mirror of
https://github.com/Kpa-clawbot/meshcore-analyzer.git
synced 2026-07-03 05:51:38 +00:00
22fe929da2
Implements #1727. ## What this adds **Mobile client-RX coverage** — an opt-in, crowdsourced RF-coverage feature. A roaming MeshCore **companion** radio (driven by the open-source [corescope-rx](https://github.com/efiten/corescope-rx) PWA, GPLv3) reports which nodes it heard directly, tagged with the phone's GPS and the packet's SNR/RSSI. CoreScope ingests these into a new `client_receptions` table and renders per-node **hex coverage** on the Reach page, plus a standalone **Coverage dashboard** (`#/rx-coverage`) with a top-mobile-observers leaderboard. Also includes **`GET /api/nodes/resolve?prefix=<hex>`** — a read-only node-name lookup by pubkey prefix (`{name, pubkey, ambiguous}`), used by the companion app for friendly names. ## Opt-in — default OFF (zero impact on existing deployments) The whole feature is gated behind one config flag, **disabled by default**: ```jsonc "clientRxCoverage": { "enabled": false } ``` When disabled (the default): the ingestor writes **no** `client_receptions`; the three coverage endpoints return a clean **404**; the UI hides the Coverage nav link, the `#/rx-coverage` route, and the Reach-page toggle. `/api/nodes/resolve` is always available (not coverage-specific). ## How it works ``` companion ──BLE 0x88 (snr+rssi+raw)──▶ corescope-rx PWA ──▶ MQTT meshcore/client/{pubkey}/packets │ ingestor (gated) ──▶ client_receptions (GPS + SNR + heard-key) │ server: pure-Go hex grid ──▶ GeoJSON ──▶ Reach hex overlay + Coverage dashboard ``` - **Direct-only capture:** records only what the companion heard itself and directly — a 0-hop advert's pubkey, or `path[last]` (last forwarder) for FLOOD routes; ≥2-byte path-hash required. Upstream hops discarded. - **No new deps:** hexbins are a pure-Go pointy-top grid over Web Mercator (`cmd/server/hexgrid.go`) computed at query time (`CGO_ENABLED=0` / `modernc.org/sqlite` friendly); frontend uses the existing Leaflet. - **Trust:** companion pubkey = identity; an EMQX ACL binds each client to publish only to its own `meshcore/client/{pubkey}/packets` topic. Payload contract in `docs/client-rx-coverage.md`. ## How to enable / try it 1. In `config.json`, set `"clientRxCoverage": { "enabled": true }` and restart server + ingestor. 2. Point an EMQX (or any broker) listener so a client can publish to `meshcore/client/<pubkey>/packets`; the ingestor already subscribes under `meshcore/#`. 3. Run the [corescope-rx](https://github.com/efiten/corescope-rx) PWA on an Android phone paired (BLE) to a MeshCore companion — it captures heard nodes + GPS and publishes. 4. View results: per-node Reach page → toggle **coverage**, or the **Coverage** dashboard at `#/rx-coverage`. ## What's where - **Ingestor:** `cmd/ingestor/client_reception.go` (ingest), `db.go` (`client_receptions` + `client_observers` schema), `main.go` (gated dispatch), `config.go` (flag). - **Server:** `cmd/server/rx_coverage.go` + `rx_dashboard.go` (endpoints, self-guard 404 when off), `hexgrid.go` (pure-Go grid), `node_resolve.go` (resolve), `routes.go` / `types.go` / `config.go` (wiring + flag + `/api/config/client` field). - **Frontend:** `public/rx-coverage.js` (dashboard), `node-reach-coverage.js` + `.css` (overlay), `node-reach.js` (Reach toggle, flag-gated), `roles.js` (reads the flag, hides nav when off). - **Docs:** `docs/client-rx-coverage.md`. ## Testing - Go: `cd cmd/server && go test ./...` and `cd cmd/ingestor && go test ./...` — green, including new gate tests (`coverage_gate_test.go` in both: off → no rows / 404, on → works) and the rx-coverage / resolve / hexgrid suites. - JS: `node test-coverage-gate.js`, `node test-node-reach-coverage.js` (wired into CI). The Playwright `test-node-reach-coverage-e2e.js` is wired into the e2e job and **skips when `clientRxCoverage` is disabled**, so it's safe under the default-off config. ## Notes for reviewers - The four new routes are registered in `cmd/server/openapi_known_gaps.json` (the existing OpenAPI-completeness ratchet), matching how other not-yet-spec'd routes are tracked. Happy to write full OpenAPI spec entries instead if you prefer. - Commits are split per layer (ingestor / server endpoints / resolve / frontend / CI) for review. --------- Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com> Co-authored-by: Erwin Fiten <e.fiten@opteco.be>
422 lines
14 KiB
Go
422 lines
14 KiB
Go
package main
|
|
|
|
import (
|
|
"context"
|
|
"database/sql"
|
|
"encoding/json"
|
|
"log"
|
|
"net/http"
|
|
"sort"
|
|
"strconv"
|
|
"strings"
|
|
"time"
|
|
)
|
|
|
|
// scanCoverageRows reads (lat,lon,snr,rssi,heard_key,rx_at) rows into coverageRow values.
