BaseMessage {
type: string; // e.g., "start", "stop", "status"
payload: Record<string, any>; // Generic payload, refined by specific types
}
// Specific message types
export interface StartMessage extends BaseMessage {
type: "start";
payload: {
container_id: string;
[key: string]: any; // Allow additional fields for future expansion
};
}
// Example future message type
export interface StopMessage extends BaseMessage {
type: "stop";
payload: {
container_id: string;
[key: string]: any;
};
}
// Union type for all possible messages (expandable)
export type MachineMessage = StartMessage | StopMessage; // Add more types as needed
// Zod schema for validation
export const BaseMessageSchema = z.object({
type: z.string(),
payload: z.record(z.any()),
});
export const CreateMessageSchema = BaseMessageSchema.extend({
type: z.literal("create"),
});
export const StartMessageSchema = BaseMessageSchema.extend({
type: z.literal("start"),
payload: z.object({
container_id: z.string(),
}).passthrough(),
});
export const StopMessageSchema = BaseMessageSchema.extend({
type: z.literal("stop"),
payload: z.object({
container_id: z.string(),
}).passthrough(),
});
export const MachineMessageSchema = z.union([StartMessageSchema, StopMessageSchema]);

72
packages/functions/src/auth.ts
View File

@@ -9,6 +9,7 @@ import { User } from "@nestri/core/user/index"
import { Email } from "@nestri/core/email/index";
import { handleDiscord, handleGithub } from "./utils";
import { GithubAdapter } from "./ui/adapters/github";
import { Machine } from "@nestri/core/machine/index"
import { DiscordAdapter } from "./ui/adapters/discord";
import { PasswordAdapter } from "./ui/adapters/password"
import { type Provider } from "@openauthjs/openauth/provider/provider"
@@ -22,10 +23,11 @@ type OauthUser = {
avatar: any;
username: any;
}
const app = issuer({
select: Select({
providers: {
device: {
machine: {
hide: true,
},
},
@@ -73,29 +75,24 @@ const app = issuer({
},
}),
),
device: {
type: "device",
machine: {
type: "machine",
async client(input) {
if (input.clientSecret !== Resource.AuthFingerprintKey.value) {
throw new Error("Invalid authorization token");
}
const teamSlug = input.params.team;
if (!teamSlug) {
throw new Error("Team slug is required");
}
const hostname = input.params.hostname;
if (!hostname) {
const fingerprint = input.params.fingerprint;
if (!fingerprint) {
throw new Error("Hostname is required");
}
return {
hostname,
teamSlug
fingerprint,
};
},
init() { }
} as Provider<{ teamSlug: string; hostname: string; }>,
} as Provider<{ fingerprint: string; }>,
},
allow: async (input) => {
const url = new URL(input.redirectURI);
@@ -104,20 +101,45 @@ const app = issuer({
if (hostname === "localhost") return true;
return false;
},
success: async (ctx, value) => {
// if (value.provider === "device") {
// const team = await Teams.fromSlug(value.teamSlug)
// console.log("team", team)
// console.log("teamSlug", value.teamSlug)
// if (team) {
// await Instances.create({ hostname: value.hostname, teamID: team.id })
success: async (ctx, value, req) => {
if (value.provider === "machine") {
const countryCode = req.headers.get('CloudFront-Viewer-Country') || 'Unknown'
const country = req.headers.get('CloudFront-Viewer-Country-Name') || 'Unknown'
const latitude = Number(req.headers.get('CloudFront-Viewer-Latitude')) || 0
const longitude = Number(req.headers.get('CloudFront-Viewer-Longitude')) || 0
const timezone = req.headers.get('CloudFront-Viewer-Time-Zone') || 'Unknown'
const fingerprint = value.fingerprint
// return await ctx.subject("device", {
// teamSlug: value.teamSlug,
// hostname: value.hostname,
// })
// }
// }
const existing = await Machine.fromFingerprint(fingerprint)
if (!existing) {
const machineID = await Machine.create({
countryCode,
country,
fingerprint,
timezone,
location: {
latitude,
longitude
}
})
return ctx.subject("machine", {
machineID,
fingerprint
});
}
return ctx.subject("machine", {
machineID: existing.id,
fingerprint
});
}
//TODO: This works, so use this while registering the task
// console.log("country_code", req.headers.get('CloudFront-Viewer-Country'))
// console.log("country_name", req.headers.get('CloudFront-Viewer-Country-Name'))
// console.log("latitude", req.headers.get('CloudFront-Viewer-Latitude'))
// console.log("longitude", req.headers.get('CloudFront-Viewer-Longitude'))
// console.log("timezone", req.headers.get('CloudFront-Viewer-Time-Zone'))
if (value.provider === "password") {
const email = value.email

