feat: HTTPS support for web bridge (--tls flag)
Generates a self-signed certificate at startup for HTTPS. Required for mic access on Android/remote browsers (getUserMedia needs a secure context). Usage: wzp-web --port 9090 --relay 127.0.0.1:4433 --tls Browser: accept the self-signed cert warning, then mic works. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Siavash Sameni
@@ -21,6 +21,11 @@ anyhow = "1"
|
||||
axum = { version = "0.8", features = ["ws"] }
|
||||
tower-http = { version = "0.6", features = ["fs"] }
|
||||
futures = "0.3"
|
||||
axum-server = { version = "0.7", features = ["tls-rustls"] }
|
||||
rcgen = "0.13"
|
||||
rustls = { version = "0.23", default-features = false, features = ["ring", "std"] }
|
||||
rustls-pki-types = "1"
|
||||
tokio-rustls = "0.26"
|
||||
|
||||
[[bin]]
|
||||
name = "wzp-web"
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
//! Serves a web page for browser-based voice calls and bridges
|
||||
//! WebSocket audio to the wzp relay protocol.
|
||||
//!
|
||||
//! Usage: wzp-web [--port 8080] [--relay 127.0.0.1:4433]
|
||||
//! Usage: wzp-web [--port 8080] [--relay 127.0.0.1:4433] [--tls]
|
||||
|
||||
use std::net::SocketAddr;
|
||||
use std::sync::Arc;
|
||||
@@ -35,6 +35,7 @@ async fn main() -> anyhow::Result<()> {
|
||||
|
||||
let mut port: u16 = 8080;
|
||||
let mut relay_addr: SocketAddr = "127.0.0.1:4433".parse()?;
|
||||
let mut use_tls = false;
|
||||
|
||||
let args: Vec<String> = std::env::args().collect();
|
||||
let mut i = 1;
|
||||
@@ -48,12 +49,17 @@ async fn main() -> anyhow::Result<()> {
|
||||
i += 1;
|
||||
relay_addr = args[i].parse().expect("invalid relay address");
|
||||
}
|
||||
"--tls" => {
|
||||
use_tls = true;
|
||||
}
|
||||
"--help" | "-h" => {
|
||||
eprintln!("Usage: wzp-web [--port 8080] [--relay 127.0.0.1:4433]");
|
||||
eprintln!("Usage: wzp-web [--port 8080] [--relay 127.0.0.1:4433] [--tls]");
|
||||
eprintln!();
|
||||
eprintln!("Options:");
|
||||
eprintln!(" --port <port> HTTP/WebSocket port (default: 8080)");
|
||||
eprintln!(" --relay <addr> WZP relay address (default: 127.0.0.1:4433)");
|
||||
eprintln!(" --tls Enable HTTPS with self-signed certificate");
|
||||
eprintln!(" (required for mic access on Android/remote browsers)");
|
||||
std::process::exit(0);
|
||||
}
|
||||
_ => {}
|
||||
@@ -63,13 +69,11 @@ async fn main() -> anyhow::Result<()> {
|
||||
|
||||
let state = AppState { relay_addr };
|
||||
|
||||
// Determine static file path (relative to binary or cargo manifest)
|
||||
let static_dir = if std::path::Path::new("crates/wzp-web/static").exists() {
|
||||
"crates/wzp-web/static"
|
||||
} else if std::path::Path::new("static").exists() {
|
||||
"static"
|
||||
} else {
|
||||
// Fallback: look relative to executable
|
||||
"static"
|
||||
};
|
||||
|
||||
@@ -79,11 +83,40 @@ async fn main() -> anyhow::Result<()> {
|
||||
.with_state(state);
|
||||
|
||||
let listen: SocketAddr = format!("0.0.0.0:{port}").parse()?;
|
||||
info!(%listen, %relay_addr, "WarzonePhone web bridge starting");
|
||||
info!("Open http://localhost:{port} in your browser");
|
||||
|
||||
let listener = tokio::net::TcpListener::bind(listen).await?;
|
||||
axum::serve(listener, app).await?;
|
||||
if use_tls {
|
||||
// Generate self-signed cert
|
||||
let cert_key = rcgen::generate_simple_self_signed(vec![
|
||||
"localhost".to_string(),
|
||||
"wzp".to_string(),
|
||||
])?;
|
||||
let cert_der = rustls_pki_types::CertificateDer::from(cert_key.cert);
|
||||
let key_der = rustls_pki_types::PrivateKeyDer::try_from(cert_key.key_pair.serialize_der())
|
||||
.map_err(|e| anyhow::anyhow!("key error: {e}"))?;
|
||||
|
||||
let mut tls_config = rustls::ServerConfig::builder()
|
