tranquil.farm
Our Personal Data Server from scratch!
tranquil.farm
oauth
atproto
pds
rust
postgresql
objectstorage
fun
feat: initial in-house cache distribution
lewis.moe
+19
.config/nextest.toml
+19
.config/nextest.toml
···
5
retries = 0
6
fail-fast = true
7
test-threads = "num-cpus"
8
9
[profile.ci]
10
retries = 2
11
fail-fast = false
12
test-threads = "num-cpus"
13
14
[test-groups]
15
serial-env-tests = { max-threads = 1 }
16
17
[[profile.default.overrides]]
18
filter = "test(/import_with_verification/) | test(/plc_migration/)"
19
test-group = "serial-env-tests"
20
21
[[profile.ci.overrides]]
22
filter = "test(/import_with_verification/) | test(/plc_migration/)"
23
test-group = "serial-env-tests"
···
5
retries = 0
6
fail-fast = true
7
test-threads = "num-cpus"
8
+
slow-timeout = { period = "30s", terminate-after = 4 }
9
10
[profile.ci]
11
retries = 2
12
fail-fast = false
13
test-threads = "num-cpus"
14
+
slow-timeout = { period = "30s", terminate-after = 4 }
15
16
[test-groups]
17
serial-env-tests = { max-threads = 1 }
18
+
heavy-load-tests = { max-threads = 4 }
19
20
[[profile.default.overrides]]
21
filter = "test(/import_with_verification/) | test(/plc_migration/)"
22
test-group = "serial-env-tests"
23
24
+
[[profile.default.overrides]]
25
+
filter = "binary(ripple_cluster)"
26
+
test-group = "serial-env-tests"
27
+
28
+
[[profile.default.overrides]]
29
+
filter = "binary(whole_story)"
30
+
test-group = "heavy-load-tests"
31
+
32
[[profile.ci.overrides]]
33
filter = "test(/import_with_verification/) | test(/plc_migration/)"
34
test-group = "serial-env-tests"
35
+
36
+
[[profile.ci.overrides]]
37
+
filter = "binary(ripple_cluster)"
38
+
test-group = "serial-env-tests"
39
+
40
+
[[profile.ci.overrides]]
41
+
filter = "binary(whole_story)"
42
+
test-group = "heavy-load-tests"
+10
-2
.env.example
+10
-2
.env.example
···
41
# BACKUP_RETENTION_COUNT=7
42
# BACKUP_INTERVAL_SECS=86400
43
# =============================================================================
44
-
# Valkey (for caching and distributed rate limiting)
45
# =============================================================================
46
-
# If not set, falls back to in-memory caching (single-node only)
47
# VALKEY_URL=redis://localhost:6379
48
# =============================================================================
49
# Security Secrets
50
# =============================================================================
···
41
# BACKUP_RETENTION_COUNT=7
42
# BACKUP_INTERVAL_SECS=86400
43
# =============================================================================
44
+
# Cache & Rate Limiting
45
# =============================================================================
46
+
# Ripple (in-process CRDT cache) is the default. No config needed for single-node.
47
+
# Set VALKEY_URL to use valkey instead (disables ripple).
48
# VALKEY_URL=redis://localhost:6379
49
+
#
50
+
# Ripple multi-node settings (only needed when clustering):
51
+
# RIPPLE_BIND=0.0.0.0:7890
52
+
# RIPPLE_PEERS=10.0.0.2:7890,10.0.0.3:7890
53
+
# RIPPLE_MACHINE_ID=1
54
+
# RIPPLE_GOSSIP_INTERVAL_MS=200
55
+
# RIPPLE_CACHE_MAX_MB=256
56
# =============================================================================
57
# Security Secrets
58
# =============================================================================
+70
Cargo.lock
+70
Cargo.lock
···
867
]
868
869
[[package]]
870
name = "bitflags"
871
version = "2.10.0"
872
source = "registry+https://github.com/rust-lang/crates.io-index"
···
2014
version = "1.0.7"
2015
source = "registry+https://github.com/rust-lang/crates.io-index"
2016
checksum = "3f9eec918d3f24069decb9af1554cad7c880e2da24a9afd88aca000531ab82c1"
2017
2018
[[package]]
2019
name = "foldhash"
···
5957
"async-trait",
5958
"base64 0.22.1",
5959
"redis",
5960
"tracing",
5961
"tranquil-infra",
5962
]
5963
5964
[[package]]
···
6131
"tranquil-db-traits",
6132
"tranquil-oauth",
6133
"tranquil-repo",
6134
"tranquil-scopes",
6135
"tranquil-storage",
6136
"tranquil-types",
···
6154
]
6155
6156
[[package]]
6157
name = "tranquil-scopes"
6158
version = "0.1.0"
6159
dependencies = [
···
6301
checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1"
6302
6303
[[package]]
6304
name = "ureq"
6305
version = "3.1.4"
6306
source = "registry+https://github.com/rust-lang/crates.io-index"
···
6389
version = "0.9.5"
6390
source = "registry+https://github.com/rust-lang/crates.io-index"
6391
checksum = "0b928f33d975fc6ad9f86c8f283853ad26bdd5b10b7f1542aa2fa15e2289105a"
6392
6393
[[package]]
6394
name = "vsimd"
···
867
]
868
869
[[package]]
870
+
name = "bincode"
871
+
version = "2.0.1"
872
+
source = "registry+https://github.com/rust-lang/crates.io-index"
873
+
checksum = "36eaf5d7b090263e8150820482d5d93cd964a81e4019913c972f4edcc6edb740"
874
+
dependencies = [
875
+
"bincode_derive",
876
+
"serde",
877
+
"unty",
878
+
]
879
+
880
+
[[package]]
881
+
name = "bincode_derive"
882
+
version = "2.0.1"
883
+
source = "registry+https://github.com/rust-lang/crates.io-index"
884
+
checksum = "bf95709a440f45e986983918d0e8a1f30a9b1df04918fc828670606804ac3c09"
885
+
dependencies = [
886
+
"virtue",
887
+
]
888
+
889
+
[[package]]
890
name = "bitflags"
891
version = "2.10.0"
892
source = "registry+https://github.com/rust-lang/crates.io-index"
···
2034
version = "1.0.7"
2035
source = "registry+https://github.com/rust-lang/crates.io-index"
2036
checksum = "3f9eec918d3f24069decb9af1554cad7c880e2da24a9afd88aca000531ab82c1"
2037
+
2038
+
[[package]]
2039
+
name = "foca"
2040
+
version = "1.0.0"
2041
+
source = "registry+https://github.com/rust-lang/crates.io-index"
2042
+
checksum = "1f59e967f3f675997e4a4a6b99d2a75148d59d64c46211b78b4f34ebb951b273"
2043
+
dependencies = [
2044
+
"bincode",
2045
+
"bytes",
2046
+
"rand 0.9.2",
2047
+
"serde",
2048
+
"tracing",
2049
+
]
2050
2051
[[package]]
2052
name = "foldhash"
···
5990
"async-trait",
5991
"base64 0.22.1",
5992
"redis",
5993
+
"tokio-util",
5994
"tracing",
5995
"tranquil-infra",
5996
+
"tranquil-ripple",
5997
]
5998
5999
[[package]]
···
6166
"tranquil-db-traits",
6167
"tranquil-oauth",
6168
"tranquil-repo",
6169
+
"tranquil-ripple",
6170
"tranquil-scopes",
6171
"tranquil-storage",
6172
"tranquil-types",
···
6190
]
6191
6192
[[package]]
6193
+
name = "tranquil-ripple"
6194
+
version = "0.1.0"
6195
+
dependencies = [
6196
+
"async-trait",
6197
+
"backon",
6198
+
"bincode",
6199
+
"bytes",
6200
+
"foca",
6201
+
"futures",
6202
+
"parking_lot",
6203
+
"rand 0.9.2",
6204
+
"serde",
6205
+
"thiserror 2.0.17",
6206
+
"tokio",
6207
+
"tokio-util",
6208
+
"tracing",
6209
+
"tracing-subscriber",
6210
+
"tranquil-infra",
6211
+
"uuid",
6212
+
]
6213
+
6214
+
[[package]]
6215
name = "tranquil-scopes"
6216
version = "0.1.0"
6217
dependencies = [
···
6359
checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1"
6360
6361
[[package]]
6362
+
name = "unty"
6363
+
version = "0.0.4"
6364
+
source = "registry+https://github.com/rust-lang/crates.io-index"
6365
+
checksum = "6d49784317cd0d1ee7ec5c716dd598ec5b4483ea832a2dced265471cc0f690ae"
6366
+
6367
+
[[package]]
6368
name = "ureq"
6369
version = "3.1.4"
6370
source = "registry+https://github.com/rust-lang/crates.io-index"
···
6453
version = "0.9.5"
6454
source = "registry+https://github.com/rust-lang/crates.io-index"
6455
checksum = "0b928f33d975fc6ad9f86c8f283853ad26bdd5b10b7f1542aa2fa15e2289105a"
6456
+
6457
+
[[package]]
6458
+
name = "virtue"
6459
+
version = "0.0.18"
6460
+
source = "registry+https://github.com/rust-lang/crates.io-index"
6461
+
checksum = "051eb1abcf10076295e815102942cc58f9d5e3b4560e46e53c21e8ff6f3af7b1"
6462
6463
[[package]]
6464
name = "vsimd"
+6
-1
Cargo.toml
+6
-1
Cargo.toml
···
6
"crates/tranquil-crypto",
7
"crates/tranquil-storage",
8
"crates/tranquil-cache",
9
"crates/tranquil-repo",
10
"crates/tranquil-scopes",
11
"crates/tranquil-auth",
···
17
]
18
19
[workspace.package]
20
-
version = "0.1.0"
21
edition = "2024"
22
license = "AGPL-3.0-or-later"
23
···
34
tranquil-comms = { path = "crates/tranquil-comms" }
35
tranquil-db-traits = { path = "crates/tranquil-db-traits" }
36
tranquil-db = { path = "crates/tranquil-db" }
37
38
aes-gcm = "0.10"
39
backon = "1"
40
anyhow = "1.0"
41
async-trait = "0.1"
42
aws-config = "1.8"
···
51
cid = "0.11"
52
dotenvy = "0.15"
53
ed25519-dalek = { version = "2.1", features = ["pkcs8"] }
54
futures = "0.3"
55
futures-util = "0.3"
56
governor = "0.10"
···
70
metrics = "0.24"
71
metrics-exporter-prometheus = { version = "0.16", default-features = false, features = ["http-listener"] }
72
multibase = "0.9"
73
multihash = "0.19"
74
p256 = { version = "0.13", features = ["ecdsa"] }
75
p384 = { version = "0.13", features = ["ecdsa"] }
···
6
"crates/tranquil-crypto",
7
"crates/tranquil-storage",
8
"crates/tranquil-cache",
9
+
"crates/tranquil-ripple",
10
"crates/tranquil-repo",
11
"crates/tranquil-scopes",
12
"crates/tranquil-auth",
···
18
]
19
20
[workspace.package]
21
+
version = "0.2.0"
22
edition = "2024"
23
license = "AGPL-3.0-or-later"
24
···
35
tranquil-comms = { path = "crates/tranquil-comms" }
36
tranquil-db-traits = { path = "crates/tranquil-db-traits" }
37
tranquil-db = { path = "crates/tranquil-db" }
38
+
tranquil-ripple = { path = "crates/tranquil-ripple" }
39
40
aes-gcm = "0.10"
41
backon = "1"
42
+
bincode = { version = "2", features = ["serde"] }
43
anyhow = "1.0"
44
async-trait = "0.1"
45
aws-config = "1.8"
···
54
cid = "0.11"
55
dotenvy = "0.15"
56
ed25519-dalek = { version = "2.1", features = ["pkcs8"] }
57
+
foca = { version = "1", features = ["bincode-codec", "tracing"] }
58
futures = "0.3"
59
futures-util = "0.3"
60
governor = "0.10"
···
74
metrics = "0.24"
75
metrics-exporter-prometheus = { version = "0.16", default-features = false, features = ["http-listener"] }
76
multibase = "0.9"
77
+
parking_lot = "0.12"
78
multihash = "0.19"
79
p256 = { version = "0.13", features = ["ecdsa"] }
80
p384 = { version = "0.13", features = ["ecdsa"] }
+1
-1
README.md
+1
-1
README.md
···
14
15
It is a superset of the reference PDS, including: passkeys and 2FA (WebAuthn/FIDO2, TOTP, backup codes, trusted devices), SSO login and signup, did:web support (PDS-hosted subdomains or bring-your-own), multi-channel communication (email, discord, telegram, signal) for verification and alerts, granular OAuth scopes with a consent UI showing human-readable descriptions, app passwords with granular permissions (read-only, post-only, or custom scopes), account delegation (letting others manage an account with configurable permission levels), automatic backups (configurable retention and frequency, one-click restore), and a built-in web UI for account management, OAuth consent, repo browsing, and admin.
16
17
-
The PDS itself is a single small binary with no node/npm runtime. It requires postgres and stores blobs on the local filesystem. Valkey is optional (enables distributed rate limiting for multi-node setups).
18
19
## Quick Start
20
···
14
15
It is a superset of the reference PDS, including: passkeys and 2FA (WebAuthn/FIDO2, TOTP, backup codes, trusted devices), SSO login and signup, did:web support (PDS-hosted subdomains or bring-your-own), multi-channel communication (email, discord, telegram, signal) for verification and alerts, granular OAuth scopes with a consent UI showing human-readable descriptions, app passwords with granular permissions (read-only, post-only, or custom scopes), account delegation (letting others manage an account with configurable permission levels), automatic backups (configurable retention and frequency, one-click restore), and a built-in web UI for account management, OAuth consent, repo browsing, and admin.
16
17
+
The PDS itself is a single small binary with no node/npm runtime. It requires postgres. Blobs are stored on the local filesystem by default (S3 optional). Valkey is optional (supported as an alternative to the built-in cache).
18
19
## Quick Start
20
+2
crates/tranquil-cache/Cargo.toml
+2
crates/tranquil-cache/Cargo.toml
+58
-28
crates/tranquil-cache/src/lib.rs
+58
-28
crates/tranquil-cache/src/lib.rs
···
42
redis::cmd("SET")
43
.arg(key)
44
.arg(value)
45
-
.arg("EX")
46
-
.arg(ttl.as_secs() as i64)
47
.query_async::<()>(&mut conn)
48
.await
49
.map_err(|e| CacheError::Connection(e.to_string()))
···
114
let mut conn = self.conn.clone();
115
let full_key = format!("rl:{}", key);
116
let window_secs = window_ms.div_ceil(1000).max(1) as i64;
117
-
let count: Result<i64, _> = redis::cmd("INCR")
118
-
.arg(&full_key)
119
-
.query_async(&mut conn)
120
-
.await;
121
-
let count = match count {
122
-
Ok(c) => c,
123
Err(e) => {
124
-
tracing::warn!("Redis rate limit INCR failed: {}. Allowing request.", e);
125
-
return true;
126
}
127
-
};
128
-
if count == 1 {
129
-
let _: Result<bool, redis::RedisError> = redis::cmd("EXPIRE")
130
-
.arg(&full_key)
131
-
.arg(window_secs)
132
-
.query_async(&mut conn)
133
-
.await;
134
}
135
-
count <= limit as i64
136
}
137
}
138
···
145
}
146
}
147
148
-
pub async fn create_cache() -> (Arc<dyn Cache>, Arc<dyn DistributedRateLimiter>) {
149
-
match std::env::var("VALKEY_URL") {
150
-
Ok(url) => match ValkeyCache::new(&url).await {
151
Ok(cache) => {
152
-
tracing::info!("Connected to Valkey cache at {}", url);
153
let rate_limiter = Arc::new(RedisRateLimiter::new(cache.connection()));
154
-
(Arc::new(cache), rate_limiter)
155
}
156
Err(e) => {
157
-
tracing::warn!("Failed to connect to Valkey: {}. Running without cache.", e);
158
-
(Arc::new(NoOpCache), Arc::new(NoOpRateLimiter))
159
}
160
-
},
161
-
Err(_) => {
162
-
tracing::info!("VALKEY_URL not set. Running without cache.");
163
(Arc::new(NoOpCache), Arc::new(NoOpRateLimiter))
164
}
165
}
···
42
redis::cmd("SET")
43
.arg(key)
44
.arg(value)
45
+
.arg("PX")
46
+
.arg(ttl.as_millis().min(i64::MAX as u128) as i64)
47
.query_async::<()>(&mut conn)
48
.await
49
.map_err(|e| CacheError::Connection(e.to_string()))
···
114
let mut conn = self.conn.clone();
115
let full_key = format!("rl:{}", key);
116
let window_secs = window_ms.div_ceil(1000).max(1) as i64;
117
+
let result: Result<i64, _> = redis::Script::new(
118
+
r"local c = redis.call('INCR', KEYS[1])
119
+
if c == 1 then redis.call('EXPIRE', KEYS[1], ARGV[1]) end
120
+
if redis.call('TTL', KEYS[1]) == -1 then redis.call('EXPIRE', KEYS[1], ARGV[1]) end
121
+
return c"
122
+
)
123
+
.key(&full_key)
124
+
.arg(window_secs)
125
+
.invoke_async(&mut conn)
126
+
.await;
127
+
match result {
128
+
Ok(count) => count <= limit as i64,
129
Err(e) => {
130
+
tracing::warn!(error = %e, "redis rate limit script failed, allowing request");
131
+
true
132
}
133
}
134
+
}
135
+
136
+
async fn peek_rate_limit_count(&self, key: &str, _window_ms: u64) -> u64 {
137
+
let mut conn = self.conn.clone();
138
+
let full_key = format!("rl:{}", key);
139
+
redis::cmd("GET")
140
+
.arg(&full_key)
141
+
.query_async::<Option<u64>>(&mut conn)
142
+
.await
143
+
.ok()
144
+
.flatten()
145
+
.unwrap_or(0)
146
}
147
}
148
···
155
}
156
}
157
158
+
pub async fn create_cache(
159
+
shutdown: tokio_util::sync::CancellationToken,
160
+
) -> (Arc<dyn Cache>, Arc<dyn DistributedRateLimiter>) {
161
+
if let Ok(url) = std::env::var("VALKEY_URL") {
162
+
match ValkeyCache::new(&url).await {
163
Ok(cache) => {
164
+
tracing::info!("using valkey cache at {url}");
165
let rate_limiter = Arc::new(RedisRateLimiter::new(cache.connection()));
166
+
return (Arc::new(cache), rate_limiter);
167
}
168
Err(e) => {
169
+
tracing::warn!("failed to connect to valkey: {e}. falling back to ripple.");
170
+
}
171
+
}
172
+
}
173
+
174
+
match tranquil_ripple::RippleConfig::from_env() {
175
+
Ok(config) => {
176
+
let peer_count = config.seed_peers.len();
177
+
match tranquil_ripple::RippleEngine::start(config, shutdown).await {
178
+
Ok((cache, rate_limiter, _bound_addr)) => {
179
+
match peer_count {
180
+
0 => tracing::info!("ripple cache started (single-node)"),
181
+
n => tracing::info!("ripple cache started ({n} seed peers)"),
182
+
}
183
+
(cache, rate_limiter)
184
+
}
185
+
Err(e) => {
186
+
tracing::error!("ripple engine failed to start: {e}. running without cache.");
187
+
(Arc::new(NoOpCache), Arc::new(NoOpRateLimiter))
188
+
}
189
}
190
+
}
191
+
Err(e) => {
192
+
tracing::error!("ripple config error: {e}. running without cache.");
193
(Arc::new(NoOpCache), Arc::new(NoOpRateLimiter))
194
}
195
}
+3
crates/tranquil-infra/src/lib.rs
+3
crates/tranquil-infra/src/lib.rs
+1
crates/tranquil-pds/Cargo.toml
+1
crates/tranquil-pds/Cargo.toml
+23
-16
crates/tranquil-pds/src/api/repo/blob.rs
+23
-16
crates/tranquil-pds/src/api/repo/blob.rs
···
30
);
31
}
32
detected
33
-
} else if client_hint == "*/*" || client_hint.is_empty() {
34
-
warn!(
35
-
"Could not detect MIME type and client sent invalid hint: '{}'",
36
-
client_hint
37
-
);
38
-
"application/octet-stream".to_string()
39
} else {
40
-
client_hint.to_string()
41
}
42
}
43
···
85
.user_repo
86
.get_id_by_did(&did)
87
.await
88
-
.ok()
89
-
.flatten()
90
.ok_or(ApiError::InternalError(None))?;
91
92
let temp_key = format!("temp/{}", uuid::Uuid::new_v4());
···
136
};
137
let cid = Cid::new_v1(0x55, multihash);
138
let cid_str = cid.to_string();
139
-
let cid_link: CidLink = unsafe { CidLink::new_unchecked(&cid_str) };
140
let storage_key = cid_str.clone();
141
142
info!(
···
144
size, cid_str
145
);
146
147
-
let was_inserted = match state
148
.blob_repo
149
.insert_blob(&cid_link, &mime_type, size as i64, user_id, &storage_key)
150
.await
151
{
152
-
Ok(Some(_)) => true,
153
-
Ok(None) => false,
154
Err(e) => {
155
let _ = state.blob_store.delete(&temp_key).await;
156
error!("Failed to insert blob record: {:?}", e);
···
158
}
159
};
160
161
-
if was_inserted && let Err(e) = state.blob_store.copy(&temp_key, &storage_key).await {
162
let _ = state.blob_store.delete(&temp_key).await;
163
error!("Failed to copy blob to final location: {:?}", e);
164
return Err(ApiError::InternalError(Some("Failed to store blob".into())));
165
}
···
167
let _ = state.blob_store.delete(&temp_key).await;
168
169
if let Some(ref controller) = controller_did {
170
-
let _ = state
171
.delegation_repo
172
.log_delegation_action(
173
&did,
···
182
None,
183
None,
184
)
185
-
.await;
186
}
187
188
Ok(Json(json!({
···
30
);
31
}
32
detected
33
} else {
34
+
match client_hint {
35
+
"" | "*/*" => "application/octet-stream".to_string(),
36
+
hint if hint.starts_with("text/html") || hint.starts_with("application/xhtml") => {
37
+
"application/octet-stream".to_string()
38
+
}
39
+
hint => hint.to_string(),
40
+
}
41
}
42
}
43
···
85
.user_repo
86
.get_id_by_did(&did)
87
.await
88
+
.log_db_err("fetching user id for blob upload")?
