pispas_modules/

utils.rs

use serde_json::Value;
use std::collections::HashMap;
use std::net::SocketAddr;
use std::sync::Arc;
use tokio::io::{AsyncRead, AsyncWrite};
use tokio::net::TcpListener;
use tokio_tungstenite::{accept_hdr_async, connect_async, tungstenite::protocol::Message};
use tokio_tungstenite::tungstenite::handshake::server::{Request, Response, ErrorResponse};
use futures_util::{SinkExt, StreamExt};
use serde_json::json;
use url::Url;
use anyhow::{Result};
use easy_trace::prelude::{debug, error, info, warn};
use sharing::utils::ConfigEnv;
use crate::MyPOSService;
use crate::prelude::{BaseService};
use crate::prelude::CashGuardService;
use crate::prelude::PaytefService;
use crate::prelude::PrintService;
use crate::prelude::RfidService;
use crate::prelude::ScaleService;
use crate::prelude::{Service, WebSocketWrite};

/// TLS certificate and private key for `local.unpispas.es`.
///
/// Issued by Cloudflare Origin CA and embedded at compile time. The CA root
/// is imported into the Windows trust store during install, so browsers that
/// connect to `wss://local.unpispas.es:5005` see a publicly-valid chain.
const LOCAL_TLS_CERT: &[u8] = include_bytes!("../../../resources/local_unpispas.crt");
const LOCAL_TLS_KEY: &[u8] = include_bytes!("../../../resources/local_unpispas.key");



/// Loads services based on the environment configuration.
///
/// This function reads the required modules from the `MODULES` environment variable.
/// It initializes and registers the corresponding services into a `HashMap`.
pub async fn load_services(config: ConfigEnv) -> HashMap<String, Arc<dyn Service>> {
    let mut services: HashMap<String, Arc<dyn Service>> = HashMap::new();

    // Get the required services from the environment variable or use a default value.
    let required_services = std::env::var("MODULES")
        .unwrap_or_else(|_| "base,print,scale,rfid".to_string());

    
    info!("Loading persistence module: cache");
    let mut persistence_service = crate::persistence::PersistenceService::new();
    if let Err(e) = persistence_service.initialize().await {
        error!("Failed to initialize persistence service: {}", e);
    }
    // Share the Arc: keeping one copy in the service registry (exposed to
    // WS clients as "cache") and handing clones to services that cache
    // state across sessions (paytef).
    let persistence_arc = Arc::new(persistence_service);
    services.insert("cache".to_string(), persistence_arc.clone());
    // Iterate through the list of service names and instantiate the appropriate service.
    for service_name in required_services.split(',') {
        match service_name.trim() {
            "base" => {
                services.insert("base".to_string(), Arc::new(BaseService::new()));
            }
            "print" => {
                let print_service = PrintService::new(config.clone()).await;
                services.insert("print".to_string(), Arc::new(print_service));
            }
            "scale" => {
                services.insert("scale".to_string(), Arc::new(ScaleService::new()));
            }
            "rfid" => {
                services.insert("rfid".to_string(), Arc::new(RfidService::new()));
            }
            "cashguard" => {
                services.insert("cashguard".to_string(), Arc::new(CashGuardService::new("localhost", 8080, "root", "admin")));
            }
            "paytef" => {
                services.insert("paytef".to_string(), Arc::new(PaytefService::new(Some(persistence_arc.clone()))));
            }
            "mypos" => {
                services.insert("mypos".to_string(), Arc::new(MyPOSService::new()));
            }
            "commandViewer" => {
                std::thread::spawn(|| {
                    let rt = tokio::runtime::Runtime::new().unwrap();
                    rt.block_on(async {
                        if let Err(e) = crate::command_viewer::start_kitchen_server().await {
                            eprintln!("Failed to start Actix server: {:?}", e);
                        }
                    });
                });
                
                services.insert("commandViewer".to_string(), Arc::new(crate::command_viewer::CommandViewerService::new()));
            }
            "OrderKitchen" => {
                services.insert("OrderKitchen".to_string(), Arc::new(crate::order_kitchen::OrderKitchenService::new()));
            }
            _ => {
                error!("Unknown service: {}", service_name.trim());
            }
        }
    }
    info!("Loaded services: {:?}", services.keys().collect::<Vec<_>>());
    services
}

