added websocket and publish new_msg (#19)

Author: markmnl

README.md

@@ -126,10 +126,13 @@ The server starts on port `8000` by default. Override with `FMSG_API_PORT`.
 The HTTP server is configured with `ReadHeaderTimeout: 10s`, `WriteTimeout: 65s`,
 and `IdleTimeout: 120s`. The write timeout exceeds the `/wait` endpoint's
 maximum long-poll duration (60 s) so connections are not dropped prematurely.
+These timeouts do not apply to `/fmsg/ws` connections: once upgraded, a
+WebSocket connection is hijacked from the HTTP server and kept alive by its own
+ping/pong heartbeat.
 
 ## API Routes
 
-All routes are prefixed with `/fmsg` and require a valid `Authorization: Bearer <token>` header.
+All routes are prefixed with `/fmsg` and require a valid `Authorization: Bearer <token>` header. The one exception is the WebSocket route `/fmsg/ws`, which additionally accepts the token via an `access_token` query parameter (browsers cannot set headers on a WebSocket).
 
 Rate limiting is enforced at the host level (e.g. `nftables`) rather than in
 the application.
@@ -139,6 +142,7 @@ the application.
 | `GET`    | `/fmsg`                          | List messages for user   |
 | `GET`    | `/fmsg/sent`                     | List authored messages (sent + drafts) |
 | `GET`    | `/fmsg/wait`                     | Long-poll for new messages |
+| `GET`    | `/fmsg/ws`                       | WebSocket for pushed event notifications |
 | `POST`   | `/fmsg`                          | Create a draft message   |
 | `GET`    | `/fmsg/:id`                      | Retrieve a message       |
 | `PUT`    | `/fmsg/:id`                      | Update a draft message   |
@@ -189,6 +193,45 @@ loop:
   # on 204 or transient error: loop immediately (with brief back-off on error)
 ```
 
+### GET `/fmsg/ws`
+
+Upgrades the connection to a WebSocket over which the server pushes events that
+pertain to the authenticated user. Intended for always-connected clients
+(browsers, desktop apps) as a more scalable alternative to long-polling
+`/fmsg/wait`: a single shared PostgreSQL listener fans events out to all
+connected clients, so the number of connections does not consume database
+connection-pool capacity.
+
+**Authentication:** the JWT is verified exactly as for the REST API. Supply it
+either as an `Authorization: Bearer <token>` header (non-browser clients) or as
+an `access_token` query parameter (browsers, which cannot set headers on a
+WebSocket). The handshake fails with `401`/`400`/`403`/`503` — the same statuses
+as the REST middleware — before the connection is upgraded.
+
+**Events:** every frame is a JSON envelope with a `type` discriminator so new
+event types can be added without breaking clients:
+
+```json
+{ "type": "new_msg", "data": { ...message... } }
+```
+
+| `type`     | `data` | Sent when |
+| ---------- | ------ | --------- |
+| `new_msg`  | A message object, same shape as an item in the `GET /fmsg` list response (includes `id`). | A new message arrives for the authenticated user. |
+
+A client only ever receives events for messages it is a participant on. The
+server sends periodic WebSocket pings; clients should respond with pongs (most
+WebSocket libraries do this automatically) to keep the connection alive.
+
+**Browser example:**
+```js
+const ws = new WebSocket(`wss://api.example.com/fmsg/ws?access_token=${jwt}`);
+ws.onmessage = (e) => {
+  const event = JSON.parse(e.data);
+  if (event.type === "new_msg") displayMessage(event.data);
+};
+```
+
 ### GET `/fmsg`
 
 Returns messages where the authenticated user is a recipient (listed in `msg_to` or `msg_add_to`), ordered by message ID descending.

src/go.mod

@@ -6,8 +6,10 @@ require (
 	github.com/MicahParks/keyfunc/v3 v3.8.0