|
|
func scanCoverageRows(rows *sql.Rows) ([]coverageRow, error) {
|
|
out := []coverageRow{}
|
|
for rows.Next() {
|
|
var lat, lon float64
|
|
var snr sql.NullFloat64
|
|
var rssi sql.NullInt64
|
|
var heardKey, rxAt sql.NullString
|
|
if err := rows.Scan(&lat, &lon, &snr, &rssi, &heardKey, &rxAt); err != nil {
|
|
return nil, err
|
|
}
|
|
cr := coverageRow{Lat: lat, Lon: lon, HeardKey: strings.ToLower(heardKey.String), RxAt: rxAt.String}
|
|
if snr.Valid {
|
|
v := snr.Float64
|
|
cr.SNR = &v
|
|
}
|
|
if rssi.Valid {
|
|
v := int(rssi.Int64)
|
|
cr.RSSI = &v
|
|
}
|
|
out = append(out, cr)
|
|
}
|
|
return out, rows.Err()
|
|
}
|
|
|
|
// heardKeyResolverFor builds a nodeResolver for exactly the distinct heard_keys
|
|
// present in rows, resolving them all in one batched query instead of one query
|
|
// per key (the previous per-key resolver was N+1 on the read connection). Maps a
|
|
// heard_key to (pubkey, name) on a unique, non-hidden match; to (heardKey, "")
|
|
// otherwise. nil when there's no DB.
|
|
func (s *Server) heardKeyResolverFor(rows []coverageRow) nodeResolver {
|
|
if s.db == nil || s.db.conn == nil {
|
|
return nil
|
|
}
|
|
keys := make([]string, 0, len(rows))
|
|
seen := map[string]bool{}
|
|
for _, r := range rows {
|
|
if r.HeardKey != "" && !seen[r.HeardKey] {
|
|
seen[r.HeardKey] = true
|
|
keys = append(keys, r.HeardKey)
|
|
}
|
|
}
|
|
resolved := s.batchResolveHeardKeys(keys)
|
|
return func(heardKey string) (string, string) {
|
|
if v, ok := resolved[heardKey]; ok {
|
|
return v[0], v[1]
|
|
}
|
|
return heardKey, ""
|
|
}
|
|
}
|
|
|
|
// batchResolveHeardKeys resolves many heard_keys (2-3 byte prefixes or full
|
|
// pubkeys) to their canonical (pubkey, name) in a single round-trip per chunk: a
|
|
// UNION ALL of one LIMIT-2 prefix lookup each, so per-key work stays bounded
|
|
// (2 rows) and the whole set costs one query, not N. A unique match returns
|
|
// [pubkey, name]; unknown / ambiguous / blacklisted / hidden-prefix keys (#15,
|
|
// #1181) return [heardKey, ""].
