appks/main.rs

use std::sync::Arc;

use actix_web::cookie::Key;
use actix_web::{App, HttpResponse, HttpServer, web};
use appks::api::openapi::OpenApiDoc;
use appks::api::routes::init_routes;
use appks::cache::AppCache;
use appks::cache::redis::AppRedis;
use appks::config::AppConfig;
use appks::error::{AppError, AppResult};
use appks::etcd::EtcdRegistry;
use appks::models::db::AppDatabase;
use appks::queue::NatsQueue;
use appks::service::AppService;
use appks::session::{RedisSessionStore, SessionMiddleware};
use appks::storage::s3::AppS3Storage;
use sqlx::Executor;
use utoipa::OpenApi;

#[actix_web::main]
async fn main() -> AppResult<()> {
    tracing_subscriber::fmt::init();

    let config = AppConfig::load();
    validate_session_secret(&config)?;

    tracing::info!("starting AppKS");

    let db = AppDatabase::from_config(&config).await?;
    db.writer().execute("SELECT 1").await?;

    let redis = AppRedis::from_config(&config)?;
    let cache = Arc::new(AppCache::from_config(&config)?);
    let storage = AppS3Storage::from_config(&config).await?;

    let registry = Arc::new(EtcdRegistry::connect(&config).await?);
    registry.start_discovery().await?;
    if config.get_env_or("APP_ETCD_REGISTER_SELF", false)? {
        registry
            .register_self(&config.rpc_self_service_name()?)
            .await?;
    }

    let nats = Arc::new(NatsQueue::connect(&config).await?);
    nats.ensure_stream("IM", vec!["im.>".to_string()]).await?;

    let service = AppService::new(
        env!("CARGO_PKG_VERSION").to_string(),
        db.clone(),
        redis.clone(),
        cache,
        config.clone(),
        storage,
        registry,
        nats,
    );

    let host = config.get_env_or::<String>("APP_HTTP_HOST", "0.0.0.0".to_string())?;
    let port = config.get_env_or::<u16>("APP_HTTP_PORT", 8000)?;
    let workers = config.get_env_or::<usize>(
        "APP_HTTP_WORKERS",
        std::thread::available_parallelism()
            .map(|n| n.get())
            .unwrap_or(1),
    )?;
    let bind_addr = format!("{host}:{port}");
    let session_key = build_session_key(&config)?;

    tracing::info!(addr = %bind_addr, workers, "http server listening");

    HttpServer::new(move || {
        let session_store = RedisSessionStore::new(redis.clone());
        let session_middleware =
            SessionMiddleware::from_app_config(session_store, session_key.clone(), &config)
                .expect("valid session configuration");

        App::new()
            .app_data(web::Data::new(service.clone()))
            .wrap(session_middleware)
            .route("/healthz", web::get().to(healthz))
            .route("/readyz", web::get().to(readyz))
            .route("/openapi.json", web::get().to(openapi_json))
            .configure(init_routes)
    })
    .workers(workers)
    .bind(bind_addr)?
    .run()
    .await?;

    db.close().await;
    Ok(())
}

async fn healthz() -> HttpResponse {
    HttpResponse::Ok().json(serde_json::json!({ "status": "ok" }))
}

async fn readyz(service: web::Data<AppService>) -> Result<HttpResponse, AppError> {
    service.ctx.db.writer().execute("SELECT 1").await?;
    Ok(HttpResponse::Ok().json(serde_json::json!({ "status": "ready" })))
}

async fn openapi_json() -> HttpResponse {
    HttpResponse::Ok().json(OpenApiDoc::openapi())
}

fn build_session_key(config: &AppConfig) -> AppResult<Key> {
    let secret = session_secret(config)?;
    Ok(Key::derive_from(secret.as_bytes()))
}

fn validate_session_secret(config: &AppConfig) -> AppResult<()> {
    session_secret(config).map(|_| ())
}

fn session_secret(config: &AppConfig) -> AppResult<String> {
    let secret = config
        .env
        .get("APP_SESSION_SECRET")
        .map(|s| s.trim())
        .filter(|s| s.len() >= 32)
        .ok_or_else(|| AppError::Config("APP_SESSION_SECRET must be at least 32 bytes".into()))?;
    Ok(secret.to_string())
}