/// Returns `true` when `origin` matches any pattern in
/// [`sharing::PNA_ALLOWED_ORIGINS`] or is a loopback origin.
///
/// Loopback origins (`http(s)://localhost[:port]`,
/// `http(s)://127.0.0.1[:port]`, and the special value `"null"`) are
/// always allowed so devtools, native apps, and file-served pages keep
/// working. Host comparison is **exact** — `localhost.evil.com` does
/// **not** count as loopback.
///
/// Allow-list patterns support:
///   * exact match,
///   * `scheme://*.domain` — wildcard subdomain. Matches both the apex
///     (`domain`) and any subdomain (`x.domain`, `x.y.domain`). This is
///     intentional so a single pattern covers the root and its children.
///   * `scheme://host:*` — wildcard port.
fn is_origin_allowed(origin: &str) -> bool {
    if origin == "null" || is_loopback_origin(origin) {
        return true;
    }
    sharing::PNA_ALLOWED_ORIGINS
        .iter()
        .any(|pattern| match_origin_pattern(pattern, origin))
}

/// Exact-host loopback check. Parses the origin and compares scheme + host
/// against `localhost` / `127.0.0.1` / `[::1]` so sneaky hosts like
/// `localhost.evil.com` do not slip through.
fn is_loopback_origin(origin: &str) -> bool {
    let (scheme, rest) = match origin.split_once("://") {
        Some(v) => v,
        None => return false,
    };
    if scheme != "http" && scheme != "https" {
        return false;
    }
    // IPv6 origins are bracketed: `http://[::1]:port`. Strip the host piece
    // carefully so the colons inside the brackets do not confuse us.
    let host = if let Some(after_bracket) = rest.strip_prefix('[') {
        match after_bracket.find(']') {
            Some(end) => &rest[..end + 2], // include "[" and "]"
            None => return false,
        }
    } else {
        rest.split(':').next().unwrap_or(rest)
    };
    host == "localhost" || host == "127.0.0.1" || host == "[::1]"
}

/// Matches a single `scheme://host[:port]` origin against a pattern.
///
/// See [`is_origin_allowed`] for the pattern grammar. Pure string work,
/// no regex, no allocations except `format!` in the subdomain branch.
fn match_origin_pattern(pattern: &str, origin: &str) -> bool {
    // Split scheme://host[:port]
    let (p_scheme, p_rest) = match pattern.split_once("://") {
        Some(v) => v,
        None => return false,
    };
    let (o_scheme, o_rest) = match origin.split_once("://") {
        Some(v) => v,
        None => return false,
    };
    if p_scheme != o_scheme {
        return false;
    }

    // Split host from port
    let (p_host, p_port) = p_rest.split_once(':').unwrap_or((p_rest, ""));
    let (o_host, o_port) = o_rest.split_once(':').unwrap_or((o_rest, ""));

    // Port: "*" matches any, "" matches only empty, exact otherwise
    let port_ok = match p_port {
        "" => o_port.is_empty(),
        "*" => true,
        _ => p_port == o_port,
    };
    if !port_ok {
        return false;
    }

    // Host: "*.foo.com" matches both the apex "foo.com" and any subdomain
    // ("x.foo.com", "x.y.foo.com"). Exact patterns match only the same host.
    if let Some(suffix) = p_host.strip_prefix("*.") {
        o_host == suffix || o_host.ends_with(&format!(".{}", suffix))
    } else {
        p_host == o_host
    }
}

#[cfg(test)]
mod origin_tests {
    use super::*;

    #[test]
    fn loopback_exact_hosts_allowed() {
        assert!(is_loopback_origin("http://localhost"));
        assert!(is_loopback_origin("https://localhost:3000"));
        assert!(is_loopback_origin("http://127.0.0.1"));
        assert!(is_loopback_origin("http://[::1]"));
    }

    #[test]
    fn loopback_lookalikes_rejected() {
        // The bug Copilot reported must not regress.
        assert!(!is_loopback_origin("http://localhost.evil.com"));
        assert!(!is_loopback_origin("http://127.0.0.1.evil.com"));
        assert!(!is_loopback_origin("ws://localhost"));
        assert!(!is_loopback_origin("ftp://localhost"));
    }