|
|
func (s *Server) batchResolveHeardKeys(keys []string) map[string][2]string {
|
|
res := make(map[string][2]string, len(keys))
|
|
valid := make([]string, 0, len(keys))
|
|
seen := map[string]bool{}
|
|
for _, k := range keys {
|
|
if k == "" || seen[k] {
|
|
continue
|
|
}
|
|
seen[k] = true
|
|
if !hexPrefixRe.MatchString(k) {
|
|
res[k] = [2]string{k, ""}
|
|
continue
|
|
}
|
|
valid = append(valid, k)
|
|
}
|
|
// SQLITE_MAX_COMPOUND_SELECT is 500 by default; chunk well under it.
|
|
const chunk = 200
|
|
for i := 0; i < len(valid); i += chunk {
|
|
end := i + chunk
|
|
if end > len(valid) {
|
|
end = len(valid)
|
|
}
|
|
batch := valid[i:end]
|
|
parts := make([]string, len(batch))
|
|
args := make([]interface{}, 0, len(batch)*2)
|
|
for j, k := range batch {
|
|
// Parameterized: the prefix flows in as bound args, never interpolated,
|
|
// so this stays injection-safe regardless of how hexPrefixRe later
|
|
// evolves. The per-prefix LIMIT 2 lives in a subquery because a bare
|
|
// LIMIT on a UNION ALL term is a SQLite syntax error.
|
|
parts[j] = "SELECT * FROM (SELECT ? AS pfx, public_key, COALESCE(name,'') AS nm FROM nodes WHERE public_key LIKE ? LIMIT 2)"
|
|
args = append(args, k, k+"%")
|
|
}
|
|
rows, err := s.db.conn.Query(strings.Join(parts, " UNION ALL "), args...)
|
|
if err != nil {
|
|
// Don't fail the request, but don't fail silently either: a swallowed
|
|
// error here presents as "every name is ambiguous" with no signal.
|
|
log.Printf("WARN batchResolveHeardKeys: %v", err)
|
|
for _, k := range batch {
|
|
res[k] = [2]string{k, ""}
|
|
}
|
|
continue
|
|
}
|
|
type agg struct {
|
|
pk, name string
|
|
cnt int
|
|
}
|
|
acc := map[string]*agg{}
|
|
for rows.Next() {
|
|
var pfx, pk, nm string
|
|
if err := rows.Scan(&pfx, &pk, &nm); err != nil {
|
|
continue
|
|
}
|
|
a := acc[pfx]
|
|
if a == nil {
|
|
a = &agg{}
|
|
acc[pfx] = a
|
|
}
|
|
a.cnt++
|
|
a.pk, a.name = pk, nm
|
|
}
|
|
rows.Close()
|
|
for _, k := range batch {
|
|
a := acc[k]
|
|
if a != nil && a.cnt == 1 && !s.cfg.IsBlacklisted(a.pk) && !s.cfg.IsNameHidden(a.name) {
|
|
res[k] = [2]string{a.pk, a.name}
|
|
} else {
|
|
res[k] = [2]string{k, ""}
|
|
}
|
|
}
|
|
}
|
|
return res
|
|
}
|
|
|
|
// resolveHeardKey resolves a single heard_key (2-3 byte prefix or full pubkey)
|
|
// to its canonical (pubkey, name), or (heardKey, "") when unknown / ambiguous /
|
|
// hidden. Thin wrapper over batchResolveHeardKeys so there is one code path.
|
|
func (s *Server) resolveHeardKey(heardKey string) (string, string) {
|
|
v := s.batchResolveHeardKeys([]string{heardKey})[heardKey]
|
|
if v[0] == "" && v[1] == "" {
|
|
return heardKey, "" // empty/unresolved → echo the key
|
|
}
|
|
return v[0], v[1]
|
|
}
|
|
|
|
// queryCoverageFiltered returns coverage rows within a bbox, optionally filtered
|
|
// by heard node (prefix/pubkey), contributing client (rx_pubkey), and time window
|
|
// (days; 0 = all time). Powers the global and per-observer coverage maps.
|
|
func (s *Server) queryCoverageFiltered(node, rx string, days int, b bbox) ([]coverageRow, error) {
|
|
where := []string{"lat BETWEEN ? AND ?", "lon BETWEEN ? AND ?"}
|
|
args := []interface{}{b.MinLat, b.MaxLat, b.MinLon, b.MaxLon}
|
|
if node != "" {
|
|
// Sargable heard_key IN-list (see coverageHeardKeyCandidates) so the
|
|
// (heard_key, …) composite index is used instead of a substr() scan (#5).