||||
.with_no_client_auth()
|
||||
.with_single_cert(vec![cert_der], key_der)?;
|
||||
tls_config.alpn_protocols = vec![b"h2".to_vec(), b"http/1.1".to_vec()];
|
||||
|
||||
let tls_config = axum_server::tls_rustls::RustlsConfig::from_config(Arc::new(tls_config));
|
||||
|
||||
info!(%listen, %relay_addr, "WarzonePhone web bridge starting (HTTPS)");
|
||||
info!("Open https://localhost:{port} in your browser");
|
||||
info!("NOTE: Accept the self-signed certificate warning in your browser");
|
||||
|
||||
axum_server::bind_rustls(listen, tls_config)
|
||||
.serve(app.into_make_service())
|
||||
.await?;
|
||||
} else {
|
||||
info!(%listen, %relay_addr, "WarzonePhone web bridge starting (HTTP)");
|
||||
info!("Open http://localhost:{port} in your browser");
|
||||
info!("NOTE: Use --tls for mic access on Android/remote browsers");
|
||||
|
||||
let listener = tokio::net::TcpListener::bind(listen).await?;
|
||||
axum::serve(listener, app).await?;
|
||||
}
|
||||
|
||||
Ok(())
|
||||
}
|
||||
|
||||
@@ -97,7 +130,6 @@ async fn ws_handler(
|
||||
async fn handle_ws(socket: WebSocket, state: AppState) {
|
||||
info!("WebSocket client connected");
|
||||
|
||||
// Connect to wzp relay
|
||||
let relay_addr = state.relay_addr;
|
||||
let bind_addr: SocketAddr = if relay_addr.is_ipv6() {
|
||||
"[::]:0".parse().unwrap()
|
||||
@@ -132,7 +164,7 @@ async fn handle_ws(socket: WebSocket, state: AppState) {
|
||||
let encoder = Arc::new(Mutex::new(CallEncoder::new(&config)));
|
||||
let decoder = Arc::new(Mutex::new(CallDecoder::new(&config)));
|
||||
|
||||
// --- Browser → Relay: receive PCM from WebSocket, encode, send to relay ---
|
||||
// Browser -> Relay
|
||||
let send_transport = transport.clone();
|
||||
let send_encoder = encoder.clone();
|
||||
let send_task = tokio::spawn(async move {
|
||||
@@ -140,9 +172,8 @@ async fn handle_ws(socket: WebSocket, state: AppState) {
|
||||
while let Some(Ok(msg)) = ws_receiver.next().await {
|
||||
match msg {
|
||||
Message::Binary(data) => {
|
||||
// data is raw s16le PCM from browser
|
||||
if data.len() < FRAME_SAMPLES * 2 {
|
||||
continue; // incomplete frame
|
||||
continue;
|
||||
}
|
||||
let pcm: Vec<i16> = data
|
||||
.chunks_exact(2)
|
||||
@@ -169,7 +200,7 @@ async fn handle_ws(socket: WebSocket, state: AppState) {
|
||||
}
|
||||
frames_sent += 1;
|
||||
if frames_sent % 250 == 0 {
|
||||
info!(frames_sent, "browser → relay");
|
||||
info!(frames_sent, "browser -> relay");
|
||||
}
|
||||
}
|
||||
Message::Close(_) => break,
|
||||
@@ -179,7 +210,7 @@ async fn handle_ws(socket: WebSocket, state: AppState) {
|
||||
info!(frames_sent, "browser send loop ended");
|
||||
});
|
||||
|
||||
// --- Relay → Browser: receive from relay, decode, send PCM to WebSocket ---
|
||||
// Relay -> Browser
|
||||
let recv_transport = transport.clone();
|
||||
let recv_decoder = decoder.clone();
|
||||
let recv_task = tokio::spawn(async move {
|
||||
@@ -194,19 +225,19 @@ async fn handle_ws(socket: WebSocket, state: AppState) {
|
||||
dec.ingest(pkt);
|
||||
if !is_repair {
|
||||
if let Some(_n) = dec.decode_next(&mut pcm_buf) {
|
||||
// Convert i16 PCM to bytes and send to browser
|
||||
let bytes: Vec<u8> = pcm_buf
|
||||
.iter()
|
||||
.flat_map(|s| s.to_le_bytes())
|
||||
.collect();
|
||||
if let Err(e) = ws_sender.send(Message::Binary(bytes.into())).await
|
||||
if let Err(e) =
|
||||
ws_sender.send(Message::Binary(bytes.into())).await
|
||||
{
|
||||
error!("ws send error: {e}");
|
||||
return;
|
||||
}
|
||||
frames_recv += 1;
|
||||
if frames_recv % 250 == 0 {
|
||||
info!(frames_recv, "relay → browser");
|
||||
info!(frames_recv, "relay -> browser");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user