enable tls by default for dev

lherman-cs · lherman-cs · commit e3b9e89a108e · 2025-09-12T14:22:14.000-04:00
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/demo/index.html b/demo/index.html
@@ -14,7 +14,7 @@ <h2>PulseBeam</h2>
 
     <form id="controls" class="field middle-align mb-2">
       <input type="text" id="endpoint" placeholder="Enter WHIP/WHEP endpoint"
-        value="http://localhost:3000/api/v1/rooms/test" required />
+        value="https://localhost:3000/api/v1/rooms/test" required />
       <button type="submit" id="toggle" class="small-round">Start</button>
     </form>
 
diff --git a/pulsebeam-runtime/Cargo.toml b/pulsebeam-runtime/Cargo.toml
@@ -23,6 +23,7 @@ bytes = "1.10.1"
 rustls = "0.23.31"
 turmoil = "0.6.6"
 futures.workspace = true
+quinn-udp = "0.5.14"
 
 [dev-dependencies]
 rcgen = "0.14.4"
diff --git a/pulsebeam-runtime/src/mailbox.rs b/pulsebeam-runtime/src/mailbox.rs
@@ -74,7 +74,7 @@ impl<T> Sender<T> {
         use mpsc::error::TrySendError as TokioTrySendError;
         self.sender.try_send(message).map_err(|e| match e {
             TokioTrySendError::Full(m) => {
-                tracing::debug!("try_send dropped a packet due to full queue");
+                tracing::info!("try_send dropped a packet due to full queue");
                 TrySendError::Full(m)
             }
             TokioTrySendError::Closed(m) => TrySendError::Closed(m),
diff --git a/pulsebeam/Cargo.toml b/pulsebeam/Cargo.toml
@@ -34,6 +34,7 @@ mimalloc = "0.1.48"
 hyper = "1.7.0"
 pulsebeam-runtime = { version = "^0.1.0", path = "../pulsebeam-runtime" }
 thread-priority = "3.0.0"
+axum-server = { version = "0.7.2", features = ["tls-rustls"] }
 