|
|
cands := coverageHeardKeyCandidates(node)
|
|
where = append(where, "heard_key IN ("+sqlPlaceholders(len(cands))+")")
|
|
for _, c := range cands {
|
|
args = append(args, c)
|
|
}
|
|
}
|
|
if rx != "" {
|
|
where = append(where, "rx_pubkey = ?")
|
|
args = append(args, strings.ToLower(rx))
|
|
}
|
|
if days > 0 {
|
|
since := time.Now().UTC().AddDate(0, 0, -days).Format(time.RFC3339)
|
|
where = append(where, "rx_at >= ?")
|
|
args = append(args, since)
|
|
}
|
|
rows, err := s.db.conn.Query("SELECT lat, lon, snr, rssi, heard_key, rx_at FROM client_receptions WHERE "+strings.Join(where, " AND "), args...)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
defer rows.Close()
|
|
return scanCoverageRows(rows)
|
|
}
|
|
|
|
// handleRxCoverage serves global (or per-observer via ?rx=) coverage as GeoJSON
|
|
// hexbins, over a time window. ?node= also works (same as the per-node endpoint).
|
|
// requireClientRxCoverage writes a 404 and returns false when the opt-in
|
|
// client-RX coverage feature is disabled, so the coverage endpoints read as
|
|
// "not found" instead of serving data on deployments that haven't enabled it.
|
|
func (s *Server) requireClientRxCoverage(w http.ResponseWriter, r *http.Request) bool {
|
|
// Routes are registered unconditionally, so guard against a nil server/cfg
|
|
// (e.g. handlers exercised in isolation) rather than panicking (#4).
|
|
// ClientRxCoverageEnabled is itself nil-receiver-safe.
|
|
if s == nil || s.cfg == nil || !s.cfg.ClientRxCoverageEnabled() {
|
|
http.NotFound(w, r)
|
|
return false
|
|
}
|
|
return true
|
|
}
|
|
|
|
func (s *Server) handleRxCoverage(w http.ResponseWriter, r *http.Request) {
|
|
if !s.requireClientRxCoverage(w, r) {
|
|
return
|
|
}
|
|
b, ok := parseBBox(r.URL.Query().Get("bbox"))
|
|
if !ok {
|
|
http.Error(w, "bbox required as minLat,minLon,maxLat,maxLon", http.StatusBadRequest)
|
|
return
|
|
}
|
|
if s.db == nil || s.db.conn == nil {
|
|
http.Error(w, "unavailable", http.StatusServiceUnavailable)
|
|
return
|
|
}
|
|
days := clampDays(atoiDefault(r.URL.Query().Get("days"), 7))
|
|
z, _ := strconv.Atoi(r.URL.Query().Get("z"))
|
|
rows, err := s.queryCoverageFiltered(r.URL.Query().Get("node"), r.URL.Query().Get("rx"), days, b)
|
|
if err != nil {
|
|
http.Error(w, "query failed", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
fc := aggregateCoverage(rows, zoomToHexRes(z), s.heardKeyResolverFor(rows))
|
|
w.Header().Set("Content-Type", "application/json")
|
|
json.NewEncoder(w).Encode(fc)
|
|
}
|
|
|
|
// --- Leaderboard (top mobile observers) ---
|
|
|
|
type LeaderObserver struct {
|
|
Pubkey string `json:"pubkey"`
|
|
Name string `json:"name"`
|
|
Receptions int `json:"receptions"`
|
|
Nodes int `json:"nodes"`
|
|
Cells int `json:"cells"` // distinct fixed-res hex cells covered
|
|
Score float64 `json:"score"` // frontier-weighted coverage score
|
|
}
|
|
type RxLeaderboardResp struct {
|
|
Days int `json:"days"`
|
|
Observers []LeaderObserver `json:"observers"`
|
|
}
|
|
|
|
// leaderboardHexRes is the fixed hex resolution used to bucket receptions into
|
|
// "cells visited" for the frontier-weighted score. ~150 m ground cells at our
|
|
// latitude: coarse enough that a parked node's GPS jitter stays in one cell,
|
|
// fine enough that real driving paints many. Independent of the coverage map's
|
|
// zoom-dependent render resolution so the ranking is stable across views.