89
.ok_or(ApiError::InternalError(None))?;
90
91
let temp_key = format!("temp/{}", uuid::Uuid::new_v4());
···
135
};
136
let cid = Cid::new_v1(0x55, multihash);
137
let cid_str = cid.to_string();
138
+
let cid_link: CidLink = CidLink::new(&cid_str).map_err(|e| {
139
+
error!("Failed to construct CidLink from computed CID: {:?}", e);
140
+
ApiError::InternalError(Some("Failed to construct CID".into()))
141
+
})?;
142
let storage_key = cid_str.clone();
143
144
info!(
···
146
size, cid_str
147
);
148
149
+
match state
150
.blob_repo
151
.insert_blob(&cid_link, &mime_type, size as i64, user_id, &storage_key)
152
.await
153
{
154
+
Ok(_) => {}
155
Err(e) => {
156
let _ = state.blob_store.delete(&temp_key).await;
157
error!("Failed to insert blob record: {:?}", e);
···
159
}
160
};
161
162
+
if let Err(e) = state.blob_store.copy(&temp_key, &storage_key).await {
163
let _ = state.blob_store.delete(&temp_key).await;
164
+
if let Err(db_err) = state.blob_repo.delete_blob_by_cid(&cid_link).await {
165
+
error!("Failed to clean up orphaned blob record after copy failure: {:?}", db_err);
166
+
}
167
error!("Failed to copy blob to final location: {:?}", e);
168
return Err(ApiError::InternalError(Some("Failed to store blob".into())));
169
}
···
171
let _ = state.blob_store.delete(&temp_key).await;
172
173
if let Some(ref controller) = controller_did {
174
+
if let Err(e) = state
175
.delegation_repo
176
.log_delegation_action(
177
&did,
···
186
None,
187
None,
188
)
189
+
.await
190
+
{
191
+
warn!("Failed to log delegation action for blob upload: {:?}", e);
192
+
}
193
}
194
195
Ok(Json(json!({
+40
-16
crates/tranquil-pds/src/state.rs
+40
-16
crates/tranquil-pds/src/state.rs
···
13
use sqlx::PgPool;
14
use std::error::Error;
15
use std::sync::Arc;
16
use tokio::sync::broadcast;
17
use tokio_util::sync::CancellationToken;
18
use tranquil_db::{
···
20
OAuthRepository, PostgresRepositories, RepoEventNotifier, RepoRepository, SessionRepository,
21
SsoRepository, UserRepository,
22
};
23
24
#[derive(Clone)]
25
pub struct AppState {
···
173
174
pub async fn from_db(db: PgPool, shutdown: CancellationToken) -> Self {
175
AuthConfig::init();
176
177
let repos = Arc::new(PostgresRepositories::new(db.clone()));
178
let block_store = PostgresBlockStore::new(db);
···
188
let rate_limiters = Arc::new(RateLimiters::new());
189
let repo_write_locks = Arc::new(RepoWriteLocks::new());
190
let circuit_breakers = Arc::new(CircuitBreakers::new());
191
-
let (cache, distributed_rate_limiter) = create_cache().await;
192
let did_resolver = Arc::new(DidResolver::new());
193
let sso_config = SsoConfig::init();
194
let sso_manager = SsoManager::from_config(sso_config);
···
231
self
232
}
233
234
pub fn with_circuit_breakers(mut self, circuit_breakers: CircuitBreakers) -> Self {
235
self.circuit_breakers = Arc::new(circuit_breakers);
236
self
237
}
238
239
pub async fn check_rate_limit(&self, kind: RateLimitKind, client_ip: &str) -> bool {
240
-
if std::env::var("DISABLE_RATE_LIMITING").is_ok() {
241
return true;
242
}
243
244
-
let key = format!("{}:{}", kind.key_prefix(), client_ip);
245
let limiter_name = kind.key_prefix();
246
-
let (limit, window_ms) = kind.limit_and_window_ms();
247
-
248
-
if !self
249
-
.distributed_rate_limiter
250
-
.check_rate_limit(&key, limit, window_ms)
251
-
.await
252
-
{
253
-
crate::metrics::record_rate_limit_rejection(limiter_name);
254
-
return false;
255
-
}
256
257
let limiter = match kind {
258
RateLimitKind::Login => &self.rate_limiters.login,
···
277
RateLimitKind::HandleVerification => &self.rate_limiters.handle_verification,
278
};
279
280
-
let ok = limiter.check_key(&client_ip.to_string()).is_ok();
281
-
if !ok {
282
crate::metrics::record_rate_limit_rejection(limiter_name);
283
}
284
-
ok
285
}
286
}
···
13
use sqlx::PgPool;
14
use std::error::Error;
15
use std::sync::Arc;
16
+
use std::sync::atomic::{AtomicBool, Ordering};
17
use tokio::sync::broadcast;
18
use tokio_util::sync::CancellationToken;
19
use tranquil_db::{
···
21
OAuthRepository, PostgresRepositories, RepoEventNotifier, RepoRepository, SessionRepository,
22
SsoRepository, UserRepository,
23
};
24
+
25
+
static RATE_LIMITING_DISABLED: AtomicBool = AtomicBool::new(false);
26
+
27
+
pub fn init_rate_limit_override() {
28
+
let disabled = std::env::var("DISABLE_RATE_LIMITING").is_ok();
29
+
RATE_LIMITING_DISABLED.store(disabled, Ordering::Relaxed);
30
+
if disabled {
31
+
tracing::warn!("rate limiting is DISABLED via DISABLE_RATE_LIMITING env var");
32
+
}
33
+
}
34
35
#[derive(Clone)]
36
pub struct AppState {
···
184
185
pub async fn from_db(db: PgPool, shutdown: CancellationToken) -> Self {
186
AuthConfig::init();
187
+
init_rate_limit_override();
188
189
let repos = Arc::new(PostgresRepositories::new(db.clone()));
190
let block_store = PostgresBlockStore::new(db);
···
200
let rate_limiters = Arc::new(RateLimiters::new());
201
let repo_write_locks = Arc::new(RepoWriteLocks::new());
202
let circuit_breakers = Arc::new(CircuitBreakers::new());
203
+
let (cache, distributed_rate_limiter) = create_cache(shutdown.clone()).await;
204
let did_resolver = Arc::new(DidResolver::new());
205
let sso_config = SsoConfig::init();
206
let sso_manager = SsoManager::from_config(sso_config);
···
243
self
244
}
245
246
+
pub fn with_cache(
247
+
mut self,
248
+
cache: Arc<dyn Cache>,
249
+
distributed_rate_limiter: Arc<dyn DistributedRateLimiter>,
250
+
) -> Self {
251
+
self.cache = cache;
252
+
self.distributed_rate_limiter = distributed_rate_limiter;
253
+
self
254
+
}
255
+
256
pub fn with_circuit_breakers(mut self, circuit_breakers: CircuitBreakers) -> Self {
257
self.circuit_breakers = Arc::new(circuit_breakers);
258
self
259
}
260
261
pub async fn check_rate_limit(&self, kind: RateLimitKind, client_ip: &str) -> bool {
262
+
if RATE_LIMITING_DISABLED.load(Ordering::Relaxed) {
263
return true;
264
}
265
266
let limiter_name = kind.key_prefix();
267
268
let limiter = match kind {
269
RateLimitKind::Login => &self.rate_limiters.login,
···
288
RateLimitKind::HandleVerification => &self.rate_limiters.handle_verification,
289
};
290
291
+
if limiter.check_key(&client_ip.to_string()).is_err() {
292
+
crate::metrics::record_rate_limit_rejection(limiter_name);
293
+
return false;
294
+
}
295
+
296
+
let key = format!("{}:{}", kind.key_prefix(), client_ip);
297
+
let (limit, window_ms) = kind.limit_and_window_ms();
298
+
299
+
if !self
300
+
.distributed_rate_limiter
301
+
.check_rate_limit(&key, limit, window_ms)
302
+
.await
303
+
{
304
crate::metrics::record_rate_limit_rejection(limiter_name);
305
+
return false;
306
}
307
+
308
+
true
309
}
310
}
+1
-1
crates/tranquil-pds/tests/admin_search.rs
+1
-1
crates/tranquil-pds/tests/admin_search.rs
+270
-72
crates/tranquil-pds/tests/common/mod.rs
+270
-72
crates/tranquil-pds/tests/common/mod.rs
···
9
use serde_json::{Value, json};
10
use sqlx::postgres::PgPoolOptions;
11
use std::collections::HashMap;
12
use std::path::PathBuf;
13
use std::sync::{Arc, OnceLock, RwLock};
14
#[allow(unused_imports)]
15
use std::time::Duration;
16
use tokio::net::TcpListener;
17
use tokio_util::sync::CancellationToken;
18
use tranquil_pds::state::AppState;
19
use wiremock::matchers::{method, path};
20
use wiremock::{Mock, MockServer, Request, Respond, ResponseTemplate};
···
25
static MOCK_PLC: OnceLock<MockServer> = OnceLock::new();
26
static TEST_DB_POOL: OnceLock<sqlx::PgPool> = OnceLock::new();
27
static TEST_TEMP_DIR: OnceLock<PathBuf> = OnceLock::new();
28
29
#[cfg(all(not(feature = "external-infra"), feature = "s3-storage"))]
30
use testcontainers::GenericImage;
···
139
std::env::var("DATABASE_URL").expect("DATABASE_URL must be set when using external infra");
140
let plc_url = setup_mock_plc_directory().await;
141
unsafe {
142
-
if std::env::var("S3_ENDPOINT").is_ok() {
143
-
let s3_endpoint = std::env::var("S3_ENDPOINT").unwrap();
144
-
std::env::set_var("BLOB_STORAGE_BACKEND", "s3");
145
-
std::env::set_var("BACKUP_STORAGE_BACKEND", "s3");
146
-
std::env::set_var("BACKUP_S3_BUCKET", "test-backups");
147
-
std::env::set_var(
148
-
"S3_BUCKET",
149
-
std::env::var("S3_BUCKET").unwrap_or_else(|_| "test-bucket".to_string()),
150
-
);
151
-
std::env::set_var(
152
-
"AWS_ACCESS_KEY_ID",
153
-
std::env::var("AWS_ACCESS_KEY_ID").unwrap_or_else(|_| "minioadmin".to_string()),
154
-
);
155
-
std::env::set_var(
156
-
"AWS_SECRET_ACCESS_KEY",
157
-
std::env::var("AWS_SECRET_ACCESS_KEY").unwrap_or_else(|_| "minioadmin".to_string()),
158
-
);
159
-
std::env::set_var(
160
-
"AWS_REGION",
161
-
std::env::var("AWS_REGION").unwrap_or_else(|_| "us-east-1".to_string()),
162
-
);
163
-
std::env::set_var("S3_ENDPOINT", &s3_endpoint);
164
-
} else if std::env::var("BLOB_STORAGE_PATH").is_ok() {
165
-
std::env::set_var("BLOB_STORAGE_BACKEND", "filesystem");
166
-
std::env::set_var("BACKUP_STORAGE_BACKEND", "filesystem");
167
-
} else {
168
-
panic!("Either S3_ENDPOINT or BLOB_STORAGE_PATH must be set for external-infra");
169
-
}
170
-
std::env::set_var("MAX_IMPORT_SIZE", "100000000");
171
-
std::env::set_var("SKIP_IMPORT_VERIFICATION", "true");
172
std::env::set_var("PLC_DIRECTORY_URL", &plc_url);
173
}
174
-
let mock_server = MockServer::start().await;
175
-
setup_mock_appview(&mock_server).await;
176
-
let mock_uri = mock_server.uri();
177
-
let mock_host = mock_uri.strip_prefix("http://").unwrap_or(&mock_uri);
178
-
let mock_did = format!("did:web:{}", mock_host.replace(':', "%3A"));
179
-
setup_mock_did_document(&mock_server, &mock_did, &mock_uri).await;
180
-
MOCK_APPVIEW.set(mock_server).ok();
181
spawn_app(database_url).await
182
}
183
···
199
std::env::set_var("SKIP_IMPORT_VERIFICATION", "true");
200
std::env::set_var("PLC_DIRECTORY_URL", &plc_url);
201
}
202
-
let mock_server = MockServer::start().await;
203
-
setup_mock_appview(&mock_server).await;
204
-
let mock_uri = mock_server.uri();
205
-
let mock_host = mock_uri.strip_prefix("http://").unwrap_or(&mock_uri);
206
-
let mock_did = format!("did:web:{}", mock_host.replace(':', "%3A"));
207
-
setup_mock_did_document(&mock_server, &mock_did, &mock_uri).await;
208
-
MOCK_APPVIEW.set(mock_server).ok();
209
let container = Postgres::default()
210
.with_tag("18-alpine")
211
.with_label("tranquil_pds_test", "true")
···
275
.bucket("test-backups")
276
.send()
277
.await;
278
-
let mock_server = MockServer::start().await;
279
-
setup_mock_appview(&mock_server).await;
280
-
let mock_uri = mock_server.uri();
281
-
let mock_host = mock_uri.strip_prefix("http://").unwrap_or(&mock_uri);
282
-
let mock_did = format!("did:web:{}", mock_host.replace(':', "%3A"));
283
-
setup_mock_did_document(&mock_server, &mock_did, &mock_uri).await;
284
-
MOCK_APPVIEW.set(mock_server).ok();
285
S3_CONTAINER.set(s3_container).ok();
286
let container = Postgres::default()
287
.with_tag("18-alpine")
···
324
325
async fn setup_mock_appview(_mock_server: &MockServer) {}
326
327
type PlcOperationStore = Arc<RwLock<HashMap<String, Value>>>;
328
329
struct PlcPostResponder {
···
515
plc_url
516
}
517
518
-
async fn spawn_app(database_url: String) -> String {
519
use tranquil_pds::rate_limit::RateLimiters;
520
-
let pool = PgPoolOptions::new()
521
-
.max_connections(10)
522
-
.acquire_timeout(std::time::Duration::from_secs(30))
523
-
.connect(&database_url)
524
-
.await
525
-
.expect("Failed to connect to Postgres. Make sure the database is running.");
526
-
sqlx::migrate!("./migrations")
527
-
.run(&pool)
528
-
.await
529
-
.expect("Failed to run migrations");
530
-
let test_pool = PgPoolOptions::new()
531
-
.max_connections(5)
532
-
.acquire_timeout(std::time::Duration::from_secs(30))
533
-
.connect(&database_url)
534
-
.await
535
-
.expect("Failed to create test pool");
536
-
TEST_DB_POOL.set(test_pool).ok();
537
let listener = TcpListener::bind("127.0.0.1:0").await.unwrap();
538
let addr = listener.local_addr().unwrap();
539
-
APP_PORT.set(addr.port()).ok();
540
unsafe {
541
std::env::set_var("PDS_HOSTNAME", format!("pds.test:{}", addr.port()));
542
}
···
547
.with_email_update_limit(10000)
548
.with_oauth_authorize_limit(10000)
549
.with_oauth_token_limit(10000);
550
-
let state = AppState::from_db(pool, CancellationToken::new())
551
.await
552
.with_rate_limiters(rate_limiters);
553
tranquil_pds::sync::listener::start_sequencer_listener(state.clone()).await;
554
let app = tranquil_pds::app(state);
555
tokio::spawn(async move {
556
axum::serve(listener, app).await.unwrap();
557
});
558
-
format!("http://localhost:{}", addr.port())
559
}
560
561
#[allow(dead_code)]
···
9
use serde_json::{Value, json};
10
use sqlx::postgres::PgPoolOptions;
11
use std::collections::HashMap;
12
+
use std::net::SocketAddr;
13
use std::path::PathBuf;
14
use std::sync::{Arc, OnceLock, RwLock};
15
#[allow(unused_imports)]
16
use std::time::Duration;
17
use tokio::net::TcpListener;
18
use tokio_util::sync::CancellationToken;
19
+
use tranquil_pds::cache::{Cache, DistributedRateLimiter};
20
use tranquil_pds::state::AppState;
21
use wiremock::matchers::{method, path};
22
use wiremock::{Mock, MockServer, Request, Respond, ResponseTemplate};
···
27
static MOCK_PLC: OnceLock<MockServer> = OnceLock::new();
28
static TEST_DB_POOL: OnceLock<sqlx::PgPool> = OnceLock::new();
29
static TEST_TEMP_DIR: OnceLock<PathBuf> = OnceLock::new();
30
+
static CLUSTER: OnceLock<Vec<ServerInstance>> = OnceLock::new();
31
+
32
+
#[allow(dead_code)]
33
+
pub struct ServerConfig {
34
+
pub pool: sqlx::PgPool,
35
+
pub cache: Option<(Arc<dyn Cache>, Arc<dyn DistributedRateLimiter>)>,
36
+
}
37
+
38
+
#[allow(dead_code)]
39
+
#[derive(Clone)]
40
+
pub struct ServerInstance {
41
+
pub url: String,
42
+
pub port: u16,
43
+
pub cache: Option<Arc<dyn Cache>>,
44
+
pub distributed_rate_limiter: Option<Arc<dyn DistributedRateLimiter>>,
45
+
}
46
47
#[cfg(all(not(feature = "external-infra"), feature = "s3-storage"))]
48
use testcontainers::GenericImage;
···
157
std::env::var("DATABASE_URL").expect("DATABASE_URL must be set when using external infra");
158
let plc_url = setup_mock_plc_directory().await;
159
unsafe {
160
+
configure_external_storage_env();
161
std::env::set_var("PLC_DIRECTORY_URL", &plc_url);
162
}
163
+
register_mock_appview().await;
164
spawn_app(database_url).await
165
}
166
···
182
std::env::set_var("SKIP_IMPORT_VERIFICATION", "true");
183
std::env::set_var("PLC_DIRECTORY_URL", &plc_url);
184
}
185
+
register_mock_appview().await;
186
let container = Postgres::default()
187
.with_tag("18-alpine")
188
.with_label("tranquil_pds_test", "true")
···
252
.bucket("test-backups")
253
.send()
254
.await;
255
+
register_mock_appview().await;
256
S3_CONTAINER.set(s3_container).ok();
257
let container = Postgres::default()
258
.with_tag("18-alpine")
···
295
296
async fn setup_mock_appview(_mock_server: &MockServer) {}
297
298
+
async fn register_mock_appview() {
299
+
let mock_server = MockServer::start().await;
300
+
setup_mock_appview(&mock_server).await;
301
+
let mock_uri = mock_server.uri();
302
+
let mock_host = mock_uri.strip_prefix("http://").unwrap_or(&mock_uri);
303
+
let mock_did = format!("did:web:{}", mock_host.replace(':', "%3A"));
304
+
setup_mock_did_document(&mock_server, &mock_did, &mock_uri).await;
305
+
MOCK_APPVIEW.set(mock_server).ok();
306
+
}
307
+
308
+
unsafe fn configure_external_storage_env() {
309
+
unsafe {
310
+
if std::env::var("S3_ENDPOINT").is_ok() {
311
+
let s3_endpoint = std::env::var("S3_ENDPOINT").unwrap();
312
+
std::env::set_var("BLOB_STORAGE_BACKEND", "s3");
313
+
std::env::set_var("BACKUP_STORAGE_BACKEND", "s3");
314
+
std::env::set_var("BACKUP_S3_BUCKET", "test-backups");
315
+
std::env::set_var(
316
+
"S3_BUCKET",
317
+
std::env::var("S3_BUCKET").unwrap_or_else(|_| "test-bucket".to_string()),
318
+
);
319
+
std::env::set_var(
320
+
"AWS_ACCESS_KEY_ID",
321
+
std::env::var("AWS_ACCESS_KEY_ID").unwrap_or_else(|_| "minioadmin".to_string()),
322
+
);
323
+
std::env::set_var(
324
+
"AWS_SECRET_ACCESS_KEY",
325
+
std::env::var("AWS_SECRET_ACCESS_KEY").unwrap_or_else(|_| "minioadmin".to_string()),
326
+
);
327
+
std::env::set_var(
328
+
"AWS_REGION",
329
+
std::env::var("AWS_REGION").unwrap_or_else(|_| "us-east-1".to_string()),
330
+
);
331
+
std::env::set_var("S3_ENDPOINT", &s3_endpoint);
332
+
} else {
333
+
let process_dir = std::env::temp_dir().join(format!(
334
+
"tranquil-pds-test-{}",
335
+
std::process::id()
336
+
));
337
+
let blob_path = process_dir.join("blobs");
338
+
let backup_path = process_dir.join("backups");
339
+
std::fs::create_dir_all(&blob_path).expect("Failed to create blob directory");
340
+
std::fs::create_dir_all(&backup_path).expect("Failed to create backup directory");
341
+
TEST_TEMP_DIR.set(process_dir).ok();
342
+
std::env::set_var("BLOB_STORAGE_BACKEND", "filesystem");
343
+
std::env::set_var("BLOB_STORAGE_PATH", blob_path.to_str().unwrap());
344
+
std::env::set_var("BACKUP_STORAGE_BACKEND", "filesystem");
345
+
std::env::set_var("BACKUP_STORAGE_PATH", backup_path.to_str().unwrap());
346
+
}
347
+
std::env::set_var("MAX_IMPORT_SIZE", "100000000");
348
+
std::env::set_var("SKIP_IMPORT_VERIFICATION", "true");
349
+
}
350
+
}
351
+
352
type PlcOperationStore = Arc<RwLock<HashMap<String, Value>>>;
353
354
struct PlcPostResponder {
···
540
plc_url
541
}
542
543
+
async fn spawn_server(config: ServerConfig) -> ServerInstance {
544
use tranquil_pds::rate_limit::RateLimiters;
545
let listener = TcpListener::bind("127.0.0.1:0").await.unwrap();
546
let addr = listener.local_addr().unwrap();
547
unsafe {
548
std::env::set_var("PDS_HOSTNAME", format!("pds.test:{}", addr.port()));
549
}
···
554
.with_email_update_limit(10000)
555
.with_oauth_authorize_limit(10000)
556
.with_oauth_token_limit(10000);
557
+
let cache_refs = config.cache.as_ref().map(|(c, r)| (c.clone(), r.clone()));
558
+
let mut state = AppState::from_db(config.pool, CancellationToken::new())
559
.await
560
.with_rate_limiters(rate_limiters);
561
+
if let Some((cache, distributed_rate_limiter)) = config.cache {
562
+
state = state.with_cache(cache, distributed_rate_limiter);
563
+
}
564
tranquil_pds::sync::listener::start_sequencer_listener(state.clone()).await;
565
let app = tranquil_pds::app(state);
566
tokio::spawn(async move {
567
axum::serve(listener, app).await.unwrap();
568
});
569
+
let (cache, distributed_rate_limiter) = cache_refs
570
+
.map(|(c, r)| (Some(c), Some(r)))
571
+
.unwrap_or((None, None));
572
+
ServerInstance {
573
+
url: format!("http://localhost:{}", addr.port()),
574
+
port: addr.port(),
575
+
cache,
576
+
distributed_rate_limiter,
577
+
}
578
+
}
579
+
580
+
async fn spawn_app(database_url: String) -> String {
581
+
let pool = PgPoolOptions::new()
582
+
.max_connections(10)
583
+
.acquire_timeout(std::time::Duration::from_secs(30))
584
+
.connect(&database_url)
585
+
.await
586
+
.expect("Failed to connect to Postgres. Make sure the database is running.");
587
+
sqlx::migrate!("./migrations")
588
+
.run(&pool)
589
+
.await
590
+
.expect("Failed to run migrations");
591
+
let test_pool = PgPoolOptions::new()
592
+
.max_connections(2)
593
+
.acquire_timeout(std::time::Duration::from_secs(30))
594
+
.connect(&database_url)
595
+
.await
596
+
.expect("Failed to create test pool");
597
+
TEST_DB_POOL.set(test_pool).ok();
598
+
let instance = spawn_server(ServerConfig { pool, cache: None }).await;
599
+
APP_PORT.set(instance.port).ok();
600
+
instance.url
601
+
}
602
+
603
+
#[allow(dead_code)]
604
+
pub async fn spawn_cluster(database_url: String, node_count: usize) -> Vec<ServerInstance> {
605
+
use tranquil_ripple::{RippleConfig, RippleEngine};
606
+
607
+
let pool = PgPoolOptions::new()
608
+
.max_connections(10)
609
+
.acquire_timeout(std::time::Duration::from_secs(30))
610
+
.connect(&database_url)
611
+
.await
612
+
.expect("Failed to connect to Postgres for cluster");
613
+
sqlx::migrate!("./migrations")
614
+
.run(&pool)
615
+
.await
616
+
.expect("Failed to run migrations for cluster");
617
+
let test_pool = PgPoolOptions::new()
618
+
.max_connections(2)
619
+
.acquire_timeout(std::time::Duration::from_secs(30))
620
+
.connect(&database_url)
621
+
.await
622
+
.expect("Failed to create test pool for cluster");
623
+
TEST_DB_POOL.set(test_pool).ok();
624
+
625
+
let shutdown = CancellationToken::new();
626
+
627
+
let mut ripple_nodes: Vec<(Arc<dyn Cache>, Arc<dyn DistributedRateLimiter>)> =
628
+
Vec::with_capacity(node_count);
629
+
let mut bound_addrs: Vec<SocketAddr> = Vec::with_capacity(node_count);
630
+
631
+
for i in 0..node_count {
632
+
let config = RippleConfig {
633
+
bind_addr: "127.0.0.1:0".parse().unwrap(),
634
+
seed_peers: bound_addrs.clone(),
635
+
machine_id: i as u64 + 1,
636
+
gossip_interval_ms: 100,
637
+
cache_max_bytes: 64 * 1024 * 1024,
638
+
};
639
+
let (cache, rate_limiter, addr) = RippleEngine::start(config, shutdown.clone())
640
+
.await
641
+
.expect("failed to start ripple node");
642
+
bound_addrs.push(addr);
643
+
ripple_nodes.push((cache, rate_limiter));
644
+
}
645
+
646
+
let mut instances: Vec<ServerInstance> = Vec::with_capacity(node_count);
647
+
for (cache, rate_limiter) in ripple_nodes {
648
+
let server_config = ServerConfig {
649
+
pool: pool.clone(),
650
+
cache: Some((cache, rate_limiter)),
651
+
};
652
+
let instance = spawn_server(server_config).await;
653
+
instances.push(instance);
654
+
}
655
+
656
+
let first = &instances[0];
657
+
APP_PORT.set(first.port).ok();
658
+
659
+
tokio::time::sleep(Duration::from_millis(2000)).await;
660
+
661
+
instances
662
+
}
663
+
664
+
#[allow(dead_code)]
665
+
pub async fn cluster() -> &'static [ServerInstance] {
666
+
CLUSTER.get_or_init(|| {
667
+
let (tx, rx) = std::sync::mpsc::channel();
668
+
std::thread::spawn(move || {
669
+
unsafe {
670
+
std::env::set_var("TRANQUIL_PDS_ALLOW_INSECURE_SECRETS", "1");
671
+
}
672
+
if std::env::var("DOCKER_HOST").is_err()
673
+
&& let Ok(runtime_dir) = std::env::var("XDG_RUNTIME_DIR")
674
+
{
675
+
let podman_sock = std::path::Path::new(&runtime_dir).join("podman/podman.sock");
676
+
if podman_sock.exists() {
677
+
unsafe {
678
+
std::env::set_var(
679
+
"DOCKER_HOST",
680
+
format!("unix://{}", podman_sock.display()),
681
+
);
682
+
}
683
+
}
684
+
}
685
+
let rt = tokio::runtime::Runtime::new().unwrap();
686
+
rt.block_on(async move {
687
+
unsafe {
688
+
std::env::remove_var("DISABLE_RATE_LIMITING");
689
+
}
690
+
let database_url = if has_external_infra() {
691
+
setup_cluster_external_infra().await
692
+
} else {
693
+
setup_cluster_testcontainers().await
694
+
};
695
+
let nodes = spawn_cluster(database_url, 3).await;
696
+
tx.send(nodes).unwrap();
697
+
std::future::pending::<()>().await;
698
+
});
699
+
});
700
+
rx.recv().expect("Failed to start test cluster")
701
+
})
702
+
}
703
+
704
+
async fn setup_cluster_external_infra() -> String {
705
+
let database_url =
706
+
std::env::var("DATABASE_URL").expect("DATABASE_URL must be set when using external infra");
707
+
let plc_url = setup_mock_plc_directory().await;
708
+
unsafe {
709
+
configure_external_storage_env();
710
+
std::env::set_var("PLC_DIRECTORY_URL", &plc_url);
711
+
}
712
+
register_mock_appview().await;
713
+
database_url
714
+
}
715
+
716
+
#[cfg(not(feature = "external-infra"))]
717
+
async fn setup_cluster_testcontainers() -> String {
718
+
let temp_dir = std::env::temp_dir().join(format!("tranquil-pds-cluster-{}", uuid::Uuid::new_v4()));
719
+
let blob_path = temp_dir.join("blobs");
720
+
let backup_path = temp_dir.join("backups");
721
+
std::fs::create_dir_all(&blob_path).expect("Failed to create blob temp directory");
722
+
std::fs::create_dir_all(&backup_path).expect("Failed to create backup temp directory");
723
+
TEST_TEMP_DIR.set(temp_dir).ok();
724
+
let plc_url = setup_mock_plc_directory().await;
725
+
unsafe {
726
+
std::env::set_var("BLOB_STORAGE_BACKEND", "filesystem");
727
+
std::env::set_var("BLOB_STORAGE_PATH", blob_path.to_str().unwrap());
728
+
std::env::set_var("BACKUP_STORAGE_BACKEND", "filesystem");
729
+
std::env::set_var("BACKUP_STORAGE_PATH", backup_path.to_str().unwrap());
730
+
std::env::set_var("MAX_IMPORT_SIZE", "100000000");
731
+
std::env::set_var("SKIP_IMPORT_VERIFICATION", "true");
732
+
std::env::set_var("PLC_DIRECTORY_URL", &plc_url);
733
+
}
734
+
register_mock_appview().await;
735
+
let container = Postgres::default()
736
+
.with_tag("18-alpine")
737
+
.with_label("tranquil_pds_test", "true")
738
+
.start()
739
+
.await
740
+
.expect("Failed to start Postgres for cluster");
741
+
let connection_string = format!(
742
+
"postgres://postgres:postgres@127.0.0.1:{}",
743
+
container
744
+
.get_host_port_ipv4(5432)
745
+
.await
746
+
.expect("Failed to get port")
747
+
);
748
+
DB_CONTAINER.set(container).ok();
749
+
connection_string
750
+
}
751
+
752
+
#[cfg(feature = "external-infra")]
753
+
async fn setup_cluster_testcontainers() -> String {
754
+
panic!(
755
+
"Testcontainers disabled with external-infra feature. Set DATABASE_URL and BLOB_STORAGE_PATH (or S3_ENDPOINT)."
756
+
);
757
}
758
759
#[allow(dead_code)]
+6
-1
crates/tranquil-pds/tests/firehose_validation.rs
+6
-1
crates/tranquil-pds/tests/firehose_validation.rs
···
800
801
tokio::time::sleep(std::time::Duration::from_millis(100)).await;
802
803
+
let pool = get_test_db_pool().await;
804
+
let max_seq: i64 = sqlx::query_scalar::<_, i64>("SELECT COALESCE(MAX(seq), 0) FROM repo_seq")
805
+
.fetch_one(pool)
806
+
.await
807
+
.unwrap();
808
+
let outdated_cursor = (max_seq - 100).max(1);
809
let url = format!(
810
"ws://127.0.0.1:{}/xrpc/com.atproto.sync.subscribeRepos?cursor={}",
811
app_port(),
+4
-2
crates/tranquil-pds/tests/repo_blob.rs
+4
-2
crates/tranquil-pds/tests/repo_blob.rs
···
25
async fn test_upload_blob_success() {
26
let client = client();
27
let (token, _) = create_account_and_login(&client).await;
28
let res = client
29
.post(format!(
30
"{}/xrpc/com.atproto.repo.uploadBlob",
···
32
))
33
.header(header::CONTENT_TYPE, "text/plain")
34
.bearer_auth(token)
35
-
.body("This is our blob data")
36
.send()
37
.await
38
.expect("Failed to send request");
39
-
assert_eq!(res.status(), StatusCode::OK);
40
let body: Value = res.json().await.expect("Response was not valid JSON");
41
assert!(body["blob"]["ref"]["$link"].as_str().is_some());
42
}
43
···
25
async fn test_upload_blob_success() {
26
let client = client();
27
let (token, _) = create_account_and_login(&client).await;
28
+
let blob_data = format!("blob-{}", uuid::Uuid::new_v4());
29
let res = client
30
.post(format!(
31
"{}/xrpc/com.atproto.repo.uploadBlob",
···
33
))
34
.header(header::CONTENT_TYPE, "text/plain")
35
.bearer_auth(token)
36
+
.body(blob_data)
37
.send()
38
.await
39
.expect("Failed to send request");
40
+
let status = res.status();
41
let body: Value = res.json().await.expect("Response was not valid JSON");
42
+
assert_eq!(status, StatusCode::OK, "uploadBlob failed: {body}");
43
assert!(body["blob"]["ref"]["$link"].as_str().is_some());
44
}
45
+1001
crates/tranquil-pds/tests/ripple_cluster.rs
+1001
crates/tranquil-pds/tests/ripple_cluster.rs
···
···
1
+
mod common;
2
+
3
+
use reqwest::StatusCode;
4
+
use serde_json::json;
5
+
use std::sync::Arc;
6
+
use std::time::Duration;
7
+
use tranquil_pds::cache::{Cache, DistributedRateLimiter};
8
+
9
+
async fn poll_until<F, Fut>(max_ms: u64, interval_ms: u64, check_fn: F)
10
+
where
11
+
F: Fn() -> Fut,
12
+
Fut: std::future::Future<Output = bool>,
13
+
{
14
+
let deadline = tokio::time::Instant::now() + Duration::from_millis(max_ms);
15
+
let interval = Duration::from_millis(interval_ms);
16
+
17
+
loop {
18
+
if check_fn().await {
19
+
return;
20
+
}
21
+
if tokio::time::Instant::now() + interval > deadline {
22
+
panic!("poll_until timed out after {max_ms}ms");
23
+
}
24
+
tokio::time::sleep(interval).await;
25
+
}
26
+
}
27
+
28
+
fn cache_for(nodes: &[common::ServerInstance], idx: usize) -> Arc<dyn Cache> {
29
+
nodes[idx]
30
+
.cache
31
+
.clone()
32
+
.unwrap_or_else(|| panic!("node {idx} should have a cache"))
33
+
}
34
+
35
+
fn rl_for(nodes: &[common::ServerInstance], idx: usize) -> Arc<dyn DistributedRateLimiter> {
36
+
nodes[idx]
37
+
.distributed_rate_limiter
38
+
.clone()
39
+
.unwrap_or_else(|| panic!("node {idx} should have a rate limiter"))
40
+
}
41
+
42
+
#[tokio::test]
43
+
async fn cluster_formation() {
44
+
let nodes = common::cluster().await;
45
+
assert!(nodes.len() >= 3, "expected at least 3 cluster nodes");
46
+
47
+
let client = common::client();
48
+
let results: Vec<_> = futures::future::join_all(
49
+
nodes.iter().map(|node| {
50
+
let client = client.clone();
51
+
let url = node.url.clone();
52
+
async move {
53
+
client
54
+
.get(format!("{url}/xrpc/com.atproto.server.describeServer"))
55
+
.send()
56
+
.await
57
+
}
58
+
})
59
+
).await;
60
+
61
+
results.iter().enumerate().for_each(|(i, result)| {
62
+
let resp = result.as_ref().unwrap_or_else(|e| panic!("node {i} unreachable: {e}"));
63
+
assert_eq!(
64
+
resp.status(),
65
+
StatusCode::OK,
66
+
"node {i} returned non-200 status"
67
+
);
68
+
});
69
+
}
70
+
71
+
#[tokio::test]
72
+
async fn cluster_any_node_access() {
73
+
let nodes = common::cluster().await;
74
+
let client = common::client();
75
+
76
+
let handle = format!("u{}", &uuid::Uuid::new_v4().simple().to_string()[..12]);
77
+
let payload = serde_json::json!({
78
+
"handle": handle,
79
+
"email": format!("{handle}@example.com"),
80
+
"password": "Testpass123!"