 	github.com/gin-gonic/gin v1.12.0
 	github.com/golang-jwt/jwt/v5 v5.3.1
+	github.com/gorilla/websocket v1.5.3
 	github.com/jackc/pgx/v5 v5.8.0
 	github.com/joho/godotenv v1.5.1
+	golang.org/x/sync v0.20.0
 )
 
 require (
@@ -41,7 +43,6 @@ require (
 	golang.org/x/arch v0.22.0 // indirect
 	golang.org/x/crypto v0.48.0 // indirect
 	golang.org/x/net v0.51.0 // indirect
-	golang.org/x/sync v0.20.0 // indirect
 	golang.org/x/sys v0.41.0 // indirect
 	golang.org/x/text v0.34.0 // indirect
 	golang.org/x/time v0.15.0 // indirect

src/go.sum

@@ -36,6 +36,8 @@ github.com/golang-jwt/jwt/v5 v5.3.1/go.mod h1:fxCRLWMO43lRc8nhHWY6LGqRcf+1gQWArs
 github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
 github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/gorilla/websocket v1.5.3 h1:saDtZ6Pbx/0u+bgYQ3q96pZgCzfhKXGPqt7kZ72aNNg=
+github.com/gorilla/websocket v1.5.3/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
 github.com/jackc/pgpassfile v1.0.0 h1:/6Hmqy13Ss2zCq62VdNG8tM1wchn8zjSGOBJ6icpsIM=
 github.com/jackc/pgpassfile v1.0.0/go.mod h1:CEx0iS5ambNFdcRtxPj5JhEz+xB6uRky5eyVu/W2HEg=
 github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 h1:iCEnooe7UlwOQYpKFhBabPMi4aNAfoODPEFNiAnClxo=
@@ -93,8 +95,6 @@ golang.org/x/crypto v0.48.0 h1:/VRzVqiRSggnhY7gNRxPauEQ5Drw9haKdM0jqfcCFts=
 golang.org/x/crypto v0.48.0/go.mod h1:r0kV5h3qnFPlQnBSrULhlsRfryS2pmewsg+XfMgkVos=
 golang.org/x/net v0.51.0 h1:94R/GTO7mt3/4wIKpcR5gkGmRLOuE/2hNGeWq/GBIFo=
 golang.org/x/net v0.51.0/go.mod h1:aamm+2QF5ogm02fjy5Bb7CQ0WMt1/WVM7FtyaTLlA9Y=
-golang.org/x/sync v0.19.0 h1:vV+1eWNmZ5geRlYjzm2adRgW2/mcpevXNg50YZtPCE4=
-golang.org/x/sync v0.19.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
 golang.org/x/sync v0.20.0 h1:e0PTpb7pjO8GAtTs2dQ6jYa5BWYlMuX047Dco/pItO4=
 golang.org/x/sync v0.20.0/go.mod h1:9xrNwdLfx4jkKbNva9FpL6vEN7evnE43NNNJQ2LF3+0=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=

src/handlers/hub.go

@@ -0,0 +1,187 @@
+package handlers
+
+import (
+	"context"
+	"encoding/json"
+	"log"
+	"strconv"
+	"strings"
+	"sync"
+	"time"
+
+	"github.com/jackc/pgx/v5"
+)
+
+// Event type discriminators for the WebSocket envelope. Adding a new event
+// type means adding a constant here and a producer that dispatches it.
+const (
+	eventNewMsg = "new_msg"
+)
+
+// wsEnvelope is the JSON shape of every frame pushed over a WebSocket. The
+// Type field lets clients route events; Data carries the event-specific body.
+type wsEnvelope struct {
+	Type string      `json:"type"`
+	Data interface{} `json:"data"`
+}
+
+// Hub maintains the set of connected WebSocket clients and fans out database
+// notifications to the clients they pertain to. A single dedicated PostgreSQL
+// connection LISTENs on new_msg_to for the whole process, so the number of
+// connected clients does not affect the size of the database connection pool.
+type Hub struct {
+	// buildItem produces the message payload pushed for a notification. It is
+	// a field (rather than a *MessageHandler call) so dispatch can be unit
+	// tested without a database.
+	buildItem func(ctx context.Context, msgID int64, recipient string) (*messageListItem, error)
+
+	mu sync.RWMutex
+	// registry maps a lower-cased user address to the set of that user's
+	// currently connected clients (a user may have several connections).
+	registry map[string]map[*wsClient]struct{}
+}
+
+// NewHub creates a Hub that builds pushed message payloads via msgs.
+func NewHub(msgs *MessageHandler) *Hub {
+	return &Hub{
+		buildItem: msgs.messageItemFor,
+		registry:  make(map[string]map[*wsClient]struct{}),
+	}
+}
+
+// Register adds a client to the registry under its authenticated address.
+func (h *Hub) Register(c *wsClient) {
+	h.mu.Lock()
+	defer h.mu.Unlock()
