Merge pull request #102 from kinode-dao/develop

Develop 0.9.4

Author: dr-frmr

Cargo.lock

@@ -1,7 +1,7 @@
 [package]
 name = "kinode_process_lib"
 description = "A library for writing Kinode processes in Rust."
-version = "0.9.3"
+version = "0.9.4"
 edition = "2021"
 license-file = "LICENSE"
 homepage = "https://kinode.org"

Cargo.toml

@@ -403,9 +403,10 @@ impl HttpBindingConfig {
 /// not use the WebSocket extension protocol to connect with a runtime extension.
 #[derive(Clone, Copy, Debug)]
 pub struct WsBindingConfig {
-    pub authenticated: bool,
-    pub encrypted: bool,
-    pub extension: bool,
+    authenticated: bool,
+    secure_subdomain: bool,
+    encrypted: bool,
+    extension: bool,
 }
 
 impl WsBindingConfig {
@@ -415,15 +416,22 @@ impl WsBindingConfig {
     pub fn default() -> Self {
         Self {
             authenticated: true,
+            secure_subdomain: false,
             encrypted: false,
             extension: false,
         }
     }
 
     /// Create a new WsBindingConfig with the given values.
-    pub fn new(authenticated: bool, encrypted: bool, extension: bool) -> Self {
+    pub fn new(
+        authenticated: bool,
+        secure_subdomain: bool,
+        encrypted: bool,
+        extension: bool,
+    ) -> Self {
         Self {
             authenticated,
+            secure_subdomain,
             encrypted,
             extension,
         }
@@ -435,6 +443,12 @@ impl WsBindingConfig {
         self
     }
 
+    /// Set whether the WebSocket server will be bound on a secure subdomain.
+    pub fn secure_subdomain(mut self, secure_subdomain: bool) -> Self {
+        self.secure_subdomain = secure_subdomain;
+        self
+    }
+
     /// Set whether the WebSocket server will apply a custom encryption to the WebSocket
     /// connection using the login cookie.
     pub fn encrypted(mut self, encrypted: bool) -> Self {
@@ -516,22 +530,32 @@ impl HttpServer {
     {
         let path: String = path.into();
         let res = KiRequest::to(("our", "http_server", "distro", "sys"))
-            .body(
+            .body(if config.secure_subdomain {
+                serde_json::to_vec(&HttpServerAction::WebSocketSecureBind {
+                    path: path.clone(),
+                    encrypted: config.encrypted,
+                    extension: config.extension,
+                })
+                .unwrap()
+            } else {
                 serde_json::to_vec(&HttpServerAction::WebSocketBind {
                     path: path.clone(),
                     authenticated: config.authenticated,
                     encrypted: config.encrypted,
                     extension: config.extension,
                 })
-                .unwrap(),
-            )
+                .unwrap()
+            })
             .send_and_await_response(self.timeout);
         let Ok(Message::Response { body, .. }) = res.unwrap() else {
             return Err(HttpServerError::Timeout);
         };
         let Ok(resp) = serde_json::from_slice::<Result<(), HttpServerError>>(&body) else {
             return Err(HttpServerError::UnexpectedResponse);
         };
+        if resp.is_ok() {
+            self.ws_paths.insert(path, config);
+        }
         resp
     }
 
@@ -644,9 +668,8 @@ impl HttpServer {
         let path: String = path.into();
         let res = KiRequest::to(("our", "http_server", "distro", "sys"))
             .body(
-                serde_json::to_vec(&HttpServerAction::WebSocketBind {
+                serde_json::to_vec(&HttpServerAction::WebSocketSecureBind {
                     path: path.clone(),
-                    authenticated: true,
                     encrypted: false,
                     extension: false,
                 })
@@ -664,6 +687,7 @@ impl HttpServer {
                 path,
                 WsBindingConfig {
                     authenticated: true,
+                    secure_subdomain: true,
                     encrypted: false,
                     extension: false,
                 },
@@ -727,15 +751,22 @@ impl HttpServer {
                 error: "path not found".to_string(),
             })?;
         let res = KiRequest::to(("our", "http_server", "distro", "sys"))
-            .body(
+            .body(if entry.secure_subdomain {
+                serde_json::to_vec(&HttpServerAction::WebSocketSecureBind {
+                    path: path.to_string(),
+                    encrypted: config.encrypted,
+                    extension: config.extension,
+                })
+                .unwrap()
+            } else {
                 serde_json::to_vec(&HttpServerAction::WebSocketBind {
                     path: path.to_string(),
                     authenticated: config.authenticated,
                     encrypted: config.encrypted,
                     extension: config.extension,
                 })
-                .unwrap(),
-            )
+                .unwrap()
+            })
             .send_and_await_response(self.timeout)
             .unwrap();
         let Ok(Message::Response { body, .. }) = res else {
@@ -746,6 +777,7 @@ impl HttpServer {
         };
         if resp.is_ok() {
             entry.authenticated = config.authenticated;
+            entry.secure_subdomain = config.secure_subdomain;
             entry.encrypted = config.encrypted;
             entry.extension = config.extension;
         }

src/http/server.rs

@@ -9,7 +9,7 @@ use std::hash::{Hash, Hasher};
 /// that capability with the receiving process, or to prove that a process has
 /// authority to perform a certain action.
 impl Capability {
-    /// Create a new `Capability`. Takes a node ID and a process ID.
+    /// Create a new [`Capability`]. Takes an [`Address`] and a parameter, which is a JSON string.
     pub fn new<T, U>(address: T, params: U) -> Capability
     where
         T: Into<Address>,

src/types/capability.rs

@@ -118,7 +118,7 @@ impl Request {
         self.body = Some(body.try_into()?);
         Ok(self)
     }
-    /// Set the metdata field for this request. Metadata is simply a [`String`].
+    /// Set the metadata field for this request. Metadata is simply a [`String`].
     /// Metadata should usually be used for middleware and other message-passing
     /// situations that require the original IPC body and blob to be preserved.
     /// As such, metadata should not always be expected to reach the final destination

src/types/request.rs

@@ -60,7 +60,7 @@ impl Response {
         self.body = Some(body.try_into()?);
         Ok(self)
     }
-    /// Set the metdata field for this response. Metadata is simply a [`String`].
+    /// Set the metadata field for this response. Metadata is simply a [`String`].
     /// Metadata should usually be used for middleware and other message-passing
     /// situations that require the original IPC body and blob to be preserved.
     /// As such, metadata should not always be expected to reach the final destination