    #[test]
    fn pattern_subdomain_matches_apex_and_children() {
        assert!(match_origin_pattern(
            "https://*.unpispas.es",
            "https://unpispas.es"
        ));
        assert!(match_origin_pattern(
            "https://*.unpispas.es",
            "https://app.unpispas.es"
        ));
        assert!(match_origin_pattern(
            "https://*.unpispas.es",
            "https://a.b.unpispas.es"
        ));
    }

    #[test]
    fn pattern_wildcard_port() {
        assert!(match_origin_pattern(
            "https://*.unpispas.es:*",
            "https://app.unpispas.es:8443"
        ));
        assert!(match_origin_pattern(
            "https://*.unpispas.es:*",
            "https://app.unpispas.es"
        ));
    }

    #[test]
    fn pattern_exact_port_enforced() {
        assert!(match_origin_pattern(
            "https://app.example.com:443",
            "https://app.example.com:443"
        ));
        assert!(!match_origin_pattern(
            "https://app.example.com:443",
            "https://app.example.com:8080"
        ));
    }

    #[test]
    fn pattern_scheme_mismatch_rejected() {
        assert!(!match_origin_pattern(
            "https://*.unpispas.es",
            "http://app.unpispas.es"
        ));
    }

    #[test]
    fn non_pna_origin_not_allowed() {
        assert!(!is_origin_allowed("https://evil.com"));
        assert!(!is_origin_allowed("https://unpispas.es.evil.com"));
    }
}

/// Builds a TLS acceptor from the embedded cert + key.
fn build_tls_acceptor() -> std::result::Result<tokio_native_tls::TlsAcceptor, Box<dyn std::error::Error>> {
    let identity = native_tls::Identity::from_pkcs8(LOCAL_TLS_CERT, LOCAL_TLS_KEY)?;
    let tls = native_tls::TlsAcceptor::builder(identity).build()?;
    Ok(tokio_native_tls::TlsAcceptor::from(tls))
}

/// Starts a local WebSocket server (plain WS or WSS depending on `use_tls`).
///
/// When `use_tls` is true the server presents the embedded `local.unpispas.es`
/// certificate so browsers can connect via `wss://local.unpispas.es:<port>`
/// without the Chrome *Local Network Access* prompt.
pub async fn start_local_server(
    host: &str,
    port: u16,
    services: Arc<HashMap<String, Arc<dyn Service>>>,
    service_name: &str,
    service_vers: &str,
    use_tls: bool,
) -> Result<(), std::io::Error> {
    let addr = format!("{}:{}", host, port);

    let tls_acceptor = if use_tls {
        match build_tls_acceptor() {
            Ok(a) => {
                info!("TLS enabled for local server (wss://local.unpispas.es:{})", port);
                Some(a)
            }
            Err(e) => {
                error!("Failed to build TLS acceptor, falling back to plain WS: {}", e);
                None
            }
        }
    } else {
        None
    };

    loop {
        match TcpListener::bind(&addr).await {
            Ok(listener) => {
                let proto = if tls_acceptor.is_some() { "wss" } else { "ws" };
                info!("Local WebSocket server listening on {} ({}) service name {}", addr, proto, service_name);

                while let Ok((stream, peer)) = listener.accept().await {
                    if let Err(e) = stream.set_nodelay(true) {
                        debug!("set_nodelay (peer={}): {}", peer, e);
                    }
                    let services = Arc::clone(&services);
                    let service_name = service_name.to_string();
                    let service_vers = service_vers.to_string();
                    let tls = tls_acceptor.clone();

                    tokio::spawn(async move {
                        // Dual-mode: peek first byte to detect TLS (0x16) vs plain HTTP
                        let mut first_byte = [0u8; 1];
                        let n = match stream.peek(&mut first_byte).await {
                            Ok(n) => n,
                            Err(e) => {
                                debug!("peek failed (peer={}): {}", peer, e);
                                return;
                            }
                        };
                        if n == 0 {
                            return;
                        }