+	set := h.registry[c.addr]
+	if set == nil {
+		set = make(map[*wsClient]struct{})
+		h.registry[c.addr] = set
+	}
+	set[c] = struct{}{}
+}
+
+// Unregister removes a client from the registry.
+func (h *Hub) Unregister(c *wsClient) {
+	h.mu.Lock()
+	defer h.mu.Unlock()
+	set := h.registry[c.addr]
+	if set == nil {
+		return
+	}
+	delete(set, c)
+	if len(set) == 0 {
+		delete(h.registry, c.addr)
+	}
+}
+
+// Run owns the dedicated listener connection. It blocks until ctx is cancelled,
+// reconnecting with capped exponential backoff if the connection drops.
+func (h *Hub) Run(ctx context.Context) {
+	const maxBackoff = 30 * time.Second
+	backoff := time.Second
+	for ctx.Err() == nil {
+		err := h.listen(ctx, func() { backoff = time.Second })
+		if ctx.Err() != nil {
+			return
+		}
+		log.Printf("ws hub: listener stopped (%v); reconnecting in %s", err, backoff)
+		select {
+		case <-ctx.Done():
+			return
+		case <-time.After(backoff):
+		}
+		if backoff < maxBackoff {
+			backoff *= 2
+		}
+	}
+}
+
+// listen opens a dedicated connection, LISTENs on new_msg_to, and dispatches
+// every notification until the connection fails or ctx is cancelled. onConnected
+// is invoked once the LISTEN has succeeded so the caller can reset its backoff.
+func (h *Hub) listen(ctx context.Context, onConnected func()) error {
+	// An empty connection string makes pgx read the standard PG* environment
+	// variables, exactly as the pgxpool in db.New does.
+	conn, err := pgx.Connect(ctx, "")
+	if err != nil {
+		return err
+	}
+	defer conn.Close(context.Background())
+
+	if _, err := conn.Exec(ctx, "LISTEN new_msg_to"); err != nil {
+		return err
+	}
+	log.Println("ws hub: listening on new_msg_to")
+	onConnected()
+
+	for {
+		n, err := conn.WaitForNotification(ctx)
+		if err != nil {
+			return err
+		}
+		msgID, addr, ok := parseNotifyPayload(n.Payload)
+		if !ok {
+			log.Printf("ws hub: ignoring malformed notification payload %q", n.Payload)
+			continue
+		}
+		h.dispatch(ctx, msgID, addr)
+	}
+}
+
+// parseNotifyPayload parses a new_msg_to payload of the form "msgID,addr".
+func parseNotifyPayload(payload string) (msgID int64, addr string, ok bool) {
+	comma := strings.IndexByte(payload, ',')
+	if comma < 0 {
+		return 0, "", false
+	}
+	id, err := strconv.ParseInt(payload[:comma], 10, 64)
+	if err != nil {
+		return 0, "", false
+	}
+	addr = payload[comma+1:]
+	if addr == "" {
+		return 0, "", false
+	}
+	return id, addr, true
+}
+
+// dispatch pushes message msgID to every client connected as addr. The message
+// is fetched and marshalled only when at least one such client is connected, so
+// notifications for addresses with no live WebSocket cost nothing beyond a map
+// lookup. addr originates from a msg_to/msg_add_to row, so any client connected
+// as addr is by definition a participant of the message.
+func (h *Hub) dispatch(ctx context.Context, msgID int64, addr string) {
+	h.mu.RLock()
+	set := h.registry[strings.ToLower(addr)]
+	clients := make([]*wsClient, 0, len(set))
+	for c := range set {
+		clients = append(clients, c)
+	}
+	h.mu.RUnlock()
+	if len(clients) == 0 {
+		return
+	}
+
+	item, err := h.buildItem(ctx, msgID, addr)
+	if err != nil {
+		log.Printf("ws hub: build message %d for %s: %v", msgID, addr, err)
+		return
+	}
+	payload, err := json.Marshal(wsEnvelope{Type: eventNewMsg, Data: item})
+	if err != nil {
+		log.Printf("ws hub: marshal message %d: %v", msgID, err)
+		return
+	}
+
+	for _, c := range clients {
+		select {
+		case c.send <- payload:
+		default:
+			// Slow client: drop the connection rather than stall the
+			// shared fan-out for every other client.
+			log.Printf("ws hub: client %s send buffer full, closing", c.addr)
+			c.close()
+		}
+	}
+}