38
packages/functions/src/party/authorizer.ts
View File

@@ -1,38 +0,0 @@
import { Resource } from "sst";
import { subjects } from "../subjects";
import { realtime } from "sst/aws/realtime";
import { createClient } from "@openauthjs/openauth/client";
export const handler = realtime.authorizer(async (token) => {
//TODO: Use the following criteria for a topic - team-slug/container-id (container ids are not unique globally)
//TODO: Allow the authorizer to subscriber/publisher to listen on - team-slug topics only (as the container will listen on the team-slug/container-id topic to be specific)
// Return the topics to subscribe and publish
const client = createClient({
clientID: "api",
issuer: Resource.Urls.auth
});
const result = await client.verify(subjects, token);
if (result.err) {
console.log("error", result.err)
return {
subscribe: [],
publish: [],
};
}
if (result.subject.type != "device") {
return {
subscribe: [],
publish: [],
};
}
return {
//It can publish and listen to other instances under this team
subscribe: [`${Resource.App.name}/${Resource.App.stage}/${result.subject.properties.teamSlug}/*`],
publish: [`${Resource.App.name}/${Resource.App.stage}/${result.subject.properties.teamSlug}/*`],
};
});

40
packages/functions/src/realtime/authorizer.ts Normal file
View File

@@ -0,0 +1,40 @@
import { Resource } from "sst";
import { subjects } from "../subjects";
import { realtime } from "sst/aws/realtime";
import { createClient } from "@openauthjs/openauth/client";
const client = createClient({
clientID: "realtime",
issuer: Resource.Urls.auth
});
export const handler = realtime.authorizer(async (token) => {
console.log("token", token)
const result = await client.verify(subjects, token);
if (result.err) {
console.log("error", result.err)
return {
subscribe: [],
publish: [],
};
}
if (result.subject.type == "machine") {
console.log("machineID", result.subject.properties.machineID)
console.log("fingerprint", result.subject.properties.fingerprint)
return {
//It can publish and listen to other instances under this machineID
publish: [`${Resource.App.name}/${Resource.App.stage}/${result.subject.properties.fingerprint}/*`],
subscribe: [`${Resource.App.name}/${Resource.App.stage}/${result.subject.properties.fingerprint}/*`],
};
}
return {
publish: [],
subscribe: [],
};
});

0
packages/functions/src/party/create.ts → packages/functions/src/realtime/create.ts
View File

0
packages/functions/src/party/subscriber.ts → packages/functions/src/realtime/subscriber.ts
View File

9
packages/functions/src/subjects.ts
View File

@@ -1,5 +1,4 @@
import * as v from "valibot"
import { Subscription } from "./type"
import { createSubjects } from "@openauthjs/openauth/subject"
export const subjects = createSubjects({
@@ -7,8 +6,8 @@ export const subjects = createSubjects({
email: v.string(),
userID: v.string(),
}),
// device: v.object({
// teamSlug: v.string(),
// hostname: v.string(),
// })
machine: v.object({
fingerprint: v.string(),
machineID: v.string(),
})
})