this repo has no description
lewis.moe
1use crate::api::proxy_client::{
2 is_ssrf_safe, proxy_client, validate_at_uri, validate_limit, MAX_RESPONSE_SIZE,
3};
4use crate::api::ApiError;
5use crate::state::AppState;
6use axum::{
7 extract::{Query, State},
8 http::StatusCode,
9 response::{IntoResponse, Response},
10};
11use serde::Deserialize;
12use std::collections::HashMap;
13use tracing::{error, info};
14
15#[derive(Deserialize)]
16pub struct GetFeedParams {
17 pub feed: String,
18 pub limit: Option<u32>,
19 pub cursor: Option<String>,
20}
21
22pub async fn get_feed(
23 State(state): State<AppState>,
24 headers: axum::http::HeaderMap,
25 Query(params): Query<GetFeedParams>,
26) -> Response {
27 let token = match crate::auth::extract_bearer_token_from_header(
28 headers.get("Authorization").and_then(|h| h.to_str().ok()),
29 ) {
30 Some(t) => t,
31 None => return ApiError::AuthenticationRequired.into_response(),
32 };
33
34 if let Err(e) = crate::auth::validate_bearer_token(&state.db, &token).await {
35 return ApiError::from(e).into_response();
36 };
37
38 if let Err(e) = validate_at_uri(¶ms.feed) {
39 return ApiError::InvalidRequest(format!("Invalid feed URI: {}", e)).into_response();
40 }
41
42 let auth_header = headers.get("Authorization").and_then(|h| h.to_str().ok());
43
44 let appview_url = match std::env::var("APPVIEW_URL") {
45 Ok(url) => url,
46 Err(_) => {
47 return ApiError::UpstreamUnavailable("No upstream AppView configured".to_string())
48 .into_response();
49 }
50 };
51
52 if let Err(e) = is_ssrf_safe(&appview_url) {
53 error!("SSRF check failed for appview URL: {}", e);
54 return ApiError::UpstreamUnavailable(format!("Invalid upstream URL: {}", e))
55 .into_response();
56 }
57
58 let limit = validate_limit(params.limit, 50, 100);
59 let mut query_params = HashMap::new();
60 query_params.insert("feed".to_string(), params.feed.clone());
61 query_params.insert("limit".to_string(), limit.to_string());
62 if let Some(cursor) = ¶ms.cursor {
63 query_params.insert("cursor".to_string(), cursor.clone());
64 }
65
66 let target_url = format!("{}/xrpc/app.bsky.feed.getFeed", appview_url);
67 info!(target = %target_url, feed = %params.feed, "Proxying getFeed request");
68
69 let client = proxy_client();
70 let mut request_builder = client.get(&target_url).query(&query_params);
71
72 if let Some(auth) = auth_header {
73 request_builder = request_builder.header("Authorization", auth);
74 }
75
76 match request_builder.send().await {
77 Ok(resp) => {
78 let status =
79 StatusCode::from_u16(resp.status().as_u16()).unwrap_or(StatusCode::BAD_GATEWAY);
80
81 let content_length = resp.content_length().unwrap_or(0);
82 if content_length > MAX_RESPONSE_SIZE {
83 error!(
84 content_length,
85 max = MAX_RESPONSE_SIZE,
86 "getFeed response too large"
87 );
88 return ApiError::UpstreamFailure.into_response();
89 }
90
91 let resp_headers = resp.headers().clone();
92 let body = match resp.bytes().await {
93 Ok(b) => {
94 if b.len() as u64 > MAX_RESPONSE_SIZE {
95 error!(len = b.len(), "getFeed response body exceeded limit");
96 return ApiError::UpstreamFailure.into_response();
97 }
98 b
99 }
100 Err(e) => {
101 error!(error = ?e, "Error reading getFeed response");
102 return ApiError::UpstreamFailure.into_response();
103 }
104 };
105
106 let mut response_builder = axum::response::Response::builder().status(status);
107 if let Some(ct) = resp_headers.get("content-type") {
108 response_builder = response_builder.header("content-type", ct);
109 }
110
111 match response_builder.body(axum::body::Body::from(body)) {
112 Ok(r) => r,
113 Err(e) => {
114 error!(error = ?e, "Error building getFeed response");
115 ApiError::UpstreamFailure.into_response()
116 }
117 }
118 }
119 Err(e) => {
120 error!(error = ?e, "Error proxying getFeed");
121 if e.is_timeout() {
122 ApiError::UpstreamTimeout.into_response()
123 } else if e.is_connect() {
124 ApiError::UpstreamUnavailable("Failed to connect to upstream".to_string())
125 .into_response()
126 } else {
127 ApiError::UpstreamFailure.into_response()
128 }
129 }
130 }
131}