                        let is_tls = first_byte[0] == 0x16;
                        if is_tls {
                            // TLS handshake first, then WS
                            if let Some(acceptor) = tls {
                                match acceptor.accept(stream).await {
                                    Ok(tls_stream) => {
                                        if let Err(e) = websocket_handler(tls_stream, peer, services, &service_name, &service_vers).await {
                                            error!("WSS handler error (peer={}): {}", peer, e);
                                        }
                                    }
                                    Err(e) => {
                                        debug!("TLS handshake failed (peer={}): {}", peer, e);
                                    }
                                }
                            } else {
                                debug!("Got TLS handshake but TLS disabled (peer={})", peer);
                            }
                        } else {
                            // Plain HTTP — legacy ws:// clients
                            if let Err(e) = websocket_handler(stream, peer, services, &service_name, &service_vers).await {
                                error!("WS handler error (peer={}): {}", peer, e);
                            }
                        }
                    });
                }
            }
            Err(e) => {
                error!("Failed to bind local server to {}: {}. Retrying in 5 seconds...", addr, e);
                tokio::time::sleep(std::time::Duration::from_secs(2)).await;
            }
        }
    }
}

/// Processes an incoming request by routing it to the appropriate service.
///
/// This function handles normalization of incoming messages, extracting metadata,
/// and calling the appropriate service based on the `TARGET` field in the message.
pub async fn process_request(
    mut request: Value,
    services: Arc<HashMap<String, Arc<dyn Service>>>,
    service_name: &str,
    service_vers: &str,
    write: WebSocketWrite,
) -> Value {
    // Attempt to extract UUID from the message or use a default value if absent.
    let uuid = request
        .get("UUIDV4")
        .or_else(|| request.get("MESSAGE_UUID"))
        .cloned()
        .unwrap_or(Value::Null);

    // Normalize the message if it contains a `MESSAGE_DATA` field with nested content.
    if let Some(message_data) = request.get("MESSAGE_DATA") {
        if message_data.is_object() {
            info!("Normalizing MESSAGE_DATA for remote request");
            request = message_data.clone();

            // Ensure `UUIDV4` is present in the normalized message.
            if uuid != Value::Null && !request.get("UUIDV4").is_some() {
                request["UUIDV4"] = uuid.clone();
            }
        }
    }

    // Check if the message is a connection response.
    if request.get("result").is_some() && request.get("server").is_some(){
        info!("Received CONNECT response: {:?}", request);

        // PROVISIONED → REGISTERED: the WSR returns the backend's PK
        // for this TPV (`objid` field, RASPPI.objid in the legacy
        // schema). Persist it so future cert-issuer requests can use
        // it and so we never have to re-resolve.
        if let Some(objid) = request.get("objid").and_then(|v| v.as_i64()) {
            let mut cfg = sharing::utils::ConfigEnv::load();
            if cfg.objid != Some(objid) {
                info!("WSR delivered objid={objid} (was {:?}) — persisting", cfg.objid);
                cfg.set_objid(objid);
            }
        }

        return json!({
            "SERVICE_NAME": service_name,
            "SERVICE_VERS": service_vers,
            "MESSAGE_TYPE": "INFO",
            "MESSAGE_EXEC": "SUCCESS",
            "MESSAGE_UUID": uuid,
            "MESSAGE_DATA": "Server connection acknowledged",
        });
    }

    // Route the request to the target service specified in the `TARGET` field.
    if let Some(target) = request.get("TARGET").and_then(Value::as_str) {
        if let Some(service) = services.get(target.to_lowercase().as_str()) {
            let target_lc = target.to_lowercase();
            // Keep-alive PING (BASE/PING) is silenced to debug so the log
            // doesn't fill up with ping chatter every 30s per client.
            let is_ping = target_lc == "base"
                && request.get("ACTION").and_then(Value::as_str) == Some("PING");
            if is_ping {
                debug!("Running service: {}", target_lc);
            } else {
                info!("Running service: {}", target_lc);
            }