81
+
});
82
+
let create_res = client
83
+
.post(format!(
84
+
"{}/xrpc/com.atproto.server.createAccount",
85
+
nodes[0].url
86
+
))
87
+
.json(&payload)
88
+
.send()
89
+
.await
90
+
.expect("createAccount on node 0 failed");
91
+
assert_eq!(create_res.status(), StatusCode::OK);
92
+
let body: serde_json::Value = create_res.json().await.expect("invalid json");
93
+
let did = body["did"].as_str().expect("no did").to_string();
94
+
let access_jwt = body["accessJwt"].as_str().expect("no accessJwt").to_string();
95
+
96
+
let pool = common::get_test_db_pool().await;
97
+
let body_text: String = sqlx::query_scalar!(
98
+
"SELECT body FROM comms_queue WHERE user_id = (SELECT id FROM users WHERE did = $1) AND comms_type = 'email_verification' ORDER BY created_at DESC LIMIT 1",
99
+
&did
100
+
)
101
+
.fetch_one(pool)
102
+
.await
103
+
.expect("verification code not found");
104
+
105
+
let lines: Vec<&str> = body_text.lines().collect();
106
+
let verification_code = lines
107
+
.iter()
108
+
.enumerate()
109
+
.find(|(_, line)| line.contains("verification code is:") || line.contains("code is:"))
110
+
.and_then(|(i, _)| lines.get(i + 1).map(|s| s.trim().to_string()))
111
+
.or_else(|| {
112
+
body_text
113
+
.lines()
114
+
.find(|line| line.trim().starts_with("MX"))
115
+
.map(|s| s.trim().to_string())
116
+
})
117
+
.unwrap_or_else(|| body_text.clone());
118
+
119
+
let confirm_payload = serde_json::json!({
120
+
"did": did,
121
+
"verificationCode": verification_code
122
+
});
123
+
let confirm_res = client
124
+
.post(format!(
125
+
"{}/xrpc/com.atproto.server.confirmSignup",
126
+
nodes[0].url
127
+
))
128
+
.json(&confirm_payload)
129
+
.send()
130
+
.await
131
+
.expect("confirmSignup failed");
132
+
133
+
let token = match confirm_res.status() {
134
+
StatusCode::OK => {
135
+
let confirm_body: serde_json::Value =
136
+
confirm_res.json().await.expect("invalid json from confirmSignup");
137
+
confirm_body["accessJwt"]
138
+
.as_str()
139
+
.unwrap_or(&access_jwt)
140
+
.to_string()
141
+
}
142
+
_ => access_jwt,
143
+
};
144
+
145
+
let describe_res = client
146
+
.get(format!(
147
+
"{}/xrpc/com.atproto.server.getSession",
148
+
nodes[1].url
149
+
))
150
+
.bearer_auth(&token)
151
+
.send()
152
+
.await
153
+
.expect("getSession on node 1 failed");
154
+
assert_eq!(
155
+
describe_res.status(),
156
+
StatusCode::OK,
157
+
"session created on node 0 should be valid on node 1 (shared postgres)"
158
+
);
159
+
let session: serde_json::Value = describe_res.json().await.expect("invalid json");
160
+
assert_eq!(session["did"].as_str().unwrap(), did);
161
+
}
162
+
163
+
#[tokio::test]
164
+
async fn cache_convergence() {
165
+
let nodes = common::cluster().await;
166
+
167
+
let cache_a = nodes[0]
168
+
.cache
169
+
.as_ref()
170
+
.expect("node 0 should have a cache");
171
+
let cache_b = nodes[1]
172
+
.cache
173
+
.as_ref()
174
+
.expect("node 1 should have a cache");
175
+
176
+
let test_key = format!("ripple-test-{}", uuid::Uuid::new_v4());
177
+
let test_value = "converged-value";
178
+
179
+
cache_a
180
+
.set(&test_key, test_value, Duration::from_secs(300))
181
+
.await
182
+
.expect("cache set on node A failed");
183
+
184
+
let found_on_a = cache_a.get(&test_key).await;
185
+
assert_eq!(
186
+
found_on_a.as_deref(),
187
+
Some(test_value),
188
+
"value should be immediately readable on the originating node"
189
+
);
190
+
191
+
let mut converged = false;
192
+
let mut attempts = 0;
193
+
let max_attempts = 50;
194
+
while attempts < max_attempts {
195
+
tokio::time::sleep(Duration::from_millis(200)).await;
196
+
if let Some(val) = cache_b.get(&test_key).await {
197
+
assert_eq!(val, test_value, "converged value should match");
198
+
converged = true;
199
+
break;
200
+
}
201
+
attempts += 1;
202
+
}
203
+
204
+
assert!(
205
+
converged,
206
+
"cache value did not converge to node B within {}ms",
207
+
max_attempts * 200
208
+
);
209
+
}
210
+
211
+
#[tokio::test]
212
+
async fn rate_limit_convergence() {
213
+
let nodes = common::cluster().await;
214
+
215
+
let rl_a = nodes[0]
216
+
.distributed_rate_limiter
217
+
.as_ref()
218
+
.expect("node 0 should have a rate limiter");
219
+
let rl_b = nodes[1]
220
+
.distributed_rate_limiter
221
+
.as_ref()
222
+
.expect("node 1 should have a rate limiter");
223
+
224
+
let test_key = format!("rl-test-{}", uuid::Uuid::new_v4());
225
+
let limit: u32 = 100;
226
+
let window_ms: u64 = 600_000;
227
+
let hits_on_a: u32 = 80;
228
+
229
+
let mut count = 0u32;
230
+
while count < hits_on_a {
231
+
let allowed = rl_a.check_rate_limit(&test_key, limit, window_ms).await;
232
+
assert!(
233
+
allowed,
234
+
"request {count} should be allowed (limit is {limit})"
235
+
);
236
+
count += 1;
237
+
}
238
+
239
+
let rl_b2 = rl_b.clone();
240
+
let k = test_key.clone();
241
+
poll_until(15_000, 200, move || {
242
+
let rl = rl_b2.clone();
243
+
let k = k.clone();
244
+
async move { rl.peek_rate_limit_count(&k, window_ms).await >= hits_on_a as u64 }
245
+
})
246
+
.await;
247
+
248
+
let mut allowed_on_b = 0u32;
249
+
while allowed_on_b < limit {
250
+
if !rl_b.check_rate_limit(&test_key, limit, window_ms).await {
251
+
break;
252
+
}
253
+
allowed_on_b += 1;
254
+
}
255
+
256
+
assert!(
257
+
allowed_on_b < limit,
258
+
"node B should have been rate limited after convergence, but {allowed_on_b} requests were allowed (limit={limit})"
259
+
);
260
+
assert!(
261
+
allowed_on_b <= limit - hits_on_a + 10,
262
+
"node B allowed {allowed_on_b} requests but expected at most {} (convergence margin)",
263
+
limit - hits_on_a + 10
264
+
);
265
+
}
266
+
267
+
#[tokio::test]
268
+
async fn delete_convergence() {
269
+
let nodes = common::cluster().await;
270
+
let cache_0 = cache_for(nodes, 0);
271
+
let cache_1 = cache_for(nodes, 1);
272
+
273
+
let key = format!("del-cluster-{}", uuid::Uuid::new_v4());
274
+
275
+
cache_0
276
+
.set(&key, "to-delete", Duration::from_secs(300))
277
+
.await
278
+
.expect("set on node 0 failed");
279
+
280
+
let c1 = cache_1.clone();
281
+
let k = key.clone();
282
+
poll_until(10_000, 200, move || {
283
+
let c = c1.clone();
284
+
let k = k.clone();
285
+
async move { c.get(&k).await.is_some() }
286
+
})
287
+
.await;
288
+
289
+
cache_0.delete(&key).await.expect("delete on node 0 failed");
290
+
291
+
let c1 = cache_1.clone();
292
+
let k = key.clone();
293
+
poll_until(10_000, 200, move || {
294
+
let c = c1.clone();
295
+
let k = k.clone();
296
+
async move { c.get(&k).await.is_none() }
297
+
})
298
+
.await;
299
+
}
300
+
301
+
#[tokio::test]
302
+
async fn three_node_transitive_convergence() {
303
+
let nodes = common::cluster().await;
304
+
let cache_0 = cache_for(nodes, 0);
305
+
let cache_2 = cache_for(nodes, 2);
306
+
307
+
let key = format!("trans-{}", uuid::Uuid::new_v4());
308
+
309
+
cache_0
310
+
.set(&key, "reaches-all", Duration::from_secs(300))
311
+
.await
312
+
.expect("set on node 0 failed");
313
+
314
+
let c2 = cache_2.clone();
315
+
let k = key.clone();
316
+
poll_until(15_000, 200, move || {
317
+
let c = c2.clone();
318
+
let k = k.clone();
319
+
async move { c.get(&k).await.as_deref() == Some("reaches-all") }
320
+
})
321
+
.await;
322
+
}
323
+
324
+
#[tokio::test]
325
+
async fn cluster_overwrite_conflict_resolution() {
326
+
let nodes = common::cluster().await;
327
+
let cache_0 = cache_for(nodes, 0);
328
+
let cache_1 = cache_for(nodes, 1);
329
+
let cache_2 = cache_for(nodes, 2);
330
+
331
+
let key = format!("conflict-{}", uuid::Uuid::new_v4());
332
+
333
+
cache_0
334
+
.set(&key, "from-node-0", Duration::from_secs(300))
335
+
.await
336
+
.expect("set on node 0 failed");
337
+
338
+
cache_1
339
+
.set(&key, "from-node-1", Duration::from_secs(300))
340
+
.await
341
+
.expect("set on node 1 failed");
342
+
343
+
let c0 = cache_0.clone();
344
+
let c1 = cache_1.clone();
345
+
let c2 = cache_2.clone();
346
+
let k = key.clone();
347
+
poll_until(15_000, 200, move || {
348
+
let c0 = c0.clone();
349
+
let c1 = c1.clone();
350
+
let c2 = c2.clone();
351
+
let k = k.clone();
352
+
async move {
353
+
let (v0, v1, v2) = tokio::join!(c0.get(&k), c1.get(&k), c2.get(&k));
354
+
matches!((v0, v1, v2), (Some(a), Some(b), Some(c)) if a == b && b == c)
355
+
}
356
+
})
357
+
.await;
358
+
359
+
let v0 = cache_0.get(&key).await.expect("node 0 should have key");
360
+
let v1 = cache_1.get(&key).await.expect("node 1 should have key");
361
+
let v2 = cache_2.get(&key).await.expect("node 2 should have key");
362
+
363
+
assert_eq!(v0, v1, "node 0 and 1 must agree");
364
+
assert_eq!(v1, v2, "node 1 and 2 must agree");
365
+
}
366
+
367
+
#[tokio::test]
368
+
async fn cluster_bulk_key_convergence() {
369
+
let nodes = common::cluster().await;
370
+
let cache_0 = cache_for(nodes, 0);
371
+
let cache_1 = cache_for(nodes, 1);
372
+
let cache_2 = cache_for(nodes, 2);
373
+
374
+
let prefix = format!("bulk-{}", uuid::Uuid::new_v4());
375
+
376
+
futures::future::join_all((0..500).map(|i| {
377
+
let cache = cache_0.clone();
378
+
let p = prefix.clone();
379
+
async move {
380
+
cache
381
+
.set(
382
+
&format!("{p}-{i}"),
383
+
&format!("v-{i}"),
384
+
Duration::from_secs(300),
385
+
)
386
+
.await
387
+
.expect("set failed");
388
+
}
389
+
}))
390
+
.await;
391
+
392
+
let c1 = cache_1.clone();
393
+
let p = prefix.clone();
394
+
poll_until(60_000, 500, move || {
395
+
let c = c1.clone();
396
+
let p = p.clone();
397
+
async move {
398
+
futures::future::join_all((0..500).map(|i| {
399
+
let c = c.clone();
400
+
let p = p.clone();
401
+
async move { c.get(&format!("{p}-{i}")).await.is_some() }
402
+
}))
403
+
.await
404
+
.into_iter()
405
+
.all(|v| v)
406
+
}
407
+
})
408
+
.await;
409
+
410
+
let spot_checks: Vec<Option<String>> = futures::future::join_all(
411
+
[0, 99, 250, 499].iter().map(|&i| {
412
+
let c = cache_2.clone();
413
+
let p = prefix.clone();
414
+
async move { c.get(&format!("{p}-{i}")).await }
415
+
}),
416
+
)
417
+
.await;
418
+
419
+
spot_checks.iter().enumerate().for_each(|(idx, val)| {
420
+
assert!(
421
+
val.is_some(),
422
+
"node 2 missing spot-check key at index {idx}"
423
+
);
424
+
});
425
+
}
426
+
427
+
#[tokio::test]
428
+
async fn cluster_concurrent_multi_node_writes() {
429
+
let nodes = common::cluster().await;
430
+
let cache_0 = cache_for(nodes, 0);
431
+
let cache_1 = cache_for(nodes, 1);
432
+
let cache_2 = cache_for(nodes, 2);
433
+
434
+
let prefix = format!("multi-{}", uuid::Uuid::new_v4());
435
+
436
+
let write_0 = {
437
+
let cache = cache_0.clone();
438
+
let p = prefix.clone();
439
+
async move {
440
+
futures::future::join_all((0..100).map(|i| {
441
+
let cache = cache.clone();
442
+
let p = p.clone();
443
+
async move {
444
+
cache
445
+
.set(
446
+
&format!("{p}-0-{i}"),
447
+
&format!("n0-{i}"),
448
+
Duration::from_secs(300),
449
+
)
450
+
.await
451
+
.expect("set failed");
452
+
}
453
+
}))
454
+
.await;
455
+
}
456
+
};
457
+
458
+
let write_1 = {
459
+
let cache = cache_1.clone();
460
+
let p = prefix.clone();
461
+
async move {
462
+
futures::future::join_all((0..100).map(|i| {
463
+
let cache = cache.clone();
464
+
let p = p.clone();
465
+
async move {
466
+
cache
467
+
.set(
468
+
&format!("{p}-1-{i}"),
469
+
&format!("n1-{i}"),
470
+
Duration::from_secs(300),
471
+
)
472
+
.await
473
+
.expect("set failed");
474
+
}
475
+
}))
476
+
.await;
477
+
}
478
+
};
479
+
480
+
let write_2 = {
481
+
let cache = cache_2.clone();
482
+
let p = prefix.clone();
483
+
async move {
484
+
futures::future::join_all((0..100).map(|i| {
485
+
let cache = cache.clone();
486
+
let p = p.clone();
487
+
async move {
488
+
cache
489
+
.set(
490
+
&format!("{p}-2-{i}"),
491
+
&format!("n2-{i}"),
492
+
Duration::from_secs(300),
493
+
)
494
+
.await
495
+
.expect("set failed");
496
+
}
497
+
}))
498
+
.await;
499
+
}
500
+
};
501
+
502
+
tokio::join!(write_0, write_1, write_2);
503
+
504
+
let caches: Vec<Arc<dyn Cache>> = vec![cache_0.clone(), cache_1.clone(), cache_2.clone()];
505
+
506
+
futures::future::join_all(caches.iter().enumerate().map(|(ci, cache)| {
507
+
let cache = cache.clone();
508
+
let p = prefix.clone();
509
+
async move {
510
+
let c = cache.clone();
511
+
let p2 = p.clone();
512
+
poll_until(60_000, 500, move || {
513
+
let c = c.clone();
514
+
let p = p2.clone();
515
+
async move {
516
+
let checks = futures::future::join_all((0..3u8).flat_map(|node| {
517
+
let c = c.clone();
518
+
let p = p.clone();
519
+
(0..100).map(move |i| {
520
+
let c = c.clone();
521
+
let p = p.clone();
522
+
async move { c.get(&format!("{p}-{node}-{i}")).await.is_some() }
523
+
})
524
+
}))
525
+
.await;
526
+
checks.into_iter().all(|v| v)
527
+
}
528
+
})
529
+
.await;
530
+
eprintln!("node {ci} has all 300 keys");
531
+
}
532
+
}))
533
+
.await;
534
+
}
535
+
536
+
#[tokio::test]
537
+
async fn cluster_rate_limit_multi_node_convergence() {
538
+
let nodes = common::cluster().await;
539
+
let rl_0 = rl_for(nodes, 0);
540
+
let rl_1 = rl_for(nodes, 1);
541
+
let rl_2 = rl_for(nodes, 2);
542
+
543
+
let key = format!("rl-multi-{}", uuid::Uuid::new_v4());
544
+
let limit: u32 = 300;
545
+
let window_ms: u64 = 600_000;
546
+
547
+
futures::future::join_all((0..50).map(|_| {
548
+
let rl = rl_0.clone();
549
+
let k = key.clone();
550
+
async move {
551
+
assert!(rl.check_rate_limit(&k, limit, window_ms).await);
552
+
}
553
+
}))
554
+
.await;
555
+
556
+
futures::future::join_all((0..40).map(|_| {
557
+
let rl = rl_1.clone();
558
+
let k = key.clone();
559
+
async move {
560
+
assert!(rl.check_rate_limit(&k, limit, window_ms).await);
561
+
}
562
+
}))
563
+
.await;
564
+
565
+
futures::future::join_all((0..30).map(|_| {
566
+
let rl = rl_2.clone();
567
+
let k = key.clone();
568
+
async move {
569
+
assert!(rl.check_rate_limit(&k, limit, window_ms).await);
570
+
}
571
+
}))
572
+
.await;
573
+
574
+
let rl_peek = rl_0.clone();
575
+
let k = key.clone();
576
+
poll_until(15_000, 200, move || {
577
+
let rl = rl_peek.clone();
578
+
let k = k.clone();
579
+
async move { rl.peek_rate_limit_count(&k, window_ms).await >= 120 }
580
+
})
581
+
.await;
582
+
583
+
let mut remaining = 0u32;
584
+
loop {
585
+
if !rl_0.check_rate_limit(&key, limit, window_ms).await {
586
+
break;
587
+
}
588
+
remaining += 1;
589
+
if remaining > limit {
590
+
panic!("rate limiter never denied - convergence failed");
591
+
}
592
+
}
593
+
594
+
let expected_remaining = limit - 120;
595
+
let margin = 20;
596
+
assert!(
597
+
remaining.abs_diff(expected_remaining) <= margin,
598
+
"expected ~{expected_remaining} remaining hits, got {remaining} (margin={margin})"
599
+
);
600
+
}
601
+
602
+
fn create_account_on_node<'a>(
603
+
client: &'a reqwest::Client,
604
+
node_url: &'a str,
605
+
) -> std::pin::Pin<Box<dyn std::future::Future<Output = (String, String)> + Send + 'a>> {
606
+
let url = node_url.to_string();
607
+
Box::pin(async move {
608
+
let handle = format!("u{}", &uuid::Uuid::new_v4().simple().to_string()[..12]);
609
+
let payload = json!({
610
+
"handle": handle,
611
+
"email": format!("{handle}@example.com"),
612
+
"password": "Testpass123!"
613
+
});
614
+
let create_res = client
615
+
.post(format!("{url}/xrpc/com.atproto.server.createAccount"))
616
+
.json(&payload)
617
+
.send()
618
+
.await
619
+
.expect("createAccount failed");
620
+
assert_eq!(create_res.status(), StatusCode::OK, "createAccount non-200");
621
+
let body: serde_json::Value = create_res.json().await.expect("invalid json");
622
+
let did = body["did"].as_str().expect("no did").to_string();
623
+
let access_jwt = body["accessJwt"].as_str().expect("no accessJwt").to_string();
624
+
625
+
let pool = common::get_test_db_pool().await;
626
+
let body_text: String = sqlx::query_scalar!(
627
+
"SELECT body FROM comms_queue WHERE user_id = (SELECT id FROM users WHERE did = $1) AND comms_type = 'email_verification' ORDER BY created_at DESC LIMIT 1",
628
+
&did
629
+
)
630
+
.fetch_one(pool)
631
+
.await
632
+
.expect("verification code not found");
633
+
634
+
let lines: Vec<&str> = body_text.lines().collect();
635
+
let verification_code = lines
636
+
.iter()
637
+
.enumerate()
638
+
.find(|(_, line)| line.contains("verification code is:") || line.contains("code is:"))
639
+
.and_then(|(i, _)| lines.get(i + 1).map(|s| s.trim().to_string()))
640
+
.or_else(|| {
641
+
body_text
642
+
.lines()
643
+
.find(|line| line.trim().starts_with("MX"))
644
+
.map(|s| s.trim().to_string())
645
+
})
646
+
.unwrap_or_else(|| body_text.clone());
647
+
648
+
let confirm_res = client
649
+
.post(format!("{url}/xrpc/com.atproto.server.confirmSignup"))
650
+
.json(&json!({ "did": did, "verificationCode": verification_code }))
651
+
.send()
652
+
.await
653
+
.expect("confirmSignup failed");
654
+
655
+
let token = match confirm_res.status() {
656
+
StatusCode::OK => {
657
+
let confirm_body: serde_json::Value =
658
+
confirm_res.json().await.expect("invalid json from confirmSignup");
659
+
confirm_body["accessJwt"]
660
+
.as_str()
661
+
.unwrap_or(&access_jwt)
662
+
.to_string()
663
+
}
664
+
_ => access_jwt,
665
+
};
666
+
667
+
(token, did)
668
+
})
669
+
}
670
+
671
+
#[tokio::test]
672
+
async fn cross_node_rate_limit_via_login() {
673
+
let nodes = common::cluster().await;
674
+
let client = common::client();
675
+
676
+
let uuid_bytes = uuid::Uuid::new_v4();
677
+
let b = uuid_bytes.as_bytes();
678
+
let unique_ip = format!("10.{}.{}.{}", b[0], b[1], b[2]);
679
+
680
+
let statuses: Vec<StatusCode> = futures::future::join_all((0..10).map(|_| {
681
+
let client = client.clone();
682
+
let url = nodes[0].url.clone();
683
+
let ip = unique_ip.clone();
684
+
async move {
685
+
client
686
+
.post(format!("{url}/xrpc/com.atproto.server.createSession"))
687
+
.header("X-Forwarded-For", &ip)
688
+
.json(&json!({
689
+
"identifier": "nonexistent@example.com",
690
+
"password": "wrongpass"
691
+
}))
692
+
.send()
693
+
.await
694
+
.expect("request failed")
695
+
.status()
696
+
}
697
+
}))
698
+
.await;
699
+
700
+
statuses.iter().enumerate().for_each(|(i, status)| {
701
+
assert_ne!(
702
+
*status,
703
+
StatusCode::TOO_MANY_REQUESTS,
704
+
"request {i} should not be rate limited within first 10 attempts"
705
+
);
706
+
});
707
+
708
+
let rl_1 = rl_for(nodes, 1);
709
+
let rl_key = format!("login:{unique_ip}");
710
+
let rl_1c = rl_1.clone();
711
+
let k = rl_key.clone();
712
+
poll_until(30_000, 200, move || {
713
+
let rl = rl_1c.clone();
714
+
let k = k.clone();
715
+
async move { rl.peek_rate_limit_count(&k, 60_000).await >= 10 }
716
+
})
717
+
.await;
718
+
719
+
let cross_node_res = client
720
+
.post(format!(
721
+
"{}/xrpc/com.atproto.server.createSession",
722
+
nodes[1].url
723
+
))
724
+
.header("X-Forwarded-For", &unique_ip)
725
+
.json(&json!({
726
+
"identifier": "nonexistent@example.com",
727
+
"password": "wrongpass"
728
+
}))
729
+
.send()
730
+
.await
731
+
.expect("cross-node request failed");
732
+
733
+
assert_eq!(
734
+
cross_node_res.status(),
735
+
StatusCode::TOO_MANY_REQUESTS,
736
+
"node 1 should rate limit after cross-node convergence of login attempts"
737
+
);
738
+
}
739
+
740
+
#[tokio::test]
741
+
async fn cross_node_handle_resolution_from_cache() {
742
+
let nodes = common::cluster().await;
743
+
let client = common::client();
744
+
let cache_0 = cache_for(nodes, 0);
745
+
746
+
let fake_handle = format!("cached-{}.test", uuid::Uuid::new_v4().simple());
747
+
let fake_did = format!("did:plc:cached{}", &uuid::Uuid::new_v4().simple().to_string()[..16]);
748
+
749
+
cache_0
750
+
.set(
751
+
&format!("handle:{fake_handle}"),
752
+
&fake_did,
753
+
Duration::from_secs(300),
754
+
)
755
+
.await
756
+
.expect("cache set failed");
757
+
758
+
let cache_1 = cache_for(nodes, 1);
759
+
let c1 = cache_1.clone();
760
+
let k = format!("handle:{fake_handle}");
761
+
poll_until(10_000, 200, move || {
762
+
let c = c1.clone();
763
+
let k = k.clone();
764
+
async move { c.get(&k).await.is_some() }
765
+
})
766
+
.await;
767
+
768
+
let res = client
769
+
.get(format!(
770
+
"{}/xrpc/com.atproto.identity.resolveHandle?handle={}",
771
+
nodes[1].url, fake_handle
772
+
))
773
+
.send()
774
+
.await
775
+
.expect("resolveHandle request failed");
776
+
777
+
assert_eq!(
778
+
res.status(),
779
+
StatusCode::OK,
780
+
"resolveHandle should succeed from propagated cache"
781
+
);
782
+
let body: serde_json::Value = res.json().await.expect("invalid json");
783
+
assert_eq!(
784
+
body["did"].as_str().unwrap(),
785
+
fake_did,
786
+
"resolved DID should match the cache-propagated value"
787
+
);
788
+
}
789
+
790
+
#[tokio::test]
791
+
async fn cross_node_cache_delete_observable_via_http() {
792
+
let nodes = common::cluster().await;
793
+
let client = common::client();
794
+
let cache_0 = cache_for(nodes, 0);
795
+
let cache_1 = cache_for(nodes, 1);
796
+
797
+
let fake_handle = format!("deltest-{}.test", uuid::Uuid::new_v4().simple());
798
+
let fake_did = format!("did:plc:del{}", &uuid::Uuid::new_v4().simple().to_string()[..16]);
799
+
let cache_key = format!("handle:{fake_handle}");
800
+
801
+
cache_0
802
+
.set(&cache_key, &fake_did, Duration::from_secs(300))
803
+
.await
804
+
.expect("cache set failed");
805
+
806
+
let c1 = cache_1.clone();
807
+
let k = cache_key.clone();
808
+
poll_until(10_000, 200, move || {
809
+
let c = c1.clone();
810
+
let k = k.clone();
811
+
async move { c.get(&k).await.is_some() }
812
+
})
813
+
.await;
814
+
815
+
let res = client
816
+
.get(format!(
817
+
"{}/xrpc/com.atproto.identity.resolveHandle?handle={}",
818
+
nodes[1].url, fake_handle
819
+
))
820
+
.send()
821
+
.await
822
+
.expect("resolveHandle request failed");
823
+
assert_eq!(res.status(), StatusCode::OK, "should resolve before delete");
824
+
825
+
cache_0
826
+
.delete(&cache_key)
827
+
.await
828
+
.expect("cache delete failed");
829
+
830
+
let c1 = cache_1.clone();
831
+
let k = cache_key.clone();
832
+
poll_until(10_000, 200, move || {
833
+
let c = c1.clone();
834
+
let k = k.clone();
835
+
async move { c.get(&k).await.is_none() }
836
+
})
837
+
.await;
838
+
839
+
let res = client
840
+
.get(format!(
841
+
"{}/xrpc/com.atproto.identity.resolveHandle?handle={}",
842
+
nodes[1].url, fake_handle
843
+
))
844
+
.send()
845
+
.await
846
+
.expect("resolveHandle request failed after delete");
847
+
assert_ne!(
848
+
res.status(),
849
+
StatusCode::OK,
850
+
"resolveHandle should fail after cache delete propagation (handle not in DB)"
851
+
);
852
+
}
853
+
854
+
#[tokio::test]
855
+
async fn cross_node_email_update_status() {
856
+
let nodes = common::cluster().await;
857
+
let client = common::client();
858
+
let cache_0 = cache_for(nodes, 0);
859
+
let cache_1 = cache_for(nodes, 1);
860
+
861
+
let (token, did) = create_account_on_node(&client, &nodes[0].url).await;
862
+
863
+
let new_email = format!("updated-{}@example.com", uuid::Uuid::new_v4().simple());
864
+
let update_res = client
865
+
.post(format!(
866
+
"{}/xrpc/com.atproto.server.requestEmailUpdate",
867
+
nodes[0].url
868
+
))
869
+
.bearer_auth(&token)
870
+
.json(&json!({ "newEmail": new_email }))
871
+
.send()
872
+
.await
873
+
.expect("requestEmailUpdate failed");
874
+
assert_eq!(
875
+
update_res.status(),
876
+
StatusCode::OK,
877
+
"requestEmailUpdate should succeed"
878
+
);
879
+
let update_body: serde_json::Value = update_res.json().await.expect("invalid json");
880
+
assert_eq!(
881
+
update_body["tokenRequired"].as_bool(),
882
+
Some(true),
883
+
"tokenRequired should be true (email is verified after confirmSignup)"
884
+
);
885
+
886
+
let cache_key = format!("email_update:{did}");
887
+
let val_on_0 = cache_0.get(&cache_key).await;
888
+
assert!(
889
+
val_on_0.is_some(),
890
+
"email_update entry should exist on node 0 immediately after requestEmailUpdate"
891
+
);
892
+
893
+
let c1 = cache_1.clone();
894
+
let k = cache_key.clone();
895
+
poll_until(10_000, 200, move || {
896
+
let c = c1.clone();
897
+
let k = k.clone();
898
+
async move { c.get(&k).await.is_some() }
899
+
})
900
+
.await;
901
+
902
+
let status_res = client
903
+
.get(format!(
904
+
"{}/xrpc/_account.checkEmailUpdateStatus",
905
+
nodes[1].url
906
+
))
907
+
.bearer_auth(&token)
908
+
.send()
909
+
.await
910
+
.expect("checkEmailUpdateStatus on node 1 failed");
911
+
assert_eq!(
912
+
status_res.status(),
913
+
StatusCode::OK,
914
+
"checkEmailUpdateStatus should succeed on node 1"
915
+
);
916
+
let status_body: serde_json::Value = status_res.json().await.expect("invalid json");
917
+
assert_eq!(
918
+
status_body["pending"].as_bool(),
919
+
Some(true),
920
+
"email update should be pending on node 1 via cache propagation"
921
+
);
922
+
assert_eq!(
923
+
status_body["newEmail"].as_str().unwrap(),
924
+
new_email,
925
+
"new email should match on node 1"
926
+
);
927
+
}
928
+
929
+
#[tokio::test]
930
+
async fn cross_node_session_revocation() {
931
+
let nodes = common::cluster().await;
932
+
let client = common::client();
933
+
934
+
let (token, _did) = create_account_on_node(&client, &nodes[0].url).await;
935
+
936
+
let session_res = client
937
+
.get(format!(
938
+
"{}/xrpc/com.atproto.server.getSession",
939
+
nodes[0].url
940
+
))
941
+
.bearer_auth(&token)
942
+
.send()
943
+
.await
944
+
.expect("getSession on node 0 failed");
945
+
assert_eq!(
946
+
session_res.status(),
947
+
StatusCode::OK,
948
+
"session should be valid on node 0"
949
+
);
950