 [dev-dependencies]
 turmoil = "0.6.6"
diff --git a/pulsebeam/src/cert.pem b/pulsebeam/src/cert.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDCTCCAfGgAwIBAgIUO0H77pE2RU+CnDi1y/HUOk4F+9MwDQYJKoZIhvcNAQEL
+BQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTI1MDkxMjE3NTYzMVoXDTI2MDkx
+MjE3NTYzMVowFDESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEAwJAcX9nfPdrelLCTix4sST2VQ65xGtyKNEIyTCrJW299
+2p9O9atiVc0WIU4MdfjRHUkWtwVLZs2w3uYfsIbKmoHduG2yWsbURwxMbHF/9gmH
+hl+QyJDga9ErX26iWC4Bl84bCkQu5d7nIkVpZlqEmk0ql+OiYuDyXcZ+XcrCXKix
+H9v8ItI4/7oixZeN/+ajEXJdXcyClRVScNM0nTztxigefefduf4JRfAsdJGjXfBQ
+Ide8+9Txb04AaAGc4neBXeLjtZjwwonJcxRdMzAHgOdmeN7TZo9CjIJ6YjY6O/wF
+1NgszPRhXFil0vJJ73TvwQzzMoYt2w30RoRG2sWD8QIDAQABo1MwUTAdBgNVHQ4E
+FgQUaKFJocjsFH5ghAJ0dfQK5c4LmrswHwYDVR0jBBgwFoAUaKFJocjsFH5ghAJ0
+dfQK5c4LmrswDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAPAzs
+C7llEwM8s72/R0/gJV45D75Cpuq+jKTOUGjXIpzqO3j0PW3bHV8D25K7VhQEcSVI
+vbGNPCV86AhDteaMX42U5Mz5rPfofb9SzFF3xT57Da6FWvcoeY/dSOoriVHg7Xoy
+1wCV5bGzsaFJxg4p3SmR+xVNhkPHoOEpmRqSsXRfHtPHwQhqN2K8ED7OOHIalfWl
+MHCC06LbJ6up+a31eFe880oasiCrXbQ/YQQGbspijWCupgAqWTNHUigzE8ieZ057
+g5cjgTTcHUbOiihu+Evvon7cahDqST3SJ9TqC1ZgY4ZHev4tr85Z8GO4axc+aKU/
+MdXVKFIq7OPLctQREA==
+-----END CERTIFICATE-----
diff --git a/pulsebeam/src/key.pem b/pulsebeam/src/key.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDAkBxf2d892t6U
+sJOLHixJPZVDrnEa3Io0QjJMKslbb33an071q2JVzRYhTgx1+NEdSRa3BUtmzbDe
+5h+whsqagd24bbJaxtRHDExscX/2CYeGX5DIkOBr0StfbqJYLgGXzhsKRC7l3uci
+RWlmWoSaTSqX46Ji4PJdxn5dysJcqLEf2/wi0jj/uiLFl43/5qMRcl1dzIKVFVJw
+0zSdPO3GKB595925/glF8Cx0kaNd8FAh17z71PFvTgBoAZzid4Fd4uO1mPDCiclz
+FF0zMAeA52Z43tNmj0KMgnpiNjo7/AXU2CzM9GFcWKXS8knvdO/BDPMyhi3bDfRG
+hEbaxYPxAgMBAAECgf8cTfpk/Q7B87Hkj+bmJzyRk4c/qcW9lEt2P/6quYTBTlo+
+LUhT+/5b9AxpFAMxL9UKqxOj1JWDxljrXDafk5EwuWdOx2bQCAgLTuhP6PwJxwcT
+OfVBhfunOT8CB3lA+U0YYN9kttnBOeAhcB/J0JQMnxmePY1PfKyqvxek8bkhRL1N
+Gjx7j86DBCnqklv6BsgG+DQQeKg6dxa61oCzj+SXgV4PIxK11k2YRXs9AZtUbF4c
+LYVXWLUDjHpnuyrcb6MDnyqK3Jot3H0g9DqBC8qSsGNvFk8egr7lzwJmfk9rTrXr
+pv0nlXDzHKcfLbk1bd/dLZ2uqcRxQIJ0+kGGCZkCgYEA+7dVQC+9BZwLce6toqsJ
+C2eN0GR1fj2D8hxyGAlmt5LjGOEXMaNlTMPsB74BGLp775XFDTWyuBGSYWXai9Pf
+hKwnFTBFkqb4IRxSc0MF++KCA0ugia1LykN78tgsQANP84OXkdlHrsCaJiVvDjY0
+v81zo44ric3OZi/NUbZfUakCgYEAw9cPur6X8QYf1ZOK/689GkZLZ09npCQIdJ2Y
+N4GqeP34RD9SefFv8Eyf31UDjFC++c7Iznu8dVR7vFTSSZk5tFkz7eEXJQel84/u
+KJtLcopceNoBzCF3muyKdX6gx+etjBK+EZp3h69b3LS1XjeUDQhO0mFcOA5WCjyK
+SJ3/nQkCgYEA6Irxbi/sH3+Orz3CGbKK04diYzA7v1mTSRvwZ7Zft54ywSxJoikC
+j828g1aMasz1bFxfxBlkt1o8clCHe4BMUaQ9Iv0KeTZZqzUgEq3LnG0gkWzPrgF0
+MDLyEmKVVrn4pc5fO3WRHKeAgVc55tY7Gyrx9xqDrHZ+hLcKpr+mBakCgYEArBk6
+AWmsLGqtXwqhg7+Deqt7Z/Ynpd7kb1ZuhZi1Lk5A9fiPignZzNoJREF5NL1gljZZ
+0Np76r+rXP1NLtAwHYSmVc0QgcIO29MH/zc5PhbI3Ir4OWLPsJ1dr5Lvx7yYjheK
+X/3WPK6lk3ZaS8mbmThLzCUy3S/7/FLnUplGH8ECgYA9lwdg36mQAH2Ef1z+pya+
+cVAHogPqd+V5wVc+hrlswq10cExkYgmCwhRZbd8WluK54JEjgO5qw8eaPlI/PPVv
+I9vpJNyDw5CTkKXZ9gPlixxgDu+Mo/o4wdpJKTRDIL99It577Hn1Up5fNk61gYSN
+GOt65wUsGHd6gA9vPQa90w==
+-----END PRIVATE KEY-----
diff --git a/pulsebeam/src/main.rs b/pulsebeam/src/main.rs
@@ -72,11 +72,11 @@ pub async fn run(cpu_rt: rt::Runtime) {
         .expect("bind to udp socket");
     let http_socket: SocketAddr = "0.0.0.0:3000".parse().unwrap();
     tracing::info!(
-        "✅ Signaling server listening. Clients should connect to http://{}:3000 or http://localhost:3000",
+        "✅ Signaling server listening. Clients should connect to https://{}:3000 or https://localhost:3000",
         external_ip,
     );
 