            // Execute the service and build the response.
            let (status, response) = service.run(request.clone(), write).await;
            let message_data = if let Ok(json_value) = serde_json::from_str::<Value>(&response) {
                // Si es JSON válido, usar el Value directamente (sin escapar)
                json_value
            } else {
                // Si no es JSON, usar como string
                Value::String(response)
            };
            return json!({
                "SERVICE_NAME": service_name,
                "SERVICE_VERS": service_vers,
                "MESSAGE_TYPE": "RESPONSE",
                "MESSAGE_EXEC": if status == 0 { "SUCCESS" } else { "FAILURE" },
                "MESSAGE_UUID": uuid,
                "MESSAGE_DATA": message_data,
            });
        } else {
            error!("Unknown service: {}", target);
            return json!({
                "SERVICE_NAME": service_name,
                "SERVICE_VERS": service_vers,
                "MESSAGE_TYPE": "RESPONSE",
                "MESSAGE_EXEC": "FAILURE",
                "MESSAGE_UUID": uuid,
                "MESSAGE_DATA": format!("Unknown service: {}", target),
            });
        }
    }

    if request.get("SERVICE_NAME").is_some() {
        error!("Missing TARGET in request.");
    }


    json!({
        "SERVICE_NAME": service_name,
        "SERVICE_VERS": service_vers,
        "MESSAGE_TYPE": "RESPONSE",
        "MESSAGE_EXEC": "FAILURE",
        "MESSAGE_UUID": uuid,
        "MESSAGE_DATA": "Missing TARGET in request.",
    })
}

/// Handles a single WebSocket connection end-to-end.
///
/// The connection has already passed the dual-mode (TLS vs plain) detection
/// in `start_local_server`, so `stream` is the appropriate concrete stream
/// type. We wrap it in [`crate::prelude::BoxedStream`] and run the WS
/// handshake with [`tokio_tungstenite::accept_hdr_async`] so we can:
///
/// 1. Validate the `Origin` header against `sharing::PNA_ALLOWED_ORIGINS`
///    (with wildcard subdomain / wildcard port matching). Disallowed
///    origins get HTTP 403.
/// 2. Inject `Access-Control-Allow-Private-Network: true` into the
///    101 Switching Protocols response so Chrome's PNA check passes.
///
/// After the handshake we read frames, `serde_json`-parse them, and
/// dispatch to `process_request` which routes by the `TARGET` field.
///
/// Note: Chrome does **not** send an OPTIONS preflight before a WebSocket
/// upgrade for PNA — the PNA check happens inside the WS handshake itself.
/// So we do not have a separate OPTIONS path.
pub async fn websocket_handler<S>(
    stream: S,
    peer: SocketAddr,
    services: Arc<HashMap<String, Arc<dyn Service>>>,
    service_name: &str,
    service_vers: &str,
) -> Result<(), Box<dyn std::error::Error>>
where
    S: AsyncRead + AsyncWrite + Unpin + Send + 'static,
{
    let boxed = crate::prelude::BoxedStream(Box::new(stream));

    // Validate Origin against the configured allow-list and inject PNA headers
    // into the 101 Switching Protocols response.
    let pna_callback = |req: &Request, mut response: Response| -> std::result::Result<Response, ErrorResponse> {
        // Helper: build a 400 ErrorResponse when a header value fails to
        // parse. The previous code used `.parse().unwrap()` which would
        // panic the server thread on a malformed Origin (trivial DoS).
        fn bad_request(reason: &str) -> ErrorResponse {
            let mut resp = ErrorResponse::new(Some(reason.to_string()));
            *resp.status_mut() = tokio_tungstenite::tungstenite::http::StatusCode::BAD_REQUEST;
            resp
        }

        // The two static values are fixed, ASCII-safe constants — they're
        // built once and reused for every handshake. If they ever fail to
        // parse it's a programming error, not user input.
        let pna_true: tokio_tungstenite::tungstenite::http::HeaderValue =
            "true".parse().expect("Access-Control-Allow-Private-Network value parses");
        let vary_origin: tokio_tungstenite::tungstenite::http::HeaderValue =
            "Origin".parse().expect("Vary header value parses");