+
951
+
let client2 = client.clone();
952
+
let url1 = nodes[1].url.clone();
953
+
let t = token.clone();
954
+
poll_until(15_000, 200, move || {
955
+
let c = client2.clone();
956
+
let u = url1.clone();
957
+
let t = t.clone();
958
+
async move {
959
+
c.get(format!("{u}/xrpc/com.atproto.server.getSession"))
960
+
.bearer_auth(&t)
961
+
.send()
962
+
.await
963
+
.map(|r| r.status() == StatusCode::OK)
964
+
.unwrap_or(false)
965
+
}
966
+
})
967
+
.await;
968
+
969
+
let delete_res = client
970
+
.post(format!(
971
+
"{}/xrpc/com.atproto.server.deleteSession",
972
+
nodes[0].url
973
+
))
974
+
.bearer_auth(&token)
975
+
.send()
976
+
.await
977
+
.expect("deleteSession failed");
978
+
assert_eq!(
979
+
delete_res.status(),
980
+
StatusCode::OK,
981
+
"deleteSession should succeed"
982
+
);
983
+
984
+
let client3 = client.clone();
985
+
let url1 = nodes[1].url.clone();
986
+
let t = token.clone();
987
+
poll_until(15_000, 200, move || {
988
+
let c = client3.clone();
989
+
let u = url1.clone();
990
+
let t = t.clone();
991
+
async move {
992
+
c.get(format!("{u}/xrpc/com.atproto.server.getSession"))
993
+
.bearer_auth(&t)
994
+
.send()
995
+
.await
996
+
.map(|r| r.status() != StatusCode::OK)
997
+
.unwrap_or(false)
998
+
}
999
+
})
1000
+
.await;
1001
+
}
+27
-14
crates/tranquil-pds/tests/sync_conformance.rs
+27
-14
crates/tranquil-pds/tests/sync_conformance.rs
···
160
161
set_account_takedown(&did, Some("test-takedown-ref")).await;
162
163
-
let res = client
164
-
.get(format!(
165
"{}/xrpc/com.atproto.sync.listRepos?limit=1000",
166
base_url().await
167
-
))
168
-
.send()
169
-
.await
170
-
.expect("Failed to send request");
171
-
172
-
assert_eq!(res.status(), StatusCode::OK);
173
-
let body: Value = res.json().await.expect("Response was not valid JSON");
174
-
let repos = body["repos"].as_array().unwrap();
175
-
176
-
let takendown_repo = repos.iter().find(|r| r["did"] == did);
177
assert!(takendown_repo.is_some(), "Takendown repo should be in list");
178
let repo = takendown_repo.unwrap();
179
-
assert_eq!(repo["active"], false);
180
-
assert_eq!(repo["status"], "takendown");
181
}
182
183
#[tokio::test]
···
160
161
set_account_takedown(&did, Some("test-takedown-ref")).await;
162
163
+
let mut cursor: Option<String> = None;
164
+
let mut takendown_repo: Option<Value> = None;
165
+
loop {
166
+
let mut url = format!(
167
"{}/xrpc/com.atproto.sync.listRepos?limit=1000",
168
base_url().await
169
+
);
170
+
if let Some(ref c) = cursor {
171
+
url.push_str(&format!("&cursor={}", c));
172
+
}
173
+
let res = client
174
+
.get(&url)
175
+
.send()
176
+
.await
177
+
.expect("Failed to send request");
178
+
assert_eq!(res.status(), StatusCode::OK);
179
+
let body: Value = res.json().await.expect("Response was not valid JSON");
180
+
let repos = body["repos"].as_array().unwrap();
181
+
if let Some(found) = repos.iter().find(|r| r["did"] == did) {
182
+
takendown_repo = Some(found.clone());
183
+
break;
184
+
}
185
+
match body["cursor"].as_str() {
186
+
Some(c) => cursor = Some(c.to_string()),
187
+
None => break,
188
+
}
189
+
}
190
assert!(takendown_repo.is_some(), "Takendown repo should be in list");
191
let repo = takendown_repo.unwrap();
192
+
assert_eq!(repo["active"], false, "repo should be inactive: {:?}", repo);
193
+
assert_eq!(repo["status"], "takendown", "repo status should be takendown: {:?}", repo);
194
}
195
196
#[tokio::test]
+63
-63
crates/tranquil-pds/tests/whole_story.rs
+63
-63
crates/tranquil-pds/tests/whole_story.rs
···
486
let base = base_url().await;
487
let (did, jwt) = setup_new_user("blob-lifecycle").await;
488
489
-
let blob1_data = b"First blob for testing lifecycle";
490
let upload1_res = client
491
.post(format!("{}/xrpc/com.atproto.repo.uploadBlob", base))
492
.header(header::CONTENT_TYPE, "text/plain")
···
500
let blob1 = upload1_body["blob"].clone();
501
let blob1_cid = blob1["ref"]["$link"].as_str().unwrap();
502
503
-
let blob2_data = b"Second blob for testing lifecycle";
504
let upload2_res = client
505
.post(format!("{}/xrpc/com.atproto.repo.uploadBlob", base))
506
.header(header::CONTENT_TYPE, "text/plain")
···
1278
let (did, jwt) = setup_new_user("scale-posts").await;
1279
1280
let post_count = 1000;
1281
-
let post_futures: Vec<_> = (0..post_count)
1282
.map(|i| {
1283
let client = client.clone();
1284
let base = base.to_string();
···
1311
);
1312
}
1313
})
1314
-
.collect();
1315
-
1316
-
join_all(post_futures).await;
1317
1318
let count_res = client
1319
.get(format!("{}/xrpc/com.atproto.repo.listRecords", base))
···
1349
"All posts should have unique URIs"
1350
);
1351
1352
-
let delete_futures: Vec<_> = all_uris
1353
-
.iter()
1354
-
.take(500)
1355
.map(|uri| {
1356
let client = client.clone();
1357
let base = base.to_string();
···
1373
assert_eq!(res.status(), StatusCode::OK);
1374
}
1375
})
1376
-
.collect();
1377
-
1378
-
join_all(delete_futures).await;
1379
1380
let final_count = count_records(&client, base, &jwt, &did, "app.bsky.feed.post").await;
1381
assert_eq!(
···
1396
1397
let users: Vec<(String, String)> = join_all(user_futures).await;
1398
1399
-
let follow_futures: Vec<_> = users
1400
.iter()
1401
.enumerate()
1402
.flat_map(|(i, (follower_did, follower_jwt))| {
1403
let client = client.clone();
1404
let base = base.to_string();
1405
-
users.iter().enumerate().filter(move |(j, _)| *j != i).map({
1406
-
let client = client.clone();
1407
-
let base = base.clone();
1408
-
let follower_did = follower_did.clone();
1409
-
let follower_jwt = follower_jwt.clone();
1410
-
move |(_, (followee_did, _))| {
1411
-
let client = client.clone();
1412
-
let base = base.clone();
1413
-
let follower_did = follower_did.clone();
1414
-
let follower_jwt = follower_jwt.clone();
1415
-
let followee_did = followee_did.clone();
1416
-
async move {
1417
-
let rkey = format!(
1418
-
"follow_{}",
1419
-
&uuid::Uuid::new_v4().simple().to_string()[..12]
1420
-
);
1421
-
let res = client
1422
-
.post(format!("{}/xrpc/com.atproto.repo.putRecord", base))
1423
-
.bearer_auth(&follower_jwt)
1424
-
.json(&json!({
1425
-
"repo": follower_did,
1426
-
"collection": "app.bsky.graph.follow",
1427
-
"rkey": rkey,
1428
-
"record": {
1429
-
"$type": "app.bsky.graph.follow",
1430
-
"subject": followee_did,
1431
-
"createdAt": Utc::now().to_rfc3339()
1432
-
}
1433
-
}))
1434
-
.send()
1435
-
.await
1436
-
.expect("Follow failed");
1437
-
let status = res.status();
1438
-
let body: Value = res.json().await.unwrap_or_default();
1439
-
assert_eq!(status, StatusCode::OK, "Follow failed: {:?}", body);
1440
-
}
1441
-
}
1442
-
})
1443
})
1444
-
.collect();
1445
-
1446
-
join_all(follow_futures).await;
1447
1448
let expected_follows_per_user = user_count - 1;
1449
let verify_futures: Vec<_> = users
···
1529
let (did, jwt) = setup_new_user("scale-blobs").await;
1530
1531
let blob_count = 300;
1532
-
let blob_futures: Vec<_> = (0..blob_count)
1533
.map(|i| {
1534
let client = client.clone();
1535
let base = base.to_string();
1536
let jwt = jwt.clone();
1537
async move {
1538
-
let blob_data = format!("Blob data number {} with some padding to make it realistic size for testing purposes", i);
1539
let res = client
1540
.post(format!("{}/xrpc/com.atproto.repo.uploadBlob", base))
1541
.header(header::CONTENT_TYPE, "text/plain")
···
1549
body["blob"].clone()
1550
}
1551
})
1552
-
.collect();
1553
1554
-
let blobs: Vec<Value> = join_all(blob_futures).await;
1555
-
1556
-
let post_futures: Vec<_> = blobs
1557
.chunks(3)
1558
.enumerate()
1559
.map(|(i, blob_chunk)| {
1560
let client = client.clone();
1561
let base = base.to_string();
···
1596
assert_eq!(status, StatusCode::OK, "Post with blobs failed: {:?}", body);
1597
}
1598
})
1599
-
.collect();
1600
-
1601
-
join_all(post_futures).await;
1602
1603
let list_blobs_res = client
1604
.get(format!("{}/xrpc/com.atproto.sync.listBlobs", base))
···
486
let base = base_url().await;
487
let (did, jwt) = setup_new_user("blob-lifecycle").await;
488
489
+
let blob1_data = format!("First blob for testing lifecycle {}", uuid::Uuid::new_v4());
490
+
let blob1_data = blob1_data.as_bytes();
491
let upload1_res = client
492
.post(format!("{}/xrpc/com.atproto.repo.uploadBlob", base))
493
.header(header::CONTENT_TYPE, "text/plain")
···
501
let blob1 = upload1_body["blob"].clone();
502
let blob1_cid = blob1["ref"]["$link"].as_str().unwrap();
503
504
+
let blob2_data = format!("Second blob for testing lifecycle {}", uuid::Uuid::new_v4());
505
+
let blob2_data = blob2_data.as_bytes();
506
let upload2_res = client
507
.post(format!("{}/xrpc/com.atproto.repo.uploadBlob", base))
508
.header(header::CONTENT_TYPE, "text/plain")
···
1280
let (did, jwt) = setup_new_user("scale-posts").await;
1281
1282
let post_count = 1000;
1283
+
futures::stream::iter(0..post_count)
1284
.map(|i| {
1285
let client = client.clone();
1286
let base = base.to_string();
···
1313
);
1314
}
1315
})
1316
+
.buffer_unordered(50)
1317
+
.collect::<Vec<()>>()
1318
+
.await;
1319
1320
let count_res = client
1321
.get(format!("{}/xrpc/com.atproto.repo.listRecords", base))
···
1351
"All posts should have unique URIs"
1352
);
1353
1354
+
futures::stream::iter(all_uris.iter().take(500))
1355
.map(|uri| {
1356
let client = client.clone();
1357
let base = base.to_string();
···
1373
assert_eq!(res.status(), StatusCode::OK);
1374
}
1375
})
1376
+
.buffer_unordered(50)
1377
+
.collect::<Vec<()>>()
1378
+
.await;
1379
1380
let final_count = count_records(&client, base, &jwt, &did, "app.bsky.feed.post").await;
1381
assert_eq!(
···
1396
1397
let users: Vec<(String, String)> = join_all(user_futures).await;
1398
1399
+
let follow_pairs: Vec<(String, String, String)> = users
1400
.iter()
1401
.enumerate()
1402
.flat_map(|(i, (follower_did, follower_jwt))| {
1403
+
users.iter().enumerate()
1404
+
.filter(move |(j, _)| *j != i)
1405
+
.map(|(_, (followee_did, _))| {
1406
+
(follower_did.clone(), follower_jwt.clone(), followee_did.clone())
1407
+
})
1408
+
.collect::<Vec<_>>()
1409
+
})
1410
+
.collect();
1411
+
futures::stream::iter(follow_pairs)
1412
+
.map(|(follower_did, follower_jwt, followee_did)| {
1413
let client = client.clone();
1414
let base = base.to_string();
1415
+
async move {
1416
+
let rkey = format!(
1417
+
"follow_{}",
1418
+
&uuid::Uuid::new_v4().simple().to_string()[..12]
1419
+
);
1420
+
let res = client
1421
+
.post(format!("{}/xrpc/com.atproto.repo.putRecord", base))
1422
+
.bearer_auth(&follower_jwt)
1423
+
.json(&json!({
1424
+
"repo": follower_did,
1425
+
"collection": "app.bsky.graph.follow",
1426
+
"rkey": rkey,
1427
+
"record": {
1428
+
"$type": "app.bsky.graph.follow",
1429
+
"subject": followee_did,
1430
+
"createdAt": Utc::now().to_rfc3339()
1431
+
}
1432
+
}))
1433
+
.send()
1434
+
.await
1435
+
.expect("Follow failed");
1436
+
let status = res.status();
1437
+
let body: Value = res.json().await.unwrap_or_default();
1438
+
assert_eq!(status, StatusCode::OK, "Follow failed: {:?}", body);
1439
+
}
1440
})
1441
+
.buffer_unordered(50)
1442
+
.collect::<Vec<()>>()
1443
+
.await;
1444
1445
let expected_follows_per_user = user_count - 1;
1446
let verify_futures: Vec<_> = users
···
1526
let (did, jwt) = setup_new_user("scale-blobs").await;
1527
1528
let blob_count = 300;
1529
+
let blobs: Vec<Value> = futures::stream::iter(0..blob_count)
1530
.map(|i| {
1531
let client = client.clone();
1532
let base = base.to_string();
1533
let jwt = jwt.clone();
1534
async move {
1535
+
let blob_data = format!("Blob data number {} {} with some padding to make it realistic size for testing purposes", i, uuid::Uuid::new_v4());
1536
let res = client
1537
.post(format!("{}/xrpc/com.atproto.repo.uploadBlob", base))
1538
.header(header::CONTENT_TYPE, "text/plain")
···
1546
body["blob"].clone()
1547
}
1548
})
1549
+
.buffer_unordered(50)
1550
+
.collect::<Vec<Value>>()
1551
+
.await;
1552
1553
+
let blob_chunks: Vec<(usize, Vec<Value>)> = blobs
1554
.chunks(3)
1555
.enumerate()
1556
+
.map(|(i, chunk)| (i, chunk.to_vec()))
1557
+
.collect();
1558
+
futures::stream::iter(blob_chunks)
1559
.map(|(i, blob_chunk)| {
1560
let client = client.clone();
1561
let base = base.to_string();
···
1596
assert_eq!(status, StatusCode::OK, "Post with blobs failed: {:?}", body);
1597
}
1598
})
1599
+
.buffer_unordered(50)
1600
+
.collect::<Vec<()>>()
1601
+
.await;
1602
1603
let list_blobs_res = client
1604
.get(format!("{}/xrpc/com.atproto.sync.listBlobs", base))
+27
crates/tranquil-ripple/Cargo.toml
+27
crates/tranquil-ripple/Cargo.toml
···
···
1
+
[package]
2
+
name = "tranquil-ripple"
3
+
version.workspace = true
4
+
edition.workspace = true
5
+
license.workspace = true
6
+
7
+
[dependencies]
8
+
tranquil-infra = { workspace = true }
9
+
10
+
async-trait = { workspace = true }
11
+
backon = { workspace = true }
12
+
bincode = { workspace = true }
13
+
bytes = { workspace = true }
14
+
foca = { workspace = true }
15
+
parking_lot = { workspace = true }
16
+
rand = "0.9"
17
+
serde = { workspace = true }
18
+
thiserror = { workspace = true }
19
+
tokio = { workspace = true, features = ["net", "io-util", "sync", "time"] }
20
+
tokio-util = { workspace = true }
21
+
tracing = { workspace = true }
22
+
23
+
[dev-dependencies]
24
+
futures = { workspace = true }
25
+
tokio = { workspace = true, features = ["macros", "rt-multi-thread"] }
26
+
tracing-subscriber = { workspace = true }
27
+
uuid = { workspace = true }
+89
crates/tranquil-ripple/src/cache.rs
+89
crates/tranquil-ripple/src/cache.rs
···
···
1
+
use crate::crdt::CrdtStore;
2
+
use async_trait::async_trait;
3
+
use parking_lot::RwLock;
4
+
use std::sync::Arc;
5
+
use std::time::Duration;
6
+
use tranquil_infra::{Cache, CacheError};
7
+
8
+
pub struct RippleCache {
9
+
store: Arc<RwLock<CrdtStore>>,
10
+
}
11
+
12
+
impl RippleCache {
13
+
pub fn new(store: Arc<RwLock<CrdtStore>>) -> Self {
14
+
Self { store }
15
+
}
16
+
}
17
+
18
+
#[async_trait]
19
+
impl Cache for RippleCache {
20
+
async fn get(&self, key: &str) -> Option<String> {
21
+
self.store
22
+
.read()
23
+
.cache_get(key)
24
+
.and_then(|bytes| String::from_utf8(bytes).ok())
25
+
}
26
+
27
+
async fn set(&self, key: &str, value: &str, ttl: Duration) -> Result<(), CacheError> {
28
+
self.store
29
+
.write()
30
+
.cache_set(key.to_string(), value.as_bytes().to_vec(), ttl.as_millis() as u64);
31
+
Ok(())
32
+
}
33
+
34
+
async fn delete(&self, key: &str) -> Result<(), CacheError> {
35
+
self.store.write().cache_delete(key);
36
+
Ok(())
37
+
}
38
+
39
+
async fn get_bytes(&self, key: &str) -> Option<Vec<u8>> {
40
+
self.store.read().cache_get(key)
41
+
}
42
+
43
+
async fn set_bytes(&self, key: &str, value: &[u8], ttl: Duration) -> Result<(), CacheError> {
44
+
self.store
45
+
.write()
46
+
.cache_set(key.to_string(), value.to_vec(), ttl.as_millis() as u64);
47
+
Ok(())
48
+
}
49
+
}
50
+
51
+
#[cfg(test)]
52
+
mod tests {
53
+
use super::*;
54
+
55
+
#[tokio::test]
56
+
async fn cache_trait_roundtrip() {
57
+
let store = Arc::new(RwLock::new(CrdtStore::new(1)));
58
+
let cache = RippleCache::new(store);
59
+
cache
60
+
.set("test", "value", Duration::from_secs(60))
61
+
.await
62
+
.unwrap();
63
+
assert_eq!(cache.get("test").await, Some("value".to_string()));
64
+
}
65
+
66
+
#[tokio::test]
67
+
async fn cache_trait_bytes() {
68
+
let store = Arc::new(RwLock::new(CrdtStore::new(1)));
69
+
let cache = RippleCache::new(store);
70
+
let data = vec![0xDE, 0xAD, 0xBE, 0xEF];
71
+
cache
72
+
.set_bytes("bin", &data, Duration::from_secs(60))
73
+
.await
74
+
.unwrap();
75
+
assert_eq!(cache.get_bytes("bin").await, Some(data));
76
+
}
77
+
78
+
#[tokio::test]
79
+
async fn cache_trait_delete() {
80
+
let store = Arc::new(RwLock::new(CrdtStore::new(1)));
81
+
let cache = RippleCache::new(store);
82
+
cache
83
+
.set("del", "x", Duration::from_secs(60))
84
+
.await
85
+
.unwrap();
86
+
cache.delete("del").await.unwrap();
87
+
assert_eq!(cache.get("del").await, None);
88
+
}
89
+
}
+85
crates/tranquil-ripple/src/config.rs
+85
crates/tranquil-ripple/src/config.rs
···
···
1
+
use std::net::SocketAddr;
2
+
3
+
fn fnv1a(data: &[u8]) -> u64 {
4
+
data.iter().fold(0xcbf29ce484222325u64, |hash, &byte| {
5
+
(hash ^ byte as u64).wrapping_mul(0x100000001b3)
6
+
})
7
+
}
8
+
9
+
#[derive(Debug, Clone)]
10
+
pub struct RippleConfig {
11
+
pub bind_addr: SocketAddr,
12
+
pub seed_peers: Vec<SocketAddr>,
13
+
pub machine_id: u64,
14
+
pub gossip_interval_ms: u64,
15
+
pub cache_max_bytes: usize,
16
+
}
17
+
18
+
fn parse_env_with_warning<T: std::str::FromStr>(var_name: &str, raw: &str) -> Option<T> {
19
+
match raw.parse::<T>() {
20
+
Ok(v) => Some(v),
21
+
Err(_) => {
22
+
tracing::warn!(var = var_name, value = raw, "invalid env var value, using default");
23
+
None
24
+
}
25
+
}
26
+
}
27
+
28
+
impl RippleConfig {
29
+
pub fn from_env() -> Result<Self, RippleConfigError> {
30
+
let bind_addr: SocketAddr = std::env::var("RIPPLE_BIND")
31
+
.unwrap_or_else(|_| "0.0.0.0:0".into())
32
+
.parse()
33
+
.map_err(|e| RippleConfigError::InvalidAddr(format!("{e}")))?;
34
+
35
+
let seed_peers: Vec<SocketAddr> = std::env::var("RIPPLE_PEERS")
36
+
.unwrap_or_default()
37
+
.split(',')
38
+
.filter(|s| !s.trim().is_empty())
39
+
.map(|s| {
40
+
s.trim()
41
+
.parse()
42
+
.map_err(|e| RippleConfigError::InvalidAddr(format!("{s}: {e}")))
43
+
})
44
+
.collect::<Result<Vec<_>, _>>()?;
45
+
46
+
let machine_id: u64 = std::env::var("RIPPLE_MACHINE_ID")
47
+
.ok()
48
+
.and_then(|v| parse_env_with_warning::<u64>("RIPPLE_MACHINE_ID", &v))
49
+
.unwrap_or_else(|| {
50
+
let host_str = std::fs::read_to_string("/etc/hostname")
51
+
.map(|s| s.trim().to_string())
52
+
.unwrap_or_else(|_| format!("pid-{}", std::process::id()));
53
+
let input = format!("{host_str}:{bind_addr}:{}", std::process::id());
54
+
fnv1a(input.as_bytes())
55
+
});
56
+
57
+
let gossip_interval_ms: u64 = std::env::var("RIPPLE_GOSSIP_INTERVAL_MS")
58
+
.ok()
59
+
.and_then(|v| parse_env_with_warning::<u64>("RIPPLE_GOSSIP_INTERVAL_MS", &v))
60
+
.unwrap_or(200)
61
+
.max(50);
62
+
63
+
let cache_max_mb: usize = std::env::var("RIPPLE_CACHE_MAX_MB")
64
+
.ok()
65
+
.and_then(|v| parse_env_with_warning::<usize>("RIPPLE_CACHE_MAX_MB", &v))
66
+
.unwrap_or(256)
67
+
.clamp(1, 16_384);
68
+
69
+
let cache_max_bytes = cache_max_mb.saturating_mul(1024).saturating_mul(1024);
70
+
71
+
Ok(Self {
72
+
bind_addr,
73
+
seed_peers,
74
+
machine_id,
75
+
gossip_interval_ms,
76
+
cache_max_bytes,
77
+
})
78
+
}
79
+
}
80
+
81
+
#[derive(Debug, thiserror::Error)]
82
+
pub enum RippleConfigError {
83
+
#[error("invalid address: {0}")]
84
+
InvalidAddr(String),
85
+
}
+31
crates/tranquil-ripple/src/crdt/delta.rs
+31
crates/tranquil-ripple/src/crdt/delta.rs
···
···
1
+
use super::lww_map::LwwDelta;
2
+
use super::g_counter::GCounterDelta;
3
+
use serde::{Deserialize, Serialize};
4
+
5
+
const SCHEMA_VERSION: u8 = 1;
6
+
7
+
#[derive(Debug, Clone, Serialize, Deserialize)]
8
+
pub struct CrdtDelta {
9
+
#[serde(default = "default_version")]
10
+
pub version: u8,
11
+
pub source_node: u64,
12
+
pub cache_delta: Option<LwwDelta>,
13
+
pub rate_limit_deltas: Vec<GCounterDelta>,
14
+
}
15
+
16
+
fn default_version() -> u8 {
17
+
1
18
+
}
19
+
20
+
impl CrdtDelta {
21
+
pub fn is_empty(&self) -> bool {
22
+
self.cache_delta
23
+
.as_ref()
24
+
.map_or(true, |d| d.entries.is_empty())
25
+
&& self.rate_limit_deltas.is_empty()
26
+
}
27
+
28
+
pub fn is_compatible(&self) -> bool {
29
+
self.version == SCHEMA_VERSION
30
+
}
31
+
}
+305
crates/tranquil-ripple/src/crdt/g_counter.rs
+305
crates/tranquil-ripple/src/crdt/g_counter.rs
···
···
1
+
use serde::{Deserialize, Serialize};
2
+
use std::collections::{HashMap, HashSet};
3
+
4
+
#[derive(Debug, Clone, Serialize, Deserialize)]
5
+
pub struct GCounter {
6
+
pub increments: HashMap<u64, u64>,
7
+
pub window_start_ms: u64,
8
+
pub window_duration_ms: u64,
9
+
}
10
+
11
+
impl GCounter {
12
+
pub fn new(window_start_ms: u64, window_duration_ms: u64) -> Self {
13
+
Self {
14
+
increments: HashMap::new(),
15
+
window_start_ms,
16
+
window_duration_ms,
17
+
}
18
+
}
19
+
20
+
pub fn total(&self) -> u64 {
21
+
self.increments
22
+
.values()
23
+
.copied()
24
+
.fold(0u64, u64::saturating_add)
25
+
}
26
+
27
+
pub fn increment(&mut self, node_id: u64) {
28
+
let slot = self.increments.entry(node_id).or_insert(0);
29
+
*slot = slot.saturating_add(1);
30
+
}
31
+
32
+
pub fn merge(&mut self, other: &GCounter) -> bool {
33
+
let mut changed = false;
34
+
other.increments.iter().for_each(|(&node, &count)| {
35
+
let slot = self.increments.entry(node).or_insert(0);
36
+
let new_val = (*slot).max(count);
37
+
if new_val != *slot {
38
+
*slot = new_val;
39
+
changed = true;
40
+
}
41
+
});
42
+
changed
43
+
}
44
+
45
+
pub fn is_expired(&self, now_wall_ms: u64) -> bool {
46
+
now_wall_ms.saturating_sub(self.window_start_ms) >= self.window_duration_ms
47
+
}
48
+
}
49
+
50
+
#[derive(Debug, Clone, Serialize, Deserialize)]
51
+
pub struct GCounterDelta {
52
+
pub key: String,
53
+
pub counter: GCounter,
54
+
}
55
+
56
+
pub struct RateLimitStore {
57
+
counters: HashMap<String, GCounter>,
58
+
node_id: u64,
59
+
dirty: HashSet<String>,
60
+
}
61
+
62
+
impl RateLimitStore {
63
+
pub fn new(node_id: u64) -> Self {
64
+
Self {
65
+
counters: HashMap::new(),
66
+
node_id,
67
+
dirty: HashSet::new(),
68
+
}
69
+
}
70
+
71
+
fn aligned_window_start(now_wall_ms: u64, window_ms: u64) -> u64 {
72
+
(now_wall_ms / window_ms.max(1)) * window_ms.max(1)
73
+
}
74
+
75
+
pub fn check_and_increment(
76
+
&mut self,
77
+
key: &str,
78
+
limit: u32,
79
+
window_ms: u64,
80
+
now_wall_ms: u64,
81
+
) -> bool {
82
+
if window_ms == 0 {
83
+
return false;
84
+
}
85
+
let window_start = Self::aligned_window_start(now_wall_ms, window_ms);
86
+
87
+
let counter = self
88
+
.counters
89
+
.entry(key.to_string())
90
+
.and_modify(|c| {
91
+
if c.window_start_ms != window_start {
92
+
*c = GCounter::new(window_start, window_ms);
93
+
}
94
+
})
95
+
.or_insert_with(|| GCounter::new(window_start, window_ms));
96
+
97
+
let current = counter.total();
98
+
if current >= limit as u64 {
99
+
return false;
100
+
}
101
+
counter.increment(self.node_id);
102
+
self.dirty.insert(key.to_string());
103
+
true
104
+
}
105
+
106
+
pub fn merge_counter(&mut self, key: String, remote: &GCounter) -> bool {
107
+
if remote.window_duration_ms == 0 {
108
+
return false;
109
+
}
110
+
match self.counters.get_mut(&key) {
111
+
Some(local) if local.window_start_ms == remote.window_start_ms => {
112
+
if local.window_duration_ms != remote.window_duration_ms {
113
+
tracing::warn!(
114
+
key = %key,
115
+
local_window = local.window_duration_ms,
116
+
remote_window = remote.window_duration_ms,
117
+
"window_duration_ms mismatch, rejecting merge"
118
+
);
119
+
return false;
120
+
}
121
+
let changed = local.merge(remote);
122
+
if changed {
123
+
self.dirty.insert(key);
124
+
}
125
+
changed
126
+
}
127
+
Some(local) if remote.window_start_ms > local.window_start_ms => {
128
+
self.counters.insert(key.clone(), remote.clone());
129
+
self.dirty.insert(key);
130
+
true
131
+
}
132
+
None => {
133
+
self.counters.insert(key.clone(), remote.clone());
134
+
self.dirty.insert(key);
135
+
true
136
+
}
137
+
_ => false,
138
+
}
139
+
}
140
+
141
+
pub fn extract_dirty_deltas(&self) -> Vec<GCounterDelta> {
142
+
self.dirty
143
+
.iter()
144
+
.filter_map(|key| {
145
+
self.counters
146
+
.get(key)
147
+
.map(|counter| GCounterDelta {
148
+
key: key.clone(),
149
+
counter: counter.clone(),
150
+
})
151
+
})
152
+
.collect()
153
+
}
154
+
155
+
pub fn clear_dirty(&mut self) {
156
+
self.dirty.clear();
157
+
}
158
+
159
+
pub fn clear_dirty_keys(&mut self, keys: impl Iterator<Item = impl AsRef<str>>) {
160
+
keys.for_each(|k| {
161
+
self.dirty.remove(k.as_ref());
162
+
});
163
+
}
164
+
165
+
pub fn peek_count(&self, key: &str, window_ms: u64, now_wall_ms: u64) -> u64 {
166
+
match self.counters.get(key) {
167
+
Some(counter) if counter.window_start_ms == Self::aligned_window_start(now_wall_ms, window_ms) => {
168
+
counter.total()
169
+
}
170
+
_ => 0,
171
+
}
172
+
}
173
+
174
+
pub fn peek_dirty_counter(&self, key: &str) -> Option<&GCounter> {
175
+
match self.dirty.contains(key) {
176
+
true => self.counters.get(key),
177
+
false => None,
178
+
}
179
+
}
180
+
181
+
pub fn clear_single_dirty(&mut self, key: &str) {
182
+
self.dirty.remove(key);
183
+
}
184
+
185
+
pub fn estimated_bytes(&self) -> usize {
186
+
const PER_COUNTER_OVERHEAD: usize = 128;
187
+
self.counters
188
+
.iter()
189
+
.map(|(key, counter)| {
190
+
key.len()
191
+
+ std::mem::size_of::<GCounter>()
192
+
+ counter.increments.len() * (std::mem::size_of::<u64>() * 2)
193
+
+ PER_COUNTER_OVERHEAD
194
+
})
195
+
.fold(0usize, usize::saturating_add)
196
+
}
197
+
198
+
pub fn gc_expired(&mut self, now_wall_ms: u64) {
199
+
let expired: Vec<String> = self
200
+
.counters
201
+
.iter()
202
+
.filter(|(_, c)| c.is_expired(now_wall_ms))
203
+
.map(|(k, _)| k.clone())
204
+
.collect();
205
+
expired.iter().for_each(|key| {
206
+
self.counters.remove(key);
207
+
self.dirty.remove(key);
208
+
});
209
+
}
210
+
}
211
+
212
+
#[cfg(test)]
213
+
mod tests {
214
+
use super::*;
215
+
216
+
#[test]
217
+
fn increment_and_total() {
218
+
let mut counter = GCounter::new(0, 60_000);
219
+
counter.increment(1);
220
+
counter.increment(1);
