furumi-ng/furumi-server/src/main.rs

pub mod vfs;
pub mod security;
pub mod server;
pub mod metrics;

use std::net::SocketAddr;
use std::path::PathBuf;
use std::sync::Arc;
use axum::{Router, routing::get};
use clap::Parser;
use tonic::transport::Server;
use vfs::local::LocalVfs;
use furumi_common::proto::remote_file_system_server::RemoteFileSystemServer;
use server::RemoteFileSystemImpl;
use security::AuthInterceptor;

#[derive(Parser, Debug)]
#[command(version, about, long_about = None)]
struct Args {
    /// IP address and port to bind the gRPC server to
    #[arg(short, long, env = "FURUMI_BIND", default_value = "[::1]:50051")]
    bind: String,

    /// Document root directory to expose via VFS
    #[arg(short, long, env = "FURUMI_ROOT", default_value = ".")]
    root: PathBuf,

    /// Authentication Bearer token (leave empty to disable auth)
    #[arg(short, long, env = "FURUMI_TOKEN", default_value = "")]
    token: String,

    /// IP address and port for the Prometheus metrics HTTP endpoint
    #[arg(long, env = "FURUMI_METRICS_BIND", default_value = "0.0.0.0:9090")]
    metrics_bind: String,
}

async fn metrics_handler() -> String {
    metrics::render_metrics()
}

#[tokio::main]
async fn main() -> Result<(), Box<dyn std::error::Error>> {
    tracing_subscriber::fmt::init();

    let args = Args::parse();
    let addr: SocketAddr = args.bind.parse().unwrap_or_else(|e| {
        eprintln!("Error: Invalid bind address '{}': {}", args.bind, e);
        eprintln!("  Expected format: IP:PORT (e.g. 0.0.0.0:50051 or [::1]:50051)");
        std::process::exit(1);
    });

    let metrics_addr: SocketAddr = args.metrics_bind.parse().unwrap_or_else(|e| {
        eprintln!("Error: Invalid metrics bind address '{}': {}", args.metrics_bind, e);
        eprintln!("  Expected format: IP:PORT (e.g. 0.0.0.0:9090)");
        std::process::exit(1);
    });
    
    // Resolve the document root to an absolute path for safety and clarity
    let root_path = std::fs::canonicalize(&args.root)
        .unwrap_or_else(|_| args.root.clone());
    
    if !root_path.exists() || !root_path.is_dir() {
        eprintln!("Error: Root path {:?} does not exist or is not a directory", root_path);
        std::process::exit(1);
    }

    let vfs = Arc::new(LocalVfs::new(&root_path));
    let remote_fs = RemoteFileSystemImpl::new(vfs);
    let auth = AuthInterceptor::new(args.token.clone());
    let svc = RemoteFileSystemServer::with_interceptor(remote_fs, auth.clone());

    println!("Furumi-ng Server listening on {}", addr);
    if args.token.is_empty() {
        println!("WARNING: Authentication is DISABLED");
    } else {
        println!("Authentication is enabled (Bearer token required)");
    }
    println!("Document Root: {:?}", root_path);
    println!("Metrics endpoint: http://{}/metrics", metrics_addr);

    // Spawn the Prometheus metrics HTTP server on a separate port
    let metrics_app = Router::new().route("/metrics", get(metrics_handler));
    let metrics_listener = tokio::net::TcpListener::bind(metrics_addr).await?;
    tokio::spawn(async move {
        axum::serve(metrics_listener, metrics_app).await.unwrap();
    });

    Server::builder()
        // Enable TCP Keep-Alive and HTTP2 Ping to keep connections alive for long media streams
        .tcp_keepalive(Some(std::time::Duration::from_secs(60)))
        .http2_keepalive_interval(Some(std::time::Duration::from_secs(60)))
        .add_service(svc)
        .serve(addr)
        .await?;

    Ok(())
}