        let origin = req.headers().get("Origin").and_then(|v| v.to_str().ok());
        match origin {
            None => {
                // Non-browser clients (native apps, CLI) often omit Origin — allow.
                let h = response.headers_mut();
                h.insert("Access-Control-Allow-Private-Network", pna_true);
                Ok(response)
            }
            Some(o) if is_origin_allowed(o) => {
                // Origin is user-controlled. A weird/malformed string can
                // make HeaderValue::from_str fail; reject with 400 instead
                // of panicking the server.
                let origin_value = match o.parse::<tokio_tungstenite::tungstenite::http::HeaderValue>() {
                    Ok(v) => v,
                    Err(_) => {
                        error!("Rejected WS handshake: Origin header is not a valid HeaderValue: {}", o);
                        return Err(bad_request("Invalid Origin header"));
                    }
                };
                let h = response.headers_mut();
                h.insert("Access-Control-Allow-Private-Network", pna_true);
                h.insert("Access-Control-Allow-Origin", origin_value);
                h.insert("Vary", vary_origin);
                Ok(response)
            }
            Some(o) => {
                error!("Rejected WS handshake from disallowed origin: {}", o);
                let mut resp = ErrorResponse::new(Some("Forbidden origin".to_string()));
                *resp.status_mut() = tokio_tungstenite::tungstenite::http::StatusCode::FORBIDDEN;
                Err(resp)
            }
        }
    };

    let ws_stream = match accept_hdr_async(boxed, pna_callback).await {
        Ok(ws) => {
            debug!("WebSocket handshake OK (peer={})", peer);
            ws
        }
        Err(e) => {
            error!(
                "WebSocket handshake failed (peer={}): {} (need RFC6455 WebSocket upgrade, e.g. browser WebSocket API)",
                peer, e
            );
            return Err(e.into());
        }
    };
    let (write, mut read) = ws_stream.split();

    // Create a write lock to manage sending responses back to the client.
    let rw_write = Arc::new(tokio::sync::RwLock::new(write));

    while let Some(msg) = read.next().await {
        match msg {
            Ok(Message::Text(text)) => {
                let parsed = serde_json::from_str::<serde_json::Value>(&text);

                // Quiet keep-alive pings so they don't drown real traffic.
                // Anything else (CHECK, print requests, etc.) stays at info.
                let is_ping = parsed
                    .as_ref()
                    .ok()
                    .and_then(|req| req.get("ACTION"))
                    .and_then(Value::as_str)
                    == Some("PING");
                let truncated = if text.len() > 200 {
                    format!("{}...", &text[..200])
                } else {
                    text.clone()
                };
                if is_ping {
                    debug!("Received text message HANDLER (peer={}): {}", peer, truncated);
                } else {
                    info!("Received text message HANDLER (peer={}): {}", peer, truncated);
                }

                match parsed {
                    Ok(request) => {
                        let response_message = process_request(
                            request,
                            Arc::clone(&services),
                            service_name,
                            service_vers,
                            Some(Arc::clone(&rw_write)),
                        )
                            .await;

                        let mut ws = rw_write.write().await;
                        if let Err(e) = ws.send(Message::Text(response_message.to_string())).await {
                            error!("Failed to send response: {}", e);
                        }
                    }
                    Err(e) => {
                        //response error!
                        let error_response = json!({
                            "SERVICE_NAME": service_name,
                            "SERVICE_VERS": service_vers,
                            "MESSAGE_TYPE": "RESPONSE",
                            "MESSAGE_EXEC": "FAILURE",
                            "MESSAGE_DATA": format!("Invalid JSON: {}", e),
                        });
                        let mut ws = rw_write.write().await;
                        if let Err(e) = ws.send(Message::Text(error_response.to_string())).await {
                            error!("Failed to send error response: {}", e);
                        }
                        error!("Invalid JSON: {}", e);
                    }
                }
            }
            Err(e) => {
                let error_response = json!({
                            "SERVICE_NAME": service_name,
                            "SERVICE_VERS": service_vers,
                            "MESSAGE_TYPE": "RESPONSE",
                            "MESSAGE_EXEC": "FAILURE",
                            "MESSAGE_DATA": format!("Invalid JSON: {}", e),
                        });
                let mut ws = rw_write.write().await;
                if let Err(e) = ws.send(Message::Text(error_response.to_string())).await {
                    error!("Failed to send error response: {}", e);
                }
                debug!("Error processing message: {}", e)
            },
            _ => {}
        }
    }

