redshiftzero
commented
3 years ago (this isn't really an e2e specific thing, it just fits in nicely)
Frameworks to explore: https://github.com/tower-rs/tower <- tower-web? https://rocket.rs/ <- specifically a web framework, w/ diesel ORM, ready for prod? https://actix.rs <- h/t @kushaldas - under new maintainers? https://github.com/http-rs/tide <- h/t @rmol https://github.com/seanmonstar/warp <- h/t @rmol https://github.com/thruster-rs/Thruster <- h/t @rmol
How we could about the prototyping, where the goal would be to eventually replace SD server branch we use in this repository with a standalone server crate:
- implement intersection of v1 endpoints + v2 signal endpoints
- replace v1 API
- finally: add in the signal pieces (this gives us the flexibility in the future if we decide not to go w/signal to implement another set of endpoints)
Other test prototype-y ideas without changing to e2ee (simply to gain familiarity with Rust):
- replace source interface with rust
- advantage If we use rust we don't need SecureTemporaryFileWrapper, nightly reboots
- implement other smaller pieces and use a stepping stone approach by using PyO3 extensions
The v2 APIs for the source and journalist side are in https://github.com/redshiftzero/securedrop/tree/signal-proto.
What we do need from the existing Python server code is largely just the account management and perhaps the secure deletion logic.
If we are to remove the existing web JI, the web SI (as we instead will ship code client-side), and the existing pgp logic / SecureTemporaryFile / logic for generating codenames / etc, then a lot of code will naturally be deleted.
It's an option to at this point make a clean break from the Python codebase on the server side, and implement just the pieces required for the two APIs using another language (Rust is probably most natural as the dependencies are in Rust, but open to discussion). This issue is a placeholder for any thoughts in that direction.