221
+
counter.increment(2);
222
+
assert_eq!(counter.total(), 3);
223
+
}
224
+
225
+
#[test]
226
+
fn merge_per_node_max() {
227
+
let mut a = GCounter::new(0, 60_000);
228
+
a.increment(1);
229
+
a.increment(1);
230
+
a.increment(2);
231
+
232
+
let mut b = GCounter::new(0, 60_000);
233
+
b.increment(1);
234
+
b.increment(2);
235
+
b.increment(2);
236
+
b.increment(2);
237
+
238
+
a.merge(&b);
239
+
assert_eq!(*a.increments.get(&1).unwrap(), 2);
240
+
assert_eq!(*a.increments.get(&2).unwrap(), 3);
241
+
assert_eq!(a.total(), 5);
242
+
}
243
+
244
+
#[test]
245
+
fn merge_commutativity() {
246
+
let mut a = GCounter::new(0, 60_000);
247
+
a.increments.insert(1, 5);
248
+
a.increments.insert(2, 3);
249
+
250
+
let mut b = GCounter::new(0, 60_000);
251
+
b.increments.insert(1, 3);
252
+
b.increments.insert(2, 7);
253
+
254
+
let mut ab = a.clone();
255
+
ab.merge(&b);
256
+
let mut ba = b.clone();
257
+
ba.merge(&a);
258
+
assert_eq!(ab.total(), ba.total());
259
+
}
260
+
261
+
#[test]
262
+
fn window_rollover() {
263
+
let mut store = RateLimitStore::new(1);
264
+
assert!(store.check_and_increment("k", 2, 1000, 500));
265
+
assert!(store.check_and_increment("k", 2, 1000, 600));
266
+
assert!(!store.check_and_increment("k", 2, 1000, 700));
267
+
assert!(store.check_and_increment("k", 2, 1000, 1500));
268
+
}
269
+
270
+
#[test]
271
+
fn rate_limit_enforcement() {
272
+
let mut store = RateLimitStore::new(1);
273
+
assert!(store.check_and_increment("k", 3, 60_000, 100));
274
+
assert!(store.check_and_increment("k", 3, 60_000, 200));
275
+
assert!(store.check_and_increment("k", 3, 60_000, 300));
276
+
assert!(!store.check_and_increment("k", 3, 60_000, 400));
277
+
}
278
+
279
+
#[test]
280
+
fn gc_expired_windows() {
281
+
let mut store = RateLimitStore::new(1);
282
+
store.check_and_increment("k", 10, 1000, 0);
283
+
assert_eq!(store.counters.len(), 1);
284
+
assert_eq!(store.dirty.len(), 1);
285
+
store.gc_expired(2000);
286
+
assert_eq!(store.counters.len(), 0);
287
+
assert_eq!(store.dirty.len(), 0);
288
+
}
289
+
290
+
#[test]
291
+
fn dirty_tracking() {
292
+
let mut store = RateLimitStore::new(1);
293
+
assert!(store.extract_dirty_deltas().is_empty());
294
+
295
+
store.check_and_increment("k1", 10, 60_000, 100);
296
+
store.check_and_increment("k2", 10, 60_000, 100);
297
+
assert_eq!(store.extract_dirty_deltas().len(), 2);
298
+
299
+
store.clear_dirty();
300
+
assert!(store.extract_dirty_deltas().is_empty());
301
+
302
+
store.check_and_increment("k1", 10, 60_000, 200);
303
+
assert_eq!(store.extract_dirty_deltas().len(), 1);
304
+
}
305
+
}
+206
crates/tranquil-ripple/src/crdt/hlc.rs
+206
crates/tranquil-ripple/src/crdt/hlc.rs
···
···
1
+
use serde::{Deserialize, Serialize};
2
+
use std::time::{SystemTime, UNIX_EPOCH};
3
+
4
+
#[derive(Debug, Clone, Copy, PartialEq, Eq, Serialize, Deserialize)]
5
+
pub struct HlcTimestamp {
6
+
pub wall_ms: u64,
7
+
pub counter: u32,
8
+
pub node_id: u64,
9
+
}
10
+
11
+
impl HlcTimestamp {
12
+
pub const ZERO: Self = Self {
13
+
wall_ms: 0,
14
+
counter: 0,
15
+
node_id: 0,
16
+
};
17
+
}
18
+
19
+
impl PartialOrd for HlcTimestamp {
20
+
fn partial_cmp(&self, other: &Self) -> Option<std::cmp::Ordering> {
21
+
Some(self.cmp(other))
22
+
}
23
+
}
24
+
25
+
impl Ord for HlcTimestamp {
26
+
fn cmp(&self, other: &Self) -> std::cmp::Ordering {
27
+
self.wall_ms
28
+
.cmp(&other.wall_ms)
29
+
.then(self.counter.cmp(&other.counter))
30
+
.then(self.node_id.cmp(&other.node_id))
31
+
}
32
+
}
33
+
34
+
fn advance_counter(wall: u64, counter: u32) -> (u64, u32) {
35
+
match counter == u32::MAX {
36
+
true => (wall.saturating_add(1), 0),
37
+
false => (wall, counter + 1),
38
+
}
39
+
}
40
+
41
+
pub struct Hlc {
42
+
node_id: u64,
43
+
last_wall_ms: u64,
44
+
last_counter: u32,
45
+
}
46
+
47
+
impl Hlc {
48
+
pub fn new(node_id: u64) -> Self {
49
+
Self {
50
+
node_id,
51
+
last_wall_ms: 0,
52
+
last_counter: 0,
53
+
}
54
+
}
55
+
56
+
fn physical_now() -> u64 {
57
+
SystemTime::now()
58
+
.duration_since(UNIX_EPOCH)
59
+
.unwrap_or_default()
60
+
.as_millis() as u64
61
+
}
62
+
63
+
pub fn now(&mut self) -> HlcTimestamp {
64
+
let phys = Self::physical_now();
65
+
let (wall, counter) = match phys > self.last_wall_ms {
66
+
true => (phys, 0u32),
67
+
false => advance_counter(self.last_wall_ms, self.last_counter),
68
+
};
69
+
self.last_wall_ms = wall;
70
+
self.last_counter = counter;
71
+
HlcTimestamp {
72
+
wall_ms: wall,
73
+
counter,
74
+
node_id: self.node_id,
75
+
}
76
+
}
77
+
78
+
pub fn receive(&mut self, remote: HlcTimestamp) -> HlcTimestamp {
79
+
let phys = Self::physical_now();
80
+
let max_allowed = phys + 60_000;
81
+
let capped_remote_wall = remote.wall_ms.min(max_allowed);
82
+
if remote.wall_ms > max_allowed {
83
+
tracing::warn!(
84
+
remote_wall_ms = remote.wall_ms,
85
+
local_wall_ms = phys,
86
+
drift_ms = remote.wall_ms.saturating_sub(phys),
87
+
capped_to = max_allowed,
88
+
"remote HLC wall clock >60s ahead, capping"
89
+
);
90
+
}
91
+
let remote_counter = match capped_remote_wall == remote.wall_ms {
92
+
true => remote.counter,
93
+
false => 0u32,
94
+
};
95
+
let max_wall = phys.max(self.last_wall_ms).max(capped_remote_wall);
96
+
let (wall, counter) = match max_wall {
97
+
w if w == phys && w > self.last_wall_ms && w > capped_remote_wall => (w, 0u32),
98
+
w if w == self.last_wall_ms && w == capped_remote_wall => {
99
+
advance_counter(w, self.last_counter.max(remote_counter))
100
+
}
101
+
w if w == self.last_wall_ms => advance_counter(w, self.last_counter),
102
+
w if w == capped_remote_wall => advance_counter(w, remote_counter),
103
+
w => (w, 0u32),
104
+
};
105
+
self.last_wall_ms = wall;
106
+
self.last_counter = counter;
107
+
HlcTimestamp {
108
+
wall_ms: wall,
109
+
counter,
110
+
node_id: self.node_id,
111
+
}
112
+
}
113
+
114
+
pub fn node_id(&self) -> u64 {
115
+
self.node_id
116
+
}
117
+
}
118
+
119
+
#[cfg(test)]
120
+
mod tests {
121
+
use super::*;
122
+
123
+
#[test]
124
+
fn monotonicity() {
125
+
let mut hlc = Hlc::new(1);
126
+
let timestamps: Vec<HlcTimestamp> = (0..100).map(|_| hlc.now()).collect();
127
+
timestamps.windows(2).for_each(|w| {
128
+
assert!(w[1] > w[0], "timestamps must be strictly increasing");
129
+
});
130
+
}
131
+
132
+
#[test]
133
+
fn merge_takes_max_within_drift_cap() {
134
+
let mut hlc = Hlc::new(1);
135
+
let now = Hlc::physical_now();
136
+
let remote = HlcTimestamp {
137
+
wall_ms: now + 5000,
138
+
counter: 10,
139
+
node_id: 2,
140
+
};
141
+
let merged = hlc.receive(remote);
142
+
assert!(merged.wall_ms >= remote.wall_ms);
143
+
let after = hlc.now();
144
+
assert!(after > merged);
145
+
}
146
+
147
+
#[test]
148
+
fn drift_cap_limits_remote_wall() {
149
+
let mut hlc = Hlc::new(1);
150
+
let now = Hlc::physical_now();
151
+
let remote = HlcTimestamp {
152
+
wall_ms: now + 120_000,
153
+
counter: 50,
154
+
node_id: 2,
155
+
};
156
+
let merged = hlc.receive(remote);
157
+
assert!(merged.wall_ms <= now + 60_000 + 1);
158
+
let after = hlc.now();
159
+
assert!(after > merged);
160
+
}
161
+
162
+
#[test]
163
+
fn total_order_across_nodes() {
164
+
let a = HlcTimestamp {
165
+
wall_ms: 100,
166
+
counter: 0,
167
+
node_id: 1,
168
+
};
169
+
let b = HlcTimestamp {
170
+
wall_ms: 100,
171
+
counter: 0,
172
+
node_id: 2,
173
+
};
174
+
assert!(a < b);
175
+
assert_ne!(a, b);
176
+
}
177
+
178
+
#[test]
179
+
fn counter_overflow_bumps_wall() {
180
+
let mut hlc = Hlc::new(1);
181
+
let future_wall = u64::MAX / 2;
182
+
hlc.last_wall_ms = future_wall;
183
+
hlc.last_counter = u32::MAX;
184
+
let ts = hlc.now();
185
+
assert_eq!(ts.wall_ms, future_wall + 1);
186
+
assert_eq!(ts.counter, 0);
187
+
let ts2 = hlc.now();
188
+
assert!(ts2 > ts);
189
+
}
190
+
191
+
#[test]
192
+
fn receive_counter_overflow_bumps_wall() {
193
+
let mut hlc = Hlc::new(1);
194
+
let future_wall = u64::MAX / 2;
195
+
hlc.last_wall_ms = future_wall;
196
+
hlc.last_counter = u32::MAX;
197
+
let remote = HlcTimestamp {
198
+
wall_ms: future_wall,
199
+
counter: u32::MAX,
200
+
node_id: 2,
201
+
};
202
+
let merged = hlc.receive(remote);
203
+
assert_eq!(merged.wall_ms, future_wall + 1);
204
+
assert_eq!(merged.counter, 0);
205
+
}
206
+
}
+388
crates/tranquil-ripple/src/crdt/lww_map.rs
+388
crates/tranquil-ripple/src/crdt/lww_map.rs
···
···
1
+
use super::hlc::HlcTimestamp;
2
+
use parking_lot::Mutex;
3
+
use serde::{Deserialize, Serialize};
4
+
use std::collections::{BTreeMap, HashMap};
5
+
6
+
#[derive(Debug, Clone, Serialize, Deserialize)]
7
+
pub struct LwwEntry {
8
+
pub value: Option<Vec<u8>>,
9
+
pub timestamp: HlcTimestamp,
10
+
pub ttl_ms: u64,
11
+
pub created_at_wall_ms: u64,
12
+
}
13
+
14
+
impl LwwEntry {
15
+
fn is_expired(&self, now_wall_ms: u64) -> bool {
16
+
self.ttl_ms > 0 && now_wall_ms.saturating_sub(self.created_at_wall_ms) >= self.ttl_ms
17
+
}
18
+
19
+
fn is_tombstone(&self) -> bool {
20
+
self.value.is_none()
21
+
}
22
+
23
+
fn tombstone_expired(&self, now_wall_ms: u64) -> bool {
24
+
self.is_tombstone()
25
+
&& self.ttl_ms > 0
26
+
&& now_wall_ms.saturating_sub(self.created_at_wall_ms) >= self.ttl_ms.saturating_mul(2)
27
+
}
28
+
29
+
fn entry_byte_size(&self, key: &str) -> usize {
30
+
const OVERHEAD: usize = 128;
31
+
key.len()
32
+
+ self.value.as_ref().map_or(0, Vec::len)
33
+
+ std::mem::size_of::<Self>()
34
+
+ OVERHEAD
35
+
}
36
+
}
37
+
38
+
#[derive(Debug, Clone, Serialize, Deserialize)]
39
+
pub struct LwwDelta {
40
+
pub entries: Vec<(String, LwwEntry)>,
41
+
}
42
+
43
+
struct LruTracker {
44
+
counter: u64,
45
+
counter_to_key: BTreeMap<u64, String>,
46
+
key_to_counter: HashMap<String, u64>,
47
+
}
48
+
49
+
impl LruTracker {
50
+
fn new() -> Self {
51
+
Self {
52
+
counter: 0,
53
+
counter_to_key: BTreeMap::new(),
54
+
key_to_counter: HashMap::new(),
55
+
}
56
+
}
57
+
58
+
fn promote(&mut self, key: &str) {
59
+
if let Some(old_counter) = self.key_to_counter.remove(key) {
60
+
self.counter_to_key.remove(&old_counter);
61
+
}
62
+
self.counter = self.counter.saturating_add(1);
63
+
self.counter_to_key.insert(self.counter, key.to_string());
64
+
self.key_to_counter.insert(key.to_string(), self.counter);
65
+
}
66
+
67
+
fn remove(&mut self, key: &str) {
68
+
if let Some(counter) = self.key_to_counter.remove(key) {
69
+
self.counter_to_key.remove(&counter);
70
+
}
71
+
}
72
+
73
+
fn pop_least_recent(&mut self) -> Option<String> {
74
+
let (&counter, _) = self.counter_to_key.iter().next()?;
75
+
let key = self.counter_to_key.remove(&counter)?;
76
+
self.key_to_counter.remove(&key);
77
+
Some(key)
78
+
}
79
+
}
80
+
81
+
pub struct LwwMap {
82
+
entries: HashMap<String, LwwEntry>,
83
+
lru: Mutex<LruTracker>,
84
+
estimated_bytes: usize,
85
+
}
86
+
87
+
impl LwwMap {
88
+
pub fn new() -> Self {
89
+
Self {
90
+
entries: HashMap::new(),
91
+
lru: Mutex::new(LruTracker::new()),
92
+
estimated_bytes: 0,
93
+
}
94
+
}
95
+
96
+
pub fn get(&self, key: &str, now_wall_ms: u64) -> Option<Vec<u8>> {
97
+
let entry = self.entries.get(key)?;
98
+
if entry.is_expired(now_wall_ms) || entry.is_tombstone() {
99
+
return None;
100
+
}
101
+
let value = entry.value.clone();
102
+
self.lru.lock().promote(key);
103
+
value
104
+
}
105
+
106
+
pub fn set(&mut self, key: String, value: Vec<u8>, timestamp: HlcTimestamp, ttl_ms: u64, wall_ms_now: u64) {
107
+
let entry = LwwEntry {
108
+
created_at_wall_ms: wall_ms_now,
109
+
value: Some(value),
110
+
timestamp,
111
+
ttl_ms,
112
+
};
113
+
self.remove_estimated_bytes(&key);
114
+
self.estimated_bytes += entry.entry_byte_size(&key);
115
+
self.entries.insert(key.clone(), entry);
116
+
self.lru.lock().promote(&key);
117
+
}
118
+
119
+
pub fn delete(&mut self, key: &str, timestamp: HlcTimestamp, wall_ms_now: u64) {
120
+
match self.entries.get(key) {
121
+
Some(existing) if existing.timestamp >= timestamp => return,
122
+
_ => {}
123
+
}
124
+
let ttl_ms = self
125
+
.entries
126
+
.get(key)
127
+
.map_or(60_000, |e| e.ttl_ms.max(60_000));
128
+
let entry = LwwEntry {
129
+
value: None,
130
+
timestamp,
131
+
ttl_ms,
132
+
created_at_wall_ms: wall_ms_now,
133
+
};
134
+
self.remove_estimated_bytes(key);
135
+
self.estimated_bytes += entry.entry_byte_size(key);
136
+
self.entries.insert(key.to_string(), entry);
137
+
self.lru.lock().remove(key);
138
+
}
139
+
140
+
pub fn merge_entry(&mut self, key: String, remote: LwwEntry) -> bool {
141
+
match self.entries.get(&key) {
142
+
Some(existing) if existing.timestamp >= remote.timestamp => false,
143
+
_ => {
144
+
let is_tombstone = remote.is_tombstone();
145
+
self.remove_estimated_bytes(&key);
146
+
self.estimated_bytes += remote.entry_byte_size(&key);
147
+
self.entries.insert(key.clone(), remote);
148
+
let mut lru = self.lru.lock();
149
+
match is_tombstone {
150
+
true => lru.remove(&key),
151
+
false => lru.promote(&key),
152
+
}
153
+
true
154
+
}
155
+
}
156
+
}
157
+
158
+
pub fn extract_delta_since(&self, watermark: HlcTimestamp) -> LwwDelta {
159
+
let entries = self
160
+
.entries
161
+
.iter()
162
+
.filter(|(_, entry)| entry.timestamp > watermark)
163
+
.map(|(k, v)| (k.clone(), v.clone()))
164
+
.collect();
165
+
LwwDelta { entries }
166
+
}
167
+
168
+
pub fn gc_tombstones(&mut self, now_wall_ms: u64) {
169
+
let expired_keys: Vec<String> = self
170
+
.entries
171
+
.iter()
172
+
.filter(|(_, entry)| entry.tombstone_expired(now_wall_ms))
173
+
.map(|(k, _)| k.clone())
174
+
.collect();
175
+
expired_keys.iter().for_each(|key| {
176
+
self.remove_estimated_bytes(key);
177
+
self.entries.remove(key);
178
+
});
179
+
let mut lru = self.lru.lock();
180
+
expired_keys.iter().for_each(|key| {
181
+
lru.remove(key);
182
+
});
183
+
}
184
+
185
+
pub fn gc_expired(&mut self, now_wall_ms: u64) {
186
+
let expired_keys: Vec<String> = self
187
+
.entries
188
+
.iter()
189
+
.filter(|(_, entry)| entry.is_expired(now_wall_ms) && !entry.is_tombstone())
190
+
.map(|(k, _)| k.clone())
191
+
.collect();
192
+
expired_keys.iter().for_each(|key| {
193
+
self.remove_estimated_bytes(key);
194
+
self.entries.remove(key);
195
+
});
196
+
let mut lru = self.lru.lock();
197
+
expired_keys.iter().for_each(|key| {
198
+
lru.remove(key);
199
+
});
200
+
}
201
+
202
+
pub fn evict_lru(&mut self) -> Option<String> {
203
+
let key = self.lru.lock().pop_least_recent()?;
204
+
self.remove_estimated_bytes(&key);
205
+
self.entries.remove(&key);
206
+
Some(key)
207
+
}
208
+
209
+
pub fn estimated_bytes(&self) -> usize {
210
+
self.estimated_bytes
211
+
}
212
+
213
+
pub fn len(&self) -> usize {
214
+
self.entries.len()
215
+
}
216
+
217
+
fn remove_estimated_bytes(&mut self, key: &str) {
218
+
if let Some(existing) = self.entries.get(key) {
219
+
let size = existing.entry_byte_size(key);
220
+
if size > self.estimated_bytes {
221
+
tracing::warn!(
222
+
entry_size = size,
223
+
estimated_bytes = self.estimated_bytes,
224
+
key = key,
225
+
"estimated_bytes underflow detected, resetting to 0"
226
+
);
227
+
}
228
+
self.estimated_bytes = self.estimated_bytes.saturating_sub(size);
229
+
}
230
+
}
231
+
}
232
+
233
+
#[cfg(test)]
234
+
mod tests {
235
+
use super::*;
236
+
237
+
fn ts(wall: u64, counter: u32, node: u64) -> HlcTimestamp {
238
+
HlcTimestamp {
239
+
wall_ms: wall,
240
+
counter,
241
+
node_id: node,
242
+
}
243
+
}
244
+
245
+
#[test]
246
+
fn set_and_get() {
247
+
let mut map = LwwMap::new();
248
+
map.set("k1".into(), b"hello".to_vec(), ts(100, 0, 1), 60_000, 100);
249
+
assert_eq!(map.get("k1", 100), Some(b"hello".to_vec()));
250
+
}
251
+
252
+
#[test]
253
+
fn ttl_expiry() {
254
+
let mut map = LwwMap::new();
255
+
map.set("k1".into(), b"hello".to_vec(), ts(100, 0, 1), 1000, 100);
256
+
assert_eq!(map.get("k1", 100), Some(b"hello".to_vec()));
257
+
assert_eq!(map.get("k1", 1200), None);
258
+
}
259
+
260
+
#[test]
261
+
fn merge_higher_timestamp_wins() {
262
+
let mut map = LwwMap::new();
263
+
map.set("k1".into(), b"old".to_vec(), ts(100, 0, 1), 60_000, 100);
264
+
let merged = map.merge_entry(
265
+
"k1".into(),
266
+
LwwEntry {
267
+
value: Some(b"new".to_vec()),
268
+
timestamp: ts(200, 0, 2),
269
+
ttl_ms: 60_000,
270
+
created_at_wall_ms: 200,
271
+
},
272
+
);
273
+
assert!(merged);
274
+
assert_eq!(map.get("k1", 200), Some(b"new".to_vec()));
275
+
}
276
+
277
+
#[test]
278
+
fn merge_lower_timestamp_rejected() {
279
+
let mut map = LwwMap::new();
280
+
map.set("k1".into(), b"current".to_vec(), ts(200, 0, 1), 60_000, 200);
281
+
let merged = map.merge_entry(
282
+
"k1".into(),
283
+
LwwEntry {
284
+
value: Some(b"stale".to_vec()),
285
+
timestamp: ts(100, 0, 2),
286
+
ttl_ms: 60_000,
287
+
created_at_wall_ms: 100,
288
+
},
289
+
);
290
+
assert!(!merged);
291
+
assert_eq!(map.get("k1", 200), Some(b"current".to_vec()));
292
+
}
293
+
294
+
#[test]
295
+
fn merge_commutativity() {
296
+
let e1 = LwwEntry {
297
+
value: Some(b"a".to_vec()),
298
+
timestamp: ts(100, 0, 1),
299
+
ttl_ms: 60_000,
300
+
created_at_wall_ms: 100,
301
+
};
302
+
let e2 = LwwEntry {
303
+
value: Some(b"b".to_vec()),
304
+
timestamp: ts(200, 0, 2),
305
+
ttl_ms: 60_000,
306
+
created_at_wall_ms: 200,
307
+
};
308
+
309
+
let mut map_ab = LwwMap::new();
310
+
map_ab.merge_entry("k".into(), e1.clone());
311
+
map_ab.merge_entry("k".into(), e2.clone());
312
+
313
+
let mut map_ba = LwwMap::new();
314
+
map_ba.merge_entry("k".into(), e2);
315
+
map_ba.merge_entry("k".into(), e1);
316
+
317
+
assert_eq!(map_ab.get("k", 200), map_ba.get("k", 200));
318
+
}
319
+
320
+
#[test]
321
+
fn merge_idempotency() {
322
+
let e = LwwEntry {
323
+
value: Some(b"a".to_vec()),
324
+
timestamp: ts(100, 0, 1),
325
+
ttl_ms: 60_000,
326
+
created_at_wall_ms: 100,
327
+
};
328
+
let mut map = LwwMap::new();
329
+
assert!(map.merge_entry("k".into(), e.clone()));
330
+
assert!(!map.merge_entry("k".into(), e));
331
+
}
332
+
333
+
#[test]
334
+
fn delete_creates_tombstone() {
335
+
let mut map = LwwMap::new();
336
+
map.set("k1".into(), b"val".to_vec(), ts(100, 0, 1), 60_000, 100);
337
+
map.delete("k1", ts(200, 0, 1), 200);
338
+
assert_eq!(map.get("k1", 200), None);
339
+
}
340
+
341
+
#[test]
342
+
fn tombstone_gc() {
343
+
let mut map = LwwMap::new();
344
+
map.set("k1".into(), b"val".to_vec(), ts(100, 0, 1), 60_000, 100);
345
+
map.delete("k1", ts(100, 1, 1), 100);
346
+
assert_eq!(map.len(), 1);
347
+
map.gc_tombstones(100 + 120_001);
348
+
assert_eq!(map.len(), 0);
349
+
}
350
+
351
+
#[test]
352
+
fn delta_extraction() {
353
+
let mut map = LwwMap::new();
354
+
map.set("k1".into(), b"a".to_vec(), ts(100, 0, 1), 60_000, 100);
355
+
map.set("k2".into(), b"b".to_vec(), ts(200, 0, 1), 60_000, 200);
356
+
let delta = map.extract_delta_since(ts(150, 0, 0));
357
+
assert_eq!(delta.entries.len(), 1);
358
+
assert_eq!(delta.entries[0].0, "k2");
359
+
}
360
+
361
+
#[test]
362
+
fn lru_eviction() {
363
+
let mut map = LwwMap::new();
364
+
map.set("k1".into(), b"a".to_vec(), ts(100, 0, 1), 60_000, 100);
365
+
map.set("k2".into(), b"b".to_vec(), ts(101, 0, 1), 60_000, 101);
366
+
map.set("k3".into(), b"c".to_vec(), ts(102, 0, 1), 60_000, 102);
367
+
let _ = map.get("k1", 102);
368
+
let evicted = map.evict_lru();
369
+
assert_eq!(evicted.as_deref(), Some("k2"));
370
+
}
371
+
372
+
#[test]
373
+
fn merged_entries_are_evictable() {
374
+
let mut map = LwwMap::new();
375
+
map.merge_entry(
376
+
"remote_key".into(),
377
+
LwwEntry {
378
+
value: Some(b"remote_val".to_vec()),
379
+
timestamp: ts(100, 0, 2),
380
+
ttl_ms: 60_000,
381
+
created_at_wall_ms: 100,
382
+
},
383
+
);
384
+
let evicted = map.evict_lru();
385
+
assert_eq!(evicted.as_deref(), Some("remote_key"));
386
+
assert_eq!(map.len(), 0);
387
+
}
388
+
}
+214
crates/tranquil-ripple/src/crdt/mod.rs
+214
crates/tranquil-ripple/src/crdt/mod.rs
···
···
1
+
pub mod delta;
2
+
pub mod hlc;
3
+
pub mod lww_map;
4
+
pub mod g_counter;
5
+
6
+
use delta::CrdtDelta;
7
+
use hlc::{Hlc, HlcTimestamp};
8
+
use lww_map::LwwMap;
9
+
use g_counter::RateLimitStore;
10
+
use std::time::{SystemTime, UNIX_EPOCH};
11
+
12
+
pub struct CrdtStore {
13
+
hlc: Hlc,
14
+
cache: LwwMap,
15
+
rate_limits: RateLimitStore,
16
+
last_broadcast_ts: HlcTimestamp,
17
+
}
18
+
19
+
impl CrdtStore {
20
+
pub fn new(node_id: u64) -> Self {
21
+
Self {
22
+
hlc: Hlc::new(node_id),
23
+
cache: LwwMap::new(),
24
+
rate_limits: RateLimitStore::new(node_id),
25
+
last_broadcast_ts: HlcTimestamp::ZERO,
26
+
}
27
+
}
28
+
29
+
fn wall_ms_now() -> u64 {
30
+
SystemTime::now()
31
+
.duration_since(UNIX_EPOCH)
32
+
.unwrap_or_default()
33
+
.as_millis() as u64
34
+
}
35
+
36
+
pub fn cache_get(&self, key: &str) -> Option<Vec<u8>> {
37
+
self.cache.get(key, Self::wall_ms_now())
38
+
}
39
+
40
+
pub fn cache_set(&mut self, key: String, value: Vec<u8>, ttl_ms: u64) {
41
+
let ts = self.hlc.now();
42
+
self.cache.set(key, value, ts, ttl_ms, Self::wall_ms_now());
43
+
}
44
+
45
+
pub fn cache_delete(&mut self, key: &str) {
46
+
let ts = self.hlc.now();
47
+
self.cache.delete(key, ts, Self::wall_ms_now());
48
+
}
49
+
50
+
pub fn rate_limit_peek(&self, key: &str, window_ms: u64) -> u64 {
51
+
self.rate_limits
52
+
.peek_count(key, window_ms, Self::wall_ms_now())
53
+
}
54
+
55
+
pub fn rate_limit_check(&mut self, key: &str, limit: u32, window_ms: u64) -> bool {
56
+
self.rate_limits
57
+
.check_and_increment(key, limit, window_ms, Self::wall_ms_now())
58
+
}
59
+
60
+
pub fn peek_broadcast_delta(&self) -> CrdtDelta {
61
+
let cache_delta = {
62
+
let d = self.cache.extract_delta_since(self.last_broadcast_ts);
63
+
match d.entries.is_empty() {
64
+
true => None,
65
+
false => Some(d),
66
+
}
67
+
};
68
+
let rate_limit_deltas = self.rate_limits.extract_dirty_deltas();
69
+
CrdtDelta {
70
+
version: 1,
71
+
source_node: self.hlc.node_id(),
72
+
cache_delta,
73
+
rate_limit_deltas,
74
+
}
75
+
}
76
+
77
+
pub fn commit_broadcast(&mut self, delta: &CrdtDelta) {
78
+
let max_ts = delta
79
+
.cache_delta
80
+
.as_ref()
81
+
.and_then(|d| d.entries.iter().map(|(_, e)| e.timestamp).max())
82
+
.unwrap_or(self.last_broadcast_ts);
83
+
self.last_broadcast_ts = max_ts;
84
+
let committed_keys: std::collections::HashSet<&str> = delta
85
+
.rate_limit_deltas
86
+
.iter()
87
+
.map(|d| d.key.as_str())
88
+
.collect();
89
+
committed_keys.iter().for_each(|&key| {
90
+
let still_matches = self
91
+
.rate_limits
92
+
.peek_dirty_counter(key)
93
+
.zip(delta.rate_limit_deltas.iter().find(|d| d.key == key))
94
+
.is_some_and(|(current, committed)| {
95
+
current.window_start_ms == committed.counter.window_start_ms
96
+
&& current.total() == committed.counter.total()
97
+
});
98
+
if still_matches {
99
+
self.rate_limits.clear_single_dirty(key);
100
+
}
101
+
});
102
+
}
103
+
104
+
pub fn merge_delta(&mut self, delta: &CrdtDelta) -> bool {
105
+
if !delta.is_compatible() {
106
+
tracing::warn!(
107
+
version = delta.version,
108
+
"dropping incompatible CRDT delta version"
109
+
);
110
+
return false;
111
+
}
112
+
let mut changed = false;
113
+
if let Some(ref cache_delta) = delta.cache_delta {
114
+
cache_delta.entries.iter().for_each(|(key, entry)| {
115
+
let _ = self.hlc.receive(entry.timestamp);
116
+
if self.cache.merge_entry(key.clone(), entry.clone()) {
117
+
changed = true;
118
+
}
119
+
});
120
+
}
121
+
delta.rate_limit_deltas.iter().for_each(|rd| {
122
+
if self
123
+
.rate_limits
124
+
.merge_counter(rd.key.clone(), &rd.counter)
125
+
{
126
+
changed = true;
127
+
}
128
+
});
129
+
changed
130
+
}
131
+
132
+
pub fn run_maintenance(&mut self) {
133
+
let now = Self::wall_ms_now();
134
+
self.cache.gc_tombstones(now);
135
+
self.cache.gc_expired(now);
136
+
self.rate_limits.gc_expired(now);
137
+
}
138
+
139
+
pub fn cache_estimated_bytes(&self) -> usize {
140
+
self.cache.estimated_bytes()
141
+
}
142
+
143
+
pub fn rate_limit_estimated_bytes(&self) -> usize {
144
+
self.rate_limits.estimated_bytes()
145
+
}
146
+
147
+
pub fn evict_lru(&mut self) -> Option<String> {
148
+
self.cache.evict_lru()
149
+
}
150
+
}
151
+
152
+
#[cfg(test)]
153
+
mod tests {
154
+
use super::*;
155
+
156
+
#[test]
157
+
fn roundtrip_cache() {
158
+
let mut store = CrdtStore::new(1);
159
+
store.cache_set("key".into(), b"value".to_vec(), 60_000);
160
+
assert_eq!(store.cache_get("key"), Some(b"value".to_vec()));
161
+
}
162
+
163
+
#[test]
164
+
fn delta_merge_convergence() {
165
+
let mut store_a = CrdtStore::new(1);
166
+
let mut store_b = CrdtStore::new(2);
167
+
168
+
store_a.cache_set("x".into(), b"from_a".to_vec(), 60_000);
169
+
store_b.cache_set("y".into(), b"from_b".to_vec(), 60_000);
170
+
171
+
let delta_a = store_a.peek_broadcast_delta();
172
+
store_a.commit_broadcast(&delta_a);
173
+
let delta_b = store_b.peek_broadcast_delta();
174
+
store_b.commit_broadcast(&delta_b);
175
+
176
+
store_b.merge_delta(&delta_a);
177
+
store_a.merge_delta(&delta_b);
178
+
179
+
assert_eq!(store_a.cache_get("x"), Some(b"from_a".to_vec()));
180
+
assert_eq!(store_a.cache_get("y"), Some(b"from_b".to_vec()));
181
+
assert_eq!(store_b.cache_get("x"), Some(b"from_a".to_vec()));
182
+
assert_eq!(store_b.cache_get("y"), Some(b"from_b".to_vec()));
183
+
}
184
+
185
+
#[test]
186
+
fn rate_limit_across_stores() {
187
+
let mut store_a = CrdtStore::new(1);
188
+
let mut store_b = CrdtStore::new(2);
189
+
190
+
store_a.rate_limit_check("rl:test", 5, 60_000);
191
+
store_a.rate_limit_check("rl:test", 5, 60_000);
192
+