    Ok(())
}

/// Starts the remote WebSocket server with reconnection and message handling.
///
/// This function keeps trying to connect to the remote server in a loop,
/// reconnecting automatically if the connection fails.
///
/// **Bootstrap gate**: the remote server is the WSR (`wss.unpispas.es`)
/// and expects `place_id` in the CONNECT envelope so it can resolve the
/// caller to a `RASPPI` row. While `ConfigEnv.place_id` is `None` (TPV
/// in PRE-BOOTSTRAP, no client has done CHECK + place_id yet), we wait
/// instead of connecting — sending a CONNECT without identity would
/// just be rejected and waste a slot in the WSR's pending map.
pub async fn start_remote_server(
    remote_host: &str,
    remote_port: u16,
    service_name: &str,
    service_vers: &str,
    services: Arc<HashMap<String, Arc<dyn Service>>>,
) -> Result<(), std::io::Error> {
    loop {
        // Refresh ConfigEnv on every iteration. The CHECK handler in
        // base.rs writes place_id to the .env when the first client
        // pairs the TPV; we pick it up here on the next loop.
        let cfg = sharing::utils::ConfigEnv::load();
        let Some(place_id) = cfg.place_id else {
            info!(
                "Remote WSR connect deferred — TPV in PRE-BOOTSTRAP \
                 (waiting for a client CHECK with place_id)"
            );
            tokio::time::sleep(std::time::Duration::from_secs(5)).await;
            continue;
        };

        match connect_to_remote_server(
            remote_host,
            remote_port,
            service_name,
            service_vers,
            place_id,
            Arc::clone(&services),
            false,
        )
            .await
        {
            Ok(_) => info!("Successfully connected to remote server."),
            Err(e) => {
                error!("Failed to connect to remote server: {:?}", e);
                info!("Reconnecting in 5 seconds...");
                tokio::time::sleep(std::time::Duration::from_secs(5)).await;
            }
        }
    }
}

/// Detect the host's primary IPv4 on the LAN. Returns a string suitable
/// for the CONNECT envelope. On any failure we send `"0.0.0.0"` —
/// that's a clear signal to the backend that discovery failed without
/// taking the WSR connection down.
fn discover_local_ipv4() -> String {
    match local_ip_address::local_ip() {
        Ok(ip) if ip.is_ipv4() => ip.to_string(),
        Ok(ip) => {
            warn!("local IP is not IPv4 ({ip}); cert flow will not work over LAN");
            ip.to_string()
        }
        Err(e) => {
            warn!("could not discover local IP: {e}");
            "0.0.0.0".to_string()
        }
    }
}

/// Handles a single connection to the remote WebSocket server.
///
/// This function sends a `CONNECT` message to the server upon successful connection
/// and processes incoming messages by routing them to the appropriate services.
async fn connect_to_remote_server(
    remote_host: &str,
    remote_port: u16,
    service_name: &str,
    service_vers: &str,
    place_id: i64,
    services: Arc<HashMap<String, Arc<dyn Service>>>,
    return_after_connect: bool,
) -> Result<(), Box<dyn std::error::Error>> {
    let protocol = if std::env::var("REMOTE_USSL").unwrap_or_else(|_| "true".to_string()) == "true" {
        "wss"
    } else {
        "ws"
    };

    let url = format!("{}://{}:{}", protocol, remote_host, remote_port);
    info!("Connecting to remote WebSocket server at: {}", url);

    let ws_url = Url::parse(&url)?;
    let (ws_stream, _) = connect_async(ws_url.as_str()).await?;
    let (mut write, mut read) = ws_stream.split();

    let local_ip = discover_local_ipv4();
    info!("CONNECT envelope: place_id={place_id} local_ip={local_ip}");

    let connect_message = json!({
        "SERVICE_NAME": service_name,
        "SERVICE_VERS": sharing::VERSION,
        "MESSAGE_TYPE": "CONNECT",
        // New bootstrap fields. The WSR resolves
        // (place_id, service_name) → objid and returns objid in the
        // response. If the WSR is the legacy server.py it ignores
        // these and we keep working (just no cert-issuer flow).
        "PLACE_ID": place_id,
        "LOCAL_IP": local_ip,
        "MODULE_LIST": services.iter().map(|(name, service)| {
            json!({
                "MODULE_NAME": name,
                "MODULE_VERS": service.get_version(),
            })
        }).collect::<Vec<_>>(),
    });

    write.send(Message::Text(connect_message.to_string())).await?;
    info!("CONNECT message sent.");

    if return_after_connect {
        return Ok(());
    }

    let write_p = Arc::new(tokio::sync::Mutex::new(write));
    let service_name = service_name.to_owned();
    let service_vers = service_vers.to_owned();

