this repo has no description
lewis.moe
1use crate::api::proxy_client::{
2 is_ssrf_safe, proxy_client, validate_at_uri, validate_limit, MAX_RESPONSE_SIZE,
3};
4use crate::api::ApiError;
5use crate::state::AppState;
6use axum::{
7 extract::{Query, State},
8 http::StatusCode,
9 response::{IntoResponse, Response},
10};
11use serde::Deserialize;
12use std::collections::HashMap;
13use tracing::{error, info};
14
15#[derive(Deserialize)]
16pub struct GetFeedParams {
17 pub feed: String,
18 pub limit: Option<u32>,
19 pub cursor: Option<String>,
20}
21
22pub async fn get_feed(
23 State(state): State<AppState>,
24 headers: axum::http::HeaderMap,
25 Query(params): Query<GetFeedParams>,
26) -> Response {
27 let token = match crate::auth::extract_bearer_token_from_header(
28 headers.get("Authorization").and_then(|h| h.to_str().ok()),
29 ) {
30 Some(t) => t,
31 None => return ApiError::AuthenticationRequired.into_response(),
32 };
33 if let Err(e) = crate::auth::validate_bearer_token(&state.db, &token).await {
34 return ApiError::from(e).into_response();
35 };
36 if let Err(e) = validate_at_uri(¶ms.feed) {
37 return ApiError::InvalidRequest(format!("Invalid feed URI: {}", e)).into_response();
38 }
39 let auth_header = headers.get("Authorization").and_then(|h| h.to_str().ok());
40 let appview_url = match std::env::var("APPVIEW_URL") {
41 Ok(url) => url,
42 Err(_) => {
43 return ApiError::UpstreamUnavailable("No upstream AppView configured".to_string())
44 .into_response();
45 }
46 };
47 if let Err(e) = is_ssrf_safe(&appview_url) {
48 error!("SSRF check failed for appview URL: {}", e);
49 return ApiError::UpstreamUnavailable(format!("Invalid upstream URL: {}", e))
50 .into_response();
51 }
52 let limit = validate_limit(params.limit, 50, 100);
53 let mut query_params = HashMap::new();
54 query_params.insert("feed".to_string(), params.feed.clone());
55 query_params.insert("limit".to_string(), limit.to_string());
56 if let Some(cursor) = ¶ms.cursor {
57 query_params.insert("cursor".to_string(), cursor.clone());
58 }
59 let target_url = format!("{}/xrpc/app.bsky.feed.getFeed", appview_url);
60 info!(target = %target_url, feed = %params.feed, "Proxying getFeed request");
61 let client = proxy_client();
62 let mut request_builder = client.get(&target_url).query(&query_params);
63 if let Some(auth) = auth_header {
64 request_builder = request_builder.header("Authorization", auth);
65 }
66 match request_builder.send().await {
67 Ok(resp) => {
68 let status =
69 StatusCode::from_u16(resp.status().as_u16()).unwrap_or(StatusCode::BAD_GATEWAY);
70 let content_length = resp.content_length().unwrap_or(0);
71 if content_length > MAX_RESPONSE_SIZE {
72 error!(
73 content_length,
74 max = MAX_RESPONSE_SIZE,
75 "getFeed response too large"
76 );
77 return ApiError::UpstreamFailure.into_response();
78 }
79 let resp_headers = resp.headers().clone();
80 let body = match resp.bytes().await {
81 Ok(b) => {
82 if b.len() as u64 > MAX_RESPONSE_SIZE {
83 error!(len = b.len(), "getFeed response body exceeded limit");
84 return ApiError::UpstreamFailure.into_response();
85 }
86 b
87 }
88 Err(e) => {
89 error!(error = ?e, "Error reading getFeed response");
90 return ApiError::UpstreamFailure.into_response();
91 }
92 };
93 let mut response_builder = axum::response::Response::builder().status(status);
94 if let Some(ct) = resp_headers.get("content-type") {
95 response_builder = response_builder.header("content-type", ct);
96 }
97 match response_builder.body(axum::body::Body::from(body)) {
98 Ok(r) => r,
99 Err(e) => {
100 error!(error = ?e, "Error building getFeed response");
101 ApiError::UpstreamFailure.into_response()
102 }
103 }
104 }
105 Err(e) => {
106 error!(error = ?e, "Error proxying getFeed");
107 if e.is_timeout() {
108 ApiError::UpstreamTimeout.into_response()
109 } else if e.is_connect() {
110 ApiError::UpstreamUnavailable("Failed to connect to upstream".to_string())
111 .into_response()
112 } else {
113 ApiError::UpstreamFailure.into_response()
114 }
115 }
116 }
117}