|
|
const leaderboardHexRes = 13
|
|
|
|
// leaderboardScanCap bounds how many rows the leaderboard aggregates in memory.
|
|
// The endpoint is unauthenticated (only requireClientRxCoverage), and the Go-side
|
|
// rarity weighting can't push the GROUP BY into SQLite, so without a cap a wide
|
|
// window on a busy network would stream the whole table into maps. At the cap we
|
|
// log and return a partial (best-effort) ranking rather than OOM (#review r2).
|
|
const leaderboardScanCap = 500000
|
|
|
|
// rxLeaderboard ranks mobile observers by frontier-weighted cell coverage over
|
|
// the time window. Each distinct cell an observer covers contributes
|
|
// 1/(observers covering that cell): a cell only they reached weighs 1.0, a cell
|
|
// shared by N observers weighs 1/N. This rewards expanding the map's edge and is
|
|
// spam-proof — a stationary node covers exactly one cell regardless of how many
|
|
// receptions it logs. Bucketing + the rarity weight can't be expressed in SQL,
|
|
// so we aggregate the window's rows in Go (bounded by leaderboardScanCap).
|
|
func (s *Server) rxLeaderboard(ctx context.Context, days, limit int) ([]LeaderObserver, error) {
|
|
since := time.Now().UTC().AddDate(0, 0, -days).Format(time.RFC3339)
|
|
// Name preference: the node's advertised name, else the companion's
|
|
// self-reported name (client_observers), else empty (UI shows the prefix).
|
|
// Hard LIMIT bounds memory; ORDER BY rx_at DESC so a truncated window keeps
|
|
// the most recent receptions.
|
|
rows, err := s.db.conn.QueryContext(ctx, `
|
|
SELECT cr.rx_pubkey, COALESCE(NULLIF(n.name,''), NULLIF(co.name,''), ''),
|
|
cr.lat, cr.lon, cr.heard_key
|
|
FROM client_receptions cr
|
|
LEFT JOIN nodes n ON n.public_key = cr.rx_pubkey
|
|
LEFT JOIN client_observers co ON co.pubkey = cr.rx_pubkey
|
|
WHERE cr.rx_at >= ?
|
|
ORDER BY cr.rx_at DESC
|
|
LIMIT ?`, since, leaderboardScanCap)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
defer rows.Close()
|
|
|
|
type agg struct {
|
|
name string
|
|
receptions int
|
|
cells map[string]struct{}
|
|
nodes map[string]struct{}
|
|
}
|
|
obsAgg := map[string]*agg{}
|
|
cellObservers := map[string]map[string]struct{}{} // cell -> set of rx_pubkey
|
|
|
|
scanned := 0
|
|
for rows.Next() {
|
|
// Honour client cancellation/timeout on the long scan (checked in batches
|
|
// to avoid a per-row context mutex on up to 500k rows).
|
|
if scanned&2047 == 0 && ctx.Err() != nil {
|
|
return nil, ctx.Err()
|
|
}
|
|
var pk, name, heardKey string
|
|
var lat, lon float64
|
|
if err := rows.Scan(&pk, &name, &lat, &lon, &heardKey); err != nil {
|
|
return nil, err
|
|
}
|
|
scanned++
|
|
a := obsAgg[pk]
|
|
if a == nil {
|
|
a = &agg{name: name, cells: map[string]struct{}{}, nodes: map[string]struct{}{}}
|
|
obsAgg[pk] = a
|
|
}
|
|
a.receptions++
|
|
a.nodes[heardKey] = struct{}{}
|
|
cell := hexCellAt(lat, lon, leaderboardHexRes)
|
|
a.cells[cell] = struct{}{}
|
|
set := cellObservers[cell]
|
|
if set == nil {
|
|
set = map[string]struct{}{}
|
|
cellObservers[cell] = set
|
|
}
|
|
set[pk] = struct{}{}
|
|
}
|
|
if err := rows.Err(); err != nil {
|
|
return nil, err
|
|
}
|
|
if scanned >= leaderboardScanCap {
|
|
log.Printf("[rx-leaderboard] scan hit cap %d over %dd window; ranking is partial (most-recent rows)", leaderboardScanCap, days)
|
|
}
|
|
|
|
// Per-cell observer counts EXCLUDING blacklisted contributors, so an operator
|
|
// of a blacklisted node parked in a cell can't silently dilute everyone else's
|
|
// frontier weight (#review r2). Name-hidden (not blacklisted) observers are
|
|
// legitimate contributors and still count.