    // Shared cancel signal so a keep-alive failure aborts the read loop
    // immediately instead of leaving it parked on the 45 s timeout below.
    // Without this the link sat zombie for up to 45 s after a half-open
    // TCP, which is what made operators restart the "pispas modules"
    // service by hand.
    let cancel_token = Arc::new(tokio::sync::Notify::new());

    // Keep-alive: envía PING cada 25 segundos
    let keep_alive_write = Arc::clone(&write_p);
    let keep_alive_cancel = Arc::clone(&cancel_token);
    let keep_alive_task = tokio::spawn(async move {
        let mut interval = tokio::time::interval(std::time::Duration::from_secs(25));

        loop {
            interval.tick().await;

            let mut ws = keep_alive_write.lock().await;
            if let Err(e) = ws.send(Message::Ping(vec![])).await {
                error!("Keep-alive failed: {}", e);
                // notify_one (vs notify_waiters) holds a permit if the read
                // loop hasn't reached its `notified()` yet, so the signal
                // can't be missed on a fast failure.
                keep_alive_cancel.notify_one();
                break;
            }
        }
    });

    // Inactivity timeout — if the server stops sending traffic (or its TCP
    // reset got dropped by a NAT), give up and reconnect. 45 s is twice the
    // server's ping_interval (20–30 s) so a single missed pong won't trip it.
    const READ_TIMEOUT: std::time::Duration = std::time::Duration::from_secs(45);

    let read_cancel = Arc::clone(&cancel_token);
    let result = async {
        loop {
            tokio::select! {
                biased;
                _ = read_cancel.notified() => {
                    error!("Keep-alive task signalled connection loss, breaking read loop");
                    break;
                }
                next = tokio::time::timeout(READ_TIMEOUT, read.next()) => {
                    match next {
                        Ok(Some(Ok(Message::Text(text)))) => {
                            info!("Received message");
                            if let Ok(request) = serde_json::from_str::<serde_json::Value>(&text) {
                                let response = process_request(
                                    request,
                                    Arc::clone(&services),
                                    &service_name,
                                    &service_vers,
                                    None,
                                ).await;

                                let mut ws = write_p.lock().await;
                                ws.send(Message::Text(response.to_string())).await?;
                            }
                        }
                        Ok(Some(Ok(Message::Ping(ping)))) => {
                            debug!("Received PING from server, sending PONG");
                            let mut ws = write_p.lock().await;
                            ws.send(Message::Pong(ping)).await?;
                        }
                        Ok(Some(Ok(Message::Pong(_)))) => {
                            // PONG recibido - conexión sana
                        }
                        Ok(Some(Ok(Message::Close(_)))) => {
                            error!("Connection closed by server");
                            break;
                        }
                        Ok(Some(Err(e))) => {
                            error!("WebSocket error: {}", e);
                            break;
                        }
                        Ok(None) => {
                            error!("Connection closed");
                            break;
                        }
                        Err(_) => {
                            error!(
                                "No activity in {} seconds, reconnecting",
                                READ_TIMEOUT.as_secs()
                            );
                            break;
                        }
                        // Message::Binary / Message::Frame — not part of our
                        // protocol, but tungstenite can deliver them. Just
                        // ignore and keep listening.
                        Ok(Some(Ok(_))) => {}
                    }
                }
            }
        }
        Ok::<(), Box<dyn std::error::Error>>(())
    }.await;

    keep_alive_task.abort();
    let _ = keep_alive_task.await;
    result
}

/// Sends a message to the WebSocket connection.
///
/// # Arguments
/// - `write`: The WebSocket connection.
/// - `message_data`: The message to send.
pub async fn send_message(write: &WebSocketWrite, message_data: String) {
    if let Some(ws_lock) = &write {
        let mut ws = ws_lock.write().await;

        match ws.send(Message::Text(message_data.clone())).await {
            Ok(_) => {
                info!("Message sent successfully: {}", message_data);
            }
            Err(e) => {
                error!("Failed to send message: {:?}", e);
            }
        }
    } else {
        info!("No WebSocket available to send message.");
    }
}