-    node::run(cpu_rt, external_addr, unified_socket, http_socket)
+    node::run(cpu_rt, external_addr, unified_socket, http_socket, true)
         .await
         .unwrap();
 }
diff --git a/pulsebeam/src/node.rs b/pulsebeam/src/node.rs
@@ -9,6 +9,7 @@ pub async fn run(
     external_addr: SocketAddr,
     unified_socket: net::UnifiedSocket,
     http_socket: SocketAddr,
+    enable_tls: bool,
 ) -> anyhow::Result<()> {
     // Configure CORS
     let cors = CorsLayer::very_permissive()
@@ -41,14 +42,30 @@ pub async fn run(
     let controller_handle = controller_ready_rx.await?;
     // Set up signaling router
     let router = signaling::router(controller_handle).layer(cors);
-    let listener = tokio::net::TcpListener::bind(http_socket)
-        .await
-        .expect("bind to http socket");
-    let signaling = async move {
-        let _ = axum::serve(listener, router).await;
-    };
-    let signaling_handle = tokio::spawn(signaling);
-    join_set.push(signaling_handle.map(|_| ()).boxed());
+
+    if enable_tls {
+        // TODO: exclude from production build
+        use axum_server::tls_rustls::RustlsConfig;
+        let cert = include_bytes!("cert.pem");
+        let key = include_bytes!("key.pem");
+        let config = RustlsConfig::from_pem(cert.to_vec(), key.to_vec()).await?;
+
+        let signaling = async move {
+            axum_server::bind_rustls(http_socket, config)
+                .serve(router.into_make_service())
+                .await
+                .unwrap();
+        };
+        join_set.push(tokio::spawn(signaling).map(|_| ()).boxed());
+    } else {
+        let signaling = async move {
+            axum_server::bind(http_socket)
+                .serve(router.into_make_service())
+                .await
+                .unwrap();
+        };
+        join_set.push(tokio::spawn(signaling).map(|_| ()).boxed());
+    }
 
     // Wait for all tasks to complete
     while join_set.next().await.is_some() {}
diff --git a/pulsebeam/src/signaling.rs b/pulsebeam/src/signaling.rs
@@ -78,7 +78,7 @@ async fn join_room(
 
     // TODO: remove hardcoded URI
     let location_url = format!(
-        "http://localhost:3000/api/v1/rooms/{}/participants/{}",
+        "https://localhost:3000/api/v1/rooms/{}/participants/{}",
         &room_id.external, &participant_id
     );
     let mut response_headers = HeaderMap::new();

Original file line number	Diff line number	Diff line change
`@@ -74,7 +74,7 @@ impl<T> Sender<T> {`
`74`	`74`	`use mpsc::error::TrySendError as TokioTrySendError;`
`75`	`75`	`self.sender.try_send(message).map_err(\|e\| match e {`
`76`	`76`	`TokioTrySendError::Full(m) => {`
`77`		`- tracing::debug!("try_send dropped a packet due to full queue");`
	`77`	`+ tracing::info!("try_send dropped a packet due to full queue");`
`78`	`78`	`TrySendError::Full(m)`
`79`	`79`	`}`
`80`	`80`	`TokioTrySendError::Closed(m) => TrySendError::Closed(m),`