|
|
cellCount := make(map[string]int, len(cellObservers))
|
|
for cell, set := range cellObservers {
|
|
n := 0
|
|
for pk := range set {
|
|
if !s.cfg.IsObserverBlacklisted(pk) && !s.cfg.IsBlacklisted(pk) {
|
|
n++
|
|
}
|
|
}
|
|
cellCount[cell] = n
|
|
}
|
|
|
|
out := make([]LeaderObserver, 0, len(obsAgg))
|
|
for pk, a := range obsAgg {
|
|
var score float64
|
|
for cell := range a.cells {
|
|
if c := cellCount[cell]; c > 0 {
|
|
score += 1.0 / float64(c)
|
|
}
|
|
}
|
|
out = append(out, LeaderObserver{
|
|
Pubkey: pk,
|
|
Name: a.name,
|
|
Receptions: a.receptions,
|
|
Nodes: len(a.nodes),
|
|
Cells: len(a.cells),
|
|
Score: score,
|
|
})
|
|
}
|
|
|
|
// Rank by frontier score; ties broken by raw receptions then pubkey so the
|
|
// order is deterministic (keeps same-location fixtures stable).
|
|
sort.Slice(out, func(i, j int) bool {
|
|
if out[i].Score != out[j].Score {
|
|
return out[i].Score > out[j].Score
|
|
}
|
|
if out[i].Receptions != out[j].Receptions {
|
|
return out[i].Receptions > out[j].Receptions
|
|
}
|
|
return out[i].Pubkey < out[j].Pubkey
|
|
})
|
|
|
|
// Identity hiding parity (#1727 r2): drop observer-blacklisted contributors,
|
|
// blank node-blacklisted / hidden-prefix names, cap at limit. nil cfg ⇒ no-ops.
|
|
filtered := make([]LeaderObserver, 0, limit)
|
|
for _, o := range out {
|
|
if s.cfg.IsObserverBlacklisted(o.Pubkey) {
|
|
continue
|
|
}
|
|
if s.cfg.IsBlacklisted(o.Pubkey) || s.cfg.IsNameHidden(o.Name) {
|
|
o.Name = ""
|
|
}
|
|
filtered = append(filtered, o)
|
|
if len(filtered) >= limit {
|
|
break
|
|
}
|
|
}
|
|
return filtered, nil
|
|
}
|
|
|
|
func (s *Server) handleRxLeaderboard(w http.ResponseWriter, r *http.Request) {
|
|
if !s.requireClientRxCoverage(w, r) {
|
|
return
|
|
}
|
|
if s.db == nil || s.db.conn == nil {
|
|
http.Error(w, "unavailable", http.StatusServiceUnavailable)
|
|
return
|
|
}
|
|
days := clampDays(atoiDefault(r.URL.Query().Get("days"), 7))
|
|
limit := atoiDefault(r.URL.Query().Get("limit"), 20)
|
|
if limit < 1 || limit > 100 {
|
|
limit = 20
|
|
}
|
|
obs, err := s.rxLeaderboard(r.Context(), days, limit)
|
|
if err != nil {
|
|
http.Error(w, "query failed", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
w.Header().Set("Content-Type", "application/json")
|
|
json.NewEncoder(w).Encode(RxLeaderboardResp{Days: days, Observers: obs})
|
|
}
|
|
|
|
func atoiDefault(s string, d int) int {
|
|
if n, err := strconv.Atoi(strings.TrimSpace(s)); err == nil {
|
|
return n
|
|
}
|
|
return d
|
|
}
|