store_b.rate_limit_check("rl:test", 5, 60_000);
193
+
194
+
let delta_a = store_a.peek_broadcast_delta();
195
+
store_a.commit_broadcast(&delta_a);
196
+
store_b.merge_delta(&delta_a);
197
+
198
+
let delta_b = store_b.peek_broadcast_delta();
199
+
store_b.commit_broadcast(&delta_b);
200
+
store_a.merge_delta(&delta_b);
201
+
}
202
+
203
+
#[test]
204
+
fn incompatible_version_rejected() {
205
+
let mut store = CrdtStore::new(1);
206
+
let delta = CrdtDelta {
207
+
version: 255,
208
+
source_node: 99,
209
+
cache_delta: None,
210
+
rate_limit_deltas: vec![],
211
+
};
212
+
assert!(!store.merge_delta(&delta));
213
+
}
214
+
}
+94
crates/tranquil-ripple/src/engine.rs
+94
crates/tranquil-ripple/src/engine.rs
···
···
1
+
use crate::cache::RippleCache;
2
+
use crate::config::RippleConfig;
3
+
use crate::crdt::CrdtStore;
4
+
use crate::eviction::MemoryBudget;
5
+
use crate::gossip::{GossipEngine, PeerId};
6
+
use crate::rate_limiter::RippleRateLimiter;
7
+
use crate::transport::Transport;
8
+
use parking_lot::RwLock;
9
+
use std::net::SocketAddr;
10
+
use std::sync::Arc;
11
+
use tokio_util::sync::CancellationToken;
12
+
use tranquil_infra::{Cache, DistributedRateLimiter};
13
+
14
+
pub struct RippleEngine;
15
+
16
+
impl RippleEngine {
17
+
pub async fn start(
18
+
config: RippleConfig,
19
+
shutdown: CancellationToken,
20
+
) -> Result<(Arc<dyn Cache>, Arc<dyn DistributedRateLimiter>, SocketAddr), RippleStartError> {
21
+
let store = Arc::new(RwLock::new(CrdtStore::new(config.machine_id)));
22
+
23
+
let (transport, incoming_rx) = Transport::bind(config.bind_addr, config.machine_id, shutdown.clone())
24
+
.await
25
+
.map_err(|e| RippleStartError::Bind(e.to_string()))?;
26
+
27
+
let transport = Arc::new(transport);
28
+
29
+
let bound_addr = transport.local_addr();
30
+
let local_id = PeerId {
31
+
addr: bound_addr,
32
+
machine_id: config.machine_id,
33
+
generation: 0,
34
+
};
35
+
36
+
let gossip = GossipEngine::new(transport, store.clone(), local_id);
37
+
38
+
let gossip_handle = gossip.spawn(
39
+
config.seed_peers,
40
+
config.gossip_interval_ms,
41
+
incoming_rx,
42
+
shutdown.clone(),
43
+
);
44
+
45
+
let budget = MemoryBudget::new(config.cache_max_bytes);
46
+
let store_for_eviction = store.clone();
47
+
let eviction_shutdown = shutdown.clone();
48
+
let eviction_handle = tokio::spawn(async move {
49
+
let mut interval = tokio::time::interval(std::time::Duration::from_secs(10));
50
+
loop {
51
+
tokio::select! {
52
+
_ = eviction_shutdown.cancelled() => break,
53
+
_ = interval.tick() => {
54
+
budget.enforce(&mut store_for_eviction.write());
55
+
}
56
+
}
57
+
}
58
+
});
59
+
60
+
let shutdown_for_monitor = shutdown.clone();
61
+
tokio::spawn(async move {
62
+
shutdown_for_monitor.cancelled().await;
63
+
let gossip_result = gossip_handle.await;
64
+
let eviction_result = eviction_handle.await;
65
+
if let Err(e) = gossip_result {
66
+
tracing::error!(error = %e, "gossip task panicked");
67
+
}
68
+
if let Err(e) = eviction_result {
69
+
tracing::error!(error = %e, "eviction task panicked");
70
+
}
71
+
});
72
+
73
+
let cache: Arc<dyn Cache> = Arc::new(RippleCache::new(store.clone()));
74
+
let rate_limiter: Arc<dyn DistributedRateLimiter> =
75
+
Arc::new(RippleRateLimiter::new(store));
76
+
77
+
tracing::info!(
78
+
bind = %bound_addr,
79
+
machine_id = config.machine_id,
80
+
max_cache_mb = config.cache_max_bytes / (1024 * 1024),
81
+
"ripple engine started"
82
+
);
83
+
84
+
Ok((cache, rate_limiter, bound_addr))
85
+
}
86
+
}
87
+
88
+
#[derive(Debug, thiserror::Error)]
89
+
pub enum RippleStartError {
90
+
#[error("failed to bind transport: {0}")]
91
+
Bind(String),
92
+
#[error("configuration error: {0}")]
93
+
Config(String),
94
+
}
+78
crates/tranquil-ripple/src/eviction.rs
+78
crates/tranquil-ripple/src/eviction.rs
···
···
1
+
use crate::crdt::CrdtStore;
2
+
3
+
pub struct MemoryBudget {
4
+
max_bytes: usize,
5
+
}
6
+
7
+
impl MemoryBudget {
8
+
pub fn new(max_bytes: usize) -> Self {
9
+
Self { max_bytes }
10
+
}
11
+
12
+
pub fn enforce(&self, store: &mut CrdtStore) {
13
+
store.run_maintenance();
14
+
15
+
let max_bytes = self.max_bytes;
16
+
let total_bytes = store.cache_estimated_bytes().saturating_add(store.rate_limit_estimated_bytes());
17
+
let overshoot_ratio = match total_bytes > max_bytes && max_bytes > 0 {
18
+
true => total_bytes / max_bytes,
19
+
false => 0,
20
+
};
21
+
22
+
const BASE_BATCH: usize = 256;
23
+
let batch_size = match overshoot_ratio {
24
+
0..=1 => BASE_BATCH,
25
+
2..=4 => BASE_BATCH * 4,
26
+
_ => BASE_BATCH * 8,
27
+
};
28
+
29
+
let evicted = std::iter::from_fn(|| {
30
+
let current = store.cache_estimated_bytes().saturating_add(store.rate_limit_estimated_bytes());
31
+
match current > max_bytes {
32
+
true => store.evict_lru(),
33
+
false => None,
34
+
}
35
+
})
36
+
.take(batch_size)
37
+
.count();
38
+
if evicted > 0 {
39
+
tracing::info!(
40
+
evicted_entries = evicted,
41
+
cache_bytes = store.cache_estimated_bytes(),
42
+
rate_limit_bytes = store.rate_limit_estimated_bytes(),
43
+
max_bytes = self.max_bytes,
44
+
"memory budget eviction"
45
+
);
46
+
}
47
+
}
48
+
}
49
+
50
+
#[cfg(test)]
51
+
mod tests {
52
+
use super::*;
53
+
54
+
#[test]
55
+
fn eviction_under_budget() {
56
+
let mut store = CrdtStore::new(1);
57
+
let budget = MemoryBudget::new(1024 * 1024);
58
+
store.cache_set("k".into(), vec![1, 2, 3], 60_000);
59
+
budget.enforce(&mut store);
60
+
assert!(store.cache_get("k").is_some());
61
+
}
62
+
63
+
#[test]
64
+
fn eviction_over_budget() {
65
+
let mut store = CrdtStore::new(1);
66
+
let budget = MemoryBudget::new(100);
67
+
(0..50).for_each(|i| {
68
+
store.cache_set(
69
+
format!("key-{i}"),
70
+
vec![0u8; 64],
71
+
60_000,
72
+
);
73
+
});
74
+
budget.enforce(&mut store);
75
+
let total = store.cache_estimated_bytes().saturating_add(store.rate_limit_estimated_bytes());
76
+
assert!(total <= 100);
77
+
}
78
+
}
+390
crates/tranquil-ripple/src/gossip.rs
+390
crates/tranquil-ripple/src/gossip.rs
···
···
1
+
use crate::crdt::delta::CrdtDelta;
2
+
use crate::crdt::CrdtStore;
3
+
use crate::transport::{ChannelTag, IncomingFrame, Transport};
4
+
use foca::{Config, Foca, Notification, Runtime, Timer};
5
+
use parking_lot::RwLock;
6
+
use rand::rngs::StdRng;
7
+
use rand::SeedableRng;
8
+
use std::collections::HashSet;
9
+
use std::fmt;
10
+
use std::net::SocketAddr;
11
+
use std::num::NonZeroUsize;
12
+
use std::sync::Arc;
13
+
use std::time::Duration;
14
+
use tokio::sync::mpsc;
15
+
use tokio_util::sync::CancellationToken;
16
+
17
+
const MAX_GCOUNTER_NODES: usize = 256;
18
+
19
+
#[derive(Debug, Clone, PartialEq, Eq, Hash)]
20
+
pub struct PeerId {
21
+
pub addr: SocketAddr,
22
+
pub machine_id: u64,
23
+
pub generation: u32,
24
+
}
25
+
26
+
impl fmt::Display for PeerId {
27
+
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
28
+
write!(f, "{}@{}(g{})", self.machine_id, self.addr, self.generation)
29
+
}
30
+
}
31
+
32
+
impl foca::Identity for PeerId {
33
+
type Addr = SocketAddr;
34
+
35
+
fn addr(&self) -> SocketAddr {
36
+
self.addr
37
+
}
38
+
39
+
fn renew(&self) -> Option<Self> {
40
+
Some(Self {
41
+
addr: self.addr,
42
+
machine_id: self.machine_id,
43
+
generation: self.generation.saturating_add(1),
44
+
})
45
+
}
46
+
47
+
fn win_addr_conflict(&self, adversary: &Self) -> bool {
48
+
self.generation > adversary.generation
49
+
}
50
+
}
51
+
52
+
impl serde::Serialize for PeerId {
53
+
fn serialize<S: serde::Serializer>(&self, serializer: S) -> Result<S::Ok, S::Error> {
54
+
use serde::ser::SerializeTuple;
55
+
let mut tup = serializer.serialize_tuple(3)?;
56
+
tup.serialize_element(&self.addr.to_string())?;
57
+
tup.serialize_element(&self.machine_id)?;
58
+
tup.serialize_element(&self.generation)?;
59
+
tup.end()
60
+
}
61
+
}
62
+
63
+
impl<'de> serde::Deserialize<'de> for PeerId {
64
+
fn deserialize<D: serde::Deserializer<'de>>(deserializer: D) -> Result<Self, D::Error> {
65
+
let (addr_str, machine_id, generation): (String, u64, u32) =
66
+
serde::Deserialize::deserialize(deserializer)?;
67
+
let addr: SocketAddr = addr_str.parse().map_err(serde::de::Error::custom)?;
68
+
Ok(Self {
69
+
addr,
70
+
machine_id,
71
+
generation,
72
+
})
73
+
}
74
+
}
75
+
76
+
enum RuntimeAction {
77
+
SendTo(PeerId, Vec<u8>),
78
+
ScheduleTimer(Timer<PeerId>, Duration),
79
+
MemberUp(SocketAddr),
80
+
MemberDown(SocketAddr),
81
+
}
82
+
83
+
struct BufferedRuntime {
84
+
actions: Vec<RuntimeAction>,
85
+
}
86
+
87
+
impl BufferedRuntime {
88
+
fn new() -> Self {
89
+
Self {
90
+
actions: Vec::new(),
91
+
}
92
+
}
93
+
}
94
+
95
+
struct MemberTracker {
96
+
active_addrs: HashSet<SocketAddr>,
97
+
}
98
+
99
+
impl MemberTracker {
100
+
fn new() -> Self {
101
+
Self {
102
+
active_addrs: HashSet::new(),
103
+
}
104
+
}
105
+
106
+
fn member_up(&mut self, addr: SocketAddr) {
107
+
self.active_addrs.insert(addr);
108
+
}
109
+
110
+
fn member_down(&mut self, addr: SocketAddr) {
111
+
self.active_addrs.remove(&addr);
112
+
}
113
+
114
+
fn active_peers(&self) -> impl Iterator<Item = SocketAddr> + '_ {
115
+
self.active_addrs.iter().copied()
116
+
}
117
+
}
118
+
119
+
impl Runtime<PeerId> for &mut BufferedRuntime {
120
+
fn notify(&mut self, notification: Notification<'_, PeerId>) {
121
+
match notification {
122
+
Notification::MemberUp(peer) => {
123
+
self.actions.push(RuntimeAction::MemberUp(peer.addr));
124
+
}
125
+
Notification::MemberDown(peer) => {
126
+
self.actions.push(RuntimeAction::MemberDown(peer.addr));
127
+
}
128
+
_ => {}
129
+
}
130
+
}
131
+
132
+
fn send_to(&mut self, to: PeerId, data: &[u8]) {
133
+
self.actions
134
+
.push(RuntimeAction::SendTo(to, data.to_vec()));
135
+
}
136
+
137
+
fn submit_after(&mut self, event: Timer<PeerId>, after: Duration) {
138
+
self.actions.push(RuntimeAction::ScheduleTimer(event, after));
139
+
}
140
+
}
141
+
142
+
pub struct GossipEngine {
143
+
transport: Arc<Transport>,
144
+
store: Arc<RwLock<CrdtStore>>,
145
+
local_id: PeerId,
146
+
}
147
+
148
+
impl GossipEngine {
149
+
pub fn new(
150
+
transport: Arc<Transport>,
151
+
store: Arc<RwLock<CrdtStore>>,
152
+
local_id: PeerId,
153
+
) -> Self {
154
+
Self {
155
+
transport,
156
+
store,
157
+
local_id,
158
+
}
159
+
}
160
+
161
+
pub fn spawn(
162
+
self,
163
+
seed_peers: Vec<SocketAddr>,
164
+
gossip_interval_ms: u64,
165
+
mut incoming_rx: mpsc::Receiver<IncomingFrame>,
166
+
shutdown: CancellationToken,
167
+
) -> tokio::task::JoinHandle<()> {
168
+
let mut config = Config::simple();
169
+
config.max_packet_size = NonZeroUsize::new(2 * 1024 * 1024).expect("nonzero");
170
+
config.periodic_gossip = Some(foca::PeriodicParams {
171
+
frequency: Duration::from_millis(gossip_interval_ms),
172
+
num_members: NonZeroUsize::new(3).expect("nonzero"),
173
+
});
174
+
config.periodic_announce = Some(foca::PeriodicParams {
175
+
frequency: Duration::from_secs(30),
176
+
num_members: NonZeroUsize::new(3).expect("nonzero"),
177
+
});
178
+
179
+
let rng = StdRng::from_os_rng();
180
+
let codec = foca::BincodeCodec(bincode::config::standard());
181
+
let mut foca: Foca<PeerId, _, _, _> = Foca::new(self.local_id.clone(), config, rng, codec);
182
+
183
+
let transport = self.transport.clone();
184
+
let store = self.store.clone();
185
+
186
+
let (timer_tx, mut timer_rx) = mpsc::channel::<(Timer<PeerId>, Duration)>(256);
187
+
188
+
const WATERMARK_STALE_SECS: u64 = 30;
189
+
190
+
tokio::spawn(async move {
191
+
let mut runtime = BufferedRuntime::new();
192
+
let mut members = MemberTracker::new();
193
+
let mut last_commit = tokio::time::Instant::now();
194
+
195
+
seed_peers.iter().for_each(|&addr| {
196
+
let seed_id = PeerId {
197
+
addr,
198
+
machine_id: 0,
199
+
generation: 0,
200
+
};
201
+
if let Err(e) = foca.announce(seed_id, &mut runtime) {
202
+
tracing::warn!(error = %e, "failed to announce to seed peer");
203
+
}
204
+
});
205
+
206
+
drain_runtime_actions(&mut runtime, &transport, &timer_tx, &mut members, &shutdown);
207
+
208
+
let mut gossip_tick =
209
+
tokio::time::interval(Duration::from_millis(gossip_interval_ms));
210
+
let mut maintenance_tick = tokio::time::interval(Duration::from_secs(10));
211
+
212
+
loop {
213
+
tokio::select! {
214
+
_ = shutdown.cancelled() => {
215
+
tracing::info!("gossip engine shutting down, flushing final delta");
216
+
flush_final_delta(&store, &transport, &members);
217
+
break;
218
+
}
219
+
Some(frame) = incoming_rx.recv() => {
220
+
match frame.tag {
221
+
ChannelTag::Gossip => {
222
+
if let Err(e) = foca.handle_data(&frame.data, &mut runtime) {
223
+
tracing::warn!(error = %e, "foca handle_data error");
224
+
}
225
+
drain_runtime_actions(&mut runtime, &transport, &timer_tx, &mut members, &shutdown);
226
+
}
227
+
ChannelTag::CrdtSync => {
228
+
const MAX_DELTA_ENTRIES: usize = 10_000;
229
+
const MAX_DELTA_RATE_LIMITS: usize = 10_000;
230
+
match bincode::serde::decode_from_slice::<CrdtDelta, _>(&frame.data, bincode::config::standard()) {
231
+
Ok((delta, _)) => {
232
+
let cache_len = delta.cache_delta.as_ref().map_or(0, |d| d.entries.len());
233
+
let rl_len = delta.rate_limit_deltas.len();
234
+
let gcounter_oversize = delta.rate_limit_deltas.iter().any(|rd| rd.counter.increments.len() > MAX_GCOUNTER_NODES);
235
+
let window_mismatch = delta.rate_limit_deltas.iter().any(|rd| rd.counter.window_duration_ms == 0);
236
+
match cache_len > MAX_DELTA_ENTRIES || rl_len > MAX_DELTA_RATE_LIMITS || gcounter_oversize || window_mismatch {
237
+
true => {
238
+
tracing::warn!(
239
+
cache_entries = cache_len,
240
+
rate_limit_entries = rl_len,
241
+
gcounter_oversize = gcounter_oversize,
242
+
"dropping invalid CRDT delta"
243
+
);
244
+
}
245
+
false => {
246
+
store.write().merge_delta(&delta);
247
+
}
248
+
}
249
+
}
250
+
Err(e) => {
251
+
tracing::warn!(error = %e, "failed to decode crdt sync delta");
252
+
}
253
+
}
254
+
}
255
+
_ => {}
256
+
}
257
+
}
258
+
_ = gossip_tick.tick() => {
259
+
let pending = {
260
+
let s = store.read();
261
+
let delta = s.peek_broadcast_delta();
262
+
match delta.is_empty() {
263
+
true => None,
264
+
false => {
265
+
match bincode::serde::encode_to_vec(&delta, bincode::config::standard()) {
266
+
Ok(bytes) => Some((bytes, delta)),
267
+
Err(e) => {
268
+
tracing::warn!(error = %e, "failed to serialize broadcast delta");
269
+
None
270
+
}
271
+
}
272
+
},
273
+
}
274
+
};
275
+
if let Some((ref data, ref delta)) = pending {
276
+
let peers: Vec<SocketAddr> = members.active_peers().collect();
277
+
let mut all_queued = true;
278
+
let cancel = shutdown.clone();
279
+
peers.iter().for_each(|&addr| {
280
+
match transport.try_queue(addr, ChannelTag::CrdtSync, data) {
281
+
true => {}
282
+
false => {
283
+
all_queued = false;
284
+
let t = transport.clone();
285
+
let d = data.clone();
286
+
let c = cancel.clone();
287
+
tokio::spawn(async move {
288
+
tokio::select! {
289
+
_ = c.cancelled() => {}
290
+
_ = t.send(addr, ChannelTag::CrdtSync, &d) => {}
291
+
}
292
+
});
293
+
}
294
+
}
295
+
});
296
+
let stale = last_commit.elapsed() > Duration::from_secs(WATERMARK_STALE_SECS);
297
+
if all_queued || peers.is_empty() || stale {
298
+
if stale && !all_queued {
299
+
tracing::warn!(
300
+
elapsed_secs = last_commit.elapsed().as_secs(),
301
+
"force-advancing broadcast watermark (staleness cap)"
302
+
);
303
+
}
304
+
store.write().commit_broadcast(delta);
305
+
last_commit = tokio::time::Instant::now();
306
+
}
307
+
}
308
+
if let Err(e) = foca.gossip(&mut runtime) {
309
+
tracing::warn!(error = %e, "foca gossip error");
310
+
}
311
+
drain_runtime_actions(&mut runtime, &transport, &timer_tx, &mut members, &shutdown);
312
+
}
313
+
Some((timer, _)) = timer_rx.recv() => {
314
+
if let Err(e) = foca.handle_timer(timer, &mut runtime) {
315
+
tracing::warn!(error = %e, "foca handle_timer error");
316
+
}
317
+
drain_runtime_actions(&mut runtime, &transport, &timer_tx, &mut members, &shutdown);
318
+
}
319
+
_ = maintenance_tick.tick() => {
320
+
store.write().run_maintenance();
321
+
tracing::trace!(
322
+
members = foca.num_members(),
323
+
cache_bytes = store.read().cache_estimated_bytes(),
324
+
"maintenance cycle"
325
+
);
326
+
}
327
+
}
328
+
}
329
+
})
330
+
}
331
+
}
332
+
333
+
fn flush_final_delta(
334
+
store: &Arc<RwLock<CrdtStore>>,
335
+
transport: &Arc<Transport>,
336
+
members: &MemberTracker,
337
+
) {
338
+
let s = store.read();
339
+
let delta = s.peek_broadcast_delta();
340
+
if delta.is_empty() {
341
+
return;
342
+
}
343
+
match bincode::serde::encode_to_vec(&delta, bincode::config::standard()) {
344
+
Ok(bytes) => {
345
+
members.active_peers().for_each(|addr| {
346
+
let _ = transport.try_queue(addr, ChannelTag::CrdtSync, &bytes);
347
+
});
348
+
}
349
+
Err(e) => {
350
+
tracing::warn!(error = %e, "failed to serialize final delta on shutdown");
351
+
}
352
+
}
353
+
}
354
+
355
+
fn drain_runtime_actions(
356
+
runtime: &mut BufferedRuntime,
357
+
transport: &Arc<Transport>,
358
+
timer_tx: &mpsc::Sender<(Timer<PeerId>, Duration)>,
359
+
members: &mut MemberTracker,
360
+
shutdown: &CancellationToken,
361
+
) {
362
+
let actions: Vec<RuntimeAction> = runtime.actions.drain(..).collect();
363
+
actions.into_iter().for_each(|action| match action {
364
+
RuntimeAction::SendTo(peer, data) => {
365
+
let t = transport.clone();
366
+
let c = shutdown.clone();
367
+
tokio::spawn(async move {
368
+
tokio::select! {
369
+
_ = c.cancelled() => {}
370
+
_ = t.send(peer.addr, ChannelTag::Gossip, &data) => {}
371
+
}
372
+
});
373
+
}
374
+
RuntimeAction::ScheduleTimer(timer, duration) => {
375
+
let tx = timer_tx.clone();
376
+
tokio::spawn(async move {
377
+
tokio::time::sleep(duration).await;
378
+
let _ = tx.send((timer, duration)).await;
379
+
});
380
+
}
381
+
RuntimeAction::MemberUp(addr) => {
382
+
tracing::info!(peer = %addr, "member up");
383
+
members.member_up(addr);
384
+
}
385
+
RuntimeAction::MemberDown(addr) => {
386
+
tracing::info!(peer = %addr, "member down");
387
+
members.member_down(addr);
388
+
}
389
+
});
390
+
}
+11
crates/tranquil-ripple/src/lib.rs
+11
crates/tranquil-ripple/src/lib.rs
+49
crates/tranquil-ripple/src/rate_limiter.rs
+49
crates/tranquil-ripple/src/rate_limiter.rs
···
···
1
+
use crate::crdt::CrdtStore;
2
+
use async_trait::async_trait;
3
+
use parking_lot::RwLock;
4
+
use std::sync::Arc;
5
+
use tranquil_infra::DistributedRateLimiter;
6
+
7
+
pub struct RippleRateLimiter {
8
+
store: Arc<RwLock<CrdtStore>>,
9
+
}
10
+
11
+
impl RippleRateLimiter {
12
+
pub fn new(store: Arc<RwLock<CrdtStore>>) -> Self {
13
+
Self { store }
14
+
}
15
+
}
16
+
17
+
#[async_trait]
18
+
impl DistributedRateLimiter for RippleRateLimiter {
19
+
async fn check_rate_limit(&self, key: &str, limit: u32, window_ms: u64) -> bool {
20
+
self.store.write().rate_limit_check(key, limit, window_ms)
21
+
}
22
+
23
+
async fn peek_rate_limit_count(&self, key: &str, window_ms: u64) -> u64 {
24
+
self.store.read().rate_limit_peek(key, window_ms)
25
+
}
26
+
}
27
+
28
+
#[cfg(test)]
29
+
mod tests {
30
+
use super::*;
31
+
32
+
#[tokio::test]
33
+
async fn rate_limiter_trait_allows_within_limit() {
34
+
let store = Arc::new(RwLock::new(CrdtStore::new(1)));
35
+
let rl = RippleRateLimiter::new(store);
36
+
assert!(rl.check_rate_limit("test", 5, 60_000).await);
37
+
assert!(rl.check_rate_limit("test", 5, 60_000).await);
38
+
}
39
+
40
+
#[tokio::test]
41
+
async fn rate_limiter_trait_blocks_over_limit() {
42
+
let store = Arc::new(RwLock::new(CrdtStore::new(1)));
43
+
let rl = RippleRateLimiter::new(store);
44
+
assert!(rl.check_rate_limit("k", 3, 60_000).await);
45
+
assert!(rl.check_rate_limit("k", 3, 60_000).await);
46
+
assert!(rl.check_rate_limit("k", 3, 60_000).await);
47
+
assert!(!rl.check_rate_limit("k", 3, 60_000).await);
48
+
}
49
+
}
+442
crates/tranquil-ripple/src/transport.rs
+442
crates/tranquil-ripple/src/transport.rs
···
···
1
+
use backon::{ExponentialBuilder, Retryable};
2
+
use bytes::{Buf, BufMut, BytesMut};
3
+
use std::collections::HashMap;
4
+
use std::net::SocketAddr;
5
+
use std::sync::Arc;
6
+
use std::sync::atomic::{AtomicUsize, Ordering};
7
+
use std::time::Duration;
8
+
use tokio::io::{AsyncReadExt, AsyncWriteExt};
9
+
use tokio::net::{TcpListener, TcpStream};
10
+
use tokio::sync::mpsc;
11
+
use tokio_util::sync::CancellationToken;
12
+
13
+
const MAX_FRAME_SIZE: usize = 16 * 1024 * 1024;
14
+
const MAX_INBOUND_CONNECTIONS: usize = 512;
15
+
const WRITE_TIMEOUT: Duration = Duration::from_secs(10);
16
+
17
+
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
18
+
#[repr(u8)]
19
+
pub enum ChannelTag {
20
+
Gossip = 0x01,
21
+
CrdtSync = 0x02,
22
+
Raft = 0x03,
23
+
Direct = 0x04,
24
+
}
25
+
26
+
impl ChannelTag {
27
+
fn from_u8(v: u8) -> Option<Self> {
28
+
match v {
29
+
0x01 => Some(Self::Gossip),
30
+
0x02 => Some(Self::CrdtSync),
31
+
0x03 => Some(Self::Raft),
32
+
0x04 => Some(Self::Direct),
33
+
_ => None,
34
+
}
35
+
}
36
+
}
37
+
38
+
#[derive(Debug)]
39
+
pub struct IncomingFrame {
40
+
pub from: SocketAddr,
41
+
pub tag: ChannelTag,
42
+
pub data: Vec<u8>,
43
+
}
44
+
45
+
struct ConnectionWriter {
46
+
tx: mpsc::Sender<Vec<u8>>,
47
+
}
48
+
49
+
pub struct Transport {
50
+
local_addr: SocketAddr,
51
+
_machine_id: u64,
52
+
connections: Arc<parking_lot::Mutex<HashMap<SocketAddr, ConnectionWriter>>>,
53
+
connecting: Arc<parking_lot::Mutex<std::collections::HashSet<SocketAddr>>>,
54
+
#[allow(dead_code)]
55
+
inbound_count: Arc<AtomicUsize>,
56
+
shutdown: CancellationToken,
57
+
incoming_tx: mpsc::Sender<IncomingFrame>,
58
+
}
59
+
60
+
impl Transport {
61
+
pub async fn bind(
62
+
addr: SocketAddr,
63
+
machine_id: u64,
64
+
shutdown: CancellationToken,
65
+
) -> Result<(Self, mpsc::Receiver<IncomingFrame>), std::io::Error> {
66
+
let listener = TcpListener::bind(addr).await?;
67
+
let local_addr = listener.local_addr()?;
68
+
let (incoming_tx, incoming_rx) = mpsc::channel(4096);
69
+
let inbound_count = Arc::new(AtomicUsize::new(0));
70
+
71
+
let transport = Self {
72
+
local_addr,
73
+
_machine_id: machine_id,
74
+
connections: Arc::new(parking_lot::Mutex::new(HashMap::new())),
75
+
connecting: Arc::new(parking_lot::Mutex::new(std::collections::HashSet::new())),
76
+
inbound_count: inbound_count.clone(),
77
+
shutdown: shutdown.clone(),
78
+
incoming_tx: incoming_tx.clone(),
79
+
};
80
+
81
+
let cancel = shutdown.clone();
82
+
let inbound_counter = inbound_count.clone();
83
+
tokio::spawn(async move {
84
+
loop {
85
+
tokio::select! {
86
+
_ = cancel.cancelled() => break,
87
+
result = listener.accept() => {
88
+
match result {
89
+
Ok((stream, peer_addr)) => {
90
+
let current = inbound_counter.load(Ordering::Relaxed);
91
+
if current >= MAX_INBOUND_CONNECTIONS {
92
+
tracing::warn!(
93
+
peer = %peer_addr,
94
+
count = current,
95
+
max = MAX_INBOUND_CONNECTIONS,
96
+
"rejecting inbound connection: limit reached"
97
+
);
98
+
drop(stream);
99
+
continue;
100
+
}
101
+
inbound_counter.fetch_add(1, Ordering::Relaxed);
102
+
Self::spawn_reader(
103
+
stream,
104
+
peer_addr,
105
+
incoming_tx.clone(),
106
+
cancel.clone(),
107
+
inbound_counter.clone(),
108
+
);
109
+
tracing::debug!(peer = %peer_addr, "accepted inbound connection");
110
+
}
111
+
Err(e) => {
112
+
tracing::warn!(error = %e, "accept failed");
113
+
}
114
+
}
115
+
}
116
+
}
117
+
}
118
+
});
119
+
120
+
tracing::info!(addr = %local_addr, "ripple transport bound");
121
+
Ok((transport, incoming_rx))
122
+
}
123
+
124
+
pub fn local_addr(&self) -> SocketAddr {
125
+
self.local_addr
126
+
}
127
+
128
+
pub fn try_queue(&self, target: SocketAddr, tag: ChannelTag, data: &[u8]) -> bool {
129
+
let frame = match encode_frame(tag, data) {
130
+
Some(f) => f,
131
+
None => return false,
132
+
};
133
+
let conns = self.connections.lock();
134
+
match conns.get(&target) {
135
+
Some(writer) => writer.tx.try_send(frame).is_ok(),
136
+
None => false,
137
+
}
138
+
}
139
+
140
+
pub async fn send(&self, target: SocketAddr, tag: ChannelTag, data: &[u8]) {
141
+
let frame = match encode_frame(tag, data) {
142
+
Some(f) => f,
143
+
None => return,
144
+
};
145
+
let writer = {
146
+
let conns = self.connections.lock();
147
+
conns.get(&target).map(|w| w.tx.clone())
148
+
};
149
+
match writer {
150
+
Some(tx) => {
151
+
if tx.send(frame).await.is_err() {
152
+
self.connections.lock().remove(&target);
153
+
self.connect_and_send(target, tag, data).await;
154
+
}
155
+
}
156
+
None => {
157
+
self.connect_and_send(target, tag, data).await;
158
+
}
159
+
}
160
+
}
161
+
162
+
async fn connect_and_send(&self, target: SocketAddr, tag: ChannelTag, data: &[u8]) {
163
+
{
164
+
let mut connecting = self.connecting.lock();
165
+
if connecting.contains(&target) {
166
+
tracing::debug!(peer = %target, "connection already in-flight, dropping frame");
167
+
return;
168
+
}
169
+
connecting.insert(target);
170
+
}
171
+
172
+
let result = self.connect_and_send_inner(target, tag, data).await;
173
+
self.connecting.lock().remove(&target);
174
+
result
175
+
}
176
+
177
+
async fn connect_and_send_inner(&self, target: SocketAddr, tag: ChannelTag, data: &[u8]) {
178
+
let shutdown = self.shutdown.clone();
179
+
let stream = (|| async {
180
+
tokio::time::timeout(Duration::from_secs(5), TcpStream::connect(target))
181
+
.await
182
+
.map_err(|_| std::io::Error::new(std::io::ErrorKind::TimedOut, "connect timeout"))?
183
+
})
184
+
.retry(
185
+
ExponentialBuilder::default()
186
+
.with_min_delay(Duration::from_millis(50))
187
+
.with_max_delay(Duration::from_secs(2))
188
+
.with_max_times(3),
189
+
)
190
+
.when(|_| !shutdown.is_cancelled())
191
+
.await;
192
+
match stream {
193
+
Ok(stream) => {
194
+
let (read_half, write_half) = stream.into_split();
195
+
let (write_tx, mut write_rx) = mpsc::channel::<Vec<u8>>(1024);
196
+
let cancel = self.shutdown.clone();
197
+
let connections = self.connections.clone();
198
+
let peer = target;
199
+
200
+
tokio::spawn(async move {
201
+
let mut writer = write_half;
202
+
loop {
203
+
tokio::select! {
204
+
_ = cancel.cancelled() => break,
205
+
msg = write_rx.recv() => {
206
+
match msg {
207
+
Some(buf) => {
208
+
let write_result = tokio::time::timeout(
209
+
WRITE_TIMEOUT,
210
+
writer.write_all(&buf),
211
+
).await;
212
+
match write_result {
213
+
Ok(Ok(())) => {}
214
+
Ok(Err(e)) => {
215
+
tracing::warn!(peer = %peer, error = %e, "write failed, closing connection");
216
+
break;
217
+
}
218
+
Err(_) => {
219
+
tracing::warn!(peer = %peer, "write timed out, closing connection");
220
+
break;
221
+
}
222
+
}
223
+
}
224
+
None => break,
225
+
}
226
+
}
227
+
}
228
+
}
229
+
connections.lock().remove(&peer);
230
+
});
231
+
232
+
Self::spawn_reader_half(read_half, target, self.incoming_tx.clone(), self.shutdown.clone());
233
+
234
+
let frame = match encode_frame(tag, data) {
235
+
Some(f) => f,
236
+
None => return,
237
+
};
238
+
let _ = write_tx.send(frame).await;
239
+
self.connections.lock().insert(
240
+
target,
241
+
ConnectionWriter { tx: write_tx },
242
+
);
243
+
tracing::debug!(peer = %target, "established outbound connection");
244
+
}
245
+
Err(e) => {
246
+
tracing::warn!(peer = %target, error = %e, "failed to connect after retries");
247
+
}
248
+
}
249
+
}
250
+
251
+
fn spawn_reader(
252
+
stream: TcpStream,
253
+
peer_addr: SocketAddr,
254
+
incoming_tx: mpsc::Sender<IncomingFrame>,
255
+
cancel: CancellationToken,
256
+
inbound_counter: Arc<AtomicUsize>,
257
+
) {
258
+
tokio::spawn(async move {
259
+
let mut buf = BytesMut::with_capacity(8192);
260
+
let mut stream = stream;
261
+
loop {
262
+
if buf.len() > MAX_FRAME_SIZE * 2 {
263
+
tracing::warn!(peer = %peer_addr, buf_len = buf.len(), "read buffer exceeded limit, closing connection");
264
+
break;
265
+
}
266
+
tokio::select! {
267
+
_ = cancel.cancelled() => break,
268
+
n = stream.read_buf(&mut buf) => {
269
+
match n {
270
+
Ok(0) | Err(_) => break,
271
+
Ok(_) => {
272
+
if !Self::process_frames(&mut buf, peer_addr, &incoming_tx) {
273
+
break;
274
+
}
275
+
}
276
+
}
277
+
}
278
+
}
279
+
}
280
+
inbound_counter.fetch_sub(1, Ordering::Relaxed);
281
+
});
282
+
}
283
+
284
+
fn spawn_reader_half(
285
+
read_half: tokio::net::tcp::OwnedReadHalf,
286
+
peer_addr: SocketAddr,
287
+
incoming_tx: mpsc::Sender<IncomingFrame>,
288
+
cancel: CancellationToken,
289
+
) {
290
+
tokio::spawn(async move {
291
+
let mut buf = BytesMut::with_capacity(8192);
292
+
let mut reader = read_half;
293
+
loop {
294
+
if buf.len() > MAX_FRAME_SIZE * 2 {
295
+
tracing::warn!(peer = %peer_addr, buf_len = buf.len(), "read buffer exceeded limit, closing connection");
296
+
break;
297
+
}
298
+
tokio::select! {
299
+
_ = cancel.cancelled() => break,
300
+
n = reader.read_buf(&mut buf) => {
301
+
match n {
302
+
Ok(0) | Err(_) => break,
303
+
Ok(_) => {
304
+
if !Self::process_frames(&mut buf, peer_addr, &incoming_tx) {
305
+
break;
306
+
}
307
+
}
308
+
}
309
+
}
310
+
}
311
+
}
312
+
});
313
+
}
314
+
315
+
fn process_frames(
316
+
buf: &mut BytesMut,
317
+
peer_addr: SocketAddr,
318
+
incoming_tx: &mpsc::Sender<IncomingFrame>,
319
+
) -> bool {
320
+
loop {
321
+
match decode_frame(buf) {
322
+
DecodeResult::Frame(tag, data) => {
323
+
if let Err(e) = incoming_tx.try_send(IncomingFrame {
324
+
from: peer_addr,
325
+
tag,
326
+
data,
327
+
}) {
328
+
tracing::warn!(peer = %peer_addr, error = %e, "incoming frame channel full, dropping frame");
329
+
}
330
+
}
331
+
DecodeResult::NeedMoreData => return true,
332
+
DecodeResult::Corrupt => return false,
333
+
}
334
+
}
335
+
}
336
+
}
337
+
338
+
fn encode_frame(tag: ChannelTag, data: &[u8]) -> Option<Vec<u8>> {
339
+
match data.len() > MAX_FRAME_SIZE {
340
+
true => {
341
+
tracing::warn!(
342
+
frame_len = data.len(),
343
+
max = MAX_FRAME_SIZE,
344
+
"refusing to encode oversized frame"
345
+
);
346
+
None
347
+
}
348
+
false => {
349
+
let len = u32::try_from(data.len()).ok()?;
350
+
let mut buf = Vec::with_capacity(5 + data.len());
351
+
buf.put_u32(len);
352
+
buf.put_u8(tag as u8);
353
+
buf.extend_from_slice(data);
354
+
Some(buf)
355
+
}
356
+
}
357
+
}
358
+
359
+
enum DecodeResult {
360
+
Frame(ChannelTag, Vec<u8>),
361
+
NeedMoreData,
362
+
Corrupt,
363
+
}
364
+
365
+
fn decode_frame(buf: &mut BytesMut) -> DecodeResult {
366
+
loop {
367
+
if buf.len() < 5 {
368
+
return DecodeResult::NeedMoreData;
369
+
}
370
+
let len = u32::from_be_bytes([buf[0], buf[1], buf[2], buf[3]]) as usize;
371
+
if len > MAX_FRAME_SIZE {
372
+
tracing::warn!(frame_len = len, max = MAX_FRAME_SIZE, "oversized frame, closing connection");
373
+
buf.clear();
374
+
return DecodeResult::Corrupt;
375
+
}
376
+
if buf.len() < 5 + len {
377
+
return DecodeResult::NeedMoreData;
378
+
}
379
+
buf.advance(4);
380
+
let tag_byte = buf[0];
381
+
buf.advance(1);
382
+
let data = buf.split_to(len).to_vec();
383
+
match ChannelTag::from_u8(tag_byte) {
384
+
Some(tag) => return DecodeResult::Frame(tag, data),
385
+
None => {
386
+
tracing::debug!(tag = tag_byte, "skipping frame with unknown channel tag");
387
+
}
388
+
}
389
+
}
390
+
}
391
+
392
+
#[cfg(test)]
393
+
mod tests {
394
+
use super::*;
395
+
396
+
#[test]
397
+
fn frame_roundtrip() {
398
+
let original = b"hello world";
399
+
let encoded = encode_frame(ChannelTag::Gossip, original).expect("should encode");
400
+
let mut buf = BytesMut::from(&encoded[..]);
401
+
match decode_frame(&mut buf) {
402
+
DecodeResult::Frame(tag, data) => {
403
+
assert_eq!(tag, ChannelTag::Gossip);
404
+
assert_eq!(data, original);
405
+
}
406
+
_ => panic!("expected frame"),
407
+
}
408
+
assert!(buf.is_empty());
409
+
}
410
+
411
+
#[test]
412
+
fn partial_frame_returns_need_more() {
413
+
let encoded = encode_frame(ChannelTag::CrdtSync, b"test data").expect("should encode");
414
+
let mut buf = BytesMut::from(&encoded[..3]);
415
+
assert!(matches!(decode_frame(&mut buf), DecodeResult::NeedMoreData));
416
+
}
417
+
418
+
#[test]
419
+
fn multiple_frames() {
420
+
let f1 = encode_frame(ChannelTag::Gossip, b"first").expect("should encode");
421
+
let f2 = encode_frame(ChannelTag::Direct, b"second").expect("should encode");
422
+
let mut buf = BytesMut::new();
423
+
buf.extend_from_slice(&f1);
424
+
buf.extend_from_slice(&f2);
425
+
426
+
match decode_frame(&mut buf) {
427
+
DecodeResult::Frame(tag1, data1) => {
428
+
assert_eq!(tag1, ChannelTag::Gossip);
429
+
assert_eq!(data1, b"first");
430
+
}
431
+
_ => panic!("expected frame"),
432
+
}
433
+
434
+
match decode_frame(&mut buf) {
435
+
DecodeResult::Frame(tag2, data2) => {
436
+
assert_eq!(tag2, ChannelTag::Direct);
437
+
assert_eq!(data2, b"second");
438
+
}
439
+
_ => panic!("expected frame"),
440
+
}
441
+
}
442
+
}
+610
crates/tranquil-ripple/tests/two_node_convergence.rs
+610
crates/tranquil-ripple/tests/two_node_convergence.rs
···
···
1
+
use std::sync::Arc;
2
+
use std::time::Duration;
3
+
use tokio_util::sync::CancellationToken;
4
+
use tranquil_infra::{Cache, DistributedRateLimiter};
5
+
use tranquil_ripple::{RippleConfig, RippleEngine};
6
+
7
+
async fn spawn_pair(
8
+
shutdown: CancellationToken,
9
+
) -> (
10
+
(Arc<dyn Cache>, Arc<dyn DistributedRateLimiter>),
11
+
(Arc<dyn Cache>, Arc<dyn DistributedRateLimiter>),
12
+
) {
13
+
let config_a = RippleConfig {
14
+
bind_addr: "127.0.0.1:0".parse().unwrap(),
15
+
seed_peers: vec![],
16
+
machine_id: 1,
17
+
gossip_interval_ms: 100,
18
+
cache_max_bytes: 64 * 1024 * 1024,
19
+
};
20
+
let (cache_a, rl_a, addr_a) = RippleEngine::start(config_a, shutdown.clone())
21
+
.await
22
+
.expect("node A failed to start");
23
+
24
+
let config_b = RippleConfig {
25
+
bind_addr: "127.0.0.1:0".parse().unwrap(),
26
+
seed_peers: vec![addr_a],
27
+
machine_id: 2,
28
+
gossip_interval_ms: 100,
29
+
cache_max_bytes: 64 * 1024 * 1024,
30
+
};
31
+
let (cache_b, rl_b, _addr_b) = RippleEngine::start(config_b, shutdown.clone())
32
+
.await
33
+
.expect("node B failed to start");
34
+
35
+
tokio::time::sleep(Duration::from_millis(2000)).await;
36
+
37
+
((cache_a, rl_a), (cache_b, rl_b))
38
+
}
39
+
40
+
async fn poll_until<F, Fut>(max_ms: u64, interval_ms: u64, check_fn: F)
41
+
where
42
+
F: Fn() -> Fut,
43
+
Fut: std::future::Future<Output = bool>,
44
+
{
45
+
let deadline = tokio::time::Instant::now() + Duration::from_millis(max_ms);
46
+
let interval = Duration::from_millis(interval_ms);
47
+
48
+
loop {
49
+
if check_fn().await {
50
+
return;
51
+
}
52
+
if tokio::time::Instant::now() + interval > deadline {
53
+
panic!("poll_until timed out after {max_ms}ms");
54
+
}
55
+
tokio::time::sleep(interval).await;
56
+
}
57
+
}
58
+
59
+
#[tokio::test]
60
+
async fn two_node_cache_convergence() {
61
+
tracing_subscriber::fmt()
62
+
.with_max_level(tracing_subscriber::filter::LevelFilter::DEBUG)
63
+
.with_test_writer()
64
+
.try_init()
65
+
.ok();
66
+
67
+
let shutdown = CancellationToken::new();
68
+
let ((cache_a, _rl_a), (cache_b, _rl_b)) = spawn_pair(shutdown.clone()).await;
69
+
70
+
cache_a
71
+
.set("test-key", "hello-from-a", Duration::from_secs(300))
72
+
.await
73
+
.expect("set on A failed");
74
+
75
+
assert_eq!(
76
+
cache_a.get("test-key").await.as_deref(),
77
+
Some("hello-from-a"),
78
+
);
79
+
80
+
let b = cache_b.clone();
81
+
poll_until(10_000, 200, || {
82
+
let b = b.clone();
83
+
async move { b.get("test-key").await.as_deref() == Some("hello-from-a") }
84
+
})
85
+
.await;
86
+
87
+
shutdown.cancel();
88
+
}
89
+
90
+
#[tokio::test]
91
+
async fn two_node_delete_convergence() {
92
+
tracing_subscriber::fmt()
93
+
.with_max_level(tracing_subscriber::filter::LevelFilter::DEBUG)
94
+
.with_test_writer()
95
+
.try_init()
96
+
.ok();
97
+
98
+
let shutdown = CancellationToken::new();
99
+
let ((cache_a, _), (cache_b, _)) = spawn_pair(shutdown.clone()).await;
100
+
101
+
let key = format!("del-{}", uuid::Uuid::new_v4());
102
+
103
+
cache_a
104
+
.set(&key, "to-be-deleted", Duration::from_secs(300))
105
+
.await
106
+
.expect("set on A failed");
107
+
108
+
let b = cache_b.clone();
109
+
let k = key.clone();
110
+
poll_until(10_000, 200, move || {
111
+
let b = b.clone();
112
+
let k = k.clone();
113
+
async move { b.get(&k).await.is_some() }
114
+
})
115
+
.await;
116
+
117
+
cache_a.delete(&key).await.expect("delete on A failed");
118
+
119
+
let b = cache_b.clone();
120
+
let k = key.clone();
121
+
poll_until(10_000, 200, move || {
122
+
let b = b.clone();
123
+
let k = k.clone();
124
+
async move { b.get(&k).await.is_none() }
125
+
})
126
+
.await;
127
+
128
+
shutdown.cancel();
129
+
}
130
+
131
+
#[tokio::test]
132
+
async fn two_node_lww_conflict_resolution() {
133
+
tracing_subscriber::fmt()
134
+
.with_max_level(tracing_subscriber::filter::LevelFilter::DEBUG)
135
+
.with_test_writer()
136
+
.try_init()
137
+
.ok();
138
+
139
+
let shutdown = CancellationToken::new();
140
+
let ((cache_a, _), (cache_b, _)) = spawn_pair(shutdown.clone()).await;
141
+
142
+
let key = format!("lww-{}", uuid::Uuid::new_v4());
143
+
144
+
cache_a
145
+
.set(&key, "value-from-a", Duration::from_secs(300))
146
+
.await
147
+
.expect("set on A failed");
148
+
149
+
cache_b
150
+
.set(&key, "value-from-b", Duration::from_secs(300))
151
+
.await
152
+
.expect("set on B failed");
153
+
154
+
let a = cache_a.clone();
155
+
let b = cache_b.clone();
156
+
let k = key.clone();
157
+
poll_until(15_000, 200, move || {
158
+
let a = a.clone();
159
+
let b = b.clone();
160
+
let k = k.clone();
161
+
async move {
162
+
let (va, vb) = tokio::join!(a.get(&k), b.get(&k));
163
+
matches!((va, vb), (Some(a), Some(b)) if a == b)
164
+
}
165
+
})
166
+
.await;
167
+
168
+
let val_a = cache_a.get(&key).await.expect("A should have the key");
169
+
let val_b = cache_b.get(&key).await.expect("B should have the key");
170
+
171
+
assert_eq!(val_a, val_b, "both nodes must agree on the same value after LWW resolution");
172
+
173
+
shutdown.cancel();
174
+
}
175
+
176
+
#[tokio::test]
177
+
async fn two_node_binary_data_convergence() {
178
+
tracing_subscriber::fmt()
179
+
.with_max_level(tracing_subscriber::filter::LevelFilter::DEBUG)
180
+
.with_test_writer()
181
+
.try_init()
182
+
.ok();
183
+
184
+
let shutdown = CancellationToken::new();
185
+
let ((cache_a, _), (cache_b, _)) = spawn_pair(shutdown.clone()).await;
186
+
187
+
let key = format!("bin-{}", uuid::Uuid::new_v4());
188
+
let payload: Vec<u8> = (0..=255u8).collect();
189
+
190
+
cache_a
191
+
.set_bytes(&key, &payload, Duration::from_secs(300))
192
+
.await
193
+
.expect("set_bytes on A failed");
194
+
195
+
let b = cache_b.clone();
196
+
let k = key.clone();
197
+
let expected = payload.clone();
198
+
poll_until(10_000, 200, move || {
199
+
let b = b.clone();
200
+
let k = k.clone();
201
+
let expected = expected.clone();
202
+
async move {
203
+
b.get_bytes(&k)
204
+
.await
205
+
.map(|v| v == expected)
206
+
.unwrap_or(false)
207
+
}
208
+
})
209
+
.await;
210
+
211
+
shutdown.cancel();
212
+
}
213
+
214
+
#[tokio::test]
215
+
async fn two_node_ttl_expiration() {
216
+
tracing_subscriber::fmt()
217
+
.with_max_level(tracing_subscriber::filter::LevelFilter::DEBUG)
218
+
.with_test_writer()
219
+
.try_init()
220
+
.ok();
221
+
222
+
let shutdown = CancellationToken::new();
223
+
let ((cache_a, _), (cache_b, _)) = spawn_pair(shutdown.clone()).await;
224
+
225
+
let key = format!("ttl-{}", uuid::Uuid::new_v4());
226
+
227
+
cache_a
228
+
.set(&key, "ephemeral", Duration::from_secs(2))
229
+
.await
230
+
.expect("set on A failed");
231
+
232
+
let b = cache_b.clone();
233
+
let k = key.clone();
234
+
poll_until(10_000, 200, move || {
235
+
let b = b.clone();
236
+
let k = k.clone();
237
+
async move { b.get(&k).await.is_some() }
238
+
})
239
+
.await;
240
+
241
+
tokio::time::sleep(Duration::from_secs(3)).await;
242
+
243
+
assert!(cache_a.get(&key).await.is_none(), "A should have expired the key");
244
+
assert!(cache_b.get(&key).await.is_none(), "B should have expired the key");
245
+
246
+
shutdown.cancel();
247
+
}
248
+
249
+
#[tokio::test]
250
+
async fn two_node_rapid_overwrite_convergence() {
251
+
tracing_subscriber::fmt()
252
+
.with_max_level(tracing_subscriber::filter::LevelFilter::DEBUG)
253
+
.with_test_writer()
254
+
.try_init()
255
+
.ok();
256
+
257
+
let shutdown = CancellationToken::new();
258
+
let ((cache_a, _), (cache_b, _)) = spawn_pair(shutdown.clone()).await;
259
+
260
+
let key = format!("rapid-{}", uuid::Uuid::new_v4());
261
+
262
+
futures::future::join_all((0..50).map(|i| {
263
+
let cache = cache_a.clone();
264
+
let k = key.clone();
265
+
async move {
266
+
cache
267
+
.set(&k, &format!("value-{i}"), Duration::from_secs(300))
268
+
.await
269
+
.expect("set failed");
270
+
}
271
+
}))
272
+
.await;
273
+
274
+
let b = cache_b.clone();
275
+
let k = key.clone();
276
+
poll_until(10_000, 200, move || {
277
+
let b = b.clone();
278
+
let k = k.clone();
279
+
async move { b.get(&k).await.as_deref() == Some("value-49") }
280
+
})
281
+
.await;
282
+
283
+
shutdown.cancel();
284
+
}
285
+
286
+
#[tokio::test]
287
+
async fn two_node_many_keys_convergence() {
288
+
tracing_subscriber::fmt()
289
+
.with_max_level(tracing_subscriber::filter::LevelFilter::DEBUG)
290
+
.with_test_writer()
291
+
.try_init()
292
+
.ok();
293
+
294
+
let shutdown = CancellationToken::new();
295
+
let ((cache_a, _), (cache_b, _)) = spawn_pair(shutdown.clone()).await;
296
+
297
+
let prefix = format!("many-{}", uuid::Uuid::new_v4());
298
+
299
+
futures::future::join_all((0..200).map(|i| {
300
+
let cache = cache_a.clone();
301
+
let p = prefix.clone();
302
+
async move {
303
+
cache
304
+
.set(
305
+
&format!("{p}-{i}"),
306
+
&format!("val-{i}"),
307
+
Duration::from_secs(300),
308
+
)
309
+
.await
310
+
.expect("set failed");
311
+
}
312
+
}))
313
+
.await;
314
+
315
+
let b = cache_b.clone();
316
+
let p = prefix.clone();
317
+
poll_until(30_000, 500, move || {
318
+
let b = b.clone();
319
+
let p = p.clone();
320
+
async move {
321
+
futures::future::join_all((0..200).map(|i| {
322
+
let b = b.clone();
323
+
let p = p.clone();
324
+
async move { b.get(&format!("{p}-{i}")).await.is_some() }
325
+
}))
326
+
.await
327
+
.into_iter()
328
+
.all(|present| present)
329
+
}
330
+
})
331
+
.await;
332
+
333
+
let results: Vec<Option<String>> = futures::future::join_all((0..200).map(|i| {
334
+
let b = cache_b.clone();
335
+
let p = prefix.clone();
336
+
async move { b.get(&format!("{p}-{i}")).await }
337
+
}))
338
+
.await;
339
+
340
+
results.into_iter().enumerate().for_each(|(i, val)| {
341
+
assert_eq!(
342
+
val.as_deref(),
343
+
Some(format!("val-{i}").as_str()),
344
+
"key {i} mismatch on B"
345
+
);
346
+
});
347
+
348
+
shutdown.cancel();
349
+
}
350
+
351
+
#[tokio::test]
352
+
async fn two_node_concurrent_disjoint_writes() {
353
+
tracing_subscriber::fmt()
354
+
.with_max_level(tracing_subscriber::filter::LevelFilter::DEBUG)
355
+
.with_test_writer()
356
+
.try_init()
357
+
.ok();
358
+
359
+
let shutdown = CancellationToken::new();
360
+
let ((cache_a, _), (cache_b, _)) = spawn_pair(shutdown.clone()).await;
361
+
362
+
let prefix = format!("disj-{}", uuid::Uuid::new_v4());
363
+
364
+
let write_a = {
365
+
let cache = cache_a.clone();
366
+
let p = prefix.clone();
367
+
async move {
368
+
futures::future::join_all((0..100).map(|i| {
369
+
let cache = cache.clone();
370
+
let p = p.clone();
371
+
async move {
372
+
cache
373
+
.set(
374
+
&format!("{p}-a-{i}"),
375
+
&format!("a-{i}"),
376
+
Duration::from_secs(300),
377
+
)
378
+
.await
379
+
.expect("set failed");
380
+
}
381
+
}))
382
+
.await;
383
+
}
384
+
};
385
+
386
+
let write_b = {
387
+
let cache = cache_b.clone();
388
+
let p = prefix.clone();
389
+
async move {
390
+
futures::future::join_all((0..100).map(|i| {
391
+
let cache = cache.clone();
392
+
let p = p.clone();
393
+
async move {
394
+
cache
395
+
.set(
396
+
&format!("{p}-b-{i}"),
397
+
&format!("b-{i}"),
398
+
Duration::from_secs(300),
399
+
)
400
+
.await
401
+
.expect("set failed");
402
+
}
403
+
}))
404
+
.await;
405
+
}
406
+
};
407
+
408
+
tokio::join!(write_a, write_b);
409
+
410
+
let a = cache_a.clone();
411
+
let b = cache_b.clone();
412
+
let p = prefix.clone();
413
+
poll_until(30_000, 500, move || {
414
+
let a = a.clone();
415
+
let b = b.clone();
416
+
let p = p.clone();
417
+
async move {
418
+
let a_has_b_keys = futures::future::join_all((0..100).map(|i| {
419
+
let a = a.clone();
420
+
let p = p.clone();
421
+
async move { a.get(&format!("{p}-b-{i}")).await.is_some() }
422
+
}))
423
+
.await
424
+
.into_iter()
425
+
.all(|v| v);
426
+
427
+
let b_has_a_keys = futures::future::join_all((0..100).map(|i| {
428
+
let b = b.clone();
429
+
let p = p.clone();
430
+
async move { b.get(&format!("{p}-a-{i}")).await.is_some() }
431
+
}))
432
+
.await
433
+
.into_iter()
434
+
.all(|v| v);
435
+
436
+
a_has_b_keys && b_has_a_keys
437
+
}
438
+
})
439
+
.await;
440
+
441
+
shutdown.cancel();
442
+
}
443
+
444
+
#[tokio::test]
445
+
async fn two_node_concurrent_same_key_writes() {
446
+
tracing_subscriber::fmt()
447
+
.with_max_level(tracing_subscriber::filter::LevelFilter::DEBUG)
448
+
.with_test_writer()
449
+
.try_init()
450
+
.ok();
451
+
452
+
let shutdown = CancellationToken::new();
453
+
let ((cache_a, _), (cache_b, _)) = spawn_pair(shutdown.clone()).await;
454
+
455
+
let prefix = format!("same-{}", uuid::Uuid::new_v4());
456
+
457
+
let write_a = {
458
+
let cache = cache_a.clone();
459
+
let p = prefix.clone();
460
+
async move {
461
+
futures::future::join_all((0..50).map(|i| {
462
+
let cache = cache.clone();
463
+
let p = p.clone();
464
+
async move {
465
+
cache
466
+
.set(
467
+
&format!("{p}-{i}"),
468
+
&format!("a-{i}"),
469
+
Duration::from_secs(300),
470
+
)
471
+
.await
472
+
.expect("set failed");
473
+
}
474
+
}))
475
+
.await;
476
+
}
477
+
};
478
+
479
+
let write_b = {
480
+
let cache = cache_b.clone();
481
+
let p = prefix.clone();
482
+
async move {
483
+
futures::future::join_all((0..50).map(|i| {
484
+
let cache = cache.clone();
485
+
let p = p.clone();
486
+
async move {
487
+
cache
488
+
.set(
489
+
&format!("{p}-{i}"),
490
+
&format!("b-{i}"),
491
+
Duration::from_secs(300),
492
+
)
493
+
.await
494
+
.expect("set failed");
495
+
}
496
+
}))
497
+
.await;
498
+
}
499
+
};
500
+
501
+
tokio::join!(write_a, write_b);
502
+
503
+
let a = cache_a.clone();
504
+
let b = cache_b.clone();
505
+
let p = prefix.clone();
506
+
poll_until(15_000, 200, move || {
507
+
let a = a.clone();
508
+
let b = b.clone();
509
+
let p = p.clone();
510
+
async move {
511
+
futures::future::join_all((0..50).map(|i| {
512
+
let a = a.clone();
513
+
let b = b.clone();
514
+
let p = p.clone();
515
+
async move {
516
+
let va = a.get(&format!("{p}-{i}")).await.unwrap_or_default();
517
+
let vb = b.get(&format!("{p}-{i}")).await.unwrap_or_default();
518
+
!va.is_empty() && va == vb
519
+
}
520
+
}))
521
+
.await
522
+
.into_iter()
523
+
.all(|v| v)
524
+
}
525
+
})
526
+
.await;
527
+
528
+
let results: Vec<(String, String)> = futures::future::join_all((0..50).map(|i| {
529
+
let a = cache_a.clone();
530
+
let b = cache_b.clone();
531
+
let p = prefix.clone();
532
+
async move {
533
+
let va = a.get(&format!("{p}-{i}")).await.unwrap_or_default();
534
+
let vb = b.get(&format!("{p}-{i}")).await.unwrap_or_default();
535
+
(va, vb)
536
+
}
537
+
}))
538
+
.await;
539
+
540
+
results.into_iter().enumerate().for_each(|(i, (va, vb))| {
541
+
assert_eq!(va, vb, "key {i}: nodes disagree (A={va}, B={vb})");
542
+
});
543
+
544
+
shutdown.cancel();
545
+
}
546
+
547
+
#[tokio::test]
548
+
async fn two_node_rate_limit_split_increment() {
549
+
tracing_subscriber::fmt()
550
+
.with_max_level(tracing_subscriber::filter::LevelFilter::DEBUG)
551
+
.with_test_writer()
552
+
.try_init()
553
+
.ok();
554
+
555
+
let shutdown = CancellationToken::new();
556
+
let ((_, rl_a), (_, rl_b)) = spawn_pair(shutdown.clone()).await;
557
+
558
+
let key = format!("rl-split-{}", uuid::Uuid::new_v4());
559
+
let limit: u32 = 200;
560
+
let window_ms: u64 = 600_000;
561
+
562
+
futures::future::join_all((0..40).map(|_| {
563
+
let rl = rl_a.clone();
564
+
let k = key.clone();
565
+
async move {
566
+
let allowed = rl.check_rate_limit(&k, limit, window_ms).await;
567
+
assert!(allowed, "should be allowed within limit");
568
+
}
569
+
}))
570
+
.await;
571
+
572
+
futures::future::join_all((0..30).map(|_| {
573
+
let rl = rl_b.clone();
574
+
let k = key.clone();
575
+
async move {
576
+
let allowed = rl.check_rate_limit(&k, limit, window_ms).await;
577
+
assert!(allowed, "should be allowed within limit");
578
+
}
579
+
}))
580
+
.await;
581
+
582
+
let rl_peek = rl_a.clone();
583
+
let k = key.clone();
584
+
poll_until(15_000, 200, move || {
585
+
let rl = rl_peek.clone();
586
+
let k = k.clone();
587
+
async move { rl.peek_rate_limit_count(&k, window_ms).await >= 70 }
588
+
})
589
+
.await;
590
+
591
+
let mut remaining = 0u32;
592
+
loop {
593
+
if !rl_a.check_rate_limit(&key, limit, window_ms).await {
594
+
break;
595
+
}
596
+
remaining += 1;
597
+
if remaining > limit {
598
+
panic!("rate limiter never denied - convergence failed");
599
+
}
600
+
}
601
+
602
+
let expected_remaining = limit - 70;
603
+
let margin = 15;
604
+
assert!(
605
+
remaining.abs_diff(expected_remaining) <= margin,
606
+
"expected ~{expected_remaining} remaining hits, got {remaining} (margin={margin})"
607
+
);
608
+
609
+
shutdown.cancel();
610
+
}
+3
-5
deploy/quadlets/tranquil-pds-app.container
+3
-5
deploy/quadlets/tranquil-pds-app.container
···
1
[Unit]
2
Description=Tranquil PDS AT Protocol PDS
3
-
After=tranquil-pds-db.service tranquil-pds-minio.service tranquil-pds-valkey.service
4
[Container]
5
ContainerName=tranquil-pds-app
6
Image=localhost/tranquil-pds:latest
···
8
EnvironmentFile=/srv/tranquil-pds/config/tranquil-pds.env
9
Environment=SERVER_HOST=0.0.0.0
10
Environment=SERVER_PORT=3000
11
-
Environment=S3_ENDPOINT=http://localhost:9000
12
-
Environment=AWS_REGION=us-east-1
13
-
Environment=S3_BUCKET=pds-blobs
14
-
Environment=VALKEY_URL=redis://localhost:6379
15
HealthCmd=wget -q --spider http://localhost:3000/xrpc/_health
16
HealthInterval=30s
17
HealthTimeout=10s
···
1
[Unit]
2
Description=Tranquil PDS AT Protocol PDS
3
+
After=tranquil-pds-db.service
4
[Container]
5
ContainerName=tranquil-pds-app
6
Image=localhost/tranquil-pds:latest
···
8
EnvironmentFile=/srv/tranquil-pds/config/tranquil-pds.env
9
Environment=SERVER_HOST=0.0.0.0
10
Environment=SERVER_PORT=3000
11
+
Volume=/srv/tranquil-pds/blobs:/var/lib/tranquil/blobs:Z
12
+
Volume=/srv/tranquil-pds/backups:/var/lib/tranquil/backups:Z
13
HealthCmd=wget -q --spider http://localhost:3000/xrpc/_health
14
HealthInterval=30s
15
HealthTimeout=10s
+7
-66
docker-compose.prod.yaml
+7
-66
docker-compose.prod.yaml
···
10
SERVER_PORT: "3000"
11
PDS_HOSTNAME: "${PDS_HOSTNAME:?PDS_HOSTNAME is required}"
12
DATABASE_URL: "postgres://tranquil_pds:${DB_PASSWORD:?DB_PASSWORD is required}@db:5432/pds"
13
-
S3_ENDPOINT: "http://minio:9000"
14
-
AWS_REGION: "us-east-1"
15
-
S3_BUCKET: "pds-blobs"
16
-
AWS_ACCESS_KEY_ID: "${MINIO_ROOT_USER:-minioadmin}"
17
-
AWS_SECRET_ACCESS_KEY: "${MINIO_ROOT_PASSWORD:?MINIO_ROOT_PASSWORD is required}"
18
-
VALKEY_URL: "redis://valkey:6379"
19
JWT_SECRET: "${JWT_SECRET:?JWT_SECRET is required (min 32 chars)}"
20
DPOP_SECRET: "${DPOP_SECRET:?DPOP_SECRET is required (min 32 chars)}"
21
MASTER_KEY: "${MASTER_KEY:?MASTER_KEY is required (min 32 chars)}"
22
CRAWLERS: "${CRAWLERS:-https://bsky.network}"
23
depends_on:
24
db:
25
-
condition: service_healthy
26
-
minio:
27
-
condition: service_healthy
28
-
valkey:
29
condition: service_healthy
30
healthcheck:
31
test: ["CMD", "wget", "-q", "--spider", "http://localhost:3000/xrpc/_health"]
···
81
reservations:
82
memory: 128M
83
84
-
minio:
85
-
image: cgr.dev/chainguard/minio:latest
86
-
restart: unless-stopped
87
-
command: server /data --console-address ":9001"
88
-
environment:
89
-
MINIO_ROOT_USER: "${MINIO_ROOT_USER:-minioadmin}"
90
-
MINIO_ROOT_PASSWORD: "${MINIO_ROOT_PASSWORD:?MINIO_ROOT_PASSWORD is required}"
91
-
volumes:
92
-
- minio_data:/data
93
-
deploy:
94
-
resources:
95
-
limits:
96
-
memory: 512M
97
-
reservations:
98
-
memory: 128M
99
-
100
-
minio-init:
101
-
image: cgr.dev/chainguard/minio-client:latest-dev
102
-
depends_on:
103
-
- minio
104
-
entrypoint: >
105
-
/bin/sh -c "
106
-
for i in 1 2 3 4 5 6 7 8 9 10; do
107
-
mc alias set local http://minio:9000 $${MINIO_ROOT_USER} $${MINIO_ROOT_PASSWORD} && break;
108
-
echo 'Waiting for minio...'; sleep 2;
109
-
done;
110
-
mc mb --ignore-existing local/pds-blobs;
111
-
mc mb --ignore-existing local/pds-backups;
112
-
mc anonymous set none local/pds-blobs;
113
-
exit 0;
114
-
"
115
-
environment:
116
-
MINIO_ROOT_USER: "${MINIO_ROOT_USER:-minioadmin}"
117
-
MINIO_ROOT_PASSWORD: "${MINIO_ROOT_PASSWORD:?MINIO_ROOT_PASSWORD is required}"
118
-
119
-
valkey:
120
-
image: valkey/valkey:9-alpine
121
-
restart: unless-stopped
122
-
command: valkey-server --appendonly yes --maxmemory 256mb --maxmemory-policy allkeys-lru
123
-
volumes:
124
-
- valkey_data:/data
125
-
healthcheck:
126
-
test: ["CMD", "valkey-cli", "ping"]
127
-
interval: 10s
128
-
timeout: 5s
129
-
retries: 3
130
-
start_period: 5s
131
-
deploy:
132
-
resources:
133
-
limits:
134
-
memory: 300M
135
-
reservations:
136
-
memory: 64M
137
-
138
nginx:
139
image: nginx:1.29-alpine
140
restart: unless-stopped
···
180
181
volumes:
182
postgres_data:
183
-
minio_data:
184
-
valkey_data:
185
prometheus_data:
186
acme_challenge:
···
10
SERVER_PORT: "3000"
11
PDS_HOSTNAME: "${PDS_HOSTNAME:?PDS_HOSTNAME is required}"
12
DATABASE_URL: "postgres://tranquil_pds:${DB_PASSWORD:?DB_PASSWORD is required}@db:5432/pds"
13
+
BLOB_STORAGE_PATH: "/var/lib/tranquil/blobs"
14
+
BACKUP_STORAGE_PATH: "/var/lib/tranquil/backups"
15
JWT_SECRET: "${JWT_SECRET:?JWT_SECRET is required (min 32 chars)}"
16
DPOP_SECRET: "${DPOP_SECRET:?DPOP_SECRET is required (min 32 chars)}"
17
MASTER_KEY: "${MASTER_KEY:?MASTER_KEY is required (min 32 chars)}"
18
CRAWLERS: "${CRAWLERS:-https://bsky.network}"
19
+
volumes:
20
+
- blob_data:/var/lib/tranquil/blobs
21
+
- backup_data:/var/lib/tranquil/backups
22
depends_on:
23
db:
24
condition: service_healthy
25
healthcheck:
26
test: ["CMD", "wget", "-q", "--spider", "http://localhost:3000/xrpc/_health"]
···
76
reservations:
77
memory: 128M
78
79
nginx:
80
image: nginx:1.29-alpine
81
restart: unless-stopped
···
121
122
volumes:
123
postgres_data:
124
+
blob_data:
125
+
backup_data:
126
prometheus_data:
127
acme_challenge:
+5
-25
docker-compose.yaml
+5
-25
docker-compose.yaml
···
10
- ./.env
11
environment:
12
DATABASE_URL: postgres://postgres:postgres@db:5432/pds
13
-
S3_ENDPOINT: http://objsto:9000
14
-
VALKEY_URL: redis://cache:6379
15
depends_on:
16
- db
17
-
- objsto
18
-
- cache
19
20
frontend:
21
build:
···
38
volumes:
39
- postgres_data:/var/lib/postgresql
40
41
-
objsto:
42
-
image: cgr.dev/chainguard/minio:latest
43
-
ports:
44
-
- "9000:9000"
45
-
- "9001:9001"
46
-
environment:
47
-
MINIO_ROOT_USER: minioadmin
48
-
MINIO_ROOT_PASSWORD: minioadmin
49
-
volumes:
50
-
- minio_data:/data
51
-
command: server /data --console-address ":9001"
52
-
53
-
cache:
54
-
image: valkey/valkey:9-alpine
55
-
ports:
56
-
- "6379:6379"
57
-
volumes:
58
-
- valkey_data:/data
59
-
60
prometheus:
61
image: prom/prometheus:v3.8.0
62
ports:
···
72
73
volumes:
74
postgres_data:
75
-
minio_data:
76
-
valkey_data:
77
prometheus_data:
···
10
- ./.env
11
environment:
12
DATABASE_URL: postgres://postgres:postgres@db:5432/pds
13
+
volumes:
14
+
- blob_data:/var/lib/tranquil/blobs
15
+
- backup_data:/var/lib/tranquil/backups
16
depends_on:
17
- db
18
19
frontend:
20
build:
···
37
volumes:
38
- postgres_data:/var/lib/postgresql
39
40
prometheus:
41
image: prom/prometheus:v3.8.0
42
ports:
···
52
53
volumes:
54
postgres_data:
55
+
blob_data:
56
+
backup_data:
57
prometheus_data:
+16
-11
docs/install-containers.md
+16
-11
docs/install-containers.md
···
43
44
## Standalone Containers (No Compose)
45
46
-
If you already have postgres and valkey running on the host (eg., from the [Debian install guide](install-debian.md)), you can run just the app containers.
47
48
Build the images:
49
```sh
···
51
podman build -t tranquil-pds-frontend:latest ./frontend
52
```
53
54
-
Run the backend with host networking (so it can access postgres/valkey on localhost) and mount the blob storage:
55
```sh
56
podman run -d --name tranquil-pds \
57
--network=host \
···
106
107
```bash
108
mkdir -p /etc/containers/systemd
109
-
mkdir -p /srv/tranquil-pds/{postgres,valkey,blobs,backups,certs,acme,config}
110
```
111
112
## Create Environment File
···
127
128
Copy the quadlet files from the repository:
129
```bash
130
-
cp /opt/tranquil-pds/deploy/quadlets/*.pod /etc/containers/systemd/
131
-
cp /opt/tranquil-pds/deploy/quadlets/*.container /etc/containers/systemd/
132
```
133
134
Note: Systemd doesn't support shell-style variable expansion in `Environment=` lines. The quadlet files expect DATABASE_URL to be set in the environment file.
135
136
## Create nginx Configuration
···
160
161
```bash
162
systemctl daemon-reload
163
-
systemctl start tranquil-pds-db tranquil-pds-valkey
164
sleep 10
165
```
166
···
172
173
## Obtain Wildcard SSL Certificate
174
175
-
User handles are served as subdomains (eg., `alice.pds.example.com`), so you need a wildcard certificate. Wildcard certs require DNS-01 validation.
176
177
Create temporary self-signed cert to start services:
178
```bash
···
195
196
Follow the prompts to add TXT records to your DNS. Note: manual mode doesn't auto-renew.
197
198
-
For automated renewal, use a DNS provider plugin (eg., cloudflare, route53).
199
200
Link certificates and restart:
201
```bash
···
207
## Enable All Services
208
209
```bash
210
-
systemctl enable tranquil-pds-db tranquil-pds-valkey tranquil-pds-app tranquil-pds-frontend tranquil-pds-nginx
211
```
212
213
## Configure Firewall
···
252
253
```sh
254
mkdir -p /srv/tranquil-pds/{data,config}
255
-
mkdir -p /srv/tranquil-pds/data/{postgres,valkey,blobs,backups,certs,acme}
256
```
257
258
## Clone Repository and Build Images
···
346
347
## Obtain Wildcard SSL Certificate
348
349
-
User handles are served as subdomains (eg., `alice.pds.example.com`), so you need a wildcard certificate. Wildcard certs require DNS-01 validation.
350
351
Create temporary self-signed cert to start services:
352
```sh
···
43
44
## Standalone Containers (No Compose)
45
46
+
If you already have postgres running on the host (eg. from the [Debian install guide](install-debian.md)), you can run just the app containers.
47
48
Build the images:
49
```sh
···
51
podman build -t tranquil-pds-frontend:latest ./frontend
52
```
53
54
+
Run the backend with host networking (so it can access postgres on localhost) and mount the blob storage:
55
```sh
56
podman run -d --name tranquil-pds \
57
--network=host \
···
106
107
```bash
108
mkdir -p /etc/containers/systemd
109
+
mkdir -p /srv/tranquil-pds/{postgres,blobs,backups,certs,acme,config}
110
```
111
112
## Create Environment File
···
127
128
Copy the quadlet files from the repository:
129
```bash
130
+
cp /opt/tranquil-pds/deploy/quadlets/tranquil-pds.pod /etc/containers/systemd/
131
+
cp /opt/tranquil-pds/deploy/quadlets/tranquil-pds-db.container /etc/containers/systemd/
132
+
cp /opt/tranquil-pds/deploy/quadlets/tranquil-pds-app.container /etc/containers/systemd/
133
+
cp /opt/tranquil-pds/deploy/quadlets/tranquil-pds-frontend.container /etc/containers/systemd/
134
+
cp /opt/tranquil-pds/deploy/quadlets/tranquil-pds-nginx.container /etc/containers/systemd/
135
```
136
137
+
Optional quadlets for valkey and minio are also available in `deploy/quadlets/` if you need them.
138
+
139
Note: Systemd doesn't support shell-style variable expansion in `Environment=` lines. The quadlet files expect DATABASE_URL to be set in the environment file.
140
141
## Create nginx Configuration
···
165
166
```bash
167
systemctl daemon-reload
168
+
systemctl start tranquil-pds-db
169
sleep 10
170
```
171
···
177
178
## Obtain Wildcard SSL Certificate
179
180
+
User handles are served as subdomains (eg. `alice.pds.example.com`), so you need a wildcard certificate. Wildcard certs require DNS-01 validation.
181
182
Create temporary self-signed cert to start services:
183
```bash
···
200
201
Follow the prompts to add TXT records to your DNS. Note: manual mode doesn't auto-renew.
202
203
+
For automated renewal, use a DNS provider plugin (eg. cloudflare, route53).
204
205
Link certificates and restart:
206
```bash
···
212
## Enable All Services
213
214
```bash
215
+
systemctl enable tranquil-pds-db tranquil-pds-app tranquil-pds-frontend tranquil-pds-nginx
216
```
217
218
## Configure Firewall
···
257
258
```sh
259
mkdir -p /srv/tranquil-pds/{data,config}
260
+
mkdir -p /srv/tranquil-pds/data/{postgres,blobs,backups,certs,acme}
261
```
262
263
## Clone Repository and Build Images
···
351
352
## Obtain Wildcard SSL Certificate
353
354
+
User handles are served as subdomains (eg. `alice.pds.example.com`), so you need a wildcard certificate. Wildcard certs require DNS-01 validation.
355
356
Create temporary self-signed cert to start services:
357
```sh
-8
docs/install-debian.md
-8
docs/install-debian.md
-3
docs/install-kubernetes.md
-3
docs/install-kubernetes.md
···
3
If you're reaching for kubernetes for this app, you're experienced enough to know how to spin up:
4
5
- cloudnativepg (or your preferred postgres operator)
6
-
- valkey
7
- a PersistentVolume for blob storage
8
- the app itself (it's just a container with some env vars)
9
···
13
- `DATABASE_URL` - postgres connection string
14
- `BLOB_STORAGE_PATH` - path to blob storage (mount a PV here)
15
- `BACKUP_STORAGE_PATH` - path for repo backups (optional but recommended)
16
-
- `VALKEY_URL` - redis:// connection string
17
- `PDS_HOSTNAME` - your PDS hostname (without protocol)
18
- `JWT_SECRET`, `DPOP_SECRET`, `MASTER_KEY` - generate with `openssl rand -base64 48`
19
- `CRAWLERS` - typically `https://bsky.network`
···
41
</body>
42
</html>
43
```
44
-
···
3
If you're reaching for kubernetes for this app, you're experienced enough to know how to spin up:
4
5
- cloudnativepg (or your preferred postgres operator)
6
- a PersistentVolume for blob storage
7
- the app itself (it's just a container with some env vars)
8
···
12
- `DATABASE_URL` - postgres connection string
13
- `BLOB_STORAGE_PATH` - path to blob storage (mount a PV here)
14
- `BACKUP_STORAGE_PATH` - path for repo backups (optional but recommended)
15
- `PDS_HOSTNAME` - your PDS hostname (without protocol)
16
- `JWT_SECRET`, `DPOP_SECRET`, `MASTER_KEY` - generate with `openssl rand -base64 48`
17
- `CRAWLERS` - typically `https://bsky.network`
···
39
</body>
40
</html>
41
```
-11
scripts/install-debian.sh
-11
scripts/install-debian.sh
···
194
sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE pds TO tranquil_pds;"
195
log_success "postgres configured"
196
197
-
log_info "Installing valkey..."
198
-
apt install -y valkey 2>/dev/null || {
199
-
log_warn "valkey not in repos, installing redis..."
200
-
apt install -y redis-server
201
-
systemctl enable redis-server
202
-
systemctl start redis-server
203
-
}
204
-
systemctl enable valkey-server 2>/dev/null || true
205
-
systemctl start valkey-server 2>/dev/null || true
206
-
207
log_info "Creating blob storage directories..."
208
mkdir -p /var/lib/tranquil/blobs /var/lib/tranquil/backups
209
log_success "Blob storage directories created"
···
313
DATABASE_MIN_CONNECTIONS=10
314
BLOB_STORAGE_PATH=/var/lib/tranquil/blobs
315
BACKUP_STORAGE_PATH=/var/lib/tranquil/backups
316
-
VALKEY_URL=redis://localhost:6379
317
JWT_SECRET=${JWT_SECRET}
318
DPOP_SECRET=${DPOP_SECRET}
319
MASTER_KEY=${MASTER_KEY}
···
194
sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE pds TO tranquil_pds;"
195
log_success "postgres configured"
196
197
log_info "Creating blob storage directories..."
198
mkdir -p /var/lib/tranquil/blobs /var/lib/tranquil/backups
199
log_success "Blob storage directories created"
···
303
DATABASE_MIN_CONNECTIONS=10
304
BLOB_STORAGE_PATH=/var/lib/tranquil/blobs
305
BACKUP_STORAGE_PATH=/var/lib/tranquil/backups
306
JWT_SECRET=${JWT_SECRET}
307
DPOP_SECRET=${DPOP_SECRET}
308
MASTER_KEY=${MASTER_KEY}
+8
-1
scripts/run-tests.sh
+8
-1
scripts/run-tests.sh
···
16
sqlx database create 2>/dev/null || true
17
sqlx migrate run --source "$PROJECT_DIR/migrations"
18
echo ""
19
+
ulimit -n 65536
20
+
21
+
echo "Building test binaries..."
22
+
cargo test --no-run 2>&1 | tail -1
23
+
24
echo "Running tests..."
25
echo ""
26
cargo nextest run "$@"
27
+
28
+
echo ""
29
+
echo "All tests passed."
+5
-50
scripts/test-infra.sh
+5
-50
scripts/test-infra.sh
···
32
echo "Stale infra file found, cleaning up..."
33
rm -f "$INFRA_FILE"
34
fi
35
-
$CONTAINER_CMD rm -f "${CONTAINER_PREFIX}-postgres" "${CONTAINER_PREFIX}-minio" "${CONTAINER_PREFIX}-valkey" 2>/dev/null || true
36
echo "Starting PostgreSQL..."
37
$CONTAINER_CMD run -d \
38
--name "${CONTAINER_PREFIX}-postgres" \
···
43
--label tranquil_pds_test=true \
44
postgres:18-alpine \
45
-c max_connections=500 >/dev/null
46
-
echo "Starting MinIO..."
47
-
$CONTAINER_CMD run -d \
48
-
--name "${CONTAINER_PREFIX}-minio" \
49
-
-e MINIO_ROOT_USER=minioadmin \
50
-
-e MINIO_ROOT_PASSWORD=minioadmin \
51
-
-p 9000 \
52
-
--label tranquil_pds_test=true \
53
-
cgr.dev/chainguard/minio:latest server /data >/dev/null
54
-
echo "Starting Valkey..."
55
-
$CONTAINER_CMD run -d \
56
-
--name "${CONTAINER_PREFIX}-valkey" \
57
-
-P \
58
-
--label tranquil_pds_test=true \
59
-
valkey/valkey:9-alpine >/dev/null
60
echo "Waiting for services to be ready..."
61
-
sleep 2
62
-
PG_PORT=$($CONTAINER_CMD port "${CONTAINER_PREFIX}-postgres" 5432 | head -1 | cut -d: -f2)
63
-
MINIO_PORT=$($CONTAINER_CMD port "${CONTAINER_PREFIX}-minio" 9000 | head -1 | cut -d: -f2)
64
-
VALKEY_PORT=$($CONTAINER_CMD port "${CONTAINER_PREFIX}-valkey" 6379 | head -1 | cut -d: -f2)
65
for i in {1..30}; do
66
if $CONTAINER_CMD exec "${CONTAINER_PREFIX}-postgres" pg_isready -U postgres >/dev/null 2>&1; then
67
break
···
69
echo "Waiting for PostgreSQL... ($i/30)"
70
sleep 1
71
done
72
-
for i in {1..30}; do
73
-
if curl -s "http://127.0.0.1:${MINIO_PORT}/minio/health/live" >/dev/null 2>&1; then
74
-
break
75
-
fi
76
-
echo "Waiting for MinIO... ($i/30)"
77
-
sleep 1
78
-
done
79
-
for i in {1..30}; do
80
-
if $CONTAINER_CMD exec "${CONTAINER_PREFIX}-valkey" valkey-cli ping 2>/dev/null | grep -q PONG; then
81
-
break
82
-
fi
83
-
echo "Waiting for Valkey... ($i/30)"
84
-
sleep 1
85
-
done
86
-
echo "Creating MinIO buckets..."
87
-
$CONTAINER_CMD run --rm --network host \
88
-
-e MC_HOST_minio="http://minioadmin:minioadmin@127.0.0.1:${MINIO_PORT}" \
89
-
cgr.dev/chainguard/minio-client:latest-dev mb minio/test-bucket --ignore-existing >/dev/null 2>&1 || true
90
-
$CONTAINER_CMD run --rm --network host \
91
-
-e MC_HOST_minio="http://minioadmin:minioadmin@127.0.0.1:${MINIO_PORT}" \
92
-
cgr.dev/chainguard/minio-client:latest-dev mb minio/test-backups --ignore-existing >/dev/null 2>&1 || true
93
cat > "$INFRA_FILE" << EOF
94
export DATABASE_URL="postgres://postgres:postgres@127.0.0.1:${PG_PORT}/postgres"
95
export TEST_DB_PORT="${PG_PORT}"
96
-
export S3_ENDPOINT="http://127.0.0.1:${MINIO_PORT}"
97
-
export S3_BUCKET="test-bucket"
98
-
export BACKUP_S3_BUCKET="test-backups"
99
-
export AWS_ACCESS_KEY_ID="minioadmin"
100
-
export AWS_SECRET_ACCESS_KEY="minioadmin"
101
-
export AWS_REGION="us-east-1"
102
-
export VALKEY_URL="redis://127.0.0.1:${VALKEY_PORT}"
103
export TRANQUIL_PDS_TEST_INFRA_READY="1"
104
export TRANQUIL_PDS_ALLOW_INSECURE_SECRETS="1"
105
export SKIP_IMPORT_VERIFICATION="true"
···
113
}
114
stop_infra() {
115
echo "Stopping test infrastructure..."
116
-
$CONTAINER_CMD rm -f "${CONTAINER_PREFIX}-postgres" "${CONTAINER_PREFIX}-minio" "${CONTAINER_PREFIX}-valkey" 2>/dev/null || true
117
rm -f "$INFRA_FILE"
118
echo "Infrastructure stopped."
119
}
120
status_infra() {
···
124
echo "Config file: $INFRA_FILE"
125
source "$INFRA_FILE"
126
echo "Database URL: $DATABASE_URL"
127
-
echo "S3 Endpoint: $S3_ENDPOINT"
128
else
129
echo "Config file: NOT FOUND"
130
fi
···
158
echo "Usage: $0 {start|stop|restart|status|env}"
159
echo ""
160
echo "Commands:"
161
-
echo " start - Start test infrastructure (Postgres, MinIO, Valkey)"
162
echo " stop - Stop and remove test containers"
163
echo " restart - Stop then start infrastructure"
164
echo " status - Show infrastructure status"
···
32
echo "Stale infra file found, cleaning up..."
33
rm -f "$INFRA_FILE"
34
fi
35
+
$CONTAINER_CMD rm -f "${CONTAINER_PREFIX}-postgres" 2>/dev/null || true
36
echo "Starting PostgreSQL..."
37
$CONTAINER_CMD run -d \
38
--name "${CONTAINER_PREFIX}-postgres" \
···
43
--label tranquil_pds_test=true \
44
postgres:18-alpine \
45
-c max_connections=500 >/dev/null
46
echo "Waiting for services to be ready..."
47
for i in {1..30}; do
48
if $CONTAINER_CMD exec "${CONTAINER_PREFIX}-postgres" pg_isready -U postgres >/dev/null 2>&1; then
49
break
···
51
echo "Waiting for PostgreSQL... ($i/30)"
52
sleep 1
53
done
54
+
PG_PORT=$($CONTAINER_CMD port "${CONTAINER_PREFIX}-postgres" 5432 | head -1 | cut -d: -f2)
55
cat > "$INFRA_FILE" << EOF
56
export DATABASE_URL="postgres://postgres:postgres@127.0.0.1:${PG_PORT}/postgres"
57
export TEST_DB_PORT="${PG_PORT}"
58
export TRANQUIL_PDS_TEST_INFRA_READY="1"
59
export TRANQUIL_PDS_ALLOW_INSECURE_SECRETS="1"
60
export SKIP_IMPORT_VERIFICATION="true"
···
68
}
69
stop_infra() {
70
echo "Stopping test infrastructure..."
71
+
$CONTAINER_CMD rm -f "${CONTAINER_PREFIX}-postgres" 2>/dev/null || true
72
rm -f "$INFRA_FILE"
73
+
rm -rf "${TMPDIR:-/tmp}"/tranquil-pds-test-* 2>/dev/null || true
74
echo "Infrastructure stopped."
75
}
76
status_infra() {
···
80
echo "Config file: $INFRA_FILE"
81
source "$INFRA_FILE"
82
echo "Database URL: $DATABASE_URL"
83
else
84
echo "Config file: NOT FOUND"
85
fi
···
113
echo "Usage: $0 {start|stop|restart|status|env}"
114
echo ""
115
echo "Commands:"
116
+
echo " start - Start test infrastructure (Postgres)"
117
echo " stop - Stop and remove test containers"
118
echo " restart - Stop then start infrastructure"
119
echo " status